Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t25vhk54ncznQ63I_v6LFjrR55o.roa
File: t25vhk54ncznQ63I_v6LFjrR55o.roa (raw, json)
Hash identifier: d4ivLluxVPg0IpnPQAXD6ZulkCvBAS/Fi+pRT/kIIs4=
Subject key identifier: B7:6E:6F:86:4E:78:9D:CC:E7:43:AD:C8:FE:FE:8B:16:3A:D1:E7:9A
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0CCABF84
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t25vhk54ncznQ63I_v6LFjrR55o.roa
Signing time: Sat 01 Jan 2022 05:05:10 +0000
ROA not before: Sat 01 Jan 2022 05:05:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212238
IP address blocks: 194.5.85.0/24 maxlen: 24
45.154.24.0/22 maxlen: 22
80.76.56.0/22 maxlen: 22
45.12.172.0/22 maxlen: 22
45.248.144.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 214613892 (0xccabf84)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 05:05:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b76e6f864e789dcce743adc8fefe8b163ad1e79a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:76:4e:a7:11:5a:2b:c4:a4:28:46:59:e7:96:
7b:52:49:6b:93:6c:1b:ff:2f:8c:c3:60:17:8a:23:
7a:e5:f6:1b:b9:22:b3:a0:eb:7d:ab:fe:c7:4c:8b:
7a:19:2b:e5:26:3c:0c:e1:b0:63:f4:b9:29:07:28:
94:17:21:65:36:bb:a5:1e:a9:43:e9:58:8d:58:90:
29:11:e4:b2:eb:5b:43:10:1b:db:a3:fa:c1:fa:58:
72:9f:81:e7:7a:ca:06:4a:cd:87:e7:b3:ca:82:ad:
f8:b1:01:8c:31:14:c0:1f:bd:06:fb:90:4f:9f:20:
72:fc:82:f9:75:ec:a1:11:04:15:a9:0a:7f:e6:b3:
a9:c6:65:05:2e:a5:8b:03:a0:fe:88:4f:48:df:91:
3b:6a:e0:75:5a:bf:5a:9f:cb:37:90:e9:fc:37:a4:
c4:b1:79:50:62:d3:ca:52:8f:e8:a3:74:48:18:6d:
24:90:ff:dc:ea:d8:69:be:3c:f8:38:69:74:be:c0:
8d:a9:da:66:d2:5c:18:d1:72:7f:4e:9e:67:87:1d:
da:32:48:97:4e:02:d6:50:38:c4:db:b1:93:24:cd:
95:b9:62:30:44:84:c4:38:ab:b3:d9:4c:f2:ec:1d:
f0:b9:75:71:fc:a9:2f:1f:97:f7:a6:d6:17:fc:eb:
d2:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:6E:6F:86:4E:78:9D:CC:E7:43:AD:C8:FE:FE:8B:16:3A:D1:E7:9A
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t25vhk54ncznQ63I_v6LFjrR55o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.172.0/22
45.154.24.0/22
45.248.144.0/22
80.76.56.0/22
194.5.85.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:e3:d8:25:53:04:ef:28:84:aa:79:2f:82:2d:79:1d:c4:54:
d5:2e:14:4e:3d:c8:13:57:74:a9:a2:58:32:ef:b3:46:78:19:
d3:62:38:33:bb:9f:4d:6f:a4:78:f4:54:b6:2a:55:66:9a:09:
45:f9:5a:7c:cf:7a:35:5d:64:da:96:b9:1a:1c:7b:a8:2b:0a:
41:99:6a:01:5c:1b:ac:a4:0b:39:3b:24:93:2b:92:54:26:88:
d1:b8:6f:df:1e:5e:1f:ea:19:e3:77:21:76:05:eb:c8:cf:00:
31:d7:91:58:a3:95:63:b2:74:19:05:d5:5f:ec:c2:3d:7a:44:
11:91:77:50:19:8f:f2:60:ca:16:32:d8:1c:79:54:e0:f0:66:
f1:2c:75:09:de:2a:47:96:4a:6d:45:3b:87:4d:25:29:d6:6c:
5a:00:63:00:21:60:d3:6f:0f:ac:6e:89:e8:79:2b:14:c1:ff:
ef:39:f0:30:e5:43:71:98:8d:82:05:74:25:c9:04:6c:e5:1b:
37:3f:c1:89:25:cf:72:fa:95:82:6c:8e:a6:1b:b8:7c:e8:4c:
9e:36:bc:1a:8a:43:7d:14:fb:09:e2:2e:65:e9:86:44:b2:75:
aa:33:62:c7:b7:14:9a:68:4e:5d:b6:20:a7:05:4d:1a:99:0c:
9d:65:95:12
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEDMq/hDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEw
MTA1MDUxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjc2ZTZmODY0ZTc4
OWRjY2U3NDNhZGM4ZmVmZThiMTYzYWQxZTc5YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANR2TqcRWivEpChGWeeWe1JJa5NsG/8vjMNgF4ojeuX2G7ki
s6Drfav+x0yLehkr5SY8DOGwY/S5KQcolBchZTa7pR6pQ+lYjViQKRHksutbQxAb
26P6wfpYcp+B53rKBkrNh+ezyoKt+LEBjDEUwB+9BvuQT58gcvyC+XXsoREEFakK
f+azqcZlBS6liwOg/ohPSN+RO2rgdVq/Wp/LN5Dp/DekxLF5UGLTylKP6KN0SBht
JJD/3OrYab48+DhpdL7AjanaZtJcGNFyf06eZ4cd2jJIl04C1lA4xNuxkyTNlbli
MESExDirs9lM8uwd8Ll1cfypLx+X96bWF/zr0hkCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBS3bm+GTnidzOdDrcj+/osWOtHnmjAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L3QyNXZoazU0bmN6blE2M0lfdjZMRmpyUjU1by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAi0MrAMEAi2aGAMEAi34kAMEAlBM
OAMEAMIFVTANBgkqhkiG9w0BAQsFAAOCAQEAK+PYJVME7yiEqnkvgi15HcRU1S4U
Tj3IE1d0qaJYMu+zRngZ02I4M7ufTW+kePRUtipVZpoJRflafM96NV1k2pa5Ghx7
qCsKQZlqAVwbrKQLOTskkyuSVCaI0bhv3x5eH+oZ43chdgXryM8AMdeRWKOVY7J0
GQXVX+zCPXpEEZF3UBmP8mDKFjLYHHlU4PBm8Sx1Cd4qR5ZKbUU7h00lKdZsWgBj
ACFg028PrG6J6HkrFMH/7znwMOVDcZiNggV0JckEbOUbNz/BiSXPcvqVgmyOphu4
fOhMnja8GopDfRT7CeIuZemGRLJ1qjNix7cUmmhOXbYgpwVNGpkMnWWVEg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:03 2023 by rpki-client on console-fra.rpki-client.org