Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/rbleYSX9NQGaO3sRstWR0EmPYN0.roa
File: rbleYSX9NQGaO3sRstWR0EmPYN0.roa (raw, json)
Hash identifier: E+7umR+sF3PeiAgtqmB07yAVUz7YTulYdmscnlDdqdk=
Subject key identifier: AD:B9:5E:61:25:FD:35:01:9A:3B:7B:11:B2:D5:91:D0:49:8F:60:DD
Certificate issuer: /CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
Certificate serial: 01856E82026E305A5C4F0612C38777BED9DE
Authority key identifier: C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/rbleYSX9NQGaO3sRstWR0EmPYN0.roa
Signing time: Sun 01 Jan 2023 18:04:52 +0000
ROA not before: Sun 01 Jan 2023 18:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51942
IP address blocks: 185.225.24.0/22 maxlen: 22
185.133.36.0/22 maxlen: 22
81.173.44.0/22 maxlen: 22
91.221.150.0/23 maxlen: 23
2001:67c:16b4::/48 maxlen: 48
2a06:21c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:82:02:6e:30:5a:5c:4f:06:12:c3:87:77:be:d9:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
Validity
Not Before: Jan 1 18:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=adb95e6125fd35019a3b7b11b2d591d0498f60dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:eb:d8:d4:1c:da:37:85:31:a2:b8:05:08:f6:
e6:4e:20:ba:1d:bc:d1:e7:d7:c6:26:ec:7d:78:5b:
bb:f7:52:04:58:51:c5:3b:1e:eb:13:b9:1b:94:e0:
c8:03:6b:31:48:32:67:13:70:5f:3b:16:d2:ff:f5:
66:87:91:37:cf:c7:12:72:fd:25:27:f4:5e:26:b2:
15:f1:3c:97:fe:2c:91:6b:d3:92:64:04:51:0b:c5:
18:3b:ad:99:00:97:d6:c5:7a:e1:e0:9e:a6:8a:ea:
8a:9e:7b:a5:e2:1f:2f:68:c7:28:32:db:00:cc:b4:
a4:a1:0e:d2:bd:16:a4:b6:fe:8a:9d:26:a8:cc:7b:
71:8c:f5:40:c9:5a:ab:c3:7d:c1:4d:17:57:81:f2:
a4:60:2c:e3:a3:c1:05:6b:f2:e4:88:2d:38:c7:d7:
9a:65:cf:2d:e9:9c:a0:4f:a8:ca:cd:6a:8e:1c:09:
f7:2f:39:66:2c:2e:1c:c0:2b:56:be:38:82:23:8a:
a9:12:f0:c2:23:2d:28:17:af:b2:ea:88:e1:dc:be:
fe:56:81:c9:6f:0d:45:63:99:55:99:ed:67:d4:4d:
68:46:e6:b9:76:a0:48:17:55:9f:97:ef:4b:47:84:
92:5a:15:a5:2b:3c:6e:84:a2:12:af:84:f6:27:e7:
3e:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:B9:5E:61:25:FD:35:01:9A:3B:7B:11:B2:D5:91:D0:49:8F:60:DD
X509v3 Authority Key Identifier:
keyid:C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/rbleYSX9NQGaO3sRstWR0EmPYN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.173.44.0/22
91.221.150.0/23
185.133.36.0/22
185.225.24.0/22
IPv6:
2001:67c:16b4::/48
2a06:21c0::/29
Signature Algorithm: sha256WithRSAEncryption
02:4b:2a:d5:d2:67:03:a8:a3:e5:ed:50:49:96:bc:74:82:56:
8e:a2:02:4b:2a:56:2d:cd:d1:aa:1d:13:d7:49:17:9c:d4:fc:
a7:14:7a:a0:af:20:1e:d3:bf:cd:9f:6b:af:7c:0d:2a:b8:23:
57:2f:71:78:25:a4:ac:c5:88:b6:97:18:5c:cc:d2:43:42:21:
39:5b:1c:7c:8f:56:4a:15:8c:aa:d6:29:2a:2a:ad:b1:8a:14:
91:52:14:88:b3:ce:8e:cc:0d:cc:b0:9d:8b:17:c9:c0:1c:04:
b6:fd:84:3f:a4:f4:54:5b:c9:1d:d2:1a:1b:b2:6f:7f:eb:6b:
f7:fa:92:93:65:15:00:ee:2a:54:e5:87:df:4c:20:5c:49:55:
5e:67:f0:69:08:76:71:35:00:ad:bf:99:36:34:ac:7e:81:02:
9e:c6:2b:1a:30:db:58:5f:e6:34:48:0c:49:4c:0e:a8:d8:db:
49:16:ea:17:4a:a6:82:8d:af:3a:ec:e8:66:2e:9e:1f:d6:8a:
98:9a:ee:14:0d:d5:de:9e:4b:fb:15:cd:53:ad:8d:b5:6b:d9:
fa:4b:24:9a:92:45:df:df:4c:c5:83:be:7b:4c:49:b3:08:94:
db:75:61:54:b4:f7:1a:b8:53:b5:24:c4:33:3e:18:21:bb:53:
79:ed:65:f2
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVuggJuMFpcTwYSw4d3vtneMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NzcwMTM1ZDBmMGQzMGE4NjhkZjU1MWQ4NzUyZDRiNGJh
ZGMyYzEwHhcNMjMwMTAxMTgwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGI5NWU2MTI1ZmQzNTAxOWEzYjdiMTFiMmQ1OTFkMDQ5OGY2MGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuvY1BzaN4UxorgFCPbmTiC6HbzR
59fGJux9eFu791IEWFHFOx7rE7kblODIA2sxSDJnE3BfOxbS//Vmh5E3z8cScv0l
J/ReJrIV8TyX/iyRa9OSZARRC8UYO62ZAJfWxXrh4J6miuqKnnul4h8vaMcoMtsA
zLSkoQ7SvRaktv6KnSaozHtxjPVAyVqrw33BTRdXgfKkYCzjo8EFa/LkiC04x9ea
Zc8t6ZygT6jKzWqOHAn3LzlmLC4cwCtWvjiCI4qpEvDCIy0oF6+y6ojh3L7+VoHJ
bw1FY5lVme1n1E1oRua5dqBIF1Wfl+9LR4SSWhWlKzxuhKISr4T2J+c+6QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFK25XmEl/TUBmjt7EbLVkdBJj2DdMB8GA1UdIwQY
MBaAFMd3ATXQ8NMKho31Udh1LUtLrcLBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNjQk5kRHcwd3FHamZWUjJIVXRTMHV0d3NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9iOTcwNzAtYzVmNC00NDEwLTk0YjUt
ZDY0ZDc1Mzk0MDM3LzEvcmJsZVlTWDlOUUdhTzNzUnN0V1IwRW1QWU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9iOTcwNzAtYzVmNC00NDEwLTk0YjUtZDY0ZDc1Mzk0MDM3
LzEveDNjQk5kRHcwd3FHamZWUjJIVXRTMHV0d3NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQCUa0sAwQB
W92WAwQCuYUkAwQCueEYMBYEAgACMBADBwAgAQZ8FrQDBQMqBiHAMA0GCSqGSIb3
DQEBCwUAA4IBAQACSyrV0mcDqKPl7VBJlrx0glaOogJLKlYtzdGqHRPXSRec1Pyn
FHqgryAe07/Nn2uvfA0quCNXL3F4JaSsxYi2lxhczNJDQiE5Wxx8j1ZKFYyq1ikq
Kq2xihSRUhSIs86OzA3MsJ2LF8nAHAS2/YQ/pPRUW8kd0hobsm9/62v3+pKTZRUA
7ipU5YffTCBcSVVeZ/BpCHZxNQCtv5k2NKx+gQKexisaMNtYX+Y0SAxJTA6o2NtJ
FuoXSqaCja867OhmLp4f1oqYmu4UDdXenkv7Fc1TrY21a9n6SySakkXf30zFg757
TEmzCJTbdWFUtPcauFO1JMQzPhghu1N57WXy
-----END CERTIFICATE-----
Generated at Tue Nov 14 13:39:11 2023 by rpki-client on console-fra.rpki-client.org