Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/kcBYRBQfM2oFa3shg2aBxQb7i-4.roa
File: kcBYRBQfM2oFa3shg2aBxQb7i-4.roa (raw, json)
Hash identifier: MRUkrTlgu0iQX4oe75XpEHwuYryOaLFNs30AknCPZCE=
Subject key identifier: 91:C0:58:44:14:1F:33:6A:05:6B:7B:21:83:66:81:C5:06:FB:8B:EE
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 018C45064D5C6A2A1A352FBCB5C585F7D402
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/kcBYRBQfM2oFa3shg2aBxQb7i-4.roa
Signing time: Thu 07 Dec 2023 16:04:50 +0000
ROA not before: Thu 07 Dec 2023 16:04:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62240
IP address blocks: 45.128.128.0/24 maxlen: 24
91.210.69.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:45:06:4d:5c:6a:2a:1a:35:2f:bc:b5:c5:85:f7:d4:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Dec 7 16:04:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91c05844141f336a056b7b21836681c506fb8bee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:65:64:55:21:92:da:d4:33:12:72:2a:9c:49:
73:cf:51:34:0f:c8:09:b0:43:52:20:49:f3:f0:b4:
50:38:96:b6:ff:3b:46:6d:26:bd:7c:cd:0c:fa:20:
f3:41:13:48:7e:26:09:90:a4:f4:58:fe:5a:05:e2:
f0:55:5e:f5:a6:70:70:a1:1d:81:4d:02:81:a0:26:
6a:56:08:6c:84:44:6b:fb:de:2a:54:af:d9:94:fb:
e5:27:46:72:79:46:cf:71:dd:c1:1b:66:79:36:49:
a2:19:73:9f:00:5c:9f:f5:35:7d:f2:32:4a:64:d9:
2c:a6:06:0f:ff:6d:ba:42:0e:b8:31:c7:d1:d3:6e:
67:28:c0:cf:ce:d2:0f:12:b4:01:98:16:7c:ba:93:
f5:38:95:86:3f:09:d3:9d:03:db:f8:96:f4:2c:24:
b7:80:5b:f1:b9:be:31:35:00:31:71:f2:f9:c0:c3:
90:bc:51:a6:2f:f2:1b:5c:93:bc:24:24:a9:88:50:
94:bd:32:b0:9d:a9:a1:15:bb:05:5e:08:2c:29:91:
3c:b0:39:10:0e:91:e8:7a:00:80:72:9a:f5:98:ea:
d6:0d:52:5c:88:48:44:11:06:1b:78:73:3b:64:7d:
56:f7:14:2c:0b:77:a7:75:11:ad:51:47:2b:28:3a:
f7:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:C0:58:44:14:1F:33:6A:05:6B:7B:21:83:66:81:C5:06:FB:8B:EE
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/kcBYRBQfM2oFa3shg2aBxQb7i-4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.128.0/24
91.210.69.0/24
Signature Algorithm: sha256WithRSAEncryption
84:8b:41:63:61:37:ca:e3:d8:f4:ac:3f:a4:5c:7c:b8:03:98:
92:86:a3:3f:b7:f0:99:51:fd:ab:e8:1d:f5:7f:86:23:09:dc:
e6:22:88:00:96:8c:eb:da:f2:84:3f:fb:8b:e5:20:19:99:db:
09:4b:d2:e3:0d:ce:16:04:82:82:5d:37:db:f1:25:78:df:ab:
44:97:61:f4:b6:62:e0:c5:a5:9d:b2:48:6b:ab:27:43:da:20:
98:ce:14:8b:ee:1b:56:04:f0:1a:f1:92:94:88:5d:32:a8:45:
8d:52:d5:f7:10:93:6e:c2:39:d0:23:01:97:f3:6e:9a:d4:c9:
c5:d4:43:e5:20:bd:b0:87:82:49:ca:64:72:b5:8e:9e:18:93:
37:de:34:b5:0f:83:25:b5:f1:37:e4:f0:f9:3c:3a:83:7d:27:
54:be:5a:08:5f:3f:05:b8:16:8f:1b:23:a8:bf:47:47:50:86:
b4:d3:e5:8b:0a:90:61:2e:37:ca:75:8d:18:c3:1e:c2:da:b2:
3a:61:78:63:19:d6:50:0f:5f:b4:27:06:4e:e0:a5:8b:c3:51:
88:a4:0f:48:95:ed:de:69:05:40:bd:ba:59:e3:82:00:57:a6:
85:93:92:28:6c:27:92:a4:f9:43:39:aa:51:a5:f8:25:b2:ac:
0b:59:4b:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYxFBk1caioaNS+8tcWF99QCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjMxMjA3MTYwNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWMwNTg0NDE0MWYzMzZhMDU2YjdiMjE4MzY2ODFjNTA2ZmI4YmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWVkVSGS2tQzEnIqnElzz1E0D8gJ
sENSIEnz8LRQOJa2/ztGbSa9fM0M+iDzQRNIfiYJkKT0WP5aBeLwVV71pnBwoR2B
TQKBoCZqVghshERr+94qVK/ZlPvlJ0ZyeUbPcd3BG2Z5NkmiGXOfAFyf9TV98jJK
ZNkspgYP/226Qg64McfR025nKMDPztIPErQBmBZ8upP1OJWGPwnTnQPb+Jb0LCS3
gFvxub4xNQAxcfL5wMOQvFGmL/IbXJO8JCSpiFCUvTKwnamhFbsFXggsKZE8sDkQ
DpHoegCAcpr1mOrWDVJciEhEEQYbeHM7ZH1W9xQsC3endRGtUUcrKDr34QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJHAWEQUHzNqBWt7IYNmgcUG+4vuMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEva2NCWVJCUWZNMm9GYTNzaGcyYUJ4UWI3aS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYCAAwQA
W9JFMA0GCSqGSIb3DQEBCwUAA4IBAQCEi0FjYTfK49j0rD+kXHy4A5iShqM/t/CZ
Uf2r6B31f4YjCdzmIogAlozr2vKEP/uL5SAZmdsJS9LjDc4WBIKCXTfb8SV436tE
l2H0tmLgxaWdskhrqydD2iCYzhSL7htWBPAa8ZKUiF0yqEWNUtX3EJNuwjnQIwGX
826a1MnF1EPlIL2wh4JJymRytY6eGJM33jS1D4MltfE35PD5PDqDfSdUvloIXz8F
uBaPGyOov0dHUIa00+WLCpBhLjfKdY0Ywx7C2rI6YXhjGdZQD1+0JwZO4KWLw1GI
pA9Ile3eaQVAvbpZ44IAV6aFk5IobCeSpPlDOapRpfglsqwLWUve
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org