Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KAPT6BVqNOryySE7UeFHVP1vgHA.roa
File: KAPT6BVqNOryySE7UeFHVP1vgHA.roa (raw, json)
Hash identifier: 4e8UG+hHD/v5EpPqflBRXsaTQBILnJGcBeNisSO2GUE=
Subject key identifier: 28:03:D3:E8:15:6A:34:EA:F2:C9:21:3B:51:E1:47:54:FD:6F:80:70
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01890E7B712D35219F04D05119B0CDBC10BF
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KAPT6BVqNOryySE7UeFHVP1vgHA.roa
Signing time: Fri 30 Jun 2023 22:45:18 +0000
ROA not before: Fri 30 Jun 2023 22:45:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
45.137.180.0/22 maxlen: 24
82.115.8.0/22 maxlen: 24
82.115.12.0/23 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:0e:7b:71:2d:35:21:9f:04:d0:51:19:b0:cd:bc:10:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jun 30 22:45:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2803d3e8156a34eaf2c9213b51e14754fd6f8070
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:45:45:2e:5e:0d:58:34:14:3d:87:e0:c8:49:
21:d9:7f:e5:ec:ab:e6:04:17:21:54:8f:09:22:29:
4e:ef:38:85:63:ad:68:d7:56:30:e9:41:31:06:b5:
11:d7:d8:61:f9:81:87:ae:a1:07:b8:40:91:7d:36:
c3:1d:84:92:a5:2b:55:1c:32:5d:c9:10:52:ea:4e:
6e:20:64:5f:e9:35:2d:da:3a:d1:36:ab:4c:c9:ed:
1a:ce:d8:7e:d0:fe:21:10:37:7c:56:ea:3c:10:22:
90:ce:61:db:b6:67:ae:22:38:cb:39:82:e1:0a:ad:
95:f0:3c:a7:1b:1d:49:52:93:4c:b1:44:13:6b:e4:
34:bc:34:5e:80:8e:23:62:f0:02:b2:7c:4c:7b:16:
ec:3a:6a:bd:6f:f5:bd:49:0c:9d:98:58:42:04:05:
84:75:85:ea:f8:e4:0d:b4:06:b1:16:99:7b:45:1c:
99:c7:fd:21:98:c5:6f:9d:b3:ab:8d:c7:80:fe:01:
97:f0:77:80:8c:c5:ad:f2:54:dd:75:73:91:5a:c7:
0b:ac:07:6d:c1:af:55:3f:96:a0:75:4a:fa:3e:0a:
44:47:19:28:99:50:91:b2:d8:e1:d5:1d:fb:ee:a8:
42:9a:a0:8c:cf:df:d9:b8:db:c4:a7:45:85:ee:9b:
57:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:03:D3:E8:15:6A:34:EA:F2:C9:21:3B:51:E1:47:54:FD:6F:80:70
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KAPT6BVqNOryySE7UeFHVP1vgHA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.180.0/22
82.115.8.0-82.115.13.255
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
Signature Algorithm: sha256WithRSAEncryption
59:9a:5c:d2:02:b4:78:46:40:5d:39:0d:94:02:56:ec:49:6f:
94:55:e6:3b:2e:e8:82:1d:37:4a:fc:8b:e7:17:e3:82:57:09:
aa:a1:a3:82:44:b4:d3:1a:b0:1c:6f:3f:10:dd:61:e2:d0:39:
d3:76:ca:52:3d:b7:98:79:1f:1a:9f:b9:94:a6:fa:12:94:9d:
75:6e:50:79:48:79:15:29:98:0e:7f:31:95:fc:61:58:7d:c8:
0d:95:dc:de:90:45:20:7f:67:24:28:65:82:c0:b0:6f:98:bd:
c7:11:3d:a6:be:bb:7b:96:eb:cf:81:fa:36:bb:e5:03:59:44:
67:9f:06:6c:ab:bc:a9:27:4f:ff:b8:97:67:04:d4:9a:d3:75:
f8:a9:7e:e6:54:03:c9:a3:fd:57:b6:e2:54:ea:c1:73:3d:9e:
2c:a2:e6:82:af:6c:0c:d5:ac:78:ed:e4:0c:f6:cb:ed:0e:16:
b1:22:5b:71:1a:c7:39:d4:89:00:95:10:57:a6:2e:4f:68:c0:
06:54:73:31:0c:d8:7a:76:98:fc:ac:0e:ce:4d:1d:ae:ce:98:
80:21:13:20:b9:94:6e:d6:2f:09:0a:e1:18:af:d8:1f:d0:96:
bb:34:54:b2:d9:45:49:ed:9c:fe:27:b1:86:ac:9b:57:5a:22:
3a:05:97:67
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYkOe3EtNSGfBNBRGbDNvBC/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwNjMwMjI0NTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODAzZDNlODE1NmEzNGVhZjJjOTIxM2I1MWUxNDc1NGZkNmY4MDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUVFLl4NWDQUPYfgyEkh2X/l7Kvm
BBchVI8JIilO7ziFY61o11Yw6UExBrUR19hh+YGHrqEHuECRfTbDHYSSpStVHDJd
yRBS6k5uIGRf6TUt2jrRNqtMye0azth+0P4hEDd8Vuo8ECKQzmHbtmeuIjjLOYLh
Cq2V8DynGx1JUpNMsUQTa+Q0vDRegI4jYvACsnxMexbsOmq9b/W9SQydmFhCBAWE
dYXq+OQNtAaxFpl7RRyZx/0hmMVvnbOrjceA/gGX8HeAjMWt8lTddXORWscLrAdt
wa9VP5agdUr6PgpERxkomVCRstjh1R377qhCmqCMz9/ZuNvEp0WF7ptX7wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFCgD0+gVajTq8skhO1HhR1T9b4BwMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvS0FQVDZCVnFOT3J5eVNFN1VlRkhWUDF2Z0hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCLYm0MAwD
BANScwgDBAFScwwDBAK5gWwDBAK53OwDBAC80ZswDQYJKoZIhvcNAQELBQADggEB
AFmaXNICtHhGQF05DZQCVuxJb5RV5jsu6IIdN0r8i+cX44JXCaqho4JEtNMasBxv
PxDdYeLQOdN2ylI9t5h5HxqfuZSm+hKUnXVuUHlIeRUpmA5/MZX8YVh9yA2V3N6Q
RSB/ZyQoZYLAsG+YvccRPaa+u3uW68+B+ja75QNZRGefBmyrvKknT/+4l2cE1JrT
dfipfuZUA8mj/Ve24lTqwXM9niyi5oKvbAzVrHjt5Az2y+0OFrEiW3EaxznUiQCV
EFemLk9owAZUczEM2Hp2mPysDs5NHa7OmIAhEyC5lG7WLwkK4Riv2B/Qlrs0VLLZ
RUntnP4nsYasm1daIjoFl2c=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:24 2023 by rpki-client on console.sobornost.net