Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/lP23IPs7DtXsv-VxRAqen6lMyK0.roa
File: lP23IPs7DtXsv-VxRAqen6lMyK0.roa (raw, json)
Hash identifier: 3NFsJ34WNj/+svGI9oUBkjnSV26MJFqdAFAsNpBAFIc=
Subject key identifier: 94:FD:B7:20:FB:3B:0E:D5:EC:BF:E5:71:44:0A:9E:9F:A9:4C:C8:AD
Certificate issuer: /CN=b0fa0c7abc10796915e335ba19780e473e027969
Certificate serial: 020C9D64
Authority key identifier: B0:FA:0C:7A:BC:10:79:69:15:E3:35:BA:19:78:0E:47:3E:02:79:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sPoMerwQeWkV4zW6GXgORz4CeWk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/lP23IPs7DtXsv-VxRAqen6lMyK0.roa
Signing time: Sat 01 Jan 2022 04:56:40 +0000
ROA not before: Sat 01 Jan 2022 04:56:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 9211
IP address blocks: 213.238.32.0/20 maxlen: 24
213.238.48.0/21 maxlen: 24
212.12.32.0/20 maxlen: 24
212.12.56.0/21 maxlen: 24
2a00:ea8::/32 maxlen: 48
2a00:eab::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34381156 (0x20c9d64)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0fa0c7abc10796915e335ba19780e473e027969
Validity
Not Before: Jan 1 04:56:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=94fdb720fb3b0ed5ecbfe571440a9e9fa94cc8ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:60:68:7b:c5:3f:8d:a8:92:9c:95:84:48:46:
56:df:e9:5c:f8:e4:cd:99:60:28:ff:7a:30:fe:88:
c5:76:98:eb:ca:de:d6:8c:83:b5:33:e7:e6:79:eb:
33:86:8a:d4:2f:4e:aa:65:8a:f8:2a:d5:95:ad:7a:
3b:0b:93:64:34:c7:7d:53:96:da:d4:eb:73:d3:a7:
e6:6a:6a:f4:72:5e:c2:54:2a:d8:11:d4:02:cc:71:
a8:c8:52:0d:4a:f3:17:7e:ef:58:a5:66:23:c0:01:
ee:45:dc:1e:a1:e8:1f:f2:25:38:82:a6:ff:72:3f:
cf:01:01:c3:49:6d:6a:a8:fc:e4:8b:f9:5f:6a:43:
13:af:9b:f2:49:f7:16:f4:09:d9:3a:05:52:1f:bc:
b1:84:e2:ad:8b:b3:db:fd:d9:1f:6c:84:20:a5:a4:
2b:1e:b4:3c:45:d3:a1:c0:d6:09:95:ee:6d:a1:36:
f2:82:c7:6b:7b:ef:3e:47:61:94:62:9d:a6:75:b2:
04:b5:cc:b5:10:cd:26:b3:14:57:80:6b:51:ea:1c:
fa:b9:34:57:87:53:08:0b:36:57:5a:4a:c2:91:86:
58:44:e3:34:b5:15:5d:8a:bd:a3:c3:72:01:25:2f:
6a:6a:08:f7:29:f7:15:01:26:70:f9:e1:21:de:2c:
16:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:FD:B7:20:FB:3B:0E:D5:EC:BF:E5:71:44:0A:9E:9F:A9:4C:C8:AD
X509v3 Authority Key Identifier:
keyid:B0:FA:0C:7A:BC:10:79:69:15:E3:35:BA:19:78:0E:47:3E:02:79:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPoMerwQeWkV4zW6GXgORz4CeWk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/lP23IPs7DtXsv-VxRAqen6lMyK0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/sPoMerwQeWkV4zW6GXgORz4CeWk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.12.32.0/20
212.12.56.0/21
213.238.32.0-213.238.55.255
IPv6:
2a00:ea8::/32
2a00:eab::/32
Signature Algorithm: sha256WithRSAEncryption
3c:63:0b:16:e6:a4:31:88:33:0d:83:5a:cc:83:f8:78:ec:e4:
ea:6a:d3:62:c1:85:7c:5b:44:91:a7:e9:86:73:c7:7f:a8:13:
f8:d3:d6:fd:7a:4f:c5:58:de:23:ef:50:8e:c7:33:b2:d6:c6:
37:f0:09:7e:83:e5:2b:d7:1f:30:03:b2:3a:d4:9f:df:05:29:
9c:2d:ec:06:27:b3:9a:3e:0c:c9:dc:ab:80:38:b2:7d:1d:15:
7d:83:d8:c1:47:a8:93:de:7d:d1:72:e4:f7:fb:dc:a8:1e:d7:
c8:5d:e5:18:de:d8:4e:fd:19:72:ab:40:e3:85:5d:4f:48:05:
3a:56:75:e1:b6:2d:63:b2:c7:8e:5a:30:92:73:bd:22:25:46:
84:a8:ff:64:5c:2f:a5:bb:3f:66:b5:67:37:af:3b:ac:a8:29:
d6:e2:39:4e:10:5f:47:a9:74:f8:7c:6c:15:27:99:e1:39:72:
f4:b7:75:5e:69:78:63:7d:7c:65:e9:4d:3a:6d:0e:5c:70:b0:
8e:75:c6:99:bf:f3:92:41:57:50:e4:7f:4d:95:39:76:d5:4a:
81:6c:c0:46:4f:17:23:9b:b2:0f:0b:34:8c:0e:49:5a:d2:a8:
88:11:95:0a:d3:ea:d7:35:70:01:b8:cf:0c:15:df:a8:66:08:
bc:5d:5e:52
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEAgydZDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MGZhMGM3YWJjMTA3OTY5MTVlMzM1YmExOTc4MGU0NzNlMDI3OTY5MB4XDTIyMDEw
MTA0NTY0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTRmZGI3MjBmYjNi
MGVkNWVjYmZlNTcxNDQwYTllOWZhOTRjYzhhZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALdgaHvFP42okpyVhEhGVt/pXPjkzZlgKP96MP6IxXaY68re
1oyDtTPn5nnrM4aK1C9OqmWK+CrVla16OwuTZDTHfVOW2tTrc9On5mpq9HJewlQq
2BHUAsxxqMhSDUrzF37vWKVmI8AB7kXcHqHoH/IlOIKm/3I/zwEBw0ltaqj85Iv5
X2pDE6+b8kn3FvQJ2ToFUh+8sYTirYuz2/3ZH2yEIKWkKx60PEXTocDWCZXubaE2
8oLHa3vvPkdhlGKdpnWyBLXMtRDNJrMUV4BrUeoc+rk0V4dTCAs2V1pKwpGGWETj
NLUVXYq9o8NyASUvamoI9yn3FQEmcPnhId4sFlcCAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBSU/bcg+zsO1ey/5XFECp6fqUzIrTAfBgNVHSMEGDAWgBSw+gx6vBB5aRXj
NboZeA5HPgJ5aTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NQb01lcndRZVdrVjR6VzZHWGdPUno0Q2VXay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjAvOTc0NzQ5LTRkN2UtNDQ1MC05NzkzLWRmODU0ZjQ3YmFmNC8x
L2xQMjNJUHM3RHRYc3YtVnhSQXFlbjZsTXlLMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjAv
OTc0NzQ5LTRkN2UtNDQ1MC05NzkzLWRmODU0ZjQ3YmFmNC8xL3NQb01lcndRZVdr
VjR6VzZHWGdPUno0Q2VXay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwIAQCAAEwGgMEBNQMIAMEA9QMODAMAwQF1e4gAwQD
1e4wMBQEAgACMA4DBQAqAA6oAwUAKgAOqzANBgkqhkiG9w0BAQsFAAOCAQEAPGML
FuakMYgzDYNazIP4eOzk6mrTYsGFfFtEkafphnPHf6gT+NPW/XpPxVjeI+9Qjscz
stbGN/AJfoPlK9cfMAOyOtSf3wUpnC3sBiezmj4MydyrgDiyfR0VfYPYwUeok959
0XLk9/vcqB7XyF3lGN7YTv0ZcqtA44VdT0gFOlZ14bYtY7LHjlowknO9IiVGhKj/
ZFwvpbs/ZrVnN687rKgp1uI5ThBfR6l0+HxsFSeZ4Tly9Ld1Xml4Y318ZelNOm0O
XHCwjnXGmb/zkkFXUOR/TZU5dtVKgWzARk8XI5uyDws0jA5JWtKoiBGVCtPq1zVw
AbjPDBXfqGYIvF1eUg==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:49 2023 by rpki-client on console.sobornost.net