Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/CKNw7rZMyTUjytb-W2dX9hK1vnM.roa
File: CKNw7rZMyTUjytb-W2dX9hK1vnM.roa (raw, json)
Hash identifier: t27xP/j4il+uYHs1VnaTffAfpKBY5MvTwx/7gdzTSfQ=
Subject key identifier: 08:A3:70:EE:B6:4C:C9:35:23:CA:D6:FE:5B:67:57:F6:12:B5:BE:73
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 0181D40249849039219D3122076653FF07FF
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/CKNw7rZMyTUjytb-W2dX9hK1vnM.roa
Signing time: Wed 06 Jul 2022 14:55:28 +0000
ROA not before: Wed 06 Jul 2022 14:55:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 62240
IP address blocks: 78.136.196.0/22 maxlen: 24
78.136.202.0/23 maxlen: 24
88.204.40.0/23 maxlen: 24
78.136.200.0/23 maxlen: 24
88.204.44.0/23 maxlen: 24
78.136.204.0/22 maxlen: 24
88.204.42.0/23 maxlen: 24
88.204.46.0/23 maxlen: 24
78.136.250.0/23 maxlen: 24
78.136.248.0/23 maxlen: 24
78.136.252.0/23 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:d4:02:49:84:90:39:21:9d:31:22:07:66:53:ff:07:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jul 6 14:55:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=08a370eeb64cc93523cad6fe5b6757f612b5be73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:1c:40:07:d5:04:12:87:b8:c9:a7:37:9c:78:
c9:ca:00:9f:f8:47:a4:51:58:ae:ac:3e:e0:03:7c:
f7:7b:c4:87:32:37:36:b6:9a:50:8f:17:79:fe:10:
60:da:6f:0b:10:af:7f:b4:f2:c1:f4:ca:e5:e0:b7:
4e:2c:55:0c:b7:c7:15:7d:59:e3:dd:67:1f:49:3e:
a6:8c:dc:43:72:3e:f9:b7:6c:02:f0:4a:d6:e2:4e:
93:ce:15:ca:0b:31:6b:d8:52:0c:5f:1c:a5:e5:d7:
81:6f:dd:07:e9:69:3e:fd:61:d6:90:21:d0:7e:41:
df:d3:5f:2d:9a:71:79:a5:43:62:f3:3a:87:e7:85:
c4:7b:90:43:57:b2:34:4f:1d:6b:ac:46:3a:6d:dc:
25:39:75:9b:fb:35:d3:ed:c4:37:4b:1e:e6:48:9a:
e1:14:a1:14:ec:24:a6:db:14:64:d5:72:3f:81:81:
0b:f8:7e:14:d2:30:81:16:6d:7a:74:5b:7a:13:41:
d7:0f:f5:ab:64:f6:ba:47:1b:d3:24:42:b8:d7:d6:
60:b6:6d:c2:35:af:61:af:b0:ef:75:4b:33:10:85:
a6:a9:aa:6d:91:bc:ba:ef:84:e9:30:3e:db:b6:45:
8e:11:06:f8:be:54:90:2e:ca:80:9f:7f:0d:d7:8c:
a7:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:A3:70:EE:B6:4C:C9:35:23:CA:D6:FE:5B:67:57:F6:12:B5:BE:73
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/CKNw7rZMyTUjytb-W2dX9hK1vnM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.196.0-78.136.207.255
78.136.248.0-78.136.254.255
88.204.40.0/21
Signature Algorithm: sha256WithRSAEncryption
5c:06:d9:76:54:e0:94:f9:19:6c:1c:13:61:1f:e4:53:44:4f:
eb:72:43:06:16:4a:2a:9b:db:b9:45:72:62:8f:8c:52:72:c2:
e1:d5:5f:86:79:0f:97:1c:ce:27:53:80:9b:8f:72:47:66:e4:
47:fa:7b:18:5c:ec:27:da:97:5a:b7:66:90:f6:81:36:ca:b6:
f4:72:83:d6:0f:55:6a:f7:92:f6:31:6b:61:8b:a6:27:0f:53:
74:22:73:5d:f3:3c:37:7c:fd:ca:17:02:72:e8:10:99:be:50:
b0:90:de:32:de:09:01:c0:17:a7:2c:e1:08:fb:5c:c5:9c:84:
cd:44:6f:dc:d3:8f:0f:82:0c:fb:06:ff:7b:18:f1:34:ab:47:
d6:ed:6c:8f:93:b0:7a:af:fc:41:ea:88:3f:a9:a9:7f:88:18:
80:47:cc:32:5c:12:ad:6f:dc:84:3a:7b:ea:3d:e0:d4:e7:4a:
13:c7:ba:c9:1c:1d:6e:b8:b1:2e:83:e2:b9:07:19:13:90:0b:
7d:0d:b3:75:0e:4f:e4:eb:b9:02:b3:ce:5d:5e:8f:96:58:80:
f1:e4:02:97:35:25:60:d8:37:60:66:4e:9b:a7:91:e4:27:55:
f9:18:0a:3b:06:98:b1:81:16:06:86:42:7d:f5:32:5b:7a:84:
d6:e3:b0:58
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYHUAkmEkDkhnTEiB2ZT/wf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjIwNzA2MTQ1NTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGEzNzBlZWI2NGNjOTM1MjNjYWQ2ZmU1YjY3NTdmNjEyYjViZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxxAB9UEEoe4yac3nHjJygCf+Eek
UViurD7gA3z3e8SHMjc2tppQjxd5/hBg2m8LEK9/tPLB9Mrl4LdOLFUMt8cVfVnj
3WcfST6mjNxDcj75t2wC8ErW4k6TzhXKCzFr2FIMXxyl5deBb90H6Wk+/WHWkCHQ
fkHf018tmnF5pUNi8zqH54XEe5BDV7I0Tx1rrEY6bdwlOXWb+zXT7cQ3Sx7mSJrh
FKEU7CSm2xRk1XI/gYEL+H4U0jCBFm16dFt6E0HXD/WrZPa6RxvTJEK419Zgtm3C
Na9hr7DvdUszEIWmqaptkby674TpMD7btkWOEQb4vlSQLsqAn38N14ynJwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFAijcO62TMk1I8rW/ltnV/YStb5zMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvQ0tOdzdyWk15VFVqeXRiLVcyZFg5aEsxdm5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAJOiMQD
BAROiMAwDAMEA06I+AMEAE6I/gMEA1jMKDANBgkqhkiG9w0BAQsFAAOCAQEAXAbZ
dlTglPkZbBwTYR/kU0RP63JDBhZKKpvbuUVyYo+MUnLC4dVfhnkPlxzOJ1OAm49y
R2bkR/p7GFzsJ9qXWrdmkPaBNsq29HKD1g9VaveS9jFrYYumJw9TdCJzXfM8N3z9
yhcCcugQmb5QsJDeMt4JAcAXpyzhCPtcxZyEzURv3NOPD4IM+wb/exjxNKtH1u1s
j5Oweq/8QeqIP6mpf4gYgEfMMlwSrW/chDp76j3g1OdKE8e6yRwdbrixLoPiuQcZ
E5ALfQ2zdQ5P5Ou5ArPOXV6PlliA8eQClzUlYNg3YGZOm6eR5CdV+RgKOwaYsYEW
BoZCffUyW3qE1uOwWA==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:56 2023 by rpki-client on console.sobornost.net