Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/kuzaQDITKeCkdatmc7y5o9EWd7M.roa
File: kuzaQDITKeCkdatmc7y5o9EWd7M.roa (raw, json)
Hash identifier: c2EoX/fBdhcN6Vl+zJoeQbnUROdb/kXuRh+NRCQpb7A=
Subject key identifier: 92:EC:DA:40:32:13:29:E0:A4:75:AB:66:73:BC:B9:A3:D1:16:77:B3
Certificate issuer: /CN=9a393ef16027fc03bc5c045ff9289d4bbb7ff364
Certificate serial: 01856F14B7E170ACCE3CC3929559A1431F15
Authority key identifier: 9A:39:3E:F1:60:27:FC:03:BC:5C:04:5F:F9:28:9D:4B:BB:7F:F3:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/kuzaQDITKeCkdatmc7y5o9EWd7M.roa
Signing time: Sun 01 Jan 2023 20:45:06 +0000
ROA not before: Sun 01 Jan 2023 20:45:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2200
IP address blocks: 160.228.0.0/16 maxlen: 16
138.195.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:14:b7:e1:70:ac:ce:3c:c3:92:95:59:a1:43:1f:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a393ef16027fc03bc5c045ff9289d4bbb7ff364
Validity
Not Before: Jan 1 20:45:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=92ecda40321329e0a475ab6673bcb9a3d11677b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:5e:93:80:76:e2:29:af:fa:51:ed:f9:bb:e4:
6a:86:ba:cc:71:98:af:9f:6c:b9:9c:9e:ee:10:67:
c4:92:37:f8:44:62:8b:07:ce:18:df:31:cb:20:a2:
b6:ab:ff:ee:4d:09:90:d7:f3:7d:7f:ca:bb:02:c9:
4c:36:b4:39:99:3a:d6:49:1f:9a:c1:78:66:0e:d9:
cd:19:c9:72:14:e8:51:3d:25:63:39:be:d7:0c:51:
f5:5e:e3:cc:85:4f:0a:c4:39:1f:f0:72:29:91:d5:
c9:08:ce:26:d2:9b:1c:97:7b:3e:8c:b8:47:ce:f0:
c5:f5:26:ab:bb:4a:9d:0a:da:65:4b:e1:41:59:db:
cb:89:fd:a8:37:9c:ac:92:91:f2:43:6e:3b:d7:10:
d5:da:80:a6:d2:1e:1f:cc:82:52:6a:1e:49:dd:6b:
b2:aa:d3:e2:ef:aa:3a:16:e8:b9:c6:6a:a0:95:cd:
b9:f6:9a:80:be:e6:89:89:d5:8e:c6:1f:de:88:66:
03:f8:4d:d5:4c:75:9f:18:40:e0:16:a0:4a:b1:6d:
ec:cf:25:3b:c6:31:8a:17:78:50:dc:f3:29:79:b9:
f9:d2:09:fe:f4:ab:b8:db:74:1e:16:49:ef:8f:8c:
89:69:07:32:e4:e3:75:b0:fc:e8:09:59:89:23:7c:
92:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:EC:DA:40:32:13:29:E0:A4:75:AB:66:73:BC:B9:A3:D1:16:77:B3
X509v3 Authority Key Identifier:
keyid:9A:39:3E:F1:60:27:FC:03:BC:5C:04:5F:F9:28:9D:4B:BB:7F:F3:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjk-8WAn_AO8XARf-SidS7t_82Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/kuzaQDITKeCkdatmc7y5o9EWd7M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c6d984-6bfc-4602-9d58-ab2d5e7d4a7b/1/mjk-8WAn_AO8XARf-SidS7t_82Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.195.0.0/16
160.228.0.0/16
Signature Algorithm: sha256WithRSAEncryption
bd:b1:e3:d5:e8:01:41:7e:97:41:2a:d7:cc:bd:68:6b:29:81:
ab:7d:cc:4a:f5:21:3e:cb:f4:67:58:c7:cf:63:a9:d0:ec:c0:
ee:5d:d2:91:4d:7f:e7:f0:bd:cf:55:45:a9:4e:27:ad:4c:fe:
8e:21:ad:cd:e7:73:38:c2:73:d2:ab:ed:83:15:df:ec:8b:e0:
44:11:f8:98:dd:84:aa:90:9f:f3:79:98:a2:8e:33:3e:1f:2c:
db:a2:b9:15:01:37:38:2a:8c:f5:e6:1f:21:cb:35:89:66:76:
02:8d:6b:e0:f9:3e:5d:0c:ac:25:b1:ed:40:88:87:b2:8e:a2:
d5:44:74:98:68:c6:f8:33:33:2c:68:06:6f:26:fc:2a:9d:9e:
14:d3:1a:65:53:30:86:6f:94:aa:cd:42:d9:70:4c:01:e6:55:
89:2f:a0:7c:11:b6:3f:fb:0d:82:bb:3a:a3:55:ed:0f:2a:41:
11:cc:5a:e5:c9:89:f7:fe:ae:b5:1c:c3:35:2e:6c:9e:43:7e:
5a:4c:2e:12:e4:e7:c9:5b:52:f4:56:9c:40:24:82:b6:29:fe:
64:29:bf:e1:92:a4:62:e1:06:4a:73:9e:b7:89:55:61:dd:96:
18:07:57:2c:2f:02:38:7d:fc:c9:db:29:c5:55:14:d8:55:68:
1f:12:3f:22
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYVvFLfhcKzOPMOSlVmhQx8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMzkzZWYxNjAyN2ZjMDNiYzVjMDQ1ZmY5Mjg5ZDRiYmI3
ZmYzNjQwHhcNMjMwMTAxMjA0NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmVjZGE0MDMyMTMyOWUwYTQ3NWFiNjY3M2JjYjlhM2QxMTY3N2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo16TgHbiKa/6Ue35u+RqhrrMcZiv
n2y5nJ7uEGfEkjf4RGKLB84Y3zHLIKK2q//uTQmQ1/N9f8q7AslMNrQ5mTrWSR+a
wXhmDtnNGclyFOhRPSVjOb7XDFH1XuPMhU8KxDkf8HIpkdXJCM4m0pscl3s+jLhH
zvDF9Saru0qdCtplS+FBWdvLif2oN5yskpHyQ2471xDV2oCm0h4fzIJSah5J3Wuy
qtPi76o6Fui5xmqglc259pqAvuaJidWOxh/eiGYD+E3VTHWfGEDgFqBKsW3szyU7
xjGKF3hQ3PMpebn50gn+9Ku423QeFknvj4yJaQcy5ON1sPzoCVmJI3ySKQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFJLs2kAyEyngpHWrZnO8uaPRFnezMB8GA1UdIwQY
MBaAFJo5PvFgJ/wDvFwEX/konUu7f/NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWprLThXQW5fQU84WEFSZi1TaWRTN3RfODJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNmQ5ODQtNmJmYy00NjAyLTlkNTgt
YWIyZDVlN2Q0YTdiLzEva3V6YVFESVRLZUNrZGF0bWM3eTVvOUVXZDdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNmQ5ODQtNmJmYy00NjAyLTlkNTgtYWIyZDVlN2Q0YTdi
LzEvbWprLThXQW5fQU84WEFSZi1TaWRTN3RfODJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAisMDAwCg
5DANBgkqhkiG9w0BAQsFAAOCAQEAvbHj1egBQX6XQSrXzL1oaymBq33MSvUhPsv0
Z1jHz2Op0OzA7l3SkU1/5/C9z1VFqU4nrUz+jiGtzedzOMJz0qvtgxXf7IvgRBH4
mN2EqpCf83mYoo4zPh8s26K5FQE3OCqM9eYfIcs1iWZ2Ao1r4Pk+XQysJbHtQIiH
so6i1UR0mGjG+DMzLGgGbyb8Kp2eFNMaZVMwhm+Uqs1C2XBMAeZViS+gfBG2P/sN
grs6o1XtDypBEcxa5cmJ9/6utRzDNS5snkN+WkwuEuTnyVtS9FacQCSCtin+ZCm/
4ZKkYuEGSnOet4lVYd2WGAdXLC8COH38ydspxVUU2FVoHxI/Ig==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:00:07 2025 by rpki-client