Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/cmCcHmwOBbIobCeJOw0Psp5hwDE.roa
File: cmCcHmwOBbIobCeJOw0Psp5hwDE.roa (raw, json)
Hash identifier: ztrhGx3EN6qwBstj7WQXZciSz62C8ZZSYKyWXHoKhC8=
Subject key identifier: 72:60:9C:1E:6C:0E:05:B2:28:6C:27:89:3B:0D:0F:B2:9E:61:C0:31
Certificate issuer: /CN=7cd162dec78209bc03add081527d54b27e84d26e
Certificate serial: 07E2A233
Authority key identifier: 7C:D1:62:DE:C7:82:09:BC:03:AD:D0:81:52:7D:54:B2:7E:84:D2:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fNFi3seCCbwDrdCBUn1Usn6E0m4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/cmCcHmwOBbIobCeJOw0Psp5hwDE.roa
Signing time: Sat 01 Jan 2022 07:01:36 +0000
ROA not before: Sat 01 Jan 2022 07:01:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43073
IP address blocks: 91.233.136.0/22 maxlen: 22
91.240.106.0/23 maxlen: 23
193.32.36.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 132293171 (0x7e2a233)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7cd162dec78209bc03add081527d54b27e84d26e
Validity
Not Before: Jan 1 07:01:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=72609c1e6c0e05b2286c27893b0d0fb29e61c031
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:f1:d6:a1:56:16:05:9c:fe:a6:0f:cd:41:47:
c5:44:26:55:fb:55:ae:a8:65:c4:42:a9:87:5e:e1:
d5:b2:5c:24:e6:ac:6f:6c:64:40:8d:86:6d:fd:ea:
0e:69:e5:35:5f:99:61:48:21:97:85:2b:dc:92:d5:
7d:cb:c0:1c:68:e6:5e:db:0d:8e:ad:fa:fe:45:8d:
ab:cc:ed:04:9c:37:b9:82:c4:09:e5:71:9e:e4:6d:
76:c9:20:4d:b2:c0:24:86:d2:54:26:ee:39:a9:04:
b4:bb:2b:5c:01:bb:2b:a7:aa:48:43:7c:fa:b7:54:
a0:78:0f:cc:56:3c:a5:73:6e:14:76:db:df:8d:c7:
4a:a7:b5:6d:20:bf:0e:48:d6:1b:47:6f:89:47:cc:
ba:1c:ca:83:2d:8e:fd:24:0c:2e:bc:48:2c:f3:89:
6a:98:a6:20:53:ed:f6:f4:6d:16:79:9e:cc:98:a3:
e5:4c:84:f9:34:3c:b5:f3:76:ee:77:34:ab:76:f5:
08:7a:55:5b:94:7c:2b:10:87:87:14:f3:ae:75:34:
05:df:f0:a2:25:6a:b3:14:7f:16:c4:53:21:5a:c5:
e3:c1:b6:d4:35:3d:d2:da:33:da:9e:9d:a9:2b:fd:
06:a3:e5:df:26:bd:28:a2:60:17:77:e8:a6:d9:1a:
c6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:60:9C:1E:6C:0E:05:B2:28:6C:27:89:3B:0D:0F:B2:9E:61:C0:31
X509v3 Authority Key Identifier:
keyid:7C:D1:62:DE:C7:82:09:BC:03:AD:D0:81:52:7D:54:B2:7E:84:D2:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNFi3seCCbwDrdCBUn1Usn6E0m4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/cmCcHmwOBbIobCeJOw0Psp5hwDE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/fNFi3seCCbwDrdCBUn1Usn6E0m4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.233.136.0/22
91.240.106.0/23
193.32.36.0/24
Signature Algorithm: sha256WithRSAEncryption
90:9e:28:0b:ab:c4:b2:88:77:d6:6c:18:38:ae:7f:d1:b3:e6:
ba:19:67:86:65:d0:c6:8e:44:3a:91:f3:08:8f:25:b5:be:b6:
b5:19:12:33:52:4e:69:60:e2:4f:52:aa:f7:fe:a3:4a:42:b3:
54:10:38:65:15:f3:22:22:6d:d0:46:53:7f:c1:68:dd:77:34:
db:95:a0:84:14:6c:6c:1f:0c:70:39:6f:cb:12:c9:0b:9e:23:
0b:95:f1:2d:06:58:c7:c7:8c:19:b7:45:70:ac:f8:47:3e:cd:
1a:63:9f:25:93:d2:c7:b6:c4:b9:80:c0:35:de:2d:b2:a9:4c:
63:ba:03:52:d8:1f:6d:90:07:81:fd:0b:3e:b5:e1:a4:97:e4:
87:4e:d7:60:38:23:8b:25:9c:7f:90:13:8d:5f:3f:47:1c:63:
2a:4b:ca:f0:f2:ea:a0:4f:93:a4:b9:0f:b0:ed:81:2a:da:a5:
bb:89:2d:af:f7:cf:d3:b4:14:f3:1c:35:ad:90:00:14:f0:74:
7a:fe:01:e1:6f:9c:2f:18:9d:cf:bd:57:a7:cc:5e:4d:1f:2d:
6e:f3:b4:a6:9f:6b:64:9b:7e:dd:33:a8:66:a8:8a:54:ff:ec:
7f:e1:5e:5e:40:bf:64:a8:7e:18:f6:63:de:11:ca:91:31:e6:
3a:f3:1d:8e
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEB+KiMzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
Y2QxNjJkZWM3ODIwOWJjMDNhZGQwODE1MjdkNTRiMjdlODRkMjZlMB4XDTIyMDEw
MTA3MDEzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzI2MDljMWU2YzBl
MDViMjI4NmMyNzg5M2IwZDBmYjI5ZTYxYzAzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ/x1qFWFgWc/qYPzUFHxUQmVftVrqhlxEKph17h1bJcJOas
b2xkQI2Gbf3qDmnlNV+ZYUghl4Ur3JLVfcvAHGjmXtsNjq36/kWNq8ztBJw3uYLE
CeVxnuRtdskgTbLAJIbSVCbuOakEtLsrXAG7K6eqSEN8+rdUoHgPzFY8pXNuFHbb
343HSqe1bSC/DkjWG0dviUfMuhzKgy2O/SQMLrxILPOJapimIFPt9vRtFnmezJij
5UyE+TQ8tfN27nc0q3b1CHpVW5R8KxCHhxTzrnU0Bd/woiVqsxR/FsRTIVrF48G2
1DU90toz2p6dqSv9BqPl3ya9KKJgF3foptkaxrECAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBRyYJwebA4FsihsJ4k7DQ+ynmHAMTAfBgNVHSMEGDAWgBR80WLex4IJvAOt
0IFSfVSyfoTSbjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZORmkzc2VDQ2J3RHJkQ0JVbjFVc242RTBtNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzYvMDMxMTAwLTQ1OGEtNDc0ZS05MjdjLWRmMDI3OTE2Y2U1MC8x
L2NtQ2NIbXdPQmJJb2JDZUpPdzBQc3A1aHdERS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYv
MDMxMTAwLTQ1OGEtNDc0ZS05MjdjLWRmMDI3OTE2Y2U1MC8xL2ZORmkzc2VDQ2J3
RHJkQ0JVbjFVc242RTBtNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAlvpiAMEAVvwagMEAMEgJDANBgkq
hkiG9w0BAQsFAAOCAQEAkJ4oC6vEsoh31mwYOK5/0bPmuhlnhmXQxo5EOpHzCI8l
tb62tRkSM1JOaWDiT1Kq9/6jSkKzVBA4ZRXzIiJt0EZTf8Fo3Xc025WghBRsbB8M
cDlvyxLJC54jC5XxLQZYx8eMGbdFcKz4Rz7NGmOfJZPSx7bEuYDANd4tsqlMY7oD
UtgfbZAHgf0LPrXhpJfkh07XYDgjiyWcf5ATjV8/RxxjKkvK8PLqoE+TpLkPsO2B
Ktqlu4ktr/fP07QU8xw1rZAAFPB0ev4B4W+cLxidz71Xp8xeTR8tbvO0pp9rZJt+
3TOoZqiKVP/sf+FeXkC/ZKh+GPZj3hHKkTHmOvMdjg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:06:26 2025 by rpki-client