Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/512214-e78e-4931-bfbb-16f5a5636244/1/kGM-RG4-D2lKyJrtr7ug9BuzIxA.roa
File: kGM-RG4-D2lKyJrtr7ug9BuzIxA.roa (raw, json)
Hash identifier: OZ3c6+hQBhTDK/uLCpADWUNDJIAWIBoNjbRG62hyJJ8=
Subject key identifier: 90:63:3E:44:6E:3E:0F:69:4A:C8:9A:ED:AF:BB:A0:F4:1B:B3:23:10
Certificate issuer: /CN=843cf5bb876b772b7ade432905cb696f134caa39
Certificate serial: 074575E2
Authority key identifier: 84:3C:F5:BB:87:6B:77:2B:7A:DE:43:29:05:CB:69:6F:13:4C:AA:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hDz1u4drdyt63kMpBctpbxNMqjk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/512214-e78e-4931-bfbb-16f5a5636244/1/kGM-RG4-D2lKyJrtr7ug9BuzIxA.roa
Signing time: Sat 01 Jan 2022 06:06:20 +0000
ROA not before: Sat 01 Jan 2022 06:06:20 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 204760
IP address blocks: 213.217.4.0/22 maxlen: 22
2a09:5a00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 121992674 (0x74575e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=843cf5bb876b772b7ade432905cb696f134caa39
Validity
Not Before: Jan 1 06:06:20 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=90633e446e3e0f694ac89aedafbba0f41bb32310
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:1f:f4:85:4b:d5:c5:a9:91:64:c4:d3:0d:2d:
a6:21:2e:28:c0:23:0a:36:ed:fd:25:63:2f:7f:e8:
80:99:1f:bd:83:06:41:b2:38:9b:8d:c9:17:29:c5:
85:3b:be:d9:ea:f3:83:0b:bb:3e:39:ee:55:91:7e:
ac:40:4a:3f:66:82:2f:6c:27:c6:23:02:d3:c7:73:
36:d7:04:08:d7:12:8d:0a:e6:93:91:85:f6:ef:4e:
76:5b:83:e0:4d:2d:bc:0a:55:47:66:c7:e3:93:04:
ce:b0:ab:1f:eb:fe:65:69:10:51:aa:84:4e:d0:6f:
50:26:8a:15:75:2f:39:19:55:1c:db:d3:95:a5:15:
c4:c1:6a:6d:01:9b:da:20:f8:74:1f:d2:9d:1e:37:
66:7a:c7:18:2a:5a:53:33:51:a1:f2:ee:c8:e0:d8:
ab:af:b7:6b:03:47:ec:f1:fa:fe:f3:f0:b9:b6:3b:
9f:47:cc:2d:60:43:ad:9e:f0:44:f5:78:28:db:a9:
12:47:fa:55:13:71:26:e1:24:38:5d:4a:d7:d4:dd:
5c:8f:06:f7:bc:5c:cf:02:67:8a:43:06:b9:db:47:
c0:66:6e:52:95:ed:9b:6a:a7:2c:24:98:5b:4d:fe:
2b:12:2a:cb:a2:74:c7:0d:37:8a:7d:c9:45:1f:65:
9f:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:63:3E:44:6E:3E:0F:69:4A:C8:9A:ED:AF:BB:A0:F4:1B:B3:23:10
X509v3 Authority Key Identifier:
keyid:84:3C:F5:BB:87:6B:77:2B:7A:DE:43:29:05:CB:69:6F:13:4C:AA:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hDz1u4drdyt63kMpBctpbxNMqjk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/512214-e78e-4931-bfbb-16f5a5636244/1/kGM-RG4-D2lKyJrtr7ug9BuzIxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/512214-e78e-4931-bfbb-16f5a5636244/1/hDz1u4drdyt63kMpBctpbxNMqjk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.217.4.0/22
IPv6:
2a09:5a00::/29
Signature Algorithm: sha256WithRSAEncryption
4f:cc:d2:ff:26:5f:93:03:9f:40:db:0e:ca:04:c0:ca:0c:58:
da:85:83:5b:fe:31:07:0d:a7:fd:6a:41:87:5c:a8:e1:a3:91:
4e:fb:61:17:56:32:65:0e:f7:5d:ea:2d:81:8b:b7:2f:1c:06:
20:2e:4c:65:df:e0:29:5e:2b:1d:3c:d0:1a:2f:6d:fd:21:d4:
32:29:82:f9:73:1a:ab:d0:e7:d1:c1:57:46:d9:99:a5:3a:2d:
40:55:3b:81:8b:5c:ca:ec:92:c5:d3:23:18:0f:0f:98:83:64:
74:23:ae:45:e9:04:35:30:42:26:1b:50:56:0e:bd:c9:0e:98:
23:fa:33:02:b8:c4:df:6b:fc:fd:64:9b:9c:15:78:83:d7:04:
cd:20:32:88:05:e7:83:3d:62:f3:ef:6a:7a:16:19:7b:76:26:
90:d1:0e:94:ab:c1:50:27:99:ed:01:56:84:17:c6:83:56:59:
82:e1:0e:78:e9:d0:ce:b7:8e:3b:4f:45:79:80:42:f7:ac:2c:
8e:a8:76:ba:63:8a:12:b8:9d:6c:bf:86:a3:2f:0a:3e:c5:e6:
48:d0:f7:03:38:62:8d:48:5c:31:15:00:97:38:38:a0:2e:91:
cd:04:8b:7c:ea:36:10:cd:66:31:dc:20:cd:d0:f6:8d:9b:00:
63:aa:2a:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEB0V14jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NDNjZjViYjg3NmI3NzJiN2FkZTQzMjkwNWNiNjk2ZjEzNGNhYTM5MB4XDTIyMDEw
MTA2MDYyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTA2MzNlNDQ2ZTNl
MGY2OTRhYzg5YWVkYWZiYmEwZjQxYmIzMjMxMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ8f9IVL1cWpkWTE0w0tpiEuKMAjCjbt/SVjL3/ogJkfvYMG
QbI4m43JFynFhTu+2erzgwu7PjnuVZF+rEBKP2aCL2wnxiMC08dzNtcECNcSjQrm
k5GF9u9OdluD4E0tvApVR2bH45MEzrCrH+v+ZWkQUaqETtBvUCaKFXUvORlVHNvT
laUVxMFqbQGb2iD4dB/SnR43ZnrHGCpaUzNRofLuyODYq6+3awNH7PH6/vPwubY7
n0fMLWBDrZ7wRPV4KNupEkf6VRNxJuEkOF1K19TdXI8G97xczwJnikMGudtHwGZu
UpXtm2qnLCSYW03+KxIqy6J0xw03in3JRR9lnwUCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSQYz5Ebj4PaUrImu2vu6D0G7MjEDAfBgNVHSMEGDAWgBSEPPW7h2t3K3re
QykFy2lvE0yqOTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hEejF1NGRyZHl0NjNrTXBCY3RwYnhOTXFqay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODcvNTEyMjE0LWU3OGUtNDkzMS1iZmJiLTE2ZjVhNTYzNjI0NC8x
L2tHTS1SRzQtRDJsS3lKcnRyN3VnOUJ1ekl4QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcv
NTEyMjE0LWU3OGUtNDkzMS1iZmJiLTE2ZjVhNTYzNjI0NC8xL2hEejF1NGRyZHl0
NjNrTXBCY3RwYnhOTXFqay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAtXZBDANBAIAAjAHAwUDKglaADAN
BgkqhkiG9w0BAQsFAAOCAQEAT8zS/yZfkwOfQNsOygTAygxY2oWDW/4xBw2n/WpB
h1yo4aORTvthF1YyZQ73XeotgYu3LxwGIC5MZd/gKV4rHTzQGi9t/SHUMimC+XMa
q9Dn0cFXRtmZpTotQFU7gYtcyuySxdMjGA8PmINkdCOuRekENTBCJhtQVg69yQ6Y
I/ozArjE32v8/WSbnBV4g9cEzSAyiAXngz1i8+9qehYZe3YmkNEOlKvBUCeZ7QFW
hBfGg1ZZguEOeOnQzreOO09FeYBC96wsjqh2umOKEridbL+Goy8KPsXmSND3Azhi
jUhcMRUAlzg4oC6RzQSLfOo2EM1mMdwgzdD2jZsAY6oqow==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:46 2023 by rpki-client on console.sobornost.net