Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ffe07c-16f0-4999-8894-10f0093eaae0/1/kYFNOFGQRywGgjNqVPK4IpZTByo.roa
File: kYFNOFGQRywGgjNqVPK4IpZTByo.roa (raw, json)
Hash identifier: usaew17TGTKfDbuaNIB+yyBsPdzQJW44Kr7KHK9YRDU=
Subject key identifier: 91:81:4D:38:51:90:47:2C:06:82:33:6A:54:F2:B8:22:96:53:07:2A
Certificate issuer: /CN=f753a19b5dce1d4159352229426a9fdb7d9f9a3b
Certificate serial: 0187282B743D9E35C3A4CCD60BE897225C53
Authority key identifier: F7:53:A1:9B:5D:CE:1D:41:59:35:22:29:42:6A:9F:DB:7D:9F:9A:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/91Ohm13OHUFZNSIpQmqf232fmjs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/ffe07c-16f0-4999-8894-10f0093eaae0/1/kYFNOFGQRywGgjNqVPK4IpZTByo.roa
Signing time: Tue 28 Mar 2023 12:22:29 +0000
ROA not before: Tue 28 Mar 2023 12:22:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 30830
IP address blocks: 80.73.128.0/21 maxlen: 21
45.157.48.0/22 maxlen: 22
2a01:5140::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:28:2b:74:3d:9e:35:c3:a4:cc:d6:0b:e8:97:22:5c:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f753a19b5dce1d4159352229426a9fdb7d9f9a3b
Validity
Not Before: Mar 28 12:22:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91814d385190472c0682336a54f2b8229653072a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:ab:7b:a8:72:b7:d8:6c:17:92:db:69:b0:44:
d7:e2:e2:f0:58:3d:98:8b:f9:74:9e:f9:67:71:42:
70:4e:2d:9c:6a:fd:8e:71:63:37:63:d7:ea:3d:0b:
fc:11:ca:3c:cd:e4:85:b0:05:b7:c6:7e:85:1e:ef:
58:48:1b:7c:30:32:5d:4f:a5:42:72:e5:27:79:13:
ca:f5:0e:1e:67:f9:1e:46:62:21:58:16:59:a1:22:
d7:34:85:c9:0a:77:df:e2:f9:df:a9:36:44:a1:f7:
ab:8b:cb:2b:d8:b5:bb:84:9e:44:91:4a:51:20:f0:
38:68:bf:98:1c:08:d7:40:26:ef:09:52:31:d6:54:
cd:0a:bc:51:b5:40:b1:3e:d3:9e:24:d0:8e:1e:b8:
51:59:bb:96:85:47:d0:9f:3e:b7:9b:bd:8d:27:af:
bb:4e:18:93:40:64:8f:e7:a3:d7:29:bb:af:0b:70:
34:9e:2e:83:77:6f:aa:ba:df:b3:fe:08:4e:a1:e3:
78:47:1c:ef:9b:4b:13:25:23:13:7d:85:5d:f3:9f:
7d:16:60:1f:1e:02:fa:68:94:db:a7:16:e9:eb:d2:
c8:ee:49:7a:d8:71:d1:c5:2a:a7:09:b6:80:f2:b3:
46:69:25:b0:62:71:90:5e:52:ee:57:ef:70:d3:95:
65:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:81:4D:38:51:90:47:2C:06:82:33:6A:54:F2:B8:22:96:53:07:2A
X509v3 Authority Key Identifier:
keyid:F7:53:A1:9B:5D:CE:1D:41:59:35:22:29:42:6A:9F:DB:7D:9F:9A:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/91Ohm13OHUFZNSIpQmqf232fmjs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ffe07c-16f0-4999-8894-10f0093eaae0/1/kYFNOFGQRywGgjNqVPK4IpZTByo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ffe07c-16f0-4999-8894-10f0093eaae0/1/91Ohm13OHUFZNSIpQmqf232fmjs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.157.48.0/22
80.73.128.0/21
IPv6:
2a01:5140::/32
Signature Algorithm: sha256WithRSAEncryption
4b:ef:d4:3b:c1:fd:98:47:9c:5f:4a:c0:fd:aa:8f:6c:7f:35:
68:42:bb:64:bf:6d:2f:3a:b5:35:d6:6d:28:d6:c7:7a:d7:73:
02:63:65:e6:e7:d7:a1:44:52:f4:d4:d1:f7:a6:a7:d6:4c:74:
05:6e:15:0b:b7:7a:79:7e:8a:31:31:ba:47:48:f8:ee:d7:d5:
2f:4d:9c:30:28:63:71:f3:19:06:7f:26:d1:46:9c:81:cb:d7:
b8:c0:9a:05:7e:90:d1:93:2e:96:22:71:65:f8:37:a6:bc:cd:
6f:29:dd:d9:91:d3:c9:59:56:ff:af:46:45:fc:1d:ed:fe:0d:
78:cb:71:6b:a0:b6:71:67:66:69:b0:bc:38:3e:97:e3:84:f2:
6f:1d:b8:20:db:5b:e8:36:c9:b3:92:51:59:8c:1a:83:68:dd:
f8:2f:a9:8a:a7:70:d2:f4:08:a4:fd:fd:57:74:7a:92:ee:4a:
af:ec:23:f9:d7:92:88:d5:91:66:a8:58:ea:7f:40:a3:33:35:
31:95:05:dd:f9:fc:87:87:9d:df:04:18:10:4c:f1:52:f2:36:
11:a7:3c:86:d7:7a:ab:59:4d:cf:7b:1c:18:bb:8e:5b:c1:04:
3c:30:c7:16:5b:c1:69:6c:91:24:a7:fb:99:8c:d7:e3:ee:79:
16:3c:4a:73
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYcoK3Q9njXDpMzWC+iXIlxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NTNhMTliNWRjZTFkNDE1OTM1MjIyOTQyNmE5ZmRiN2Q5
ZjlhM2IwHhcNMjMwMzI4MTIyMjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTgxNGQzODUxOTA0NzJjMDY4MjMzNmE1NGYyYjgyMjk2NTMwNzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhat7qHK32GwXkttpsETX4uLwWD2Y
i/l0nvlncUJwTi2cav2OcWM3Y9fqPQv8Eco8zeSFsAW3xn6FHu9YSBt8MDJdT6VC
cuUneRPK9Q4eZ/keRmIhWBZZoSLXNIXJCnff4vnfqTZEoferi8sr2LW7hJ5EkUpR
IPA4aL+YHAjXQCbvCVIx1lTNCrxRtUCxPtOeJNCOHrhRWbuWhUfQnz63m72NJ6+7
ThiTQGSP56PXKbuvC3A0ni6Dd2+qut+z/ghOoeN4Rxzvm0sTJSMTfYVd8599FmAf
HgL6aJTbpxbp69LI7kl62HHRxSqnCbaA8rNGaSWwYnGQXlLuV+9w05Vl8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJGBTThRkEcsBoIzalTyuCKWUwcqMB8GA1UdIwQY
MBaAFPdToZtdzh1BWTUiKUJqn9t9n5o7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTFPaG0xM09IVUZaTlNJcFFtcWYyMzJmbWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mZmUwN2MtMTZmMC00OTk5LTg4OTQt
MTBmMDA5M2VhYWUwLzEva1lGTk9GR1FSeXdHZ2pOcVZQSzRJcFpUQnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mZmUwN2MtMTZmMC00OTk5LTg4OTQtMTBmMDA5M2VhYWUw
LzEvOTFPaG0xM09IVUZaTlNJcFFtcWYyMzJmbWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZ0wAwQD
UEmAMA0EAgACMAcDBQAqAVFAMA0GCSqGSIb3DQEBCwUAA4IBAQBL79Q7wf2YR5xf
SsD9qo9sfzVoQrtkv20vOrU11m0o1sd613MCY2Xm59ehRFL01NH3pqfWTHQFbhUL
t3p5fooxMbpHSPju19UvTZwwKGNx8xkGfybRRpyBy9e4wJoFfpDRky6WInFl+Dem
vM1vKd3ZkdPJWVb/r0ZF/B3t/g14y3FroLZxZ2ZpsLw4PpfjhPJvHbgg21voNsmz
klFZjBqDaN34L6mKp3DS9Aik/f1XdHqS7kqv7CP515KI1ZFmqFjqf0CjMzUxlQXd
+fyHh53fBBgQTPFS8jYRpzyG13qrWU3PexwYu45bwQQ8MMcWW8FpbJEkp/uZjNfj
7nkWPEpz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:59 2024 by rpki-client on console-fra.rpki-client.org