Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/ed8dxZdxq6DxsZQSsmRyVLeZ-fA.roa
File: ed8dxZdxq6DxsZQSsmRyVLeZ-fA.roa (raw, json)
Hash identifier: 2t0fTSAhVUW/KcLwPEJhnxjMuUIgFc3m5hLqim147F4=
Subject key identifier: 79:DF:1D:C5:97:71:AB:A0:F1:B1:94:12:B2:64:72:54:B7:99:F9:F0
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 0460B847
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/ed8dxZdxq6DxsZQSsmRyVLeZ-fA.roa
Signing time: Wed 25 May 2022 08:45:37 +0000
ROA not before: Wed 25 May 2022 08:45:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59854
IP address blocks: 89.35.173.0/24 maxlen: 24
93.119.227.0/24 maxlen: 24
37.156.33.0/24 maxlen: 24
37.156.32.0/23 maxlen: 24
37.156.32.0/24 maxlen: 24
188.215.36.0/24 maxlen: 24
128.0.46.0/23 maxlen: 23
188.214.142.0/24 maxlen: 24
185.171.185.0/24 maxlen: 24
185.171.184.0/24 maxlen: 24
185.171.187.0/24 maxlen: 24
77.81.164.0/23 maxlen: 23
86.105.187.0/24 maxlen: 24
89.40.21.0/24 maxlen: 24
86.105.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 73447495 (0x460b847)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: May 25 08:45:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=79df1dc59771aba0f1b19412b2647254b799f9f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:f0:e2:74:f6:91:6e:82:4a:67:e7:8d:e5:78:
5a:f6:ef:29:38:e5:6c:64:af:a3:66:15:44:e0:85:
da:32:63:52:08:21:3e:a5:7f:09:8b:63:28:50:39:
dc:a3:13:8e:75:e7:0e:96:c7:48:a9:77:1b:8c:83:
20:e2:07:79:51:bc:50:19:51:2d:17:07:9d:43:79:
02:2e:e0:3b:6e:f6:00:7f:30:e8:07:62:3e:40:1b:
14:3b:5a:00:55:7f:6f:6c:d5:88:03:05:5e:d3:89:
db:a3:36:d9:7d:c5:bf:a2:51:94:ce:fe:ef:4b:e8:
59:a9:49:a3:39:8d:76:23:44:34:60:4e:29:a0:63:
f6:3e:50:67:0f:77:9b:1b:9f:cd:13:37:fe:d4:95:
ff:d1:ed:dd:70:05:79:48:79:f5:c1:18:66:d0:36:
c5:3c:41:c7:ea:b4:5a:93:cc:12:2a:d4:41:ac:f2:
3b:6b:6c:b3:b9:33:11:d1:de:5f:96:f4:f2:21:dc:
07:8e:00:e4:38:d5:cb:b4:57:fd:3c:58:33:f6:c7:
73:40:1b:f2:f4:e2:eb:c9:e9:f8:54:27:8b:14:de:
25:39:22:9d:11:90:34:e4:15:7c:c4:2f:d1:9d:d7:
99:de:d0:c5:4c:a6:34:a5:6e:b4:63:36:3d:03:b7:
0e:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:DF:1D:C5:97:71:AB:A0:F1:B1:94:12:B2:64:72:54:B7:99:F9:F0
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/ed8dxZdxq6DxsZQSsmRyVLeZ-fA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.32.0/23
77.81.164.0/23
86.105.187.0/24
86.105.215.0/24
89.35.173.0/24
89.40.21.0/24
93.119.227.0/24
128.0.46.0/23
185.171.184.0/23
185.171.187.0/24
188.214.142.0/24
188.215.36.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:76:a9:f3:45:1e:05:c7:a5:29:5c:c8:cf:5d:5c:f9:f1:0f:
2d:05:59:70:c7:9d:9e:20:0d:79:90:ae:85:9b:38:aa:c9:66:
ae:a4:19:e7:90:65:f2:69:53:53:6a:ad:ff:6b:36:d5:74:b9:
81:bb:fb:ce:9a:11:3b:8b:6d:6b:2c:de:c4:e5:d9:ef:94:62:
3c:93:fc:47:5c:fc:d5:69:a5:68:e6:ed:bf:10:a2:8d:d7:8a:
8d:66:bf:48:a6:f2:d7:88:a6:ec:73:86:27:08:35:92:6e:43:
a5:f2:81:a2:8e:0b:5c:93:0f:10:10:32:cb:03:ea:8d:58:f9:
81:9a:b9:0c:39:ed:bb:84:38:c0:b8:bc:2f:25:86:92:85:8a:
2c:1e:11:6f:a0:dc:f7:c5:fd:f5:ec:09:76:70:b2:97:c5:1b:
f8:a7:81:01:65:a7:e6:3d:cf:e8:e6:3c:02:52:67:30:19:3c:
01:a2:0f:06:bc:d5:f7:21:1c:ff:87:6d:ee:20:59:a3:5a:2e:
a0:86:77:41:ba:79:b3:28:e5:40:29:f9:47:67:55:c9:96:bf:
60:ac:7a:86:9d:44:c3:81:10:06:20:46:59:a2:77:00:c8:45:
87:e7:4c:9b:73:7c:f6:44:af:c5:45:7d:14:36:4d:0c:84:c3:
a8:b4:54:64
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIEBGC4RzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MDhhZjQ4NWI0ZmQwZjAzNzE3Y2Q0YTcwOWVmMTFjNjFkM2VmNDZlMB4XDTIyMDUy
NTA4NDUzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzlkZjFkYzU5Nzcx
YWJhMGYxYjE5NDEyYjI2NDcyNTRiNzk5ZjlmMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJnw4nT2kW6CSmfnjeV4WvbvKTjlbGSvo2YVROCF2jJjUggh
PqV/CYtjKFA53KMTjnXnDpbHSKl3G4yDIOIHeVG8UBlRLRcHnUN5Ai7gO272AH8w
6AdiPkAbFDtaAFV/b2zViAMFXtOJ26M22X3Fv6JRlM7+70voWalJozmNdiNENGBO
KaBj9j5QZw93mxufzRM3/tSV/9Ht3XAFeUh59cEYZtA2xTxBx+q0WpPMEirUQazy
O2tss7kzEdHeX5b08iHcB44A5DjVy7RX/TxYM/bHc0Ab8vTi68np+FQnixTeJTki
nRGQNOQVfMQv0Z3Xmd7QxUymNKVutGM2PQO3DisCAwEAAaOCAkswggJHMB0GA1Ud
DgQWBBR53x3Fl3GroPGxlBKyZHJUt5n58DAfBgNVHSMEGDAWgBRAivSFtP0PA3F8
1KcJ7xHGHT70bjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FJcjBoYlQ5RHdOeGZOU25DZThSeGgwLTlHNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8x
L2VkOGR4WmR4cTZEeHNaUVNzbVJ5VkxlWi1mQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
ZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8xL1FJcjBoYlQ5RHdO
eGZOU25DZThSeGgwLTlHNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBh
BggrBgEFBQcBBwEB/wRSMFAwTgQCAAEwSAMEASWcIAMEAU1RpAMEAFZpuwMEAFZp
1wMEAFkjrQMEAFkoFQMEAF134wMEAYAALgMEAbmruAMEALmruwMEALzWjgMEALzX
JDANBgkqhkiG9w0BAQsFAAOCAQEAmnap80UeBcelKVzIz11c+fEPLQVZcMedniAN
eZCuhZs4qslmrqQZ55Bl8mlTU2qt/2s21XS5gbv7zpoRO4ttayzexOXZ75RiPJP8
R1z81WmlaObtvxCijdeKjWa/SKby14im7HOGJwg1km5DpfKBoo4LXJMPEBAyywPq
jVj5gZq5DDntu4Q4wLi8LyWGkoWKLB4Rb6Dc98X99ewJdnCyl8Ub+KeBAWWn5j3P
6OY8AlJnMBk8AaIPBrzV9yEc/4dt7iBZo1ouoIZ3Qbp5syjlQCn5R2dVyZa/YKx6
hp1Ew4EQBiBGWaJ3AMhFh+dMm3N89kSvxUV9FDZNDITDqLRUZA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:36 2023 by rpki-client on console-fra.rpki-client.org