Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/preXwF3ohS3v1-kvQGE2k9Qk_HQ.roa
File: preXwF3ohS3v1-kvQGE2k9Qk_HQ.roa (raw, json)
Hash identifier: A1RH8jhBTRIxCr51LFS401lErdBy17/KmOWE/82VICg=
Subject key identifier: A6:B7:97:C0:5D:E8:85:2D:EF:D7:E9:2F:40:61:36:93:D4:24:FC:74
Certificate issuer: /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial: 0186EADC2292C177571522FB2554F5556DF3
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/preXwF3ohS3v1-kvQGE2k9Qk_HQ.roa
Signing time: Thu 16 Mar 2023 14:39:00 +0000
ROA not before: Thu 16 Mar 2023 14:39:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58024
IP address blocks: 77.105.145.0/24 maxlen: 24
84.54.46.0/24 maxlen: 24
84.54.45.0/24 maxlen: 24
194.31.132.0/22 maxlen: 22
77.105.165.0/24 maxlen: 24
77.105.166.0/23 maxlen: 23
176.113.112.0/24 maxlen: 24
176.113.112.0/23 maxlen: 23
176.113.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ea:dc:22:92:c1:77:57:15:22:fb:25:54:f5:55:6d:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
Validity
Not Before: Mar 16 14:39:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a6b797c05de8852defd7e92f40613693d424fc74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:d6:56:ce:f5:a9:54:70:30:69:41:47:41:7d:
30:1e:77:f9:08:15:8f:5c:26:39:35:38:cb:bc:e9:
ba:eb:c9:5e:c9:fc:c5:72:3b:85:67:5a:eb:46:7b:
72:0f:f4:e5:71:39:88:31:10:73:93:c3:ba:2b:97:
cc:0d:7a:7d:5a:d3:22:63:ce:fa:5a:5d:27:14:ca:
79:e5:49:44:d7:99:06:73:d8:8b:c2:1b:6d:22:b2:
bb:bf:9a:ae:57:1c:33:9b:02:cd:83:9d:ac:0c:cb:
d3:78:4c:cb:fa:a1:69:64:65:3b:77:02:96:f9:65:
3c:30:16:6b:43:d7:90:b8:f0:98:78:52:3d:e3:4a:
26:e9:e2:cc:0c:62:d0:a8:10:48:87:52:02:fb:30:
12:35:a1:04:86:bd:b8:7d:fc:e1:8f:c0:2b:ce:14:
07:fa:25:c4:e0:2e:1c:c6:f7:8e:bc:12:89:3e:dd:
83:37:b7:ac:3e:50:21:48:2e:94:0e:18:c3:8f:e3:
41:ae:68:70:d4:87:ff:c5:1c:6a:b3:24:64:5d:e2:
f7:e7:e4:ba:71:ee:80:67:72:c2:a9:56:92:4b:7e:
07:0e:c9:4a:95:af:3f:f7:08:6d:12:05:65:c6:7f:
9d:ee:3f:e6:81:b5:6c:44:c8:69:7a:46:55:f6:e1:
5b:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:B7:97:C0:5D:E8:85:2D:EF:D7:E9:2F:40:61:36:93:D4:24:FC:74
X509v3 Authority Key Identifier:
keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/preXwF3ohS3v1-kvQGE2k9Qk_HQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.105.145.0/24
77.105.165.0-77.105.167.255
84.54.45.0-84.54.46.255
176.113.112.0/23
194.31.132.0/22
Signature Algorithm: sha256WithRSAEncryption
9a:2c:39:fc:b1:ad:31:dd:ea:35:03:ad:eb:a5:ee:d0:bb:98:
60:a7:69:54:a2:58:62:19:58:0f:ff:08:9d:41:ab:62:4d:ae:
ac:81:cd:c8:d0:03:bb:fe:33:65:62:f3:c4:d8:5f:d9:cb:a6:
e6:02:08:40:c0:2e:aa:85:b4:33:17:95:29:fb:8b:24:b4:5e:
c5:81:42:d7:5b:4c:73:3a:6f:f0:06:2e:b4:62:ab:cf:0e:7a:
0a:65:f4:6b:66:92:7f:fe:51:d7:45:ba:11:a5:12:8b:0e:f8:
28:82:83:fe:10:19:d9:7d:c7:3c:cf:75:3f:e9:fe:54:e0:6a:
02:3e:0c:df:6c:cd:20:7b:0f:8a:af:75:ca:4d:0b:9f:ae:24:
ee:4c:ad:dd:2e:cb:8a:c1:0c:6b:45:f7:95:14:37:d2:7e:18:
bf:c4:53:bb:25:ce:22:39:ef:01:5b:a2:b7:de:90:79:80:f4:
fa:01:e2:ba:4e:16:08:2d:ff:ae:87:37:8a:d9:c2:7e:c4:23:
bf:bc:90:e8:d8:96:51:a3:2a:ac:f9:3c:04:e4:83:c7:f8:58:
c3:0c:a4:89:17:60:18:dc:98:a6:d4:3e:08:9c:94:21:00:2a:
25:79:6c:c2:54:4e:83:ad:77:d0:30:3e:e3:1b:03:e5:ea:31:
91:09:69:f0
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYbq3CKSwXdXFSL7JVT1VW3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMw
MGM5YTQwHhcNMjMwMzE2MTQzOTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmI3OTdjMDVkZTg4NTJkZWZkN2U5MmY0MDYxMzY5M2Q0MjRmYzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdZWzvWpVHAwaUFHQX0wHnf5CBWP
XCY5NTjLvOm668leyfzFcjuFZ1rrRntyD/TlcTmIMRBzk8O6K5fMDXp9WtMiY876
Wl0nFMp55UlE15kGc9iLwhttIrK7v5quVxwzmwLNg52sDMvTeEzL+qFpZGU7dwKW
+WU8MBZrQ9eQuPCYeFI940om6eLMDGLQqBBIh1IC+zASNaEEhr24ffzhj8ArzhQH
+iXE4C4cxveOvBKJPt2DN7esPlAhSC6UDhjDj+NBrmhw1If/xRxqsyRkXeL35+S6
ce6AZ3LCqVaSS34HDslKla8/9whtEgVlxn+d7j/mgbVsRMhpekZV9uFbSQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFKa3l8Bd6IUt79fpL0BhNpPUJPx0MB8GA1UdIwQY
MBaAFNpwxEH7iSuMmBZTSIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMt
MTVmYzBiNjhmODQ0LzEvcHJlWHdGM29oUzN2MS1rdlFHRTJrOVFrX0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0
LzEvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQATWmRMAwD
BABNaaUDBANNaaAwDAMEAFQ2LQMEAFQ2LgMEAbBxcAMEAsIfhDANBgkqhkiG9w0B
AQsFAAOCAQEAmiw5/LGtMd3qNQOt66Xu0LuYYKdpVKJYYhlYD/8InUGrYk2urIHN
yNADu/4zZWLzxNhf2cum5gIIQMAuqoW0MxeVKfuLJLRexYFC11tMczpv8AYutGKr
zw56CmX0a2aSf/5R10W6EaUSiw74KIKD/hAZ2X3HPM91P+n+VOBqAj4M32zNIHsP
iq91yk0Ln64k7kyt3S7LisEMa0X3lRQ30n4Yv8RTuyXOIjnvAVuit96QeYD0+gHi
uk4WCC3/roc3itnCfsQjv7yQ6NiWUaMqrPk8BOSDx/hYwwykiRdgGNyYptQ+CJyU
IQAqJXlswlROg6130DA+4xsD5eoxkQlp8A==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:00 2023 by rpki-client on console-fra.rpki-client.org