Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/259bea-2931-4de0-be42-5a3d8f0ecbfd/1/KkphrdnJOMCCwVraVlFpizq5nWI.roa
File: KkphrdnJOMCCwVraVlFpizq5nWI.roa (raw, json)
Hash identifier: kZkE3stIC4Z/UsFkGaqhM2PAwYMEs92ga42dENXcamg=
Subject key identifier: 2A:4A:61:AD:D9:C9:38:C0:82:C1:5A:DA:56:51:69:8B:3A:B9:9D:62
Certificate issuer: /CN=cf7178f7a005f93779f468d34badbccc1b9cea50
Certificate serial: 61A746
Authority key identifier: CF:71:78:F7:A0:05:F9:37:79:F4:68:D3:4B:AD:BC:CC:1B:9C:EA:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z3F496AF-Td59GjTS628zBuc6lA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/259bea-2931-4de0-be42-5a3d8f0ecbfd/1/KkphrdnJOMCCwVraVlFpizq5nWI.roa
Signing time: Sat 01 Jan 2022 02:59:59 +0000
ROA not before: Sat 01 Jan 2022 02:59:59 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 25577
IP address blocks: 91.195.228.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6399814 (0x61a746)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf7178f7a005f93779f468d34badbccc1b9cea50
Validity
Not Before: Jan 1 02:59:59 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2a4a61add9c938c082c15ada5651698b3ab99d62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:48:83:da:fe:fb:2e:34:6a:4b:2d:f2:c2:b5:
60:ec:4b:d8:58:bc:d5:b0:ea:c5:65:a9:f5:5f:cd:
19:62:6b:ef:17:56:84:63:56:23:6f:87:94:20:c9:
09:2f:d1:f4:d4:8d:96:0c:16:6f:3b:41:69:cd:f9:
3f:8b:9e:63:7f:cc:09:77:a2:77:7e:63:6b:2c:47:
1c:97:14:0c:d7:06:5d:cf:2e:da:d2:19:bb:36:aa:
6d:f7:7c:32:86:b8:01:85:2c:55:18:cd:ef:7c:fa:
09:03:8d:06:1e:fd:c0:54:2e:b3:a5:fa:dd:e7:d4:
7d:4f:04:a7:bd:85:ba:c9:95:cc:99:1d:5e:40:a2:
09:32:df:20:46:3c:bd:91:f8:86:c1:27:f1:3a:85:
4d:e1:cd:eb:03:44:5f:f2:8e:34:bd:50:0b:2f:dd:
34:67:c4:4b:e7:3f:ee:64:b9:f3:c3:a1:ba:90:32:
72:5d:59:1d:8b:0c:c6:87:aa:08:3f:d1:3f:b8:71:
47:40:b2:60:43:3d:0e:d1:2a:d9:22:86:5d:89:bb:
76:1c:39:0d:dd:9f:87:16:74:73:39:7b:25:fd:25:
33:51:8e:7a:e1:bb:fd:c1:f7:bf:99:93:8d:68:ca:
f3:ad:30:fb:b8:0b:83:8f:39:a1:62:52:35:8c:0d:
2b:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:4A:61:AD:D9:C9:38:C0:82:C1:5A:DA:56:51:69:8B:3A:B9:9D:62
X509v3 Authority Key Identifier:
keyid:CF:71:78:F7:A0:05:F9:37:79:F4:68:D3:4B:AD:BC:CC:1B:9C:EA:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z3F496AF-Td59GjTS628zBuc6lA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/259bea-2931-4de0-be42-5a3d8f0ecbfd/1/KkphrdnJOMCCwVraVlFpizq5nWI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/259bea-2931-4de0-be42-5a3d8f0ecbfd/1/z3F496AF-Td59GjTS628zBuc6lA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.228.0/23
Signature Algorithm: sha256WithRSAEncryption
79:b6:92:d7:c3:42:1a:9b:34:33:c5:42:fe:fc:ed:b9:84:96:
74:b8:d2:4c:d4:98:05:c7:7e:b6:ef:bc:86:c1:3f:ed:ad:d0:
6a:7d:88:dd:45:33:e8:36:ff:68:f2:49:a4:af:b9:bf:e6:f4:
a1:dc:35:87:e5:83:4a:6d:15:51:05:3f:38:70:0c:cb:f4:a6:
25:ac:03:ca:66:d3:72:03:cc:f0:e4:c3:d0:66:05:33:50:d1:
f2:66:4f:06:fa:d0:36:e4:e7:ef:6b:4e:c8:36:2d:2e:11:e0:
6e:ac:70:48:9f:88:0a:ea:a2:9e:4b:99:1d:00:4f:64:d2:56:
66:0a:ea:00:fc:b2:87:9d:b6:bb:e2:0f:82:da:56:71:79:e7:
a9:d9:4d:31:e0:c2:c0:9a:3a:4c:d2:ab:4a:3c:bc:75:70:67:
7a:b1:de:ef:37:11:5e:a9:f2:c9:8d:a9:00:ac:3f:61:1e:71:
19:de:8b:1b:a3:32:44:17:46:1b:4a:0e:e3:51:5a:a4:bf:7d:
68:20:85:b8:f5:99:e6:78:de:fa:bd:d2:ac:5b:55:53:c2:d9:
ec:c5:f2:1f:32:39:6f:8a:a0:7e:72:22:b8:98:f2:8e:18:d4:
73:93:ca:72:7f:be:36:7a:e3:40:b7:1b:e9:ca:73:c6:6e:c8:
ad:59:20:a5
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDYadGMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNm
NzE3OGY3YTAwNWY5Mzc3OWY0NjhkMzRiYWRiY2NjMWI5Y2VhNTAwHhcNMjIwMTAx
MDI1OTU5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyYTRhNjFhZGQ5Yzkz
OGMwODJjMTVhZGE1NjUxNjk4YjNhYjk5ZDYyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAhkiD2v77LjRqSy3ywrVg7EvYWLzVsOrFZan1X80ZYmvvF1aE
Y1Yjb4eUIMkJL9H01I2WDBZvO0Fpzfk/i55jf8wJd6J3fmNrLEcclxQM1wZdzy7a
0hm7Nqpt93wyhrgBhSxVGM3vfPoJA40GHv3AVC6zpfrd59R9TwSnvYW6yZXMmR1e
QKIJMt8gRjy9kfiGwSfxOoVN4c3rA0Rf8o40vVALL900Z8RL5z/uZLnzw6G6kDJy
XVkdiwzGh6oIP9E/uHFHQLJgQz0O0SrZIoZdibt2HDkN3Z+HFnRzOXsl/SUzUY56
4bv9wfe/mZONaMrzrTD7uAuDjzmhYlI1jA0r/QIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFCpKYa3ZyTjAgsFa2lZRaYs6uZ1iMB8GA1UdIwQYMBaAFM9xePegBfk3efRo
00utvMwbnOpQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
ejNGNDk2QUYtVGQ1OUdqVFM2Mjh6QnVjNmxBLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jOS8yNTliZWEtMjkzMS00ZGUwLWJlNDItNWEzZDhmMGVjYmZkLzEv
S2twaHJkbkpPTUNDd1ZyYVZsRnBpenE1bldJLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8y
NTliZWEtMjkzMS00ZGUwLWJlNDItNWEzZDhmMGVjYmZkLzEvejNGNDk2QUYtVGQ1
OUdqVFM2Mjh6QnVjNmxBLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8PkMA0GCSqGSIb3DQEBCwUAA4IB
AQB5tpLXw0IamzQzxUL+/O25hJZ0uNJM1JgFx36277yGwT/trdBqfYjdRTPoNv9o
8kmkr7m/5vSh3DWH5YNKbRVRBT84cAzL9KYlrAPKZtNyA8zw5MPQZgUzUNHyZk8G
+tA25Ofva07INi0uEeBurHBIn4gK6qKeS5kdAE9k0lZmCuoA/LKHnba74g+C2lZx
eeep2U0x4MLAmjpM0qtKPLx1cGd6sd7vNxFeqfLJjakArD9hHnEZ3osbozJEF0Yb
Sg7jUVqkv31oIIW49ZnmeN76vdKsW1VTwtnsxfIfMjlviqB+ciK4mPKOGNRzk8py
f742euNAtxvpynPGbsitWSCl
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:09:34 2025 by rpki-client