Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ksmkd4z4T4re142UhanNM_J1wS4.roa
File: ksmkd4z4T4re142UhanNM_J1wS4.roa (raw, json)
Hash identifier: JjKFjg5nhenMhLNrK2kftGon36/w26Ysi+6zGdblAKU=
Subject key identifier: 92:C9:A4:77:8C:F8:4F:8A:DE:D7:8D:94:85:A9:CD:33:F2:75:C1:2E
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 018268A25F9DD53C683C4A1445793E91C1EC
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ksmkd4z4T4re142UhanNM_J1wS4.roa
Signing time: Thu 04 Aug 2022 11:34:07 +0000
ROA not before: Thu 04 Aug 2022 11:34:07 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35277
IP address blocks: 91.243.40.0/24 maxlen: 24
91.243.43.0/24 maxlen: 24
5.189.218.0/24 maxlen: 24
5.189.216.0/24 maxlen: 24
5.188.50.0/24 maxlen: 24
5.188.179.0/24 maxlen: 24
5.189.253.0/24 maxlen: 24
5.189.255.0/24 maxlen: 24
5.101.44.0/24 maxlen: 24
5.188.202.0/24 maxlen: 24
5.188.201.0/24 maxlen: 24
5.8.47.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:68:a2:5f:9d:d5:3c:68:3c:4a:14:45:79:3e:91:c1:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Aug 4 11:34:07 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=92c9a4778cf84f8aded78d9485a9cd33f275c12e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:f9:a8:af:b0:f6:a6:df:c0:79:cb:93:f5:bc:
79:9a:0a:35:ff:23:58:f0:23:90:9e:53:2e:c7:66:
e9:02:9f:a9:74:6b:b1:4c:a0:24:97:5a:be:fa:1e:
b8:91:b2:cd:51:e1:50:7e:45:a8:fe:cd:3d:43:e1:
89:69:10:6f:3e:d3:24:4c:9e:7a:8e:92:4e:50:85:
e7:d2:7f:92:cd:ec:87:ed:10:3f:1d:bb:e0:05:59:
60:d7:f9:1c:1c:a3:96:2a:58:e1:1b:dd:0d:47:1c:
79:c4:6a:75:ac:e8:88:ab:f1:88:01:d9:38:37:33:
71:0a:85:22:75:4b:37:d4:82:ad:46:16:fc:30:02:
87:94:ae:49:ca:a6:fc:a6:3a:46:b2:6a:1b:66:24:
18:b6:8c:07:56:1d:ce:ec:8a:cc:dd:d9:52:7d:e4:
e2:34:36:84:f7:34:22:2e:01:98:41:40:69:75:0a:
87:d8:c6:78:04:d5:cb:fb:3d:5b:a4:9f:48:79:e4:
29:06:bd:d7:a4:f4:22:f7:6b:b2:aa:3c:38:27:46:
1f:5f:3d:93:f9:2e:fe:ff:8a:d1:9b:ec:1d:ff:3f:
4d:4b:30:09:cc:cb:52:fb:a0:89:c8:73:42:b6:86:
a5:d8:1f:94:6d:e5:a2:79:4c:da:a4:db:ee:b4:4f:
9b:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:C9:A4:77:8C:F8:4F:8A:DE:D7:8D:94:85:A9:CD:33:F2:75:C1:2E
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ksmkd4z4T4re142UhanNM_J1wS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.47.0/24
5.101.44.0/24
5.188.50.0/24
5.188.179.0/24
5.188.201.0-5.188.202.255
5.189.216.0/24
5.189.218.0/24
5.189.253.0/24
5.189.255.0/24
91.243.40.0/24
91.243.43.0/24
Signature Algorithm: sha256WithRSAEncryption
c9:ac:e1:ad:a6:79:e3:c9:bb:c5:93:73:4e:96:f8:1e:62:05:
1e:0b:90:b2:8f:c5:d0:b1:b0:7d:17:c8:a4:52:48:11:ce:fa:
05:97:52:ef:ef:03:f4:c4:5e:8e:03:75:62:1f:e2:2d:9e:19:
06:f7:f4:19:63:1e:e8:23:dc:0a:ea:d1:37:04:e7:f3:41:99:
4d:54:9f:b6:f8:b6:64:0d:10:bd:3f:ef:48:d5:4a:48:6c:30:
50:04:34:03:0d:75:5b:01:d4:75:08:4a:0f:5d:75:de:19:30:
40:21:f2:24:16:8c:54:1a:1f:b0:92:ca:d5:b6:b3:05:45:6c:
8b:f3:b6:95:f4:9f:5f:e8:16:ce:99:c6:8d:ed:c3:a7:c8:ba:
37:4d:b6:cd:ea:d9:60:80:ac:16:26:15:68:47:dc:41:a0:68:
8d:71:21:cc:c6:f0:a4:2a:4a:1f:6f:55:69:7b:f0:aa:ed:e1:
8b:d7:20:36:b9:b4:24:20:f8:fd:9f:c0:bb:e9:12:76:59:4c:
09:b5:81:3d:5c:31:ea:3f:0b:1b:d2:d9:72:23:0e:e8:1f:50:
40:a7:68:3f:54:6d:2a:2a:f8:42:e4:2a:89:9c:83:6d:8d:5e:
f5:6d:4e:d5:90:8c:e9:f3:1e:da:45:62:6d:e7:a6:39:2e:83:
5f:0c:9d:b9
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYJool+d1TxoPEoURXk+kcHsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIwODA0MTEzNDA3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmM5YTQ3NzhjZjg0ZjhhZGVkNzhkOTQ4NWE5Y2QzM2YyNzVjMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPmor7D2pt/AecuT9bx5mgo1/yNY
8COQnlMux2bpAp+pdGuxTKAkl1q++h64kbLNUeFQfkWo/s09Q+GJaRBvPtMkTJ56
jpJOUIXn0n+SzeyH7RA/HbvgBVlg1/kcHKOWKljhG90NRxx5xGp1rOiIq/GIAdk4
NzNxCoUidUs31IKtRhb8MAKHlK5Jyqb8pjpGsmobZiQYtowHVh3O7IrM3dlSfeTi
NDaE9zQiLgGYQUBpdQqH2MZ4BNXL+z1bpJ9IeeQpBr3XpPQi92uyqjw4J0YfXz2T
+S7+/4rRm+wd/z9NSzAJzMtS+6CJyHNCtoal2B+UbeWieUzapNvutE+bqQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFJLJpHeM+E+K3teNlIWpzTPydcEuMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEva3Nta2Q0ejRUNHJlMTQyVWhhbk5NX0oxd1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQABQgvAwQA
BWUsAwQABbwyAwQABbyzMAwDBAAFvMkDBAAFvMoDBAAFvdgDBAAFvdoDBAAFvf0D
BAAFvf8DBABb8ygDBABb8yswDQYJKoZIhvcNAQELBQADggEBAMms4a2meePJu8WT
c06W+B5iBR4LkLKPxdCxsH0XyKRSSBHO+gWXUu/vA/TEXo4DdWIf4i2eGQb39Blj
Hugj3Arq0TcE5/NBmU1Un7b4tmQNEL0/70jVSkhsMFAENAMNdVsB1HUISg9ddd4Z
MEAh8iQWjFQaH7CSytW2swVFbIvztpX0n1/oFs6Zxo3tw6fIujdNts3q2WCArBYm
FWhH3EGgaI1xIczG8KQqSh9vVWl78Krt4YvXIDa5tCQg+P2fwLvpEnZZTAm1gT1c
Meo/CxvS2XIjDugfUECnaD9UbSoq+ELkKomcg22NXvVtTtWQjOnzHtpFYm3npjku
g18Mnbk=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:44 2023 by rpki-client on console-ams.rpki-client.org