Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/1ccbfd-a651-4c8e-9d60-ebbbb444286e/1/0ITgQQswCr4VfY0Fzb6qliRX2BI.roa
File: 0ITgQQswCr4VfY0Fzb6qliRX2BI.roa (raw, json)
Hash identifier: YQ2PBvi4dGVQB0mgktGDEvdkutIuP364Eve26CCu034=
Subject key identifier: D0:84:E0:41:0B:30:0A:BE:15:7D:8D:05:CD:BE:AA:96:24:57:D8:12
Certificate issuer: /CN=de5e36f159f576988fb4e51d4101bb85d0d0c983
Certificate serial: 0183C72ECD5F2FF383AFF882F71CD6484FB3
Authority key identifier: DE:5E:36:F1:59:F5:76:98:8F:B4:E5:1D:41:01:BB:85:D0:D0:C9:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3l428Vn1dpiPtOUdQQG7hdDQyYM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/1ccbfd-a651-4c8e-9d60-ebbbb444286e/1/0ITgQQswCr4VfY0Fzb6qliRX2BI.roa
Signing time: Tue 11 Oct 2022 13:14:36 +0000
ROA not before: Tue 11 Oct 2022 13:14:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39421
IP address blocks: 185.21.130.0/24 maxlen: 24
45.90.162.0/24 maxlen: 24
45.90.161.0/24 maxlen: 24
45.90.160.0/24 maxlen: 24
2a0c:8880::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:c7:2e:cd:5f:2f:f3:83:af:f8:82:f7:1c:d6:48:4f:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=de5e36f159f576988fb4e51d4101bb85d0d0c983
Validity
Not Before: Oct 11 13:14:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d084e0410b300abe157d8d05cdbeaa962457d812
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fb:e4:a8:b9:a5:54:61:46:72:22:41:1b:86:9e:
68:b8:a1:34:48:0c:f3:cd:1b:79:d8:be:a2:0d:a7:
b5:81:31:cb:51:05:c2:69:b0:38:c7:a2:48:d4:1e:
66:f8:0a:fb:7d:bf:b5:c2:01:a8:32:cf:21:f1:1b:
86:8f:ef:b9:ca:81:53:46:2e:65:0a:75:e3:aa:37:
f4:56:ce:cd:ab:fd:4f:b5:d7:4d:94:fb:dc:c2:28:
0e:01:6e:af:cc:73:aa:d8:4d:97:4d:98:f1:51:77:
09:8c:e1:1f:07:c0:d4:db:f9:84:22:8f:ca:30:99:
b7:f4:ca:e6:28:cc:ec:fc:60:51:c6:41:75:3b:ca:
0c:44:d1:07:d1:bc:5c:1c:94:37:af:07:d3:b3:5d:
12:0c:cc:2d:82:82:26:1e:23:6c:35:06:2f:c7:52:
6a:f0:87:06:14:a5:07:5d:bb:ee:cf:c7:43:a3:bc:
24:d2:7b:81:f2:70:e0:73:a2:f6:4f:3c:7e:29:90:
7f:17:c9:8d:10:a1:7f:d3:98:89:fc:1a:ed:f0:a0:
65:29:74:06:8a:db:75:2a:51:90:07:f3:66:36:94:
4c:db:d8:c5:1c:96:f4:b2:03:2a:b5:4b:b3:6c:0e:
ff:a5:b7:8e:a4:03:20:fb:b6:2b:4c:c8:e1:b0:5c:
7f:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:84:E0:41:0B:30:0A:BE:15:7D:8D:05:CD:BE:AA:96:24:57:D8:12
X509v3 Authority Key Identifier:
keyid:DE:5E:36:F1:59:F5:76:98:8F:B4:E5:1D:41:01:BB:85:D0:D0:C9:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3l428Vn1dpiPtOUdQQG7hdDQyYM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/1ccbfd-a651-4c8e-9d60-ebbbb444286e/1/0ITgQQswCr4VfY0Fzb6qliRX2BI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/1ccbfd-a651-4c8e-9d60-ebbbb444286e/1/3l428Vn1dpiPtOUdQQG7hdDQyYM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.160.0-45.90.162.255
185.21.130.0/24
IPv6:
2a0c:8880::/29
Signature Algorithm: sha256WithRSAEncryption
01:d6:3b:31:f3:08:9f:d6:29:d6:00:07:d7:7c:70:6b:3e:ed:
13:41:c4:9e:8f:a4:56:6b:3a:72:52:ca:c6:12:cf:f8:ce:29:
de:44:eb:e0:1e:47:b0:20:52:99:35:03:02:09:93:fe:f6:ef:
f6:2c:ad:ba:24:e0:97:86:c1:55:bf:f4:db:09:12:40:bd:68:
9c:1b:d8:d7:70:14:2a:8b:f5:e1:c6:4b:7d:72:46:92:37:58:
25:67:ca:7b:26:5a:aa:96:57:bd:11:c4:da:d4:84:30:3f:b4:
af:3e:f4:cc:bb:42:07:ac:c2:dd:09:f5:e9:ec:ae:9a:48:c0:
73:ee:99:36:ff:72:32:7b:87:2a:13:35:30:64:b9:e8:c4:ce:
71:8a:dc:a5:3c:bc:ab:eb:9e:cb:27:f1:ab:8a:50:24:75:f4:
c8:ca:38:ce:7c:c2:18:15:68:69:cb:6b:2c:75:df:37:20:8c:
cf:d9:50:f8:0d:75:c9:3a:b1:dd:08:68:8a:03:33:d0:60:66:
91:eb:73:70:64:96:16:04:c1:0f:16:8a:0d:90:a8:51:16:93:
0c:c2:9f:41:ac:1c:1f:4f:de:e7:7d:b9:d5:42:47:27:9f:f8:
a0:ef:c4:81:39:aa:01:93:a9:b1:ea:c5:36:b4:4e:05:33:47:
ed:56:5c:37
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYPHLs1fL/ODr/iC9xzWSE+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNWUzNmYxNTlmNTc2OTg4ZmI0ZTUxZDQxMDFiYjg1ZDBk
MGM5ODMwHhcNMjIxMDExMTMxNDM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDg0ZTA0MTBiMzAwYWJlMTU3ZDhkMDVjZGJlYWE5NjI0NTdkODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA++SouaVUYUZyIkEbhp5ouKE0SAzz
zRt52L6iDae1gTHLUQXCabA4x6JI1B5m+Ar7fb+1wgGoMs8h8RuGj++5yoFTRi5l
CnXjqjf0Vs7Nq/1PtddNlPvcwigOAW6vzHOq2E2XTZjxUXcJjOEfB8DU2/mEIo/K
MJm39MrmKMzs/GBRxkF1O8oMRNEH0bxcHJQ3rwfTs10SDMwtgoImHiNsNQYvx1Jq
8IcGFKUHXbvuz8dDo7wk0nuB8nDgc6L2Tzx+KZB/F8mNEKF/05iJ/Brt8KBlKXQG
itt1KlGQB/NmNpRM29jFHJb0sgMqtUuzbA7/pbeOpAMg+7YrTMjhsFx/iwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFNCE4EELMAq+FX2NBc2+qpYkV9gSMB8GA1UdIwQY
MBaAFN5eNvFZ9XaYj7TlHUEBu4XQ0MmDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2w0MjhWbjFkcGlQdE9VZFFRRzdoZERReVlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8xY2NiZmQtYTY1MS00YzhlLTlkNjAt
ZWJiYmI0NDQyODZlLzEvMElUZ1FRc3dDcjRWZlkwRnpiNnFsaVJYMkJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8xY2NiZmQtYTY1MS00YzhlLTlkNjAtZWJiYmI0NDQyODZl
LzEvM2w0MjhWbjFkcGlQdE9VZFFRRzdoZERReVlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAUtWqAD
BAAtWqIDBAC5FYIwDQQCAAIwBwMFAyoMiIAwDQYJKoZIhvcNAQELBQADggEBAAHW
OzHzCJ/WKdYAB9d8cGs+7RNBxJ6PpFZrOnJSysYSz/jOKd5E6+AeR7AgUpk1AwIJ
k/727/Ysrbok4JeGwVW/9NsJEkC9aJwb2NdwFCqL9eHGS31yRpI3WCVnynsmWqqW
V70RxNrUhDA/tK8+9My7Qgeswt0J9ensrppIwHPumTb/cjJ7hyoTNTBkuejEznGK
3KU8vKvrnssn8auKUCR19MjKOM58whgVaGnLayx13zcgjM/ZUPgNdck6sd0IaIoD
M9BgZpHrc3BklhYEwQ8Wig2QqFEWkwzCn0GsHB9P3ud9udVCRyef+KDvxIE5qgGT
qbHqxTa0TgUzR+1WXDc=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:34 2023 by rpki-client on console.sobornost.net