Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/14d7b8-afce-45a1-b272-04d96fa83d07/1/KNbyUuv5xoAvi2rEPIAwlZ8vqSM.roa
File: KNbyUuv5xoAvi2rEPIAwlZ8vqSM.roa (raw, json)
Hash identifier: E+wI/XcQ+zmkCj1TgU06XJpisWvRms0qUH9/uxGj/6o=
Subject key identifier: 28:D6:F2:52:EB:F9:C6:80:2F:8B:6A:C4:3C:80:30:95:9F:2F:A9:23
Certificate issuer: /CN=ffd61ac8c56e38fdf61238036c73547270034631
Certificate serial: 0185729EF601E02585241F2E1A3DCA8F664F
Authority key identifier: FF:D6:1A:C8:C5:6E:38:FD:F6:12:38:03:6C:73:54:72:70:03:46:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_9YayMVuOP32EjgDbHNUcnADRjE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/14d7b8-afce-45a1-b272-04d96fa83d07/1/KNbyUuv5xoAvi2rEPIAwlZ8vqSM.roa
Signing time: Mon 02 Jan 2023 13:14:58 +0000
ROA not before: Mon 02 Jan 2023 13:14:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39175
IP address blocks: 139.28.108.0/22 maxlen: 22
185.249.36.0/22 maxlen: 22
2a09:d340::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:9e:f6:01:e0:25:85:24:1f:2e:1a:3d:ca:8f:66:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ffd61ac8c56e38fdf61238036c73547270034631
Validity
Not Before: Jan 2 13:14:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=28d6f252ebf9c6802f8b6ac43c8030959f2fa923
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:b5:17:d5:8a:db:e6:25:f6:bf:ce:4e:91:69:
48:45:23:24:b9:07:bd:b0:a8:57:8b:ca:50:b6:e9:
e0:5c:47:9c:4a:48:2a:da:18:79:32:11:a7:31:b7:
02:ae:b4:f6:40:69:08:ff:ad:16:c1:3d:81:0d:ed:
76:38:5e:ca:87:eb:38:b1:15:5c:2c:3a:c5:bb:d3:
41:3d:6f:43:bf:c1:09:77:81:28:21:06:3a:74:0a:
e7:b8:44:28:48:57:71:f6:70:65:a0:25:0b:10:57:
ba:08:c0:09:72:3f:a7:17:bf:28:a2:22:06:63:d6:
8f:ed:0f:ac:a1:e5:e1:2a:50:89:fc:88:d4:f3:a1:
42:9a:79:12:7c:58:54:da:3b:32:e0:c9:38:16:28:
d3:2e:0b:26:42:57:43:e2:06:1a:ed:43:38:7d:af:
e5:96:32:8e:65:ba:cc:9b:5f:ff:ac:23:c5:c7:77:
5e:4e:38:92:69:0e:58:d7:9b:2b:5b:35:5f:56:50:
84:ff:61:5f:33:65:f0:47:21:39:cc:7d:a8:64:1a:
dc:13:fe:04:fc:75:1d:42:91:67:c6:a4:bc:ac:e9:
59:cd:03:e6:ea:af:22:4f:58:7c:6e:4a:84:e9:b3:
cb:6a:0d:1b:31:76:64:4a:1a:d3:ea:b2:20:25:7c:
f8:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:D6:F2:52:EB:F9:C6:80:2F:8B:6A:C4:3C:80:30:95:9F:2F:A9:23
X509v3 Authority Key Identifier:
keyid:FF:D6:1A:C8:C5:6E:38:FD:F6:12:38:03:6C:73:54:72:70:03:46:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9YayMVuOP32EjgDbHNUcnADRjE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/14d7b8-afce-45a1-b272-04d96fa83d07/1/KNbyUuv5xoAvi2rEPIAwlZ8vqSM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/14d7b8-afce-45a1-b272-04d96fa83d07/1/_9YayMVuOP32EjgDbHNUcnADRjE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
139.28.108.0/22
185.249.36.0/22
IPv6:
2a09:d340::/29
Signature Algorithm: sha256WithRSAEncryption
2a:ae:c5:4a:77:12:2d:3a:b7:7a:37:f2:3e:00:1f:ce:c2:77:
e9:4a:6b:f7:86:39:36:89:b1:95:4b:ce:2e:22:f5:b3:a5:86:
19:31:b0:0b:d9:ec:15:ab:6b:17:ec:ea:70:8d:5b:79:d1:c6:
8d:b7:ce:e7:b2:a3:4b:d0:26:85:61:02:ca:c4:b1:6e:75:bc:
9d:b7:f4:df:47:51:a6:50:fa:31:20:f6:90:ec:bc:5c:8e:a8:
a4:5b:bc:a8:b2:17:71:d8:45:2d:3b:2c:74:b0:8f:1b:00:34:
2a:6b:87:91:0c:43:f1:b2:94:aa:bc:46:9a:30:e5:d5:15:4a:
2e:40:54:6e:63:f2:03:9b:58:90:3e:0a:84:b6:bd:e7:84:b6:
a5:43:f6:44:bb:fa:5b:7a:8f:e5:19:b9:82:37:0d:79:22:3b:
c4:37:b4:7b:b0:86:16:15:40:d8:52:69:ce:6c:f5:36:9d:99:
9c:65:e8:5d:a1:73:f6:3b:e7:b3:b0:d2:76:e8:7c:64:a0:81:
87:01:e2:0b:c4:a2:2b:ab:39:c4:de:62:7e:18:ff:ba:61:0b:
87:1a:1b:ad:61:c6:1f:36:50:b1:27:8a:7f:ab:d1:62:50:3a:
c2:98:0f:c4:7d:fd:7d:6a:ff:04:70:8a:0d:d3:f3:ab:66:c0:
9b:a3:a3:a2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVynvYB4CWFJB8uGj3Kj2ZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZDYxYWM4YzU2ZTM4ZmRmNjEyMzgwMzZjNzM1NDcyNzAw
MzQ2MzEwHhcNMjMwMTAyMTMxNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ2ZjI1MmViZjljNjgwMmY4YjZhYzQzYzgwMzA5NTlmMmZhOTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7UX1Yrb5iX2v85OkWlIRSMkuQe9
sKhXi8pQtungXEecSkgq2hh5MhGnMbcCrrT2QGkI/60WwT2BDe12OF7Kh+s4sRVc
LDrFu9NBPW9Dv8EJd4EoIQY6dArnuEQoSFdx9nBloCULEFe6CMAJcj+nF78ooiIG
Y9aP7Q+soeXhKlCJ/IjU86FCmnkSfFhU2jsy4Mk4FijTLgsmQldD4gYa7UM4fa/l
ljKOZbrMm1//rCPFx3deTjiSaQ5Y15srWzVfVlCE/2FfM2XwRyE5zH2oZBrcE/4E
/HUdQpFnxqS8rOlZzQPm6q8iT1h8bkqE6bPLag0bMXZkShrT6rIgJXz4HwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCjW8lLr+caAL4tqxDyAMJWfL6kjMB8GA1UdIwQY
MBaAFP/WGsjFbjj99hI4A2xzVHJwA0YxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzlZYXlNVnVPUDMyRWpnRGJITlVjbkFEUmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8xNGQ3YjgtYWZjZS00NWExLWIyNzIt
MDRkOTZmYTgzZDA3LzEvS05ieVV1djV4b0F2aTJyRVBJQXdsWjh2cVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8xNGQ3YjgtYWZjZS00NWExLWIyNzItMDRkOTZmYTgzZDA3
LzEvXzlZYXlNVnVPUDMyRWpnRGJITlVjbkFEUmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCixxsAwQC
ufkkMA0EAgACMAcDBQMqCdNAMA0GCSqGSIb3DQEBCwUAA4IBAQAqrsVKdxItOrd6
N/I+AB/OwnfpSmv3hjk2ibGVS84uIvWzpYYZMbAL2ewVq2sX7OpwjVt50caNt87n
sqNL0CaFYQLKxLFudbydt/TfR1GmUPoxIPaQ7LxcjqikW7yoshdx2EUtOyx0sI8b
ADQqa4eRDEPxspSqvEaaMOXVFUouQFRuY/IDm1iQPgqEtr3nhLalQ/ZEu/pbeo/l
GbmCNw15IjvEN7R7sIYWFUDYUmnObPU2nZmcZehdoXP2O+ezsNJ26HxkoIGHAeIL
xKIrqznE3mJ+GP+6YQuHGhutYcYfNlCxJ4p/q9FiUDrCmA/Eff19av8EcIoN0/Or
ZsCbo6Oi
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:54 2023 by rpki-client on console.sobornost.net