Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KgvpiTfbAZPMlvtiuqC40LHJh4Q.roa
File: KgvpiTfbAZPMlvtiuqC40LHJh4Q.roa (raw, json)
Hash identifier: HU/7U81dc0HaRJLgO5M0q+mghq1Pf36dJin1HhT6PwQ=
Subject key identifier: 2A:0B:E9:89:37:DB:01:93:CC:96:FB:62:BA:A0:B8:D0:B1:C9:87:84
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188F27EC485E403C5B6A1A150968161CBBD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KgvpiTfbAZPMlvtiuqC40LHJh4Q.roa
Signing time: Sun 25 Jun 2023 12:19:34 +0000
ROA not before: Sun 25 Jun 2023 12:19:34 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49981
IP address blocks: 45.130.201.0/24 maxlen: 24
77.75.61.0/24 maxlen: 24
185.244.138.0/24 maxlen: 24
45.159.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:f2:7e:c4:85:e4:03:c5:b6:a1:a1:50:96:81:61:cb:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 25 12:19:34 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a0be98937db0193cc96fb62baa0b8d0b1c98784
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:42:91:aa:69:4b:65:3d:80:c2:1f:af:53:b7:
4c:9d:0f:a8:f2:28:98:e5:43:a5:db:40:7b:4c:ab:
fc:a8:8d:cf:15:53:96:6d:30:7e:68:94:61:46:8b:
f5:50:6e:06:99:93:32:92:e2:c7:d0:d9:a9:dd:76:
69:83:4c:e8:cd:fa:20:ca:6b:31:24:f4:2d:99:ca:
d2:0d:28:e0:cc:41:5d:59:10:07:0c:1a:91:5f:f4:
1a:9b:88:23:9f:cf:3a:8b:43:8a:82:d4:90:59:c5:
2e:24:42:95:95:35:65:6a:1d:a1:ee:ac:a3:2e:51:
5d:e7:d9:e4:3f:f3:dd:0e:cc:90:dd:c3:71:b2:da:
7f:fc:78:0e:2a:25:e8:22:9d:67:58:b4:de:a0:35:
3e:e6:ff:c5:6a:0e:09:5e:a9:6d:d3:35:c4:cc:fb:
a0:f2:88:12:bc:c1:25:cc:03:a9:e0:8b:28:28:70:
c6:6f:38:89:18:dd:85:d3:75:72:49:b3:6f:d0:64:
f4:f7:d6:17:c8:ef:c1:bb:46:4b:cb:86:ad:a8:77:
73:32:24:2a:7b:97:32:3e:6b:06:d2:d0:b4:a5:ff:
8e:0d:2c:94:1e:33:3f:89:dc:17:d0:cb:40:90:72:
76:48:d2:0a:de:18:51:30:6a:6a:32:bb:72:72:a5:
21:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:0B:E9:89:37:DB:01:93:CC:96:FB:62:BA:A0:B8:D0:B1:C9:87:84
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KgvpiTfbAZPMlvtiuqC40LHJh4Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.130.201.0/24
45.159.155.0/24
77.75.61.0/24
185.244.138.0/24
Signature Algorithm: sha256WithRSAEncryption
79:42:0c:11:63:b1:52:7c:47:fa:47:56:1e:77:00:00:fb:40:
e8:c9:bc:f3:be:65:59:fc:9d:4b:3e:84:8f:09:d4:41:89:65:
6c:33:2f:16:e0:58:a6:e6:1a:82:d0:a4:ad:d5:20:53:a2:c7:
3c:7b:23:cc:e8:e9:c8:1d:4b:92:16:f4:2b:7b:09:e5:e2:98:
f9:4e:5f:fa:26:87:1e:8b:49:e5:2c:22:dc:fc:50:07:13:39:
5f:ad:8a:1d:71:4c:34:ba:ef:a7:f1:bf:5c:3f:0b:7d:08:d5:
cb:d0:af:91:1c:34:f5:69:b7:71:7e:ff:86:e4:00:29:d2:a0:
27:69:a3:a5:4d:8a:1d:5e:3e:04:08:76:25:3d:e2:64:0c:02:
15:17:0a:e7:1b:1d:8c:09:06:d0:f2:45:a2:f8:82:0a:25:34:
d2:fd:21:2f:fa:8b:75:b4:16:ee:4f:b5:55:08:d3:62:b6:03:
72:2c:b2:37:18:99:f0:5b:b6:0a:b0:c3:46:b1:9b:0c:99:28:
f2:fb:96:a2:7e:57:5a:54:05:e8:2a:d2:34:f0:82:05:fd:5c:
7b:6a:0e:c1:7f:d4:d7:c9:61:13:d7:51:4f:60:af:41:bf:db:
1d:54:5a:fc:34:b7:43:90:c2:25:fb:59:4c:8f:31:23:91:cd:
14:79:ab:dd
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYjyfsSF5APFtqGhUJaBYcu9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjI1MTIxOTM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTBiZTk4OTM3ZGIwMTkzY2M5NmZiNjJiYWEwYjhkMGIxYzk4Nzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkKRqmlLZT2Awh+vU7dMnQ+o8iiY
5UOl20B7TKv8qI3PFVOWbTB+aJRhRov1UG4GmZMykuLH0Nmp3XZpg0zozfogymsx
JPQtmcrSDSjgzEFdWRAHDBqRX/Qam4gjn886i0OKgtSQWcUuJEKVlTVlah2h7qyj
LlFd59nkP/PdDsyQ3cNxstp//HgOKiXoIp1nWLTeoDU+5v/Fag4JXqlt0zXEzPug
8ogSvMElzAOp4IsoKHDGbziJGN2F03VySbNv0GT099YXyO/Bu0ZLy4atqHdzMiQq
e5cyPmsG0tC0pf+ODSyUHjM/idwX0MtAkHJ2SNIK3hhRMGpqMrtycqUh+QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCoL6Yk32wGTzJb7YrqguNCxyYeEMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS2d2cGlUZmJBWlBNbHZ0aXVxQzQwTEhKaDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALYLJAwQA
LZ+bAwQATUs9AwQAufSKMA0GCSqGSIb3DQEBCwUAA4IBAQB5QgwRY7FSfEf6R1Ye
dwAA+0DoybzzvmVZ/J1LPoSPCdRBiWVsMy8W4Fim5hqC0KSt1SBTosc8eyPM6OnI
HUuSFvQrewnl4pj5Tl/6Jocei0nlLCLc/FAHEzlfrYodcUw0uu+n8b9cPwt9CNXL
0K+RHDT1abdxfv+G5AAp0qAnaaOlTYodXj4ECHYlPeJkDAIVFwrnGx2MCQbQ8kWi
+IIKJTTS/SEv+ot1tBbuT7VVCNNitgNyLLI3GJnwW7YKsMNGsZsMmSjy+5aiflda
VAXoKtI08IIF/Vx7ag7Bf9TXyWET11FPYK9Bv9sdVFr8NLdDkMIl+1lMjzEjkc0U
eavd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org