Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/9c0a7e-9963-4c0d-94ac-446d0a7e9404/1/7ehRyaGnsN9Sb0BjT-xkdCTrje4.roa
File: 7ehRyaGnsN9Sb0BjT-xkdCTrje4.roa (raw, json)
Hash identifier: tfFKFcHrWQ0IZ5DzucG8giKQLunqY1+x1Aidw2ZRV+A=
Subject key identifier: ED:E8:51:C9:A1:A7:B0:DF:52:6F:40:63:4F:EC:64:74:24:EB:8D:EE
Certificate issuer: /CN=73dfeea9c7de246e6d7d1a507406285b226f9286
Certificate serial: 01856D8AF21F80397D7712888A6DB5E0FD96
Authority key identifier: 73:DF:EE:A9:C7:DE:24:6E:6D:7D:1A:50:74:06:28:5B:22:6F:92:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/c9_uqcfeJG5tfRpQdAYoWyJvkoY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/9c0a7e-9963-4c0d-94ac-446d0a7e9404/1/7ehRyaGnsN9Sb0BjT-xkdCTrje4.roa
Signing time: Sun 01 Jan 2023 13:35:00 +0000
ROA not before: Sun 01 Jan 2023 13:35:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60159
IP address blocks: 194.146.191.0/24 maxlen: 24
194.146.190.0/24 maxlen: 24
194.146.189.0/24 maxlen: 24
194.146.188.0/22 maxlen: 22
185.41.20.0/22 maxlen: 22
193.57.44.0/22 maxlen: 22
193.57.46.0/24 maxlen: 24
185.212.248.0/22 maxlen: 22
185.239.24.0/22 maxlen: 22
2a0c:d540::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:8a:f2:1f:80:39:7d:77:12:88:8a:6d:b5:e0:fd:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=73dfeea9c7de246e6d7d1a507406285b226f9286
Validity
Not Before: Jan 1 13:35:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ede851c9a1a7b0df526f40634fec647424eb8dee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:b1:ee:b0:23:38:36:55:92:3a:a8:2f:e8:34:
ea:b2:c0:4b:86:9d:88:aa:93:48:a7:0c:3b:c7:e3:
b1:5b:43:4e:5b:22:7b:eb:09:cf:63:f9:ed:81:d4:
f2:6c:a6:e2:b4:86:ff:56:2b:ad:a1:71:99:6b:65:
ab:64:01:bd:d1:17:6c:91:17:28:d5:2f:c1:62:1c:
20:22:62:14:c7:86:c9:a3:5d:eb:e8:f2:79:43:f7:
0c:7a:60:52:d4:1a:f3:ee:8b:99:82:2e:8a:b9:cd:
ff:fe:d9:d1:a3:2e:5a:20:5f:44:2d:57:22:99:91:
7d:4d:e6:86:86:b7:e1:ba:01:01:d3:f0:bf:e5:9e:
6b:f9:e5:14:b2:c9:d1:4a:ea:0b:a8:6e:0c:38:83:
40:ff:96:9f:a8:96:81:c9:4e:49:5b:dd:2c:0d:52:
0f:4c:c5:45:83:c9:39:aa:7e:de:87:e9:81:c8:ee:
a1:ed:bb:e2:48:f4:c7:63:bd:4f:4f:21:84:40:8e:
0a:8a:47:60:7a:bb:6b:69:c2:7f:1c:de:97:3f:53:
04:da:b5:88:85:50:54:a3:10:9d:36:fd:79:fa:c3:
4d:60:e3:eb:50:b1:7b:29:e4:9f:ab:a1:c0:c3:71:
07:30:06:7b:27:83:1a:19:e0:2e:b9:4e:60:e6:17:
fe:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:E8:51:C9:A1:A7:B0:DF:52:6F:40:63:4F:EC:64:74:24:EB:8D:EE
X509v3 Authority Key Identifier:
keyid:73:DF:EE:A9:C7:DE:24:6E:6D:7D:1A:50:74:06:28:5B:22:6F:92:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9_uqcfeJG5tfRpQdAYoWyJvkoY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/9c0a7e-9963-4c0d-94ac-446d0a7e9404/1/7ehRyaGnsN9Sb0BjT-xkdCTrje4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/9c0a7e-9963-4c0d-94ac-446d0a7e9404/1/c9_uqcfeJG5tfRpQdAYoWyJvkoY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.41.20.0/22
185.212.248.0/22
185.239.24.0/22
193.57.44.0/22
194.146.188.0/22
IPv6:
2a0c:d540::/32
Signature Algorithm: sha256WithRSAEncryption
54:63:19:d1:62:5c:7a:b2:0f:e7:db:12:0b:84:31:09:05:80:
b7:a8:48:2f:87:35:1e:62:f8:bb:0d:0c:ea:36:5e:8d:61:67:
3e:be:bb:20:7c:a1:d1:e3:14:8f:85:9a:cd:c1:ab:5d:ae:a4:
c7:2b:c6:a3:e1:a1:3f:47:e0:c7:da:8c:25:71:04:13:85:45:
01:82:9f:eb:49:33:58:52:08:d9:e6:12:3b:0b:dd:b5:ec:48:
f5:ee:7c:14:bd:81:cd:5e:43:76:02:11:be:75:d4:21:e7:9a:
18:a6:23:e6:3a:6c:f6:a5:e9:b5:c9:5b:cb:99:2b:a1:ee:54:
58:f1:16:80:fa:d5:ed:1c:0a:a1:8f:52:d9:52:0b:08:b2:3a:
15:b7:12:52:1b:34:e5:7d:ea:98:94:a2:d4:bc:cc:3d:6c:b0:
9a:31:ca:3c:97:99:5a:2b:75:dd:ba:c2:46:23:4f:c5:bc:a7:
f8:c7:df:b5:39:6f:f3:c7:86:f6:36:d6:03:af:46:1c:fe:ba:
73:c8:de:82:29:00:31:3d:46:99:a5:ce:96:40:be:47:14:f2:
f6:d5:a4:ee:1c:ea:6d:04:a5:b7:1c:c6:64:b5:d3:18:da:57:
0e:b1:ad:f3:3d:2a:a3:eb:61:e5:34:0e:0a:6f:2b:27:2e:d8:
a0:44:da:9c
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVtivIfgDl9dxKIim214P2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZGZlZWE5YzdkZTI0NmU2ZDdkMWE1MDc0MDYyODViMjI2
ZjkyODYwHhcNMjMwMTAxMTMzNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGU4NTFjOWExYTdiMGRmNTI2ZjQwNjM0ZmVjNjQ3NDI0ZWI4ZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLHusCM4NlWSOqgv6DTqssBLhp2I
qpNIpww7x+OxW0NOWyJ76wnPY/ntgdTybKbitIb/ViutoXGZa2WrZAG90RdskRco
1S/BYhwgImIUx4bJo13r6PJ5Q/cMemBS1Brz7ouZgi6Kuc3//tnRoy5aIF9ELVci
mZF9TeaGhrfhugEB0/C/5Z5r+eUUssnRSuoLqG4MOINA/5afqJaByU5JW90sDVIP
TMVFg8k5qn7eh+mByO6h7bviSPTHY71PTyGEQI4KikdgertracJ/HN6XP1ME2rWI
hVBUoxCdNv15+sNNYOPrULF7KeSfq6HAw3EHMAZ7J4MaGeAuuU5g5hf+xwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFO3oUcmhp7DfUm9AY0/sZHQk643uMB8GA1UdIwQY
MBaAFHPf7qnH3iRubX0aUHQGKFsib5KGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzlfdXFjZmVKRzV0ZlJwUWRBWW9XeUp2a29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85YzBhN2UtOTk2My00YzBkLTk0YWMt
NDQ2ZDBhN2U5NDA0LzEvN2VoUnlhR25zTjlTYjBCalQteGtkQ1RyamU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85YzBhN2UtOTk2My00YzBkLTk0YWMtNDQ2ZDBhN2U5NDA0
LzEvYzlfdXFjZmVKRzV0ZlJwUWRBWW9XeUp2a29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuSkUAwQC
udT4AwQCue8YAwQCwTksAwQCwpK8MA0EAgACMAcDBQAqDNVAMA0GCSqGSIb3DQEB
CwUAA4IBAQBUYxnRYlx6sg/n2xILhDEJBYC3qEgvhzUeYvi7DQzqNl6NYWc+vrsg
fKHR4xSPhZrNwatdrqTHK8aj4aE/R+DH2owlcQQThUUBgp/rSTNYUgjZ5hI7C921
7Ej17nwUvYHNXkN2AhG+ddQh55oYpiPmOmz2pem1yVvLmSuh7lRY8RaA+tXtHAqh
j1LZUgsIsjoVtxJSGzTlfeqYlKLUvMw9bLCaMco8l5laK3XdusJGI0/FvKf4x9+1
OW/zx4b2NtYDr0Yc/rpzyN6CKQAxPUaZpc6WQL5HFPL21aTuHOptBKW3HMZktdMY
2lcOsa3zPSqj62HlNA4KbysnLtigRNqc
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:39 2023 by rpki-client on console.sobornost.net