Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/MkbwAE-6phi-mJSfF6USOzVPBSg.roa
File: MkbwAE-6phi-mJSfF6USOzVPBSg.roa (raw, json)
Hash identifier: pl3/gCdupnxw112GxnFQDZi5B7NNwIcisYYPp7HfIrk=
Subject key identifier: 32:46:F0:00:4F:BA:A6:18:BE:98:94:9F:17:A5:12:3B:35:4F:05:28
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 0187BDDFA465BF0A436F6D8A9E474667244F
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/MkbwAE-6phi-mJSfF6USOzVPBSg.roa
Signing time: Wed 26 Apr 2023 14:02:43 +0000
ROA not before: Wed 26 Apr 2023 14:02:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15596
IP address blocks: 31.42.112.0/20 maxlen: 20
31.42.120.0/21 maxlen: 22
91.210.144.0/22 maxlen: 22
193.110.20.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:bd:df:a4:65:bf:0a:43:6f:6d:8a:9e:47:46:67:24:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Apr 26 14:02:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3246f0004fbaa618be98949f17a5123b354f0528
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:26:2a:d4:35:c5:ea:87:5e:80:04:3b:e0:02:
ae:34:cd:4e:96:07:40:55:a5:86:ec:01:76:01:49:
c0:ab:ba:12:ab:74:00:b0:ea:b4:ed:e4:1e:fe:2d:
5b:b1:ab:3a:b9:8c:ee:d4:68:4e:ce:b9:7d:d5:d4:
28:3d:b8:f4:fd:c2:28:11:3e:db:fb:b5:6f:66:9d:
30:02:cf:c8:33:ad:dd:a5:78:07:7d:8e:57:bf:b8:
d8:56:35:0f:93:0d:ee:8b:1c:d4:11:95:34:fb:40:
67:54:2d:a0:93:63:59:63:0b:d1:8a:fb:e5:a9:6f:
e4:76:c3:cb:4b:63:27:23:d1:e3:9f:74:d5:4e:cf:
c6:a5:d6:1d:b8:e7:44:9e:2c:12:28:d8:45:42:ad:
dc:2d:8e:78:00:cc:54:43:bd:ca:31:90:85:d2:0d:
24:ea:f7:04:f8:34:fd:20:40:dd:c7:62:39:f8:bd:
c9:c2:38:d9:f6:79:ec:1a:f0:58:16:b1:09:25:b3:
d4:bc:d9:c9:91:31:91:a9:1b:4e:e7:d3:3e:a9:60:
63:64:65:fc:fa:04:b1:80:77:74:9c:4d:11:ce:62:
35:dc:a5:11:e2:3b:09:4b:2b:97:5f:4c:7b:d6:e8:
84:ce:0f:5a:10:6c:5c:ee:ce:00:75:73:2f:df:e7:
bd:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:46:F0:00:4F:BA:A6:18:BE:98:94:9F:17:A5:12:3B:35:4F:05:28
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/MkbwAE-6phi-mJSfF6USOzVPBSg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.112.0/20
91.210.144.0/22
193.110.20.0/22
Signature Algorithm: sha256WithRSAEncryption
72:3d:22:7d:70:13:8c:cf:8d:db:8e:26:04:1b:53:7e:e1:f2:
0c:db:f9:aa:de:94:80:a3:b6:cd:d6:0e:ed:0a:24:39:5c:9a:
f7:b2:9a:cd:41:6f:25:b4:d8:d9:ca:c3:31:c6:ca:4c:af:4c:
1e:6e:ca:c9:99:59:42:bd:ab:4f:eb:5d:c6:3e:5b:b6:5b:56:
56:a4:30:e9:75:86:d5:69:ac:57:23:40:35:cf:e6:0b:9f:43:
8b:01:e3:f7:18:f0:68:94:ed:2f:d4:46:61:9a:b8:38:a4:00:
83:15:29:5d:a6:e5:a4:d2:1e:08:37:f3:60:f2:9e:3c:01:db:
12:98:6f:50:7a:b9:5e:22:3a:0b:6c:24:70:0a:68:ce:99:5f:
0e:29:55:b2:f6:cd:b9:4a:9d:f6:c3:54:f0:ab:3c:62:f5:36:
8e:4d:83:40:32:e6:3d:05:d8:7d:57:36:07:be:56:fa:d1:6c:
35:a2:8d:5b:75:97:b9:34:77:9d:d4:1e:3f:3c:67:9a:c7:d8:
97:05:08:95:c0:62:8b:cc:66:c7:5e:97:f3:2c:4b:aa:4d:75:
15:e2:20:f4:c9:a7:61:e1:85:7c:0d:05:0c:fa:f7:5a:70:aa:
a8:4d:a1:7b:83:27:25:1c:99:3a:bd:e5:aa:ea:85:ea:ef:70:
d8:eb:76:32
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYe936RlvwpDb22KnkdGZyRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjMwNDI2MTQwMjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ2ZjAwMDRmYmFhNjE4YmU5ODk0OWYxN2E1MTIzYjM1NGYwNTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCYq1DXF6odegAQ74AKuNM1OlgdA
VaWG7AF2AUnAq7oSq3QAsOq07eQe/i1bsas6uYzu1GhOzrl91dQoPbj0/cIoET7b
+7VvZp0wAs/IM63dpXgHfY5Xv7jYVjUPkw3uixzUEZU0+0BnVC2gk2NZYwvRivvl
qW/kdsPLS2MnI9Hjn3TVTs/GpdYduOdEniwSKNhFQq3cLY54AMxUQ73KMZCF0g0k
6vcE+DT9IEDdx2I5+L3JwjjZ9nnsGvBYFrEJJbPUvNnJkTGRqRtO59M+qWBjZGX8
+gSxgHd0nE0RzmI13KUR4jsJSyuXX0x71uiEzg9aEGxc7s4AdXMv3+e9cQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDJG8ABPuqYYvpiUnxelEjs1TwUoMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvTWtid0FFLTZwaGktbUpTZkY2VVNPelZQQlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEHypwAwQC
W9KQAwQCwW4UMA0GCSqGSIb3DQEBCwUAA4IBAQByPSJ9cBOMz43bjiYEG1N+4fIM
2/mq3pSAo7bN1g7tCiQ5XJr3sprNQW8ltNjZysMxxspMr0websrJmVlCvatP613G
Plu2W1ZWpDDpdYbVaaxXI0A1z+YLn0OLAeP3GPBolO0v1EZhmrg4pACDFSldpuWk
0h4IN/Ng8p48AdsSmG9QerleIjoLbCRwCmjOmV8OKVWy9s25Sp32w1Twqzxi9TaO
TYNAMuY9Bdh9VzYHvlb60Ww1oo1bdZe5NHed1B4/PGeax9iXBQiVwGKLzGbHXpfz
LEuqTXUV4iD0yadh4YV8DQUM+vdacKqoTaF7gyclHJk6veWq6oXq73DY63Yy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:22 2024 by rpki-client on console-fra.rpki-client.org