Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/MBj_Yaip_l4668b8K2mB5CHyXwI.roa
File: MBj_Yaip_l4668b8K2mB5CHyXwI.roa (raw, json)
Hash identifier: X15kXt4Peo1YG7LN/LLTVIyz5aVlJrGRiqJQbLr1sJc=
Subject key identifier: 30:18:FF:61:A8:A9:FE:5E:3A:EB:C6:FC:2B:69:81:E4:21:F2:5F:02
Certificate issuer: /CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Certificate serial: 01857169ABDAF2FD66A74FA37CCE63475EEC
Authority key identifier: 6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/MBj_Yaip_l4668b8K2mB5CHyXwI.roa
Signing time: Mon 02 Jan 2023 07:37:08 +0000
ROA not before: Mon 02 Jan 2023 07:37:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211970
IP address blocks: 188.72.56.0/24 maxlen: 24
188.72.3.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:69:ab:da:f2:fd:66:a7:4f:a3:7c:ce:63:47:5e:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Validity
Not Before: Jan 2 07:37:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3018ff61a8a9fe5e3aebc6fc2b6981e421f25f02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:c8:6c:2d:d0:e3:c4:77:e6:57:b9:51:b2:57:
02:af:3a:ca:56:90:e7:aa:d2:53:ff:f6:30:c6:9f:
dd:12:fe:65:20:ef:a6:2d:bc:66:98:81:a4:48:39:
ba:a2:7a:79:df:9d:a3:da:37:a2:a9:9f:27:c3:d0:
55:47:17:e3:bd:09:63:f9:7b:e1:66:a2:ae:ca:f2:
10:98:bc:03:a5:31:49:5c:bd:48:42:76:94:61:76:
87:73:c1:e7:e4:f2:9d:ce:b2:02:d0:a6:58:58:2d:
41:3f:c2:89:33:ff:30:3d:c0:43:e7:76:89:b3:71:
36:c1:a2:85:94:13:25:29:36:52:df:c7:6b:a8:99:
28:1f:d4:1f:74:d3:1b:16:6b:76:88:f5:13:7c:83:
f2:d5:f2:d5:12:bd:65:91:46:9e:b7:8b:70:34:43:
40:9e:cc:f7:58:06:70:ff:45:41:ef:e4:a6:12:0d:
a8:81:e6:8a:b9:ec:76:7c:ba:1b:db:b3:55:20:ee:
21:36:c7:65:77:bd:8c:f9:f8:21:8b:96:c7:c9:0b:
03:94:0b:5b:20:5f:ce:75:fe:13:d9:76:ed:d3:ae:
c7:b2:4f:41:4f:3b:3c:09:9f:76:83:9f:13:9b:fa:
64:9b:9e:c9:5f:06:1f:d6:fb:4f:d1:a2:48:0a:54:
a9:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:18:FF:61:A8:A9:FE:5E:3A:EB:C6:FC:2B:69:81:E4:21:F2:5F:02
X509v3 Authority Key Identifier:
keyid:6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/MBj_Yaip_l4668b8K2mB5CHyXwI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.72.3.0/24
188.72.56.0/24
Signature Algorithm: sha256WithRSAEncryption
25:ed:d6:1d:99:66:50:85:38:5f:80:25:cc:e9:fe:fa:1f:0f:
cd:6e:80:ed:6c:c8:46:95:08:3c:16:bf:05:17:60:33:e9:3c:
bd:72:09:56:c1:dc:38:43:31:cb:fb:f4:f0:b6:4b:cb:8b:90:
aa:08:86:05:c6:1b:b0:2c:bc:dc:89:6e:e8:e7:52:a0:59:7a:
2c:79:67:47:87:0d:de:24:6b:5d:e3:30:38:d3:e0:4a:43:85:
ee:32:bc:de:ba:a2:02:f0:c0:44:5a:ba:15:10:04:f0:52:19:
66:42:1f:7a:fa:0b:46:5e:5b:1f:ed:1e:c3:20:9c:5b:20:70:
07:86:9d:12:f9:a1:7c:5e:48:27:c8:64:ad:26:14:17:86:7f:
4d:15:59:ac:a2:96:ef:aa:19:7b:8a:f2:e7:0c:6f:ef:d2:c2:
64:b9:4b:8c:fc:79:25:6b:9e:74:27:d9:20:b8:e9:c2:7c:00:
54:bf:07:e8:7d:a8:25:16:1d:e6:d3:b9:c6:af:20:f6:7d:40:
eb:53:c3:8f:02:a1:06:8a:f7:a2:f4:88:81:5b:af:cd:f5:54:
3f:0a:66:c2:18:38:50:a8:43:eb:81:3a:c2:9b:2d:7e:c4:18:
38:4c:7e:c2:84:67:7b:99:92:1b:d2:6d:0f:6f:39:7c:9e:09:
b7:59:6e:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxaava8v1mp0+jfM5jR17sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYjBkZWMxM2RmMjA1YTY2ZWM1MjI3OTI1YjhmNTZiZGIw
OWY0OTkwHhcNMjMwMTAyMDczNzA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDE4ZmY2MWE4YTlmZTVlM2FlYmM2ZmMyYjY5ODFlNDIxZjI1ZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjchsLdDjxHfmV7lRslcCrzrKVpDn
qtJT//Ywxp/dEv5lIO+mLbxmmIGkSDm6onp5352j2jeiqZ8nw9BVRxfjvQlj+Xvh
ZqKuyvIQmLwDpTFJXL1IQnaUYXaHc8Hn5PKdzrIC0KZYWC1BP8KJM/8wPcBD53aJ
s3E2waKFlBMlKTZS38drqJkoH9QfdNMbFmt2iPUTfIPy1fLVEr1lkUaet4twNENA
nsz3WAZw/0VB7+SmEg2ogeaKuex2fLob27NVIO4hNsdld72M+fghi5bHyQsDlAtb
IF/Odf4T2Xbt067Hsk9BTzs8CZ92g58Tm/pkm57JXwYf1vtP0aJIClSpewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDAY/2Goqf5eOuvG/CtpgeQh8l8CMB8GA1UdIwQY
MBaAFGyw3sE98gWmbsUieSW49WvbCfSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQt
NTJiOWU2YTE2MzUwLzEvTUJqX1lhaXBfbDQ2NjhiOEsybUI1Q0h5WHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQtNTJiOWU2YTE2MzUw
LzEvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEgDAwQA
vEg4MA0GCSqGSIb3DQEBCwUAA4IBAQAl7dYdmWZQhThfgCXM6f76Hw/NboDtbMhG
lQg8Fr8FF2Az6Ty9cglWwdw4QzHL+/TwtkvLi5CqCIYFxhuwLLzciW7o51KgWXos
eWdHhw3eJGtd4zA40+BKQ4XuMrzeuqIC8MBEWroVEATwUhlmQh96+gtGXlsf7R7D
IJxbIHAHhp0S+aF8XkgnyGStJhQXhn9NFVmsopbvqhl7ivLnDG/v0sJkuUuM/Hkl
a550J9kguOnCfABUvwfofaglFh3m07nGryD2fUDrU8OPAqEGivei9IiBW6/N9VQ/
CmbCGDhQqEPrgTrCmy1+xBg4TH7ChGd7mZIb0m0Pbzl8ngm3WW78
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:28 2023 by rpki-client on console.sobornost.net