Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/KAL20GChV5gNPenxZVV6SaPZMR4.roa
File: KAL20GChV5gNPenxZVV6SaPZMR4.roa (raw, json)
Hash identifier: afyJLN6IF4nJ7HBgoHoR0GnV1dVlOsyzxNeUZ4wlDl0=
Subject key identifier: 28:02:F6:D0:60:A1:57:98:0D:3D:E9:F1:65:55:7A:49:A3:D9:31:1E
Certificate issuer: /CN=679a75debd65359a45317f203f11a321e14b2f2c
Certificate serial: 072E9F94
Authority key identifier: 67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/KAL20GChV5gNPenxZVV6SaPZMR4.roa
Signing time: Mon 27 Jun 2022 06:03:40 +0000
ROA not before: Mon 27 Jun 2022 06:03:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 37.156.226.0/24 maxlen: 24
87.121.136.0/21 maxlen: 24
94.176.96.0/24 maxlen: 24
86.106.135.0/24 maxlen: 24
89.44.77.0/24 maxlen: 24
46.102.116.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 120496020 (0x72e9f94)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=679a75debd65359a45317f203f11a321e14b2f2c
Validity
Not Before: Jun 27 06:03:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2802f6d060a157980d3de9f165557a49a3d9311e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:d1:1f:64:02:50:39:91:8d:e7:73:32:83:2b:
6d:70:68:53:5a:21:70:86:04:9a:33:99:7c:ae:86:
03:88:29:8b:ee:fe:f7:09:d2:84:d8:7e:26:9e:7e:
45:c7:0e:cd:53:a7:0c:4b:1c:5e:9d:a3:e2:55:79:
65:71:2f:01:33:60:50:40:d4:06:53:e4:4e:3c:bd:
ed:0e:18:7e:2b:1c:fe:b7:82:a3:69:18:e3:0b:f9:
c9:24:72:ab:f4:b3:84:e8:2d:c5:0a:62:66:49:b9:
6a:a8:8e:71:c4:07:83:42:91:34:c0:7f:e7:7b:39:
5f:01:a6:25:b6:80:0a:cd:99:2f:57:45:ab:81:6d:
4b:49:9c:a3:69:a8:dd:09:80:97:b4:3d:2c:0d:a8:
e8:31:10:e1:80:ed:27:df:19:c6:f5:97:aa:13:61:
5b:64:d7:db:d0:a5:08:b2:32:d2:6a:c5:3d:67:3e:
6f:38:ec:b0:4d:50:3a:8c:fd:84:16:eb:b7:9d:b6:
de:7f:90:fb:dd:40:43:03:c1:3e:f6:7d:fb:3a:f8:
7b:3f:18:bb:8d:aa:0c:ea:00:9e:07:86:31:53:60:
c0:c4:26:45:b6:0a:4b:e1:87:81:24:d0:50:6a:6c:
be:22:51:87:1d:74:2a:67:85:fb:85:ba:f2:a4:d6:
bc:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:02:F6:D0:60:A1:57:98:0D:3D:E9:F1:65:55:7A:49:A3:D9:31:1E
X509v3 Authority Key Identifier:
keyid:67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/KAL20GChV5gNPenxZVV6SaPZMR4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/Z5p13r1lNZpFMX8gPxGjIeFLLyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.226.0/24
46.102.116.0/24
86.106.135.0/24
87.121.136.0/21
89.44.77.0/24
94.176.96.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:fa:0f:6d:3b:4d:60:54:cd:4b:09:69:11:91:04:eb:2a:1e:
90:cf:d8:5b:4c:c2:c7:50:be:00:78:c4:d6:38:a3:06:17:70:
03:6c:6b:ca:15:fb:7b:6e:dc:c3:39:e8:cd:8a:29:00:c7:f1:
70:50:0f:f5:0f:d9:10:f4:f4:72:f0:dc:0f:07:3e:2a:a6:42:
d0:5a:e5:23:49:b2:e7:9f:a4:04:32:f1:b9:cf:6b:a8:ae:17:
13:fa:35:40:39:5a:ec:df:1d:9f:76:24:92:63:a1:82:b5:96:
5a:7e:8c:96:ab:ec:82:de:3a:f1:f6:7a:db:42:01:ae:62:43:
69:94:74:43:a7:3c:37:16:a6:2c:a5:52:aa:11:04:d8:c3:c7:
29:75:32:79:f7:e1:84:9a:36:33:d2:12:01:9d:d2:9b:e1:06:
2e:41:89:8f:bc:c8:62:34:4b:ac:54:ef:40:29:3f:0b:44:b8:
5c:80:cc:fe:73:f9:0b:bc:0e:9d:65:4a:07:c9:f6:52:bd:6f:
60:cd:bd:8f:1a:24:43:7b:f4:f4:54:fa:0e:05:e7:85:aa:12:
72:66:db:46:44:38:77:c6:f6:0d:ef:38:d1:93:67:21:36:44:
9b:71:db:e8:6f:5a:78:71:c7:5a:83:7f:78:1d:a6:7d:21:6c:
b0:a6:fb:74
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEBy6flDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NzlhNzVkZWJkNjUzNTlhNDUzMTdmMjAzZjExYTMyMWUxNGIyZjJjMB4XDTIyMDYy
NzA2MDM0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjgwMmY2ZDA2MGEx
NTc5ODBkM2RlOWYxNjU1NTdhNDlhM2Q5MzExZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKTRH2QCUDmRjedzMoMrbXBoU1ohcIYEmjOZfK6GA4gpi+7+
9wnShNh+Jp5+RccOzVOnDEscXp2j4lV5ZXEvATNgUEDUBlPkTjy97Q4Yfisc/reC
o2kY4wv5ySRyq/SzhOgtxQpiZkm5aqiOccQHg0KRNMB/53s5XwGmJbaACs2ZL1dF
q4FtS0mco2mo3QmAl7Q9LA2o6DEQ4YDtJ98ZxvWXqhNhW2TX29ClCLIy0mrFPWc+
bzjssE1QOoz9hBbrt5223n+Q+91AQwPBPvZ9+zr4ez8Yu42qDOoAngeGMVNgwMQm
RbYKS+GHgSTQUGpsviJRhx10KmeF+4W68qTWvNsCAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBQoAvbQYKFXmA096fFlVXpJo9kxHjAfBgNVHSMEGDAWgBRnmnXevWU1mkUx
fyA/EaMh4UsvLDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1o1cDEzcjFsTlpwRk1YOGdQeEdqSWVGTEx5dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjUvN2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8x
L0tBTDIwR0NoVjVnTlBlbnhaVlY2U2FQWk1SNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUv
N2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8xL1o1cDEzcjFsTlpw
Rk1YOGdQeEdqSWVGTEx5dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEACWc4gMEAC5mdAMEAFZqhwMEA1d5
iAMEAFksTQMEAF6wYDANBgkqhkiG9w0BAQsFAAOCAQEAq/oPbTtNYFTNSwlpEZEE
6yoekM/YW0zCx1C+AHjE1jijBhdwA2xryhX7e27cwznozYopAMfxcFAP9Q/ZEPT0
cvDcDwc+KqZC0FrlI0my55+kBDLxuc9rqK4XE/o1QDla7N8dn3YkkmOhgrWWWn6M
lqvsgt468fZ620IBrmJDaZR0Q6c8NxamLKVSqhEE2MPHKXUyeffhhJo2M9ISAZ3S
m+EGLkGJj7zIYjRLrFTvQCk/C0S4XIDM/nP5C7wOnWVKB8n2Ur1vYM29jxokQ3v0
9FT6DgXnhaoScmbbRkQ4d8b2De840ZNnITZEm3Hb6G9aeHHHWoN/eB2mfSFssKb7
dA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:30 2023 by rpki-client on console-ams.rpki-client.org