Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/U58RsbjGTirRjRuBz84VTJkQOxA.roa
File: U58RsbjGTirRjRuBz84VTJkQOxA.roa (raw, json)
Hash identifier: ASdUJJa9sVZcV/uS2CX53WiIWYSJVu+/aKOYr0V25iQ=
Subject key identifier: 53:9F:11:B1:B8:C6:4E:2A:D1:8D:1B:81:CF:CE:15:4C:99:10:3B:10
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 030020F1
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/U58RsbjGTirRjRuBz84VTJkQOxA.roa
Signing time: Mon 10 Jan 2022 15:33:15 +0000
ROA not before: Mon 10 Jan 2022 15:33:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212096
IP address blocks: 185.225.20.0/22 maxlen: 22
185.218.20.0/22 maxlen: 22
185.199.148.0/22 maxlen: 22
185.126.80.0/22 maxlen: 22
193.58.144.0/22 maxlen: 22
185.199.156.0/22 maxlen: 22
185.228.72.0/22 maxlen: 22
185.194.176.0/22 maxlen: 22
185.36.204.0/22 maxlen: 22
185.108.204.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 50340081 (0x30020f1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: Jan 10 15:33:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=539f11b1b8c64e2ad18d1b81cfce154c99103b10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:fa:14:7f:3a:22:3f:73:35:4e:7b:d8:13:7e:
a9:9c:58:d9:c1:8b:fe:df:21:bf:84:6c:02:a6:5d:
2e:31:a4:7f:c9:8f:d9:a4:33:b8:f2:ba:72:27:4f:
78:de:e3:17:35:0c:57:1b:bb:11:66:d0:50:16:6c:
45:8a:f0:c7:0f:08:6e:f7:d1:a4:7e:46:cf:3f:29:
02:da:61:ed:47:70:5e:f6:e5:04:b4:53:00:19:06:
4c:c7:56:eb:49:9b:69:18:99:a6:dc:9f:e3:b6:59:
0e:87:d8:c5:59:b1:dd:02:24:ed:59:81:13:e6:21:
94:f1:36:68:a4:a5:53:41:26:91:05:28:6f:93:27:
c2:cc:bd:5d:01:a0:4b:c1:69:07:61:4e:52:1e:91:
cc:5e:96:b5:a5:7e:ed:ae:1f:87:c3:7d:11:2d:3b:
6a:04:2d:21:b2:43:03:71:9a:0c:96:a0:f1:99:b8:
2f:76:51:3d:72:46:7c:42:65:cf:04:e9:60:88:e5:
d3:e3:4c:d3:9b:db:d0:23:98:93:8c:af:0c:82:5c:
5a:a3:f1:50:63:9b:30:95:e9:f6:09:db:fb:17:1b:
f6:5b:63:8b:1e:82:75:c2:00:09:3b:4a:11:17:b5:
03:fd:51:6d:bd:43:d6:b2:b0:0e:2f:ad:6c:5d:13:
41:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:9F:11:B1:B8:C6:4E:2A:D1:8D:1B:81:CF:CE:15:4C:99:10:3B:10
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/U58RsbjGTirRjRuBz84VTJkQOxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.36.204.0/22
185.108.204.0/22
185.126.80.0/22
185.194.176.0/22
185.199.148.0/22
185.199.156.0/22
185.218.20.0/22
185.225.20.0/22
185.228.72.0/22
193.58.144.0/22
Signature Algorithm: sha256WithRSAEncryption
64:cf:7b:48:5a:62:1c:c2:a4:c1:04:15:36:3f:ca:7e:18:60:
b7:b2:26:81:ab:ab:55:74:a8:1a:8a:97:5d:71:ff:63:2f:7b:
8f:cb:bc:3b:da:87:cd:53:73:6e:82:73:c8:57:88:15:e4:e5:
44:da:64:ff:3d:37:2e:bd:c8:1a:bc:54:82:fd:48:15:72:55:
ef:f0:27:0a:3b:30:b5:68:14:93:16:37:21:47:e7:a3:69:f7:
fa:1e:0e:99:13:3a:2c:09:30:56:87:ee:79:22:6c:16:1b:c0:
da:72:6c:74:80:d6:20:13:77:f7:5f:43:7d:5b:e2:02:f4:60:
86:de:fa:a0:d8:c9:ec:08:58:75:13:bc:17:ed:70:55:6d:6f:
6c:60:e8:27:d6:4c:3c:44:91:14:03:ee:f6:22:fd:1b:1e:66:
9d:92:de:31:63:5e:a8:b9:3c:49:b9:49:31:49:9e:5c:d9:83:
8f:5c:b1:b6:7a:f2:49:a2:60:f6:31:31:16:d2:70:07:27:eb:
c6:22:ab:d8:e4:b6:86:11:71:d3:af:d0:b3:d9:37:3f:74:15:
0e:2c:5d:7c:36:08:f0:7d:6d:ef:f7:fb:ce:f7:b9:b0:05:c3:
c1:d2:f5:ff:9d:e0:a4:31:3a:f3:de:79:79:0b:33:fc:5b:3c:
39:3d:5c:f1
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEAwAg8TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NjhiZmI4YTVlZWU0OTA4MmVhNjI4ZGYyNWE0YTVkNTBmM2FhOWIzMB4XDTIyMDEx
MDE1MzMxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTM5ZjExYjFiOGM2
NGUyYWQxOGQxYjgxY2ZjZTE1NGM5OTEwM2IxMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKf6FH86Ij9zNU572BN+qZxY2cGL/t8hv4RsAqZdLjGkf8mP
2aQzuPK6cidPeN7jFzUMVxu7EWbQUBZsRYrwxw8IbvfRpH5Gzz8pAtph7UdwXvbl
BLRTABkGTMdW60mbaRiZptyf47ZZDofYxVmx3QIk7VmBE+YhlPE2aKSlU0EmkQUo
b5Mnwsy9XQGgS8FpB2FOUh6RzF6WtaV+7a4fh8N9ES07agQtIbJDA3GaDJag8Zm4
L3ZRPXJGfEJlzwTpYIjl0+NM05vb0COYk4yvDIJcWqPxUGObMJXp9gnb+xcb9ltj
ix6CdcIACTtKERe1A/1Rbb1D1rKwDi+tbF0TQYECAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBRTnxGxuMZOKtGNG4HPzhVMmRA7EDAfBgNVHSMEGDAWgBQ2i/uKXu5JCC6m
KN8lpKXVDzqpszAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05vdjdpbDd1U1FndXBpamZKYVNsMVE4NnFiTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvYWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8x
L1U1OFJzYmpHVGlyUmpSdUJ6ODRWVEprUU94QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
YWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8xL05vdjdpbDd1U1Fn
dXBpamZKYVNsMVE4NnFiTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEArkkzAMEArlszAMEArl+UAMEArnC
sAMEArnHlAMEArnHnAMEArnaFAMEArnhFAMEArnkSAMEAsE6kDANBgkqhkiG9w0B
AQsFAAOCAQEAZM97SFpiHMKkwQQVNj/Kfhhgt7ImgaurVXSoGoqXXXH/Yy97j8u8
O9qHzVNzboJzyFeIFeTlRNpk/z03Lr3IGrxUgv1IFXJV7/AnCjswtWgUkxY3IUfn
o2n3+h4OmRM6LAkwVofueSJsFhvA2nJsdIDWIBN3919DfVviAvRght76oNjJ7AhY
dRO8F+1wVW1vbGDoJ9ZMPESRFAPu9iL9Gx5mnZLeMWNeqLk8SblJMUmeXNmDj1yx
tnrySaJg9jExFtJwByfrxiKr2OS2hhFx06/Qs9k3P3QVDixdfDYI8H1t7/f7zve5
sAXDwdL1/53gpDE68955eQsz/Fs8OT1c8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:13 2024 by rpki-client on console-fra.rpki-client.org