Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/X0V9pjTduCW5kOX2aLEoqKsnOwI.roa
File: X0V9pjTduCW5kOX2aLEoqKsnOwI.roa (raw, json)
Hash identifier: aRlJVbvXT0034wC+fAdJDkvBzhslO0IClHxsHNZk/LI=
Subject key identifier: 5F:45:7D:A6:34:DD:B8:25:B9:90:E5:F6:68:B1:28:A8:AB:27:3B:02
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 01856F1DBB85EB0964E19D08B737B8C16665
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/X0V9pjTduCW5kOX2aLEoqKsnOwI.roa
Signing time: Sun 01 Jan 2023 20:54:57 +0000
ROA not before: Sun 01 Jan 2023 20:54:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41957
IP address blocks: 77.83.94.0/24 maxlen: 24
195.245.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:1d:bb:85:eb:09:64:e1:9d:08:b7:37:b8:c1:66:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Jan 1 20:54:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5f457da634ddb825b990e5f668b128a8ab273b02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:3e:5b:26:44:1f:2d:2d:18:94:01:30:03:1a:
90:2f:a9:53:c0:0b:f8:a1:d9:f5:c3:3a:2d:7a:57:
d5:a3:39:6f:41:4e:31:1e:06:3c:58:9b:3b:90:d8:
db:b5:07:4c:54:f1:f5:1f:bb:37:9b:a8:1e:2d:33:
97:00:1b:77:37:7a:4d:c2:81:34:5a:b6:49:77:9c:
55:36:35:6a:a7:dd:40:3b:cb:5e:4a:1c:8a:87:a6:
49:24:8e:e3:d3:13:99:48:2f:5a:de:ca:1c:60:3f:
57:b2:db:8b:59:28:ce:ae:bd:1f:f2:a2:03:03:a3:
c6:9b:3b:b2:38:ab:ba:5c:d0:dc:db:35:fe:11:b1:
a8:01:4a:c5:c4:ae:c1:1f:02:06:53:4d:be:0b:7d:
0a:dc:b7:4f:04:43:c2:81:3e:17:4d:38:c5:e7:00:
d6:97:67:f7:d5:58:53:73:66:aa:cb:32:a1:a1:cc:
2d:b2:18:c0:8a:e3:a9:d7:e8:d5:66:31:df:a1:30:
32:83:78:18:ec:32:3a:dd:22:e9:0e:ee:4b:79:a0:
6d:7c:45:28:96:2b:8a:b1:b9:b8:88:61:e3:01:6c:
09:ad:38:76:97:96:f7:4f:05:d8:53:63:56:37:f9:
14:50:5a:89:84:10:38:e2:0d:09:16:8e:32:21:09:
e8:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:45:7D:A6:34:DD:B8:25:B9:90:E5:F6:68:B1:28:A8:AB:27:3B:02
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/X0V9pjTduCW5kOX2aLEoqKsnOwI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.83.94.0/24
195.245.238.0/24
Signature Algorithm: sha256WithRSAEncryption
41:29:78:c8:4a:c7:a5:cf:b4:25:d2:f3:42:5e:a3:5c:b3:e0:
b5:2a:00:20:05:87:85:72:12:bf:43:25:41:71:de:a4:9a:51:
c1:2c:a1:8e:b1:f9:28:b5:c5:eb:60:2e:3b:1b:8b:e1:34:db:
ed:fb:37:8f:6f:4f:e6:67:c2:37:61:9c:21:c9:08:98:69:db:
4d:72:15:ef:d7:13:5b:0a:6a:f0:d8:c3:3f:ff:76:eb:44:da:
02:20:8d:17:af:05:c5:c8:73:7f:5e:44:cf:46:b7:08:e1:6c:
53:5f:ec:c4:f6:e6:1b:f4:8c:b1:16:f8:dc:41:ab:8c:19:b9:
04:64:48:4f:08:e9:e5:44:54:f2:32:96:b6:0c:b9:4c:02:f0:
9e:f6:6c:75:ec:9d:9a:32:ae:59:a6:e9:51:14:7f:01:1c:f2:
3c:44:f4:fa:7b:29:49:d1:31:dc:40:67:06:30:e7:aa:3c:f3:
96:00:91:e4:9a:d8:cf:23:00:37:bb:6a:aa:b9:44:68:8c:70:
3b:c0:c5:13:ea:0b:3e:dc:77:1d:83:e8:9f:49:e2:b3:6b:0b:
de:50:9a:1b:cb:96:7d:43:65:ec:63:61:cd:69:66:dd:e9:06:
50:ec:f9:a4:6c:21:29:c8:40:d9:69:e1:28:41:6b:ca:25:61:
b7:dd:48:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvHbuF6wlk4Z0Itze4wWZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwMTAxMjA1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjQ1N2RhNjM0ZGRiODI1Yjk5MGU1ZjY2OGIxMjhhOGFiMjczYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD5bJkQfLS0YlAEwAxqQL6lTwAv4
odn1wzotelfVozlvQU4xHgY8WJs7kNjbtQdMVPH1H7s3m6geLTOXABt3N3pNwoE0
WrZJd5xVNjVqp91AO8teShyKh6ZJJI7j0xOZSC9a3socYD9XstuLWSjOrr0f8qID
A6PGmzuyOKu6XNDc2zX+EbGoAUrFxK7BHwIGU02+C30K3LdPBEPCgT4XTTjF5wDW
l2f31VhTc2aqyzKhocwtshjAiuOp1+jVZjHfoTAyg3gY7DI63SLpDu5LeaBtfEUo
liuKsbm4iGHjAWwJrTh2l5b3TwXYU2NWN/kUUFqJhBA44g0JFo4yIQnoGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF9FfaY03bgluZDl9mixKKirJzsCMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvWDBWOXBqVGR1Q1c1a09YMmFMRW9xS3NuT3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVNeAwQA
w/XuMA0GCSqGSIb3DQEBCwUAA4IBAQBBKXjISselz7Ql0vNCXqNcs+C1KgAgBYeF
chK/QyVBcd6kmlHBLKGOsfkotcXrYC47G4vhNNvt+zePb0/mZ8I3YZwhyQiYadtN
chXv1xNbCmrw2MM//3brRNoCII0XrwXFyHN/XkTPRrcI4WxTX+zE9uYb9IyxFvjc
QauMGbkEZEhPCOnlRFTyMpa2DLlMAvCe9mx17J2aMq5ZpulRFH8BHPI8RPT6eylJ
0THcQGcGMOeqPPOWAJHkmtjPIwA3u2qquURojHA7wMUT6gs+3Hcdg+ifSeKzawve
UJoby5Z9Q2XsY2HNaWbd6QZQ7PmkbCEpyEDZaeEoQWvKJWG33Ugb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org