Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ReptCZJapOqfsnHCfpaCAZ_gs-I.roa
File: ReptCZJapOqfsnHCfpaCAZ_gs-I.roa (raw, json)
Hash identifier: n3K+ztk5mvOrAePrPB92W+cN5j0yf4rY7LXpcEBRN7w=
Subject key identifier: 45:EA:6D:09:92:5A:A4:EA:9F:B2:71:C2:7E:96:82:01:9F:E0:B3:E2
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 0183E59C5821A156BDED31D140032E34B9F2
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ReptCZJapOqfsnHCfpaCAZ_gs-I.roa
Signing time: Mon 17 Oct 2022 11:02:52 +0000
ROA not before: Mon 17 Oct 2022 11:02:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 185.225.21.0/24 maxlen: 24
185.218.21.0/24 maxlen: 24
185.218.23.0/24 maxlen: 24
185.228.75.0/24 maxlen: 24
185.214.109.0/24 maxlen: 24
185.194.177.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:e5:9c:58:21:a1:56:bd:ed:31:d1:40:03:2e:34:b9:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: Oct 17 11:02:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=45ea6d09925aa4ea9fb271c27e9682019fe0b3e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:37:a0:08:39:b0:06:05:3a:29:7e:0e:7a:0c:
33:2a:1f:db:be:8b:d2:9a:01:0c:6d:bd:f7:68:35:
7f:44:92:28:e5:1e:d6:e9:58:eb:67:0f:e5:d1:b0:
a1:97:c9:b0:3d:4a:b5:e1:e9:79:f1:ad:bc:05:38:
1c:0a:ac:d5:49:7f:c1:e7:e7:26:1a:62:08:37:d9:
76:6f:51:65:f9:ab:4c:b0:eb:dd:9d:73:37:e7:90:
f1:25:2a:75:78:b9:63:1d:d0:1f:bf:94:34:07:f6:
f3:41:89:41:8c:10:9b:c7:da:90:32:73:7f:19:46:
0b:ce:ba:bc:62:06:f3:86:e2:3f:e2:7b:50:60:b0:
67:bd:58:14:6f:42:a2:ff:fb:a2:5a:63:21:72:09:
ee:d4:e5:bc:19:70:e0:e1:d1:cc:ba:81:d7:61:94:
72:d0:07:25:2f:c3:b7:c7:4c:de:9f:c9:36:e6:77:
de:2a:df:15:93:24:1b:ed:03:c6:af:a8:83:80:b6:
15:86:1d:92:b3:fe:e3:f7:ff:14:8f:0a:7d:a4:72:
2d:3f:58:d5:bc:23:9d:74:1b:6f:bf:e8:be:b8:4e:
d4:52:48:43:47:93:cd:bb:9f:d8:f4:8a:01:f5:57:
04:d7:85:8f:f5:52:de:2c:c3:0e:0c:dc:ce:01:56:
fb:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:EA:6D:09:92:5A:A4:EA:9F:B2:71:C2:7E:96:82:01:9F:E0:B3:E2
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/ReptCZJapOqfsnHCfpaCAZ_gs-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.194.177.0/24
185.214.109.0/24
185.218.21.0/24
185.218.23.0/24
185.225.21.0/24
185.228.75.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:1b:f2:2b:02:a6:31:ab:95:31:75:ca:b6:da:7c:85:2f:e8:
1a:c7:29:f9:f3:c2:30:c0:ff:ea:df:60:9d:06:a6:31:7c:9a:
97:1b:80:dc:33:fd:a7:e8:e5:a2:7a:83:aa:81:13:0e:e5:e7:
ed:eb:29:48:e1:33:ce:76:9b:4e:de:ed:aa:df:18:f7:d4:3e:
15:02:91:9e:99:29:8d:3a:61:00:32:21:c2:b3:37:f8:9a:79:
f5:27:36:22:d6:7b:d9:73:b6:9d:e4:5c:a0:ac:4c:57:f7:c8:
67:ae:b7:25:0e:4f:f6:bb:70:c4:2c:18:82:c3:28:9e:9b:8a:
e1:f6:c9:16:ce:c0:f0:62:2a:59:5d:62:a0:a1:a5:d1:3d:bc:
f0:39:eb:c1:09:2a:ae:fe:2d:18:10:bd:38:9f:b5:38:dd:ee:
3a:fe:61:a0:f4:22:71:9c:ef:93:6d:d4:48:aa:e1:0a:48:71:
3b:c9:7f:b9:11:14:74:0b:a2:fa:8f:8a:f7:20:00:fd:f5:e7:
5c:9b:87:f6:aa:7d:32:e2:64:36:3f:af:90:0d:77:e0:13:da:
19:b3:98:a7:19:1f:bb:18:a1:8d:5a:e3:a0:58:4d:06:3b:65:
a9:26:fb:1f:db:f0:2d:66:50:8e:41:47:45:e0:1b:01:fa:b6:
bf:1f:b1:23
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYPlnFghoVa97THRQAMuNLnyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjIxMDE3MTEwMjUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWVhNmQwOTkyNWFhNGVhOWZiMjcxYzI3ZTk2ODIwMTlmZTBiM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDegCDmwBgU6KX4OegwzKh/bvovS
mgEMbb33aDV/RJIo5R7W6VjrZw/l0bChl8mwPUq14el58a28BTgcCqzVSX/B5+cm
GmIIN9l2b1Fl+atMsOvdnXM355DxJSp1eLljHdAfv5Q0B/bzQYlBjBCbx9qQMnN/
GUYLzrq8YgbzhuI/4ntQYLBnvVgUb0Ki//uiWmMhcgnu1OW8GXDg4dHMuoHXYZRy
0AclL8O3x0zen8k25nfeKt8VkyQb7QPGr6iDgLYVhh2Ss/7j9/8Ujwp9pHItP1jV
vCOddBtvv+i+uE7UUkhDR5PNu5/Y9IoB9VcE14WP9VLeLMMODNzOAVb7IwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFEXqbQmSWqTqn7Jxwn6WggGf4LPiMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvUmVwdENaSmFwT3Fmc25IQ2ZwYUNBWl9ncy1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAucKxAwQA
udZtAwQAudoVAwQAudoXAwQAueEVAwQAueRLMA0GCSqGSIb3DQEBCwUAA4IBAQCi
G/IrAqYxq5Uxdcq22nyFL+gaxyn588IwwP/q32CdBqYxfJqXG4DcM/2n6OWieoOq
gRMO5eft6ylI4TPOdptO3u2q3xj31D4VApGemSmNOmEAMiHCszf4mnn1JzYi1nvZ
c7ad5FygrExX98hnrrclDk/2u3DELBiCwyiem4rh9skWzsDwYipZXWKgoaXRPbzw
OevBCSqu/i0YEL04n7U43e46/mGg9CJxnO+TbdRIquEKSHE7yX+5ERR0C6L6j4r3
IAD99edcm4f2qn0y4mQ2P6+QDXfgE9oZs5inGR+7GKGNWuOgWE0GO2WpJvsf2/At
ZlCOQUdF4BsB+ra/H7Ej
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:13 2024 by rpki-client on console-fra.rpki-client.org