Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/zKG_B5KFcFSkQ9wV_uxeXktZWZo.roa
File: zKG_B5KFcFSkQ9wV_uxeXktZWZo.roa (raw, json)
Hash identifier: TsMEbkO4i3ICSl1SmnfvBYf3D14AqyBQge4e7zzDznA=
Subject key identifier: CC:A1:BF:07:92:85:70:54:A4:43:DC:15:FE:EC:5E:5E:4B:59:59:9A
Certificate issuer: /CN=6827dc221544fc74215112a5812de196a2872e86
Certificate serial: 0186273859EFBFF60D59ED081E38A14D7E7C
Authority key identifier: 68:27:DC:22:15:44:FC:74:21:51:12:A5:81:2D:E1:96:A2:87:2E:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aCfcIhVE_HQhURKlgS3hlqKHLoY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/zKG_B5KFcFSkQ9wV_uxeXktZWZo.roa
Signing time: Mon 06 Feb 2023 14:54:09 +0000
ROA not before: Mon 06 Feb 2023 14:54:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29076
IP address blocks: 195.128.55.0/24 maxlen: 24
195.128.52.0/24 maxlen: 24
195.128.53.0/24 maxlen: 24
195.128.54.0/24 maxlen: 24
195.128.48.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:27:38:59:ef:bf:f6:0d:59:ed:08:1e:38:a1:4d:7e:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6827dc221544fc74215112a5812de196a2872e86
Validity
Not Before: Feb 6 14:54:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cca1bf0792857054a443dc15feec5e5e4b59599a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:20:15:9b:28:b4:08:27:33:14:61:5c:81:bf:
20:45:87:86:8f:0b:d7:ed:68:10:4e:fa:0e:28:1d:
ee:fb:07:7d:f0:fd:66:e9:f0:6b:aa:7b:b2:80:6b:
60:97:2f:4a:40:8e:93:81:55:7e:f8:de:85:cf:d1:
ff:3e:c0:9f:78:d7:49:d4:8d:30:5e:35:66:61:3d:
3b:08:ef:4d:e9:ff:e4:00:78:b8:4e:1d:b5:5d:71:
70:cf:2b:98:8c:bc:9b:37:6a:2f:6b:29:4a:8c:bc:
ca:89:a3:df:d2:be:19:3a:60:34:29:b8:0d:b5:61:
df:01:ab:a1:9d:bb:c0:14:cb:15:39:e4:e8:ab:08:
6e:a6:7b:b6:01:86:e8:49:57:28:4a:96:f0:19:dc:
bd:43:50:0e:d4:57:a3:6e:16:58:e3:e7:47:28:5e:
1f:d2:79:2a:68:f7:15:0b:08:84:c9:4d:58:45:08:
68:0f:85:b3:35:9b:bd:51:76:48:f9:6a:26:6e:ea:
76:2d:52:1e:bc:64:79:24:67:86:ec:a6:e8:90:1a:
23:d1:0d:d8:2d:d5:e5:b3:fe:cd:85:17:e6:05:15:
c1:46:90:e9:ae:f8:5b:0b:d1:0e:ac:49:e4:1d:a5:
bc:58:3e:ab:b8:db:28:f6:0d:a1:ab:7e:05:29:4a:
2e:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:A1:BF:07:92:85:70:54:A4:43:DC:15:FE:EC:5E:5E:4B:59:59:9A
X509v3 Authority Key Identifier:
keyid:68:27:DC:22:15:44:FC:74:21:51:12:A5:81:2D:E1:96:A2:87:2E:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aCfcIhVE_HQhURKlgS3hlqKHLoY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/zKG_B5KFcFSkQ9wV_uxeXktZWZo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fbf83-b28b-4d36-b118-eb1086075167/1/aCfcIhVE_HQhURKlgS3hlqKHLoY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.128.48.0/24
195.128.52.0/22
Signature Algorithm: sha256WithRSAEncryption
55:06:e7:f5:61:68:de:dc:3b:33:32:f9:43:06:0f:3d:b7:b6:
38:55:0b:01:0d:88:f2:9b:ca:d5:bf:9c:58:dd:db:60:c6:05:
75:c8:30:d5:bd:8f:c9:90:50:48:e7:41:25:17:11:70:25:5e:
22:54:5b:3d:06:c0:fa:23:c9:9b:13:bc:1b:c1:31:5c:6e:b6:
4f:92:f1:6b:74:66:59:81:df:8e:0d:33:19:81:63:4b:0e:fc:
2f:16:74:81:28:08:8c:cd:d9:60:9c:cb:2d:27:0f:b1:f7:cb:
e7:85:3c:f4:e8:28:b5:d9:fe:b4:8b:14:de:b5:eb:ed:0c:db:
af:cd:4e:2e:26:e2:25:7d:66:2e:7e:e3:48:ef:62:3e:0b:84:
7e:ba:d2:3d:48:20:bd:99:b2:28:c4:5a:b4:aa:30:1b:2d:9d:
76:b2:0c:7b:1a:61:a1:28:db:31:ac:e9:04:8c:05:43:49:ab:
f3:e2:9f:23:36:e5:95:4d:7f:d8:fe:53:6f:04:80:cf:7e:a4:
19:98:c0:2b:ae:d0:90:7f:29:b9:c3:9c:25:2b:19:16:b8:85:
f4:64:45:fa:07:0a:b1:35:71:6e:25:ba:72:62:d5:f4:81:5d:
d4:b4:83:e4:dd:ed:d7:a4:7f:05:66:e8:6f:3f:81:a8:cc:66:
65:2e:84:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYYnOFnvv/YNWe0IHjihTX58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MjdkYzIyMTU0NGZjNzQyMTUxMTJhNTgxMmRlMTk2YTI4
NzJlODYwHhcNMjMwMjA2MTQ1NDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2ExYmYwNzkyODU3MDU0YTQ0M2RjMTVmZWVjNWU1ZTRiNTk1OTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyAVmyi0CCczFGFcgb8gRYeGjwvX
7WgQTvoOKB3u+wd98P1m6fBrqnuygGtgly9KQI6TgVV++N6Fz9H/PsCfeNdJ1I0w
XjVmYT07CO9N6f/kAHi4Th21XXFwzyuYjLybN2ovaylKjLzKiaPf0r4ZOmA0KbgN
tWHfAauhnbvAFMsVOeToqwhupnu2AYboSVcoSpbwGdy9Q1AO1FejbhZY4+dHKF4f
0nkqaPcVCwiEyU1YRQhoD4WzNZu9UXZI+Wombup2LVIevGR5JGeG7KbokBoj0Q3Y
LdXls/7NhRfmBRXBRpDprvhbC9EOrEnkHaW8WD6ruNso9g2hq34FKUouPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMyhvweShXBUpEPcFf7sXl5LWVmaMB8GA1UdIwQY
MBaAFGgn3CIVRPx0IVESpYEt4Zaihy6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUNmY0loVkVfSFFoVVJLbGdTM2hscUtITG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yZmJmODMtYjI4Yi00ZDM2LWIxMTgt
ZWIxMDg2MDc1MTY3LzEvektHX0I1S0ZjRlNrUTl3Vl91eGVYa3RaV1pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yZmJmODMtYjI4Yi00ZDM2LWIxMTgtZWIxMDg2MDc1MTY3
LzEvYUNmY0loVkVfSFFoVVJLbGdTM2hscUtITG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4AwAwQC
w4A0MA0GCSqGSIb3DQEBCwUAA4IBAQBVBuf1YWje3DszMvlDBg89t7Y4VQsBDYjy
m8rVv5xY3dtgxgV1yDDVvY/JkFBI50ElFxFwJV4iVFs9BsD6I8mbE7wbwTFcbrZP
kvFrdGZZgd+ODTMZgWNLDvwvFnSBKAiMzdlgnMstJw+x98vnhTz06Ci12f60ixTe
tevtDNuvzU4uJuIlfWYufuNI72I+C4R+utI9SCC9mbIoxFq0qjAbLZ12sgx7GmGh
KNsxrOkEjAVDSavz4p8jNuWVTX/Y/lNvBIDPfqQZmMArrtCQfym5w5wlKxkWuIX0
ZEX6BwqxNXFuJbpyYtX0gV3UtIPk3e3XpH8FZuhvP4GozGZlLoRV
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:23 2023 by rpki-client on console.sobornost.net