Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/KoLl20LX9vI-g5rjajo1e1OPjXs.roa
File: KoLl20LX9vI-g5rjajo1e1OPjXs.roa (raw, json)
Hash identifier: duS05sasaWvB5YFInOu8HKC0yfW8hk+5OrfjbUvKorY=
Subject key identifier: 2A:82:E5:DB:42:D7:F6:F2:3E:83:9A:E3:6A:3A:35:7B:53:8F:8D:7B
Certificate issuer: /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial: 01880E92026F12832C05D1435269E01961AE
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/KoLl20LX9vI-g5rjajo1e1OPjXs.roa
Signing time: Fri 12 May 2023 06:07:09 +0000
ROA not before: Fri 12 May 2023 06:07:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20473
IP address blocks: 194.156.150.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:0e:92:02:6f:12:83:2c:05:d1:43:52:69:e0:19:61:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Validity
Not Before: May 12 06:07:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a82e5db42d7f6f23e839ae36a3a357b538f8d7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:2d:9a:32:d0:41:8c:22:e3:ce:5d:74:96:03:
d5:db:43:2c:1f:c6:b8:73:90:b8:0c:3a:f4:44:7f:
a5:3d:25:90:0a:72:83:6f:14:2b:11:20:71:ca:99:
ae:0a:40:15:18:3e:e5:58:41:53:e8:5b:e6:40:8b:
36:df:d3:a1:e9:1c:1c:d0:65:91:df:23:2d:97:3b:
ab:1e:19:84:f4:1b:f9:41:e5:87:a4:a8:a6:06:c2:
e1:e6:6d:52:33:6c:51:da:05:6e:2d:6d:72:b0:44:
69:2f:08:46:06:14:13:cd:d1:3a:d3:ab:38:61:18:
83:f7:ba:bd:7c:93:60:b9:3e:df:06:de:25:7c:b4:
9a:23:3a:6b:25:f0:11:bb:1a:e3:14:97:c0:9a:e3:
4b:63:f6:ce:cc:d6:50:ef:8d:2c:57:e5:30:a6:37:
d3:30:10:b6:7b:12:a5:71:16:25:d5:b1:5a:c3:24:
29:f6:cf:75:83:1a:2e:8f:c5:77:03:74:54:f9:59:
4b:84:c7:8b:57:ad:3e:a5:0e:35:2a:78:1e:ed:bf:
cc:d7:78:fc:0a:d6:70:b5:e4:bc:9a:5d:ce:63:ed:
57:4a:d0:f8:e6:c3:1f:9b:4e:0f:6f:dc:82:23:a5:
0d:a5:1c:8a:cd:ad:3b:00:25:8b:58:cf:e2:62:f0:
4f:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:82:E5:DB:42:D7:F6:F2:3E:83:9A:E3:6A:3A:35:7B:53:8F:8D:7B
X509v3 Authority Key Identifier:
keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/KoLl20LX9vI-g5rjajo1e1OPjXs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.156.150.0/24
Signature Algorithm: sha256WithRSAEncryption
80:3c:9a:62:47:a4:e9:5f:6b:af:35:0d:fc:05:d3:71:40:84:
f5:9c:c8:d7:5b:ad:f8:95:40:d0:53:bf:d5:96:c2:d1:b5:0e:
37:ac:51:21:47:5a:91:ba:e4:e8:1a:65:4b:d5:08:8f:9b:b8:
2e:ff:db:cc:d4:7c:87:28:31:eb:2d:0d:bf:2d:71:36:d3:e7:
ed:b7:a4:44:a6:cd:3c:12:4d:46:f9:5a:a4:98:9c:9e:18:5e:
ba:cc:35:67:14:a1:fc:67:03:31:1d:4e:ef:99:03:77:3e:13:
25:ba:8c:d9:0c:53:52:cd:01:24:6c:18:93:8a:27:ed:16:ca:
30:b4:f2:9e:ab:b7:6a:37:ab:b3:ea:ef:89:13:c8:07:3c:86:
0d:16:64:2b:18:6f:3c:ce:a2:39:e7:53:b2:42:22:b4:cf:8a:
e7:a3:a2:30:88:e2:dc:ca:1e:e2:0a:39:5a:5b:a5:18:4b:df:
b3:0c:7f:75:a1:69:13:02:9d:10:c8:55:49:b8:f2:79:da:49:
a8:e6:13:4e:92:53:64:e9:4d:14:03:55:b9:91:de:ed:57:5c:
ef:87:9c:7f:4c:12:40:3f:ce:6a:16:db:51:86:24:ee:65:3b:
51:38:f1:05:0f:a4:24:27:1a:5e:6d:cb:d2:67:93:0c:55:f7:
76:d1:74:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYgOkgJvEoMsBdFDUmngGWGuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwNTEyMDYwNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTgyZTVkYjQyZDdmNmYyM2U4MzlhZTM2YTNhMzU3YjUzOGY4ZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoi2aMtBBjCLjzl10lgPV20MsH8a4
c5C4DDr0RH+lPSWQCnKDbxQrESBxypmuCkAVGD7lWEFT6FvmQIs239Oh6Rwc0GWR
3yMtlzurHhmE9Bv5QeWHpKimBsLh5m1SM2xR2gVuLW1ysERpLwhGBhQTzdE606s4
YRiD97q9fJNguT7fBt4lfLSaIzprJfARuxrjFJfAmuNLY/bOzNZQ740sV+UwpjfT
MBC2exKlcRYl1bFawyQp9s91gxouj8V3A3RU+VlLhMeLV60+pQ41Knge7b/M13j8
CtZwteS8ml3OY+1XStD45sMfm04Pb9yCI6UNpRyKza07ACWLWM/iYvBP7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqC5dtC1/byPoOa42o6NXtTj417MB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvS29MbDIwTFg5dkktZzVyamFqbzFlMU9QalhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpyWMA0G
CSqGSIb3DQEBCwUAA4IBAQCAPJpiR6TpX2uvNQ38BdNxQIT1nMjXW634lUDQU7/V
lsLRtQ43rFEhR1qRuuToGmVL1QiPm7gu/9vM1HyHKDHrLQ2/LXE20+ftt6REps08
Ek1G+VqkmJyeGF66zDVnFKH8ZwMxHU7vmQN3PhMluozZDFNSzQEkbBiTiiftFsow
tPKeq7dqN6uz6u+JE8gHPIYNFmQrGG88zqI551OyQiK0z4rno6IwiOLcyh7iCjla
W6UYS9+zDH91oWkTAp0QyFVJuPJ52kmo5hNOklNk6U0UA1W5kd7tV1zvh5x/TBJA
P85qFttRhiTuZTtROPEFD6QkJxpebcvSZ5MMVfd20XRB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:13 2024 by rpki-client on console-fra.rpki-client.org