Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/11OQs_k4lKYLorQw6zamx8YEA5k.roa
File: 11OQs_k4lKYLorQw6zamx8YEA5k.roa (raw, json)
Hash identifier: 2q4hK1mz0uD9yS+hswSFEk2k1andoyTSg6wdJURVMjA=
Subject key identifier: D7:53:90:B3:F9:38:94:A6:0B:A2:B4:30:EB:36:A6:C7:C6:04:03:99
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018692CABD7E3BADED15515D7404219C70F6
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/11OQs_k4lKYLorQw6zamx8YEA5k.roa
Signing time: Mon 27 Feb 2023 12:13:25 +0000
ROA not before: Mon 27 Feb 2023 12:13:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 82.97.240.0/20 maxlen: 24
5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
45.137.180.0/22 maxlen: 24
82.115.12.0/23 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:92:ca:bd:7e:3b:ad:ed:15:51:5d:74:04:21:9c:70:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Feb 27 12:13:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d75390b3f93894a60ba2b430eb36a6c7c6040399
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:5b:81:29:45:6b:07:a1:02:66:3c:a5:9d:97:
19:32:af:5c:e0:e9:d5:31:9d:81:71:ae:a3:55:5d:
4f:bc:dc:42:fc:d7:e0:b1:e1:fe:13:eb:2b:4c:f1:
0b:74:1b:23:11:99:b3:09:c2:3e:30:13:a9:ef:12:
d0:56:cb:20:a9:4f:df:f3:ee:d1:6e:59:de:5a:42:
ae:4f:e0:a7:4b:bc:86:13:7d:1b:1d:fb:c9:c1:60:
17:07:ab:54:1b:45:08:e2:bc:2f:03:e8:cb:7d:4c:
e3:e8:33:8a:be:de:77:28:78:38:29:17:49:33:c9:
19:90:9c:6b:85:24:07:17:44:ce:66:a8:ef:a4:e4:
8c:11:8c:9d:f6:de:2a:26:9d:a7:eb:79:62:7e:91:
fb:a8:6c:e4:03:67:c2:33:51:68:42:c3:81:21:14:
33:b4:2e:14:63:55:2e:e7:bf:34:97:48:80:1e:2f:
07:2d:2b:3d:b2:12:98:29:8f:8e:6e:40:8f:3f:20:
b6:e2:3f:e1:27:8b:d1:7c:22:85:69:7c:0f:e0:e9:
72:37:6e:5d:26:8b:5f:f7:02:4a:95:63:b9:45:f5:
d2:45:5e:da:0a:e6:08:2a:54:a5:9b:75:d0:64:a0:
a8:1b:e4:71:3d:98:bb:dd:66:f0:bc:a6:f4:77:5f:
c1:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:53:90:B3:F9:38:94:A6:0B:A2:B4:30:EB:36:A6:C7:C6:04:03:99
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/11OQs_k4lKYLorQw6zamx8YEA5k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
45.137.180.0/22
82.97.240.0/20
82.115.12.0/23
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
Signature Algorithm: sha256WithRSAEncryption
75:ca:c4:80:ef:a0:79:ee:5a:8b:b3:18:03:28:fa:35:3b:53:
8a:9b:7d:7c:ec:f2:56:7a:19:28:ba:d8:ff:53:54:b4:f8:87:
a2:ca:ef:31:f7:62:db:0a:f4:62:ef:f0:11:7a:de:97:64:f8:
78:db:99:68:df:62:02:1e:99:e9:e9:c1:59:c2:83:43:59:f1:
dc:5a:26:7f:42:02:af:89:1e:eb:58:a0:b9:31:f8:24:60:07:
1d:5d:f3:80:31:c3:a7:76:cc:68:2f:d9:3d:de:e0:05:d4:a8:
03:3f:77:31:17:1b:a7:02:c4:80:44:e1:48:95:3a:c6:31:a1:
ce:20:4a:3c:43:55:8f:e3:9b:a2:16:c9:ad:b9:92:c9:8b:8f:
ca:14:c1:91:6b:a3:6b:ba:49:48:cb:44:79:a0:94:97:17:4d:
cc:ab:1b:69:ab:bf:37:28:38:33:4b:be:10:e9:83:10:81:68:
69:2d:a8:e9:4f:35:6b:19:59:c8:c5:6c:60:01:13:5e:15:49:
67:ad:45:dc:f6:a9:25:97:ae:9b:d3:c4:00:5f:47:da:9d:81:
5b:ab:5b:00:27:2f:ba:92:8a:0d:66:b3:c8:fb:88:a2:5f:75:
d5:e7:63:b4:91:25:fb:90:af:da:67:21:38:a4:e3:9b:a9:a6:
84:28:f5:3a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYaSyr1+O63tFVFddAQhnHD2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMjI3MTIxMzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzUzOTBiM2Y5Mzg5NGE2MGJhMmI0MzBlYjM2YTZjN2M2MDQwMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgluBKUVrB6ECZjylnZcZMq9c4OnV
MZ2Bca6jVV1PvNxC/NfgseH+E+srTPELdBsjEZmzCcI+MBOp7xLQVssgqU/f8+7R
blneWkKuT+CnS7yGE30bHfvJwWAXB6tUG0UI4rwvA+jLfUzj6DOKvt53KHg4KRdJ
M8kZkJxrhSQHF0TOZqjvpOSMEYyd9t4qJp2n63lifpH7qGzkA2fCM1FoQsOBIRQz
tC4UY1Uu5780l0iAHi8HLSs9shKYKY+ObkCPPyC24j/hJ4vRfCKFaXwP4OlyN25d
Jotf9wJKlWO5RfXSRV7aCuYIKlSlm3XQZKCoG+RxPZi73WbwvKb0d1/BswIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNdTkLP5OJSmC6K0MOs2psfGBAOZMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvMTFPUXNfazRsS1lMb3JRdzZ6YW14OFlFQTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQEBSLQAwQC
LYm0AwQEUmHwAwQBUnMMAwQCuYFsAwQCudzsAwQAvNGbMA0GCSqGSIb3DQEBCwUA
A4IBAQB1ysSA76B57lqLsxgDKPo1O1OKm3187PJWehkoutj/U1S0+Ieiyu8x92Lb
CvRi7/ARet6XZPh425lo32ICHpnp6cFZwoNDWfHcWiZ/QgKviR7rWKC5MfgkYAcd
XfOAMcOndsxoL9k93uAF1KgDP3cxFxunAsSAROFIlTrGMaHOIEo8Q1WP45uiFsmt
uZLJi4/KFMGRa6NruklIy0R5oJSXF03Mqxtpq783KDgzS74Q6YMQgWhpLajpTzVr
GVnIxWxgARNeFUlnrUXc9qkll66b08QAX0fanYFbq1sAJy+6kooNZrPI+4iiX3XV
52O0kSX7kK/aZyE4pOObqaaEKPU6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org