Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/kubcDv3iB_8gczkbH7NFJHsfXNU.roa
File: kubcDv3iB_8gczkbH7NFJHsfXNU.roa (raw, json)
Hash identifier: Fut3o+l9pz9pwdFH0CevzCNhR1e9HjUCJpz1RhUrPzk=
Subject key identifier: 92:E6:DC:0E:FD:E2:07:FF:20:73:39:1B:1F:B3:45:24:7B:1F:5C:D5
Certificate issuer: /CN=1bd21dfb24f7d8ce2311ba4076775474bd50be64
Certificate serial: 018EF6A13DEA33B999EB50B07EC9B6D5B03F
Authority key identifier: 1B:D2:1D:FB:24:F7:D8:CE:23:11:BA:40:76:77:54:74:BD:50:BE:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G9Id-yT32M4jEbpAdndUdL1QvmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/kubcDv3iB_8gczkbH7NFJHsfXNU.roa
Signing time: Fri 19 Apr 2024 13:52:25 +0000
ROA not before: Fri 19 Apr 2024 13:52:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7155
IP address blocks: 130.255.16.0/20 maxlen: 20
130.255.20.0/24 maxlen: 24
130.255.27.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f6:a1:3d:ea:33:b9:99:eb:50:b0:7e:c9:b6:d5:b0:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1bd21dfb24f7d8ce2311ba4076775474bd50be64
Validity
Not Before: Apr 19 13:52:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=92e6dc0efde207ff2073391b1fb345247b1f5cd5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:f9:7f:24:56:d4:0a:bb:2d:df:96:ab:eb:1d:
5e:a3:93:b7:7d:eb:bf:87:0a:52:be:f2:d9:ba:ee:
54:d0:43:16:51:a8:7a:b3:39:b9:ff:46:9f:03:26:
b1:3f:ef:7a:1d:0b:98:36:96:19:94:0e:1c:f6:4f:
7d:8f:70:12:3e:e0:5a:77:09:c4:d2:b4:9c:cb:70:
8b:91:f3:70:09:9f:44:5d:a5:f9:29:38:e7:10:75:
54:84:a8:40:01:ff:c2:3e:d2:35:74:bb:b1:c4:73:
60:0d:11:b0:55:30:c5:05:2b:d6:14:90:20:df:55:
bd:eb:06:99:e4:44:7c:96:05:d1:aa:c9:5d:f3:f2:
0e:41:89:21:a4:c1:fb:b8:c0:c2:bf:7f:42:22:61:
99:08:b2:c0:03:fc:5d:43:73:29:76:a5:e4:12:4e:
1c:c0:82:0a:f9:9c:ad:bf:66:43:86:ca:e6:72:b2:
d7:94:be:ce:f7:d8:10:09:03:23:55:cd:90:c9:24:
eb:4c:18:ea:9f:57:1f:a5:59:bf:d0:19:a7:7f:19:
8c:f8:3c:15:60:03:3c:97:28:2a:37:8d:84:c3:63:
a8:c4:39:f7:30:63:16:95:4e:43:a8:80:58:38:45:
1c:d2:02:55:cf:74:2b:b0:c5:d3:35:81:e8:d9:33:
cb:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:E6:DC:0E:FD:E2:07:FF:20:73:39:1B:1F:B3:45:24:7B:1F:5C:D5
X509v3 Authority Key Identifier:
keyid:1B:D2:1D:FB:24:F7:D8:CE:23:11:BA:40:76:77:54:74:BD:50:BE:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9Id-yT32M4jEbpAdndUdL1QvmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/kubcDv3iB_8gczkbH7NFJHsfXNU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/G9Id-yT32M4jEbpAdndUdL1QvmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.255.16.0/20
Signature Algorithm: sha256WithRSAEncryption
81:5c:c0:b0:b1:17:c0:de:23:b1:de:0f:8f:cc:32:62:3c:1d:
68:a3:56:c8:5f:f6:f4:f3:ed:46:97:47:3b:06:66:2d:a3:73:
c0:03:f3:80:56:81:c1:38:69:68:78:22:31:80:8a:43:83:d5:
2d:1d:7c:bc:e7:bc:bc:8c:d6:8e:92:63:dc:07:c1:4f:ee:d9:
ab:f5:a3:35:9c:31:73:b0:72:71:bb:94:ac:50:83:b4:c3:03:
f2:35:b5:8e:ef:91:26:3b:4f:d8:12:6d:a6:c9:c2:2a:2a:91:
31:ee:1e:e1:ac:fe:59:19:32:73:15:ad:46:a3:64:ec:77:9e:
09:e8:44:a5:db:84:91:cf:4c:57:71:23:5c:15:3c:7c:f3:7c:
32:fb:6b:49:6a:b4:26:7b:db:1f:e4:fa:eb:a0:dc:59:c8:30:
d6:99:93:cb:34:62:5f:32:a8:e1:5a:85:f4:45:bf:68:24:33:
95:6c:72:1b:7e:4c:f7:8d:47:de:a4:60:fc:6b:0f:67:64:af:
a4:21:03:61:f1:79:f1:6a:f7:da:0f:38:9a:7b:47:31:d2:fb:
84:f8:a7:e9:26:a8:43:08:2f:06:69:f0:31:89:37:29:12:c6:
df:3d:1e:fc:2b:91:e6:e6:d4:42:48:1c:45:2e:18:00:f4:c7:
c3:99:a2:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY72oT3qM7mZ61Cwfsm21bA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDIxZGZiMjRmN2Q4Y2UyMzExYmE0MDc2Nzc1NDc0YmQ1
MGJlNjQwHhcNMjQwNDE5MTM1MjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU2ZGMwZWZkZTIwN2ZmMjA3MzM5MWIxZmIzNDUyNDdiMWY1Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfl/JFbUCrst35ar6x1eo5O3feu/
hwpSvvLZuu5U0EMWUah6szm5/0afAyaxP+96HQuYNpYZlA4c9k99j3ASPuBadwnE
0rScy3CLkfNwCZ9EXaX5KTjnEHVUhKhAAf/CPtI1dLuxxHNgDRGwVTDFBSvWFJAg
31W96waZ5ER8lgXRqsld8/IOQYkhpMH7uMDCv39CImGZCLLAA/xdQ3MpdqXkEk4c
wIIK+Zytv2ZDhsrmcrLXlL7O99gQCQMjVc2QySTrTBjqn1cfpVm/0BmnfxmM+DwV
YAM8lygqN42Ew2OoxDn3MGMWlU5DqIBYOEUc0gJVz3QrsMXTNYHo2TPLtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLm3A794gf/IHM5Gx+zRSR7H1zVMB8GA1UdIwQY
MBaAFBvSHfsk99jOIxG6QHZ3VHS9UL5kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlJZC15VDMyTTRqRWJwQWRuZFVkTDFRdm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wOGUxNWItNGEyNC00Y2UwLTk0NTQt
Zjg3YTMyMmE3Nzc2LzEva3ViY0R2M2lCXzhnY3prYkg3TkZKSHNmWE5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wOGUxNWItNGEyNC00Y2UwLTk0NTQtZjg3YTMyMmE3Nzc2
LzEvRzlJZC15VDMyTTRqRWJwQWRuZFVkTDFRdm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEgv8QMA0G
CSqGSIb3DQEBCwUAA4IBAQCBXMCwsRfA3iOx3g+PzDJiPB1oo1bIX/b08+1Gl0c7
BmYto3PAA/OAVoHBOGloeCIxgIpDg9UtHXy857y8jNaOkmPcB8FP7tmr9aM1nDFz
sHJxu5SsUIO0wwPyNbWO75EmO0/YEm2mycIqKpEx7h7hrP5ZGTJzFa1Go2Tsd54J
6ESl24SRz0xXcSNcFTx883wy+2tJarQme9sf5PrroNxZyDDWmZPLNGJfMqjhWoX0
Rb9oJDOVbHIbfkz3jUfepGD8aw9nZK+kIQNh8XnxavfaDziae0cx0vuE+KfpJqhD
CC8GafAxiTcpEsbfPR78K5Hm5tRCSBxFLhgA9MfDmaJs
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:10 2024 by rpki-client on console-ams.rpki-client.org