Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6Y2xS0C4if_bNN9Cos02HLMz7vI.roa
File: 6Y2xS0C4if_bNN9Cos02HLMz7vI.roa (raw, json)
Hash identifier: kL3w6aI83HVWMA6kd8ucfFfnDjLfG+0Y0OVIVz+dEjA=
Subject key identifier: E9:8D:B1:4B:40:B8:89:FF:DB:34:DF:42:A2:CD:36:1C:B3:33:EE:F2
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0185143BFCA20C96338A5C8F189E2A49879D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6Y2xS0C4if_bNN9Cos02HLMz7vI.roa
Signing time: Thu 15 Dec 2022 05:22:33 +0000
ROA not before: Thu 15 Dec 2022 05:22:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.215.244.0/23 maxlen: 24
213.173.32.0/22 maxlen: 24
193.36.84.0/23 maxlen: 24
46.249.100.0/22 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:14:3b:fc:a2:0c:96:33:8a:5c:8f:18:9e:2a:49:87:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Dec 15 05:22:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e98db14b40b889ffdb34df42a2cd361cb333eef2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:f7:c4:e5:68:d4:50:96:c5:41:1e:18:5d:5b:
ed:c1:09:12:9a:36:b0:96:8c:c3:d1:fb:16:d0:f0:
06:5c:ef:8d:95:43:d0:ae:49:75:e1:8b:31:9e:72:
2c:d3:5b:bf:c2:b9:8d:f6:d5:aa:e3:52:05:dd:37:
9e:86:d1:33:2c:b9:d1:97:ab:ee:f1:ad:a8:64:0e:
1a:bd:32:4a:ea:fa:3e:7d:56:13:de:9a:79:f1:15:
44:88:99:cc:f9:9b:92:af:ab:ff:3c:3d:e1:a5:f0:
3e:36:54:e4:09:21:ed:63:05:34:20:a0:5d:e1:dc:
56:ce:97:04:6e:26:50:3d:7f:3a:7d:5f:77:2a:1a:
b3:4a:37:ea:1d:e0:98:04:04:af:37:20:ff:9f:46:
4e:14:01:03:7e:10:d5:2b:e2:ca:cf:d9:7a:5b:15:
1f:a0:fb:b0:cc:f9:e6:59:99:93:db:22:de:3d:22:
5b:08:41:21:fd:6d:e0:35:f1:ae:17:b1:c5:7a:d7:
b4:d3:7b:a7:d2:39:3a:0a:0a:6c:07:8b:75:ff:3f:
be:10:b3:be:5e:01:ed:53:b4:5c:75:5b:ec:64:58:
80:a6:33:2d:e0:0b:b7:1a:3f:c2:61:92:a6:ba:f7:
8e:08:f5:1c:d3:0d:84:ee:c3:e9:19:77:b0:08:91:
d8:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:8D:B1:4B:40:B8:89:FF:DB:34:DF:42:A2:CD:36:1C:B3:33:EE:F2
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6Y2xS0C4if_bNN9Cos02HLMz7vI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
46.249.100.0/22
185.129.108.0/22
185.215.244.0/23
185.220.236.0/22
188.209.155.0/24
193.36.84.0/23
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
9c:ec:ee:74:3f:0f:da:d2:e7:c2:89:f1:9a:14:ec:21:58:ba:
4b:54:16:65:49:4e:38:1e:83:44:41:4e:44:77:2f:d5:cb:c5:
4f:d0:4f:b0:f2:8f:2e:10:fb:91:f4:28:22:90:61:4c:bd:ee:
5b:b7:bf:7b:c9:35:66:42:46:8d:12:af:9a:0b:cc:57:ed:23:
88:73:22:48:55:4e:96:22:cc:b3:64:64:ef:00:48:a4:8e:bf:
1c:77:68:0c:1b:5a:31:f0:20:a7:cf:00:29:79:33:61:f7:e8:
88:27:8b:e5:03:8c:95:bf:da:5d:cc:21:b6:50:b3:91:a5:bb:
ab:ef:ae:78:7a:68:f6:3a:17:3c:10:b4:dd:c4:7b:13:8f:86:
33:d4:6a:e0:75:e5:2b:71:38:11:23:a6:4a:d6:8d:19:01:7c:
d7:15:81:48:cc:be:78:a4:f8:af:34:42:6a:6a:81:e0:ed:58:
a8:fe:e7:66:d8:f9:52:59:d7:d2:01:0e:2e:e6:a0:a0:3e:8a:
f9:e8:73:c2:d9:d0:e7:a6:4c:b6:1f:52:01:8f:1c:f4:4d:67:
87:75:75:84:c3:f4:78:a6:0a:01:fa:4d:c1:b4:56:d1:35:a1:
eb:e1:e1:36:a8:81:13:bc:bf:2f:85:1a:aa:27:b8:99:b5:b8:
fb:33:d5:5c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYUUO/yiDJYzilyPGJ4qSYedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIxMjE1MDUyMjMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOThkYjE0YjQwYjg4OWZmZGIzNGRmNDJhMmNkMzYxY2IzMzNlZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/fE5WjUUJbFQR4YXVvtwQkSmjaw
lozD0fsW0PAGXO+NlUPQrkl14YsxnnIs01u/wrmN9tWq41IF3TeehtEzLLnRl6vu
8a2oZA4avTJK6vo+fVYT3pp58RVEiJnM+ZuSr6v/PD3hpfA+NlTkCSHtYwU0IKBd
4dxWzpcEbiZQPX86fV93KhqzSjfqHeCYBASvNyD/n0ZOFAEDfhDVK+LKz9l6WxUf
oPuwzPnmWZmT2yLePSJbCEEh/W3gNfGuF7HFete003un0jk6CgpsB4t1/z++ELO+
XgHtU7RcdVvsZFiApjMt4Au3Gj/CYZKmuveOCPUc0w2E7sPpGXewCJHYZQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOmNsUtAuIn/2zTfQqLNNhyzM+7yMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvNlkyeFMwQzRpZl9iTk45Q29zMDJITE16N3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBSLQAwQC
LvlkAwQCuYFsAwQBudf0AwQCudzsAwQAvNGbAwQBwSRUAwQC1a0gMA0GCSqGSIb3
DQEBCwUAA4IBAQCc7O50Pw/a0ufCifGaFOwhWLpLVBZlSU44HoNEQU5Edy/Vy8VP
0E+w8o8uEPuR9CgikGFMve5bt797yTVmQkaNEq+aC8xX7SOIcyJIVU6WIsyzZGTv
AEikjr8cd2gMG1ox8CCnzwApeTNh9+iIJ4vlA4yVv9pdzCG2ULORpbur7654emj2
Ohc8ELTdxHsTj4Yz1GrgdeUrcTgRI6ZK1o0ZAXzXFYFIzL54pPivNEJqaoHg7Vio
/udm2PlSWdfSAQ4u5qCgPor56HPC2dDnpky2H1IBjxz0TWeHdXWEw/R4pgoB+k3B
tFbRNaHr4eE2qIETvL8vhRqqJ7iZtbj7M9Vc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org