Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/c52cd2-42f8-412e-a1c9-e175837ef938/1/kVy5GW7GA7aBch9kb1nI3yQv1Yg.roa
File: kVy5GW7GA7aBch9kb1nI3yQv1Yg.roa (raw, json)
Hash identifier: cwjLcJ9dL2MPCIWgVLdQkaH4r+WBVfonJ2AnaX6W9Ls=
Subject key identifier: 91:5C:B9:19:6E:C6:03:B6:81:72:1F:64:6F:59:C8:DF:24:2F:D5:88
Certificate issuer: /CN=a9b36504f5b241f91d27efcfe178bc0ba6b2b9b3
Certificate serial: 01856CF8746ED9FDEDD29E3A0AF9F6FE3B2B
Authority key identifier: A9:B3:65:04:F5:B2:41:F9:1D:27:EF:CF:E1:78:BC:0B:A6:B2:B9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qbNlBPWyQfkdJ-_P4Xi8C6ayubM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/c52cd2-42f8-412e-a1c9-e175837ef938/1/kVy5GW7GA7aBch9kb1nI3yQv1Yg.roa
Signing time: Sun 01 Jan 2023 10:55:00 +0000
ROA not before: Sun 01 Jan 2023 10:55:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208942
IP address blocks: 45.14.232.0/22 maxlen: 22
2a0e:1580::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:f8:74:6e:d9:fd:ed:d2:9e:3a:0a:f9:f6:fe:3b:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9b36504f5b241f91d27efcfe178bc0ba6b2b9b3
Validity
Not Before: Jan 1 10:55:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=915cb9196ec603b681721f646f59c8df242fd588
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:ab:3d:0f:5f:62:4c:9d:6c:03:fa:e3:43:fc:
8c:0b:92:bc:69:12:09:5f:05:08:ab:20:8b:af:11:
63:d4:72:cd:e7:d1:5b:55:ba:46:bb:68:ad:a4:5c:
02:7a:ae:a4:9c:ef:78:a5:c7:3a:20:46:1f:ee:3a:
38:e1:cd:4a:05:17:4c:4c:49:f1:ce:5e:5d:27:8d:
36:a7:82:ff:71:3a:4b:b4:37:f0:47:af:59:9e:07:
be:a1:0c:c8:0f:98:36:2a:58:d1:47:be:33:5d:c1:
88:9a:0b:92:3e:a0:36:d7:48:18:93:71:7e:46:cb:
f5:81:97:dd:2c:09:58:19:03:86:75:af:66:a1:65:
1a:19:b1:9a:02:ff:f2:04:44:ba:05:bf:73:14:6f:
c8:f6:b4:c9:d6:8a:94:8a:2b:05:7c:d9:e3:39:e9:
ab:be:86:4d:94:97:42:4e:0f:56:c5:08:05:07:06:
e4:14:cc:cd:11:d8:ac:30:5e:0c:cd:ce:80:8f:48:
c0:b1:5f:38:d4:fc:40:88:53:ba:7f:b1:dd:b0:d8:
e3:7a:0e:fb:03:c7:c0:43:3f:79:2b:85:8f:e6:eb:
6b:a8:ea:76:b3:a5:7f:ca:61:8f:33:73:6c:63:27:
92:61:b4:1d:fa:d6:25:b6:ae:3b:93:cc:b3:b4:a3:
30:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:5C:B9:19:6E:C6:03:B6:81:72:1F:64:6F:59:C8:DF:24:2F:D5:88
X509v3 Authority Key Identifier:
keyid:A9:B3:65:04:F5:B2:41:F9:1D:27:EF:CF:E1:78:BC:0B:A6:B2:B9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbNlBPWyQfkdJ-_P4Xi8C6ayubM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c52cd2-42f8-412e-a1c9-e175837ef938/1/kVy5GW7GA7aBch9kb1nI3yQv1Yg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c52cd2-42f8-412e-a1c9-e175837ef938/1/qbNlBPWyQfkdJ-_P4Xi8C6ayubM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.14.232.0/22
IPv6:
2a0e:1580::/29
Signature Algorithm: sha256WithRSAEncryption
48:3b:77:f1:28:0b:07:d7:eb:5f:91:32:37:e7:17:ca:8b:ad:
91:40:bd:c2:68:5e:be:a5:d4:98:24:01:2a:64:43:65:62:0e:
42:c6:7b:c0:45:95:67:f7:ef:ed:5e:f7:d7:a9:aa:17:62:44:
d2:aa:f8:fb:ec:b3:37:56:6b:09:f8:28:ee:f8:83:2f:72:95:
61:cd:24:eb:0d:06:a0:a7:21:cf:56:14:24:13:37:02:8d:75:
2d:0b:46:1f:57:dc:1c:e9:0a:6c:8a:5f:cd:2b:40:fa:f3:8e:
f4:f8:7f:d6:c3:be:1d:f1:f5:fa:1c:8f:a5:9b:b0:48:f5:97:
95:cc:9e:a5:ad:5e:ad:c0:c6:46:68:9f:e1:df:b7:8a:15:c2:
79:2a:8b:44:af:3a:7f:d8:be:3a:c5:a1:3f:13:08:11:f6:dd:
82:bf:40:a4:2c:04:70:29:07:c8:3f:36:d6:e6:47:bd:1a:99:
ce:8c:6a:cd:00:71:63:ff:c8:e7:29:f2:b4:ca:ad:f3:99:3c:
03:c1:c6:51:d5:01:c5:a8:3f:65:81:86:46:58:5b:d3:65:51:
9d:f0:11:7f:58:48:1d:85:74:a5:75:b7:74:fe:7e:55:7a:fd:
43:0d:e2:6a:31:e1:00:1b:37:e9:5f:e1:47:53:87:59:00:5d:
da:ea:94:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVs+HRu2f3t0p46Cvn2/jsrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YjM2NTA0ZjViMjQxZjkxZDI3ZWZjZmUxNzhiYzBiYTZi
MmI5YjMwHhcNMjMwMTAxMTA1NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTVjYjkxOTZlYzYwM2I2ODE3MjFmNjQ2ZjU5YzhkZjI0MmZkNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6s9D19iTJ1sA/rjQ/yMC5K8aRIJ
XwUIqyCLrxFj1HLN59FbVbpGu2itpFwCeq6knO94pcc6IEYf7jo44c1KBRdMTEnx
zl5dJ402p4L/cTpLtDfwR69Znge+oQzID5g2KljRR74zXcGImguSPqA210gYk3F+
Rsv1gZfdLAlYGQOGda9moWUaGbGaAv/yBES6Bb9zFG/I9rTJ1oqUiisFfNnjOemr
voZNlJdCTg9WxQgFBwbkFMzNEdisMF4Mzc6Aj0jAsV841PxAiFO6f7HdsNjjeg77
A8fAQz95K4WP5utrqOp2s6V/ymGPM3NsYyeSYbQd+tYltq47k8yztKMw7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJFcuRluxgO2gXIfZG9ZyN8kL9WIMB8GA1UdIwQY
MBaAFKmzZQT1skH5HSfvz+F4vAumsrmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJObEJQV3lRZmtkSi1fUDRYaThDNmF5dWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9jNTJjZDItNDJmOC00MTJlLWExYzkt
ZTE3NTgzN2VmOTM4LzEva1Z5NUdXN0dBN2FCY2g5a2IxbkkzeVF2MVlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9jNTJjZDItNDJmOC00MTJlLWExYzktZTE3NTgzN2VmOTM4
LzEvcWJObEJQV3lRZmtkSi1fUDRYaThDNmF5dWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQ7oMA0E
AgACMAcDBQMqDhWAMA0GCSqGSIb3DQEBCwUAA4IBAQBIO3fxKAsH1+tfkTI35xfK
i62RQL3CaF6+pdSYJAEqZENlYg5CxnvARZVn9+/tXvfXqaoXYkTSqvj77LM3VmsJ
+Cju+IMvcpVhzSTrDQagpyHPVhQkEzcCjXUtC0YfV9wc6Qpsil/NK0D68470+H/W
w74d8fX6HI+lm7BI9ZeVzJ6lrV6twMZGaJ/h37eKFcJ5KotErzp/2L46xaE/EwgR
9t2Cv0CkLARwKQfIPzbW5ke9GpnOjGrNAHFj/8jnKfK0yq3zmTwDwcZR1QHFqD9l
gYZGWFvTZVGd8BF/WEgdhXSldbd0/n5Vev1DDeJqMeEAGzfpX+FHU4dZAF3a6pQr
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:17 2024 by rpki-client on console-fra.rpki-client.org