Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/NK7iVK2lctOx7szhldEfZHkas8M.roa
File: NK7iVK2lctOx7szhldEfZHkas8M.roa (raw, json)
Hash identifier: DpPreKC3ZeXLwpB4V27j3PmuIo2dm80b4dNwiTkryoM=
Subject key identifier: 34:AE:E2:54:AD:A5:72:D3:B1:EE:CC:E1:95:D1:1F:64:79:1A:B3:C3
Certificate issuer: /CN=add9207994ba9c7d91ea7e479fefd1b8099f62ce
Certificate serial: 0184067E9C9A487874DEF96EFD4119FE2223
Authority key identifier: AD:D9:20:79:94:BA:9C:7D:91:EA:7E:47:9F:EF:D1:B8:09:9F:62:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/NK7iVK2lctOx7szhldEfZHkas8M.roa
Signing time: Sun 23 Oct 2022 20:17:51 +0000
ROA not before: Sun 23 Oct 2022 20:17:51 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8400
IP address blocks: 185.125.176.0/23 maxlen: 23
212.57.40.0/21 maxlen: 21
93.92.248.0/21 maxlen: 21
37.35.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:06:7e:9c:9a:48:78:74:de:f9:6e:fd:41:19:fe:22:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add9207994ba9c7d91ea7e479fefd1b8099f62ce
Validity
Not Before: Oct 23 20:17:51 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=34aee254ada572d3b1eecce195d11f64791ab3c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:5f:13:35:f5:aa:33:3c:f0:cb:c2:d0:2b:53:
6f:06:b0:6e:e9:38:4d:3f:f8:b8:ae:a4:af:bc:ef:
06:a3:f1:4c:68:06:72:a0:f8:2a:c6:c5:e7:92:ea:
3c:89:07:79:bd:46:46:cf:ce:c1:88:37:86:ed:e7:
0a:5d:6a:9a:98:07:ec:36:f8:46:80:21:f5:5f:c0:
26:cc:ba:2f:2a:20:8c:70:ce:66:e0:d0:78:db:f9:
e6:21:2d:90:9d:ee:bd:32:8f:f6:86:17:5d:22:9b:
44:0e:43:2d:cd:0e:f5:a6:fb:e5:19:d9:28:5f:cc:
8a:7a:1f:59:1f:6b:97:3c:72:19:df:15:d8:bc:e6:
c5:90:eb:fb:f4:15:2b:32:37:29:83:88:2e:21:23:
da:24:15:e8:49:a4:8a:4e:a6:c1:1e:1b:ee:e2:d6:
3a:65:bd:c1:4c:f1:77:7d:0b:8e:39:b8:73:94:13:
ab:08:79:cb:7b:98:63:dc:a0:7d:4c:37:60:a7:0f:
42:1d:dc:4b:7c:04:e7:a0:5d:dd:58:4c:8e:16:1d:
7c:3c:fc:b9:6a:30:37:f3:cb:a8:5d:75:29:70:27:
66:02:c5:e1:44:aa:27:76:72:7e:68:3b:92:1d:be:
74:49:f8:c7:31:ca:24:f2:42:cf:1b:0a:55:99:dc:
62:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:AE:E2:54:AD:A5:72:D3:B1:EE:CC:E1:95:D1:1F:64:79:1A:B3:C3
X509v3 Authority Key Identifier:
keyid:AD:D9:20:79:94:BA:9C:7D:91:EA:7E:47:9F:EF:D1:B8:09:9F:62:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/NK7iVK2lctOx7szhldEfZHkas8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.35.8.0/21
93.92.248.0/21
185.125.176.0/23
212.57.40.0/21
Signature Algorithm: sha256WithRSAEncryption
58:8f:4a:30:86:52:ff:c5:3e:fc:ac:2f:d9:07:d6:84:ca:e1:
c4:ce:92:7c:85:e6:f8:b4:80:f1:2f:60:ed:6c:1e:12:b4:8b:
99:49:62:4c:a9:70:f4:5e:bd:e2:88:1c:92:ce:03:f4:d3:8b:
48:b0:11:8c:4f:28:24:19:85:72:b5:51:36:98:5c:96:a1:a8:
73:23:c5:83:2a:3e:c7:09:c7:2c:b9:ed:65:82:c0:4a:c0:61:
d6:bd:59:e6:82:95:ea:4a:d7:b7:91:9e:a5:a3:a9:cd:37:89:
9c:fb:1e:b1:4d:15:27:d8:df:93:e7:0c:fc:cc:c5:28:b8:c8:
88:99:56:ef:2f:99:81:0a:29:7e:dc:65:b4:24:8a:0f:fb:8e:
0c:74:eb:a3:9b:17:32:fd:8a:33:a2:db:24:6d:30:a5:cc:64:
a6:34:a4:65:ab:f0:d9:32:19:34:c9:01:27:fa:ad:43:38:0b:
01:cf:e7:4b:55:fe:d4:fa:31:78:53:36:e9:f8:a3:e9:1f:20:
ab:e8:70:62:6a:36:39:b1:60:2f:bd:25:99:d6:a0:43:20:b8:
5c:27:f0:4b:d7:88:c6:93:0e:8b:d0:e8:34:49:f3:4e:88:c7:
8a:50:cf:56:2f:e7:0b:37:d3:64:01:51:9f:1c:61:db:de:e7:
65:e2:22:5e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYQGfpyaSHh03vlu/UEZ/iIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDkyMDc5OTRiYTljN2Q5MWVhN2U0NzlmZWZkMWI4MDk5
ZjYyY2UwHhcNMjIxMDIzMjAxNzUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFlZTI1NGFkYTU3MmQzYjFlZWNjZTE5NWQxMWY2NDc5MWFiM2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtV8TNfWqMzzwy8LQK1NvBrBu6ThN
P/i4rqSvvO8Go/FMaAZyoPgqxsXnkuo8iQd5vUZGz87BiDeG7ecKXWqamAfsNvhG
gCH1X8AmzLovKiCMcM5m4NB42/nmIS2Qne69Mo/2hhddIptEDkMtzQ71pvvlGdko
X8yKeh9ZH2uXPHIZ3xXYvObFkOv79BUrMjcpg4guISPaJBXoSaSKTqbBHhvu4tY6
Zb3BTPF3fQuOObhzlBOrCHnLe5hj3KB9TDdgpw9CHdxLfATnoF3dWEyOFh18PPy5
ajA388uoXXUpcCdmAsXhRKondnJ+aDuSHb50SfjHMcok8kLPGwpVmdxi9QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDSu4lStpXLTse7M4ZXRH2R5GrPDMB8GA1UdIwQY
MBaAFK3ZIHmUupx9kep+R5/v0bgJn2LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmRrZ2VaUzZuSDJSNm41SG4tX1J1QW1mWXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80N2E5YzktZDQ1Ny00NTc5LWIyYjAt
ZTUyMTI1NzRmOWVjLzEvTks3aVZLMmxjdE94N3N6aGxkRWZaSGthczhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80N2E5YzktZDQ1Ny00NTc5LWIyYjAtZTUyMTI1NzRmOWVj
LzEvcmRrZ2VaUzZuSDJSNm41SG4tX1J1QW1mWXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDJSMIAwQD
XVz4AwQBuX2wAwQD1DkoMA0GCSqGSIb3DQEBCwUAA4IBAQBYj0owhlL/xT78rC/Z
B9aEyuHEzpJ8heb4tIDxL2DtbB4StIuZSWJMqXD0Xr3iiBySzgP004tIsBGMTygk
GYVytVE2mFyWoahzI8WDKj7HCccsue1lgsBKwGHWvVnmgpXqSte3kZ6lo6nNN4mc
+x6xTRUn2N+T5wz8zMUouMiImVbvL5mBCil+3GW0JIoP+44MdOujmxcy/Yozotsk
bTClzGSmNKRlq/DZMhk0yQEn+q1DOAsBz+dLVf7U+jF4Uzbp+KPpHyCr6HBiajY5
sWAvvSWZ1qBDILhcJ/BL14jGkw6L0Og0SfNOiMeKUM9WL+cLN9NkAVGfHGHb3udl
4iJe
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:54 2023 by rpki-client on console.sobornost.net