Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/62e43b-228a-4e85-834c-44c166014612/1/KoJN6eU9QuOMhxMsPCrd96a9iqA.roa
File: KoJN6eU9QuOMhxMsPCrd96a9iqA.roa (raw, json)
Hash identifier: aisv6LpHsIW0ufsj2EXorTHh9pLv6gfwqXxHga6EPFo=
Subject key identifier: 2A:82:4D:E9:E5:3D:42:E3:8C:87:13:2C:3C:2A:DD:F7:A6:BD:8A:A0
Certificate issuer: /CN=9a04cdcdc1159c31eedb24cc7ac8b262b756227c
Certificate serial: 01856D5D1A80CA21DFA2FBC03BA65FD1128F
Authority key identifier: 9A:04:CD:CD:C1:15:9C:31:EE:DB:24:CC:7A:C8:B2:62:B7:56:22:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mgTNzcEVnDHu2yTMesiyYrdWInw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/62e43b-228a-4e85-834c-44c166014612/1/KoJN6eU9QuOMhxMsPCrd96a9iqA.roa
Signing time: Sun 01 Jan 2023 12:44:56 +0000
ROA not before: Sun 01 Jan 2023 12:44:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209078
IP address blocks: 185.210.138.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:5d:1a:80:ca:21:df:a2:fb:c0:3b:a6:5f:d1:12:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a04cdcdc1159c31eedb24cc7ac8b262b756227c
Validity
Not Before: Jan 1 12:44:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a824de9e53d42e38c87132c3c2addf7a6bd8aa0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:6b:7e:d3:c0:b5:c3:33:f7:b8:f5:9d:81:02:
77:dc:71:9d:50:99:20:b2:8f:6b:3f:a4:b1:03:eb:
03:93:41:a0:ca:00:27:19:ef:fb:ae:a4:8c:73:6f:
7e:72:ac:c4:78:87:57:7e:79:f1:f6:86:d9:08:63:
08:35:48:8e:1d:be:85:d4:89:3c:d7:bd:e1:1f:b2:
93:9b:97:ac:a9:ad:25:c3:7e:cd:b5:da:05:a1:d3:
1a:5f:7f:55:4b:12:64:2b:e6:e8:1e:d1:c3:92:57:
1c:d6:19:11:fe:69:c6:9b:49:62:e1:2e:9f:5e:5e:
aa:29:ea:3e:3d:9b:36:9d:0f:d8:70:4b:a3:74:17:
56:d5:84:06:d4:d6:bd:d7:a5:26:2f:ad:d9:56:14:
e7:86:35:f3:df:fb:71:bd:bc:16:21:2a:4c:27:e7:
3e:be:86:94:ff:6b:4e:2b:f7:20:d2:0d:04:3b:ec:
76:58:87:78:eb:c0:88:e4:20:e3:55:5d:8f:20:18:
35:9a:03:f0:bd:9c:e4:07:97:54:b0:14:02:96:7f:
1b:8d:c3:d6:99:76:d7:2c:1a:9b:56:4e:26:9c:89:
1c:fb:95:d5:ae:17:37:16:82:df:1f:6f:d9:f9:57:
fd:62:e9:eb:36:bb:c5:67:46:ce:47:47:cb:00:2a:
32:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:82:4D:E9:E5:3D:42:E3:8C:87:13:2C:3C:2A:DD:F7:A6:BD:8A:A0
X509v3 Authority Key Identifier:
keyid:9A:04:CD:CD:C1:15:9C:31:EE:DB:24:CC:7A:C8:B2:62:B7:56:22:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mgTNzcEVnDHu2yTMesiyYrdWInw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/62e43b-228a-4e85-834c-44c166014612/1/KoJN6eU9QuOMhxMsPCrd96a9iqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/62e43b-228a-4e85-834c-44c166014612/1/mgTNzcEVnDHu2yTMesiyYrdWInw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.210.138.0/24
Signature Algorithm: sha256WithRSAEncryption
1f:b6:de:5e:29:58:ac:32:89:64:1c:4c:c7:62:b5:cb:ab:d7:
cd:9a:0d:9c:68:6c:73:93:ac:21:2f:6f:24:0f:12:8b:08:ec:
4f:d4:f6:dd:55:08:25:67:2c:78:d7:ad:da:5f:1f:6a:6d:49:
ac:b9:f3:d3:3d:03:20:01:6e:6d:c9:f4:05:7c:b3:d6:78:32:
00:b5:cc:3b:d6:83:07:e6:31:75:05:35:bd:bf:20:55:0c:2e:
35:a9:74:cb:c3:df:e2:b0:38:a3:e1:0c:f3:e5:2d:c7:b6:8c:
33:61:f3:8d:18:0d:65:2c:6b:27:23:64:11:a1:33:2b:df:67:
3b:b9:cb:62:b6:3e:d7:14:69:5d:77:f5:8f:6d:5e:9d:d1:2d:
37:02:6d:5f:5b:15:c6:a7:2f:82:dc:89:81:b4:a0:ee:dd:d3:
ec:a6:33:28:98:89:94:be:3e:8f:2d:35:42:9f:5d:f7:fb:7f:
47:bb:18:44:1e:88:70:33:a5:03:0b:61:96:e4:a2:86:ac:e8:
51:01:73:a3:a1:2d:b3:f8:bd:c9:36:27:38:91:60:ef:02:db:
43:da:7a:5d:86:87:4c:61:40:36:3e:c8:d3:b3:d9:78:97:19:
e8:af:65:c4:b6:28:1e:a6:f3:ef:bd:15:97:17:ca:2f:f2:85:
cc:01:85:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtXRqAyiHfovvAO6Zf0RKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMDRjZGNkYzExNTljMzFlZWRiMjRjYzdhYzhiMjYyYjc1
NjIyN2MwHhcNMjMwMTAxMTI0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTgyNGRlOWU1M2Q0MmUzOGM4NzEzMmMzYzJhZGRmN2E2YmQ4YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGt+08C1wzP3uPWdgQJ33HGdUJkg
so9rP6SxA+sDk0GgygAnGe/7rqSMc29+cqzEeIdXfnnx9obZCGMINUiOHb6F1Ik8
173hH7KTm5esqa0lw37NtdoFodMaX39VSxJkK+boHtHDklcc1hkR/mnGm0li4S6f
Xl6qKeo+PZs2nQ/YcEujdBdW1YQG1Na916UmL63ZVhTnhjXz3/txvbwWISpMJ+c+
voaU/2tOK/cg0g0EO+x2WId468CI5CDjVV2PIBg1mgPwvZzkB5dUsBQCln8bjcPW
mXbXLBqbVk4mnIkc+5XVrhc3FoLfH2/Z+Vf9YunrNrvFZ0bOR0fLACoyCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqCTenlPULjjIcTLDwq3femvYqgMB8GA1UdIwQY
MBaAFJoEzc3BFZwx7tskzHrIsmK3ViJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWdUTnpjRVZuREh1MnlUTWVzaXlZcmRXSW53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82MmU0M2ItMjI4YS00ZTg1LTgzNGMt
NDRjMTY2MDE0NjEyLzEvS29KTjZlVTlRdU9NaHhNc1BDcmQ5NmE5aXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82MmU0M2ItMjI4YS00ZTg1LTgzNGMtNDRjMTY2MDE0NjEy
LzEvbWdUTnpjRVZuREh1MnlUTWVzaXlZcmRXSW53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudKKMA0G
CSqGSIb3DQEBCwUAA4IBAQAftt5eKVisMolkHEzHYrXLq9fNmg2caGxzk6whL28k
DxKLCOxP1PbdVQglZyx4163aXx9qbUmsufPTPQMgAW5tyfQFfLPWeDIAtcw71oMH
5jF1BTW9vyBVDC41qXTLw9/isDij4Qzz5S3HtowzYfONGA1lLGsnI2QRoTMr32c7
uctitj7XFGldd/WPbV6d0S03Am1fWxXGpy+C3ImBtKDu3dPspjMomImUvj6PLTVC
n133+39HuxhEHohwM6UDC2GW5KKGrOhRAXOjoS2z+L3JNic4kWDvAttD2npdhodM
YUA2PsjTs9l4lxnor2XEtigepvPvvRWXF8ov8oXMAYWF
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:12 2023 by rpki-client on console-fra.rpki-client.org