Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/9c0a7e-9963-4c0d-94ac-446d0a7e9404/1/Or_3JyVBfwAA1OqcLGUmvMrNNYo.roa
File: Or_3JyVBfwAA1OqcLGUmvMrNNYo.roa (raw, json)
Hash identifier: Y5blBq+ystnyTU6cgJl01/cNr2PXm0oUXZ0Of8nwWV8=
Subject key identifier: 3A:BF:F7:27:25:41:7F:00:00:D4:EA:9C:2C:65:26:BC:CA:CD:35:8A
Certificate issuer: /CN=73dfeea9c7de246e6d7d1a507406285b226f9286
Certificate serial: 01856D8AF126798E9259D8E44A61FDEECA8A
Authority key identifier: 73:DF:EE:A9:C7:DE:24:6E:6D:7D:1A:50:74:06:28:5B:22:6F:92:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/c9_uqcfeJG5tfRpQdAYoWyJvkoY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/9c0a7e-9963-4c0d-94ac-446d0a7e9404/1/Or_3JyVBfwAA1OqcLGUmvMrNNYo.roa
Signing time: Sun 01 Jan 2023 13:35:00 +0000
ROA not before: Sun 01 Jan 2023 13:35:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49223
IP address blocks: 185.41.22.0/24 maxlen: 24
193.57.44.0/23 maxlen: 24
185.212.250.0/24 maxlen: 24
185.239.27.0/24 maxlen: 24
185.239.26.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:8a:f1:26:79:8e:92:59:d8:e4:4a:61:fd:ee:ca:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=73dfeea9c7de246e6d7d1a507406285b226f9286
Validity
Not Before: Jan 1 13:35:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3abff72725417f0000d4ea9c2c6526bccacd358a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:b1:1d:c8:71:fd:6e:de:02:b4:3b:8b:8d:ff:
e5:9f:d1:6e:cc:98:83:d9:aa:0d:5d:e6:20:a8:c5:
58:44:06:f1:29:3a:ad:0e:15:e9:4a:8e:67:58:18:
53:be:82:04:3e:74:b0:c4:70:ab:36:7e:4c:60:4a:
16:a4:a6:41:ec:81:3c:ce:ac:e3:54:3f:ea:49:51:
ff:51:18:91:03:5c:4b:7e:b7:30:aa:99:b3:bd:99:
66:1f:19:62:20:ea:9a:3a:d2:fd:e8:d5:62:5d:b3:
07:be:7e:7c:78:33:49:6e:a3:83:ea:c4:a5:5b:45:
5f:31:63:ea:6b:57:54:3a:56:e1:40:bc:2c:7a:d1:
c0:a5:1e:24:6a:a1:d5:b6:3e:8b:32:55:ed:42:9b:
28:d9:e3:21:57:61:2f:20:e3:f8:cf:50:69:99:66:
56:08:d0:93:b8:f0:8c:50:0c:ab:b9:6f:b3:0a:55:
1b:9a:ef:a1:40:7a:19:62:5d:67:d4:11:3e:e0:27:
d4:87:88:21:5b:f7:24:36:b7:c0:1b:ca:34:fa:97:
e9:50:fe:f7:f5:d6:d8:a5:0f:fd:c9:c1:a0:93:4e:
14:92:65:ef:8a:c2:58:6d:54:1d:dc:6d:bc:da:25:
22:01:5e:f8:21:ef:4d:8e:14:80:ae:cb:a7:d8:50:
55:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:BF:F7:27:25:41:7F:00:00:D4:EA:9C:2C:65:26:BC:CA:CD:35:8A
X509v3 Authority Key Identifier:
keyid:73:DF:EE:A9:C7:DE:24:6E:6D:7D:1A:50:74:06:28:5B:22:6F:92:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9_uqcfeJG5tfRpQdAYoWyJvkoY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/9c0a7e-9963-4c0d-94ac-446d0a7e9404/1/Or_3JyVBfwAA1OqcLGUmvMrNNYo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/9c0a7e-9963-4c0d-94ac-446d0a7e9404/1/c9_uqcfeJG5tfRpQdAYoWyJvkoY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.41.22.0/24
185.212.250.0/24
185.239.26.0/23
193.57.44.0/23
Signature Algorithm: sha256WithRSAEncryption
28:12:96:98:ff:34:87:ab:b4:77:13:0d:8d:f0:a2:fd:ad:11:
bb:9f:64:de:45:78:05:62:03:48:f6:00:73:53:0f:90:f9:3c:
45:08:95:71:ce:b3:81:7e:06:03:3a:e6:13:c6:be:56:e1:57:
0a:ee:0f:62:f0:2a:51:b4:b3:62:18:ba:3a:96:db:38:e4:7b:
54:05:39:4d:2b:3c:3b:34:63:5c:54:e1:a7:63:d0:7c:ea:6d:
67:29:23:c2:81:0a:af:14:f8:15:92:62:50:a5:d8:9a:5b:56:
90:fd:d5:d6:6f:ef:a1:8a:b7:e5:da:0a:eb:1a:cc:98:db:48:
65:ef:02:ca:1d:a7:22:f5:99:e4:a5:e4:e7:c0:17:ba:3b:47:
1d:b4:cc:f1:f7:87:67:3d:e8:5a:ca:92:c7:11:38:fc:1e:ca:
15:24:0c:52:94:d9:d0:f1:03:f6:ad:8b:e7:46:35:15:ce:7a:
8b:dd:e8:ba:a4:aa:c2:27:f1:7c:8c:83:a0:91:e3:f6:48:8e:
9a:f0:88:b3:6a:73:30:61:84:8f:3e:76:eb:bc:47:9f:1b:37:
5f:72:ed:a1:0d:06:72:32:7d:9b:0a:dd:57:5f:78:11:7f:15:
6c:bc:36:18:bd:c2:98:b0:5e:9e:8c:cc:7e:12:a5:6b:c7:76:
86:c5:fd:ef
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVtivEmeY6SWdjkSmH97sqKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZGZlZWE5YzdkZTI0NmU2ZDdkMWE1MDc0MDYyODViMjI2
ZjkyODYwHhcNMjMwMTAxMTMzNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWJmZjcyNzI1NDE3ZjAwMDBkNGVhOWMyYzY1MjZiY2NhY2QzNThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibEdyHH9bt4CtDuLjf/ln9FuzJiD
2aoNXeYgqMVYRAbxKTqtDhXpSo5nWBhTvoIEPnSwxHCrNn5MYEoWpKZB7IE8zqzj
VD/qSVH/URiRA1xLfrcwqpmzvZlmHxliIOqaOtL96NViXbMHvn58eDNJbqOD6sSl
W0VfMWPqa1dUOlbhQLwsetHApR4kaqHVtj6LMlXtQpso2eMhV2EvIOP4z1BpmWZW
CNCTuPCMUAyruW+zClUbmu+hQHoZYl1n1BE+4CfUh4ghW/ckNrfAG8o0+pfpUP73
9dbYpQ/9ycGgk04UkmXvisJYbVQd3G282iUiAV74Ie9NjhSArsun2FBVOwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDq/9yclQX8AANTqnCxlJrzKzTWKMB8GA1UdIwQY
MBaAFHPf7qnH3iRubX0aUHQGKFsib5KGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzlfdXFjZmVKRzV0ZlJwUWRBWW9XeUp2a29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85YzBhN2UtOTk2My00YzBkLTk0YWMt
NDQ2ZDBhN2U5NDA0LzEvT3JfM0p5VkJmd0FBMU9xY0xHVW12TXJOTllvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85YzBhN2UtOTk2My00YzBkLTk0YWMtNDQ2ZDBhN2U5NDA0
LzEvYzlfdXFjZmVKRzV0ZlJwUWRBWW9XeUp2a29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuSkWAwQA
udT6AwQBue8aAwQBwTksMA0GCSqGSIb3DQEBCwUAA4IBAQAoEpaY/zSHq7R3Ew2N
8KL9rRG7n2TeRXgFYgNI9gBzUw+Q+TxFCJVxzrOBfgYDOuYTxr5W4VcK7g9i8CpR
tLNiGLo6lts45HtUBTlNKzw7NGNcVOGnY9B86m1nKSPCgQqvFPgVkmJQpdiaW1aQ
/dXWb++hirfl2grrGsyY20hl7wLKHaci9ZnkpeTnwBe6O0cdtMzx94dnPehaypLH
ETj8HsoVJAxSlNnQ8QP2rYvnRjUVznqL3ei6pKrCJ/F8jIOgkeP2SI6a8IizanMw
YYSPPnbrvEefGzdfcu2hDQZyMn2bCt1XX3gRfxVsvDYYvcKYsF6ejMx+EqVrx3aG
xf3v
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:39 2023 by rpki-client on console.sobornost.net