Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/t2xzSjbms0O2fFc-8l_t0vxl9z4.roa
File: t2xzSjbms0O2fFc-8l_t0vxl9z4.roa (raw, json)
Hash identifier: 7d7VKVbZrVd/yHe5wrbd4xtdaW3YtEbt15osiWKwFXc=
Subject key identifier: B7:6C:73:4A:36:E6:B3:43:B6:7C:57:3E:F2:5F:ED:D2:FC:65:F7:3E
Certificate issuer: /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial: 018752E94E44DC0E081436E24B64B96F9E03
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/t2xzSjbms0O2fFc-8l_t0vxl9z4.roa
Signing time: Wed 05 Apr 2023 19:33:54 +0000
ROA not before: Wed 05 Apr 2023 19:33:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58024
IP address blocks: 77.105.145.0/24 maxlen: 24
84.54.46.0/24 maxlen: 24
84.54.45.0/24 maxlen: 24
77.105.165.0/24 maxlen: 24
176.113.112.0/24 maxlen: 24
176.113.112.0/23 maxlen: 23
176.113.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:52:e9:4e:44:dc:0e:08:14:36:e2:4b:64:b9:6f:9e:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
Validity
Not Before: Apr 5 19:33:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b76c734a36e6b343b67c573ef25fedd2fc65f73e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:02:d8:f5:c3:7d:d8:71:ad:27:46:25:95:be:
73:08:ff:a2:f9:f9:d1:98:a0:a8:f4:a6:96:b1:3b:
a0:b8:41:6b:0e:17:21:60:4a:f3:86:84:a4:db:24:
00:72:5e:a7:0c:ee:27:40:49:5d:7b:f6:1b:6d:27:
20:73:7c:a5:4f:22:84:d0:e1:eb:4b:b3:c7:b7:a7:
e3:6d:11:d6:69:6f:cc:41:57:d8:42:48:e2:2a:09:
93:c6:72:5c:0f:29:63:6d:70:c3:c1:7d:2d:37:4a:
58:d3:1b:c2:19:1d:21:d5:a3:da:ee:0e:2d:23:a2:
5a:42:f9:3e:a7:b1:e9:45:d7:5d:1e:50:63:5f:10:
8d:48:09:66:13:8b:a5:72:6f:f0:50:a9:a2:d5:e4:
82:98:77:bc:88:39:2e:12:a7:4e:b4:c3:a4:d1:12:
1f:da:f5:3e:ef:53:07:1f:b9:5b:a4:7c:b7:61:fd:
36:23:92:9d:64:f4:00:b6:76:68:e5:48:d8:1a:27:
6a:cd:c9:f2:a7:5d:6b:8b:66:ab:f3:5b:09:42:35:
7c:97:ac:85:c9:28:d1:b5:df:f9:39:66:5c:a6:bf:
e6:9b:82:bb:48:07:40:41:9c:75:45:8c:0e:70:85:
65:5e:f8:2b:74:fc:56:e8:6b:ca:4f:8e:a3:5a:26:
81:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:6C:73:4A:36:E6:B3:43:B6:7C:57:3E:F2:5F:ED:D2:FC:65:F7:3E
X509v3 Authority Key Identifier:
keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/t2xzSjbms0O2fFc-8l_t0vxl9z4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.105.145.0/24
77.105.165.0/24
84.54.45.0-84.54.46.255
176.113.112.0/23
Signature Algorithm: sha256WithRSAEncryption
2d:ae:05:4c:c1:19:c2:11:e0:a9:75:81:cd:2d:d0:47:50:a8:
1a:1c:77:7e:25:c1:5d:28:8c:34:6e:05:16:07:f5:9f:94:77:
b8:03:06:5e:ad:c3:f1:31:73:90:e1:38:a9:a8:31:f9:f2:15:
cc:3b:9e:58:ce:97:d5:3d:e0:fa:77:cd:0b:4b:ab:3c:97:50:
18:d9:3c:6f:c3:22:5c:82:6c:8d:51:c3:6a:72:5b:17:9d:b9:
59:9d:a5:c2:4b:96:82:aa:70:0b:45:2a:db:ad:b8:88:d9:e6:
dd:60:ef:0d:24:00:74:77:5f:6c:06:1a:bf:24:39:d0:af:94:
cc:cf:61:73:77:8d:8b:99:e5:6b:66:36:67:01:ea:33:ed:60:
13:fc:26:a2:0e:8d:b9:7a:39:c8:09:f4:de:8e:4e:0b:e0:4d:
e2:12:b7:65:bd:8b:71:d1:ae:90:3e:0f:e2:15:f6:3f:64:5e:
87:bb:52:13:ce:65:01:4d:ab:be:82:ea:13:52:d0:a2:bf:e6:
c6:ca:4d:23:02:f7:54:78:38:bf:f8:1b:02:ac:ee:a5:01:7a:
eb:bd:7d:cb:12:85:79:50:e2:ad:9d:b5:67:fd:dd:15:5c:3b:
fb:92:3e:8a:82:73:35:bd:cb:5e:24:0a:c2:d1:08:22:28:a3:
59:e1:49:56
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYdS6U5E3A4IFDbiS2S5b54DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMw
MGM5YTQwHhcNMjMwNDA1MTkzMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZjNzM0YTM2ZTZiMzQzYjY3YzU3M2VmMjVmZWRkMmZjNjVmNzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjALY9cN92HGtJ0Yllb5zCP+i+fnR
mKCo9KaWsTuguEFrDhchYErzhoSk2yQAcl6nDO4nQElde/YbbScgc3ylTyKE0OHr
S7PHt6fjbRHWaW/MQVfYQkjiKgmTxnJcDyljbXDDwX0tN0pY0xvCGR0h1aPa7g4t
I6JaQvk+p7HpRdddHlBjXxCNSAlmE4ulcm/wUKmi1eSCmHe8iDkuEqdOtMOk0RIf
2vU+71MHH7lbpHy3Yf02I5KdZPQAtnZo5UjYGidqzcnyp11ri2ar81sJQjV8l6yF
ySjRtd/5OWZcpr/mm4K7SAdAQZx1RYwOcIVlXvgrdPxW6GvKT46jWiaBpwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLdsc0o25rNDtnxXPvJf7dL8Zfc+MB8GA1UdIwQY
MBaAFNpwxEH7iSuMmBZTSIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMt
MTVmYzBiNjhmODQ0LzEvdDJ4elNqYm1zME8yZkZjLThsX3QwdnhsOXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0
LzEvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQATWmRAwQA
TWmlMAwDBABUNi0DBABUNi4DBAGwcXAwDQYJKoZIhvcNAQELBQADggEBAC2uBUzB
GcIR4Kl1gc0t0EdQqBocd34lwV0ojDRuBRYH9Z+Ud7gDBl6tw/Exc5DhOKmoMfny
Fcw7nljOl9U94Pp3zQtLqzyXUBjZPG/DIlyCbI1Rw2pyWxeduVmdpcJLloKqcAtF
KtutuIjZ5t1g7w0kAHR3X2wGGr8kOdCvlMzPYXN3jYuZ5WtmNmcB6jPtYBP8JqIO
jbl6OcgJ9N6OTgvgTeISt2W9i3HRrpA+D+IV9j9kXoe7UhPOZQFNq76C6hNS0KK/
5sbKTSMC91R4OL/4GwKs7qUBeuu9fcsShXlQ4q2dtWf93RVcO/uSPoqCczW9y14k
CsLRCCIoo1nhSVY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:21 2024 by rpki-client on console-ams.rpki-client.org