Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6jZDxDumpxnDF-OEdC07aGhFM8I.roa
File: 6jZDxDumpxnDF-OEdC07aGhFM8I.roa (raw, json)
Hash identifier: GFN1BjYJi5PGohA5k1KRTJD+yZSCzTeu2BiIDScfJqM=
Subject key identifier: EA:36:43:C4:3B:A6:A7:19:C3:17:E3:84:74:2D:3B:68:68:45:33:C2
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0182581EB5263D9559D6184DD521C79133B5
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6jZDxDumpxnDF-OEdC07aGhFM8I.roa
Signing time: Mon 01 Aug 2022 06:36:23 +0000
ROA not before: Mon 01 Aug 2022 06:36:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 185.220.236.0/22 maxlen: 24
188.253.0.0/23 maxlen: 24
185.234.144.0/22 maxlen: 24
91.132.59.0/24 maxlen: 24
193.36.85.0/24 maxlen: 24
82.115.24.0/22 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:58:1e:b5:26:3d:95:59:d6:18:4d:d5:21:c7:91:33:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Aug 1 06:36:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ea3643c43ba6a719c317e384742d3b68684533c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:e8:4c:27:8e:a2:42:cf:f3:9b:a0:b5:53:d6:
2a:a2:a5:bd:34:d4:ff:03:6c:d9:8a:33:46:66:e5:
e6:59:ba:b7:c6:94:fe:00:8d:4f:fa:88:9f:8d:66:
96:29:88:e4:d3:e3:83:c0:ca:87:fb:3a:cd:a7:93:
4a:80:cf:d6:7f:e9:f6:60:17:73:b7:87:1d:05:1f:
e7:aa:0a:6b:f4:30:80:43:7d:3d:df:aa:19:11:aa:
24:c2:5d:5e:13:17:2c:c5:f2:c4:85:9b:c3:30:bd:
1b:4c:e1:f1:3b:f1:ca:c9:a3:cb:bf:92:5a:bb:e9:
5f:69:1f:ce:72:b0:48:57:9e:83:f2:6c:71:0d:10:
f5:61:36:19:57:d7:fe:2a:05:0c:f0:22:1b:be:a0:
e3:74:24:aa:a5:e8:4f:81:6e:92:74:fb:c3:ea:17:
82:c3:34:dc:da:af:90:85:ab:f8:fd:28:4a:48:9b:
18:ab:ee:b9:d6:de:3f:49:fd:16:41:f9:d2:dc:a1:
4e:6f:f4:19:af:15:49:58:d6:e4:cb:cf:a1:b4:6b:
91:c5:fe:96:1f:3d:1a:3a:19:c5:8a:ba:e9:e9:c2:
ba:ae:d1:b6:51:3c:2d:fb:92:3d:db:29:57:a7:ef:
a2:ad:6d:8f:19:dd:fa:bd:77:1e:d5:a1:16:55:08:
26:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:36:43:C4:3B:A6:A7:19:C3:17:E3:84:74:2D:3B:68:68:45:33:C2
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/6jZDxDumpxnDF-OEdC07aGhFM8I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.115.24.0/22
91.132.59.0/24
185.129.108.0/23
185.220.236.0/22
185.234.144.0/22
188.253.0.0/23
193.36.85.0/24
Signature Algorithm: sha256WithRSAEncryption
99:21:32:fe:9f:a5:45:c5:b4:fb:38:69:90:1b:44:ab:ac:98:
73:bf:2b:77:5c:9a:97:40:ee:0d:3c:64:97:07:82:b0:10:0b:
89:ec:1f:57:eb:02:56:45:75:80:74:df:aa:c9:8f:e4:05:76:
18:ae:47:0b:a7:8c:ff:0d:9f:34:fe:b5:3e:60:ab:22:0b:f4:
b7:ed:9f:38:5f:18:f6:87:77:4c:f9:cf:84:6b:35:fc:f9:8a:
cb:4f:e9:6b:30:cf:50:27:69:02:c2:9c:23:fd:fb:34:db:bc:
e7:14:a6:5e:30:be:bb:c2:a9:2f:99:2b:58:62:a1:5d:35:1d:
78:76:7d:20:65:84:03:a2:8f:5f:98:45:aa:fc:3e:30:fa:9a:
28:e6:94:4f:97:91:11:a3:5c:3a:ad:c4:b7:23:80:7a:66:be:
2f:b8:34:05:34:03:35:4f:32:e9:4d:90:31:3d:83:05:29:99:
4b:5f:42:2f:1c:a8:5c:8e:8a:51:b0:0d:fc:8d:78:34:9b:5a:
93:3d:4a:3b:f3:34:89:99:5e:c2:21:ff:fc:05:be:ed:98:14:
bb:9c:46:dd:b3:f3:83:9b:80:a3:2a:7a:01:1d:2c:0e:02:cf:
24:59:b5:79:f0:61:5e:a9:e2:0a:f8:2d:54:9c:e3:6e:ea:b6:
3f:3e:90:f6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYJYHrUmPZVZ1hhN1SHHkTO1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIwODAxMDYzNjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTM2NDNjNDNiYTZhNzE5YzMxN2UzODQ3NDJkM2I2ODY4NDUzM2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOhMJ46iQs/zm6C1U9YqoqW9NNT/
A2zZijNGZuXmWbq3xpT+AI1P+oifjWaWKYjk0+ODwMqH+zrNp5NKgM/Wf+n2YBdz
t4cdBR/nqgpr9DCAQ30936oZEaokwl1eExcsxfLEhZvDML0bTOHxO/HKyaPLv5Ja
u+lfaR/OcrBIV56D8mxxDRD1YTYZV9f+KgUM8CIbvqDjdCSqpehPgW6SdPvD6heC
wzTc2q+Qhav4/ShKSJsYq+651t4/Sf0WQfnS3KFOb/QZrxVJWNbky8+htGuRxf6W
Hz0aOhnFirrp6cK6rtG2UTwt+5I92ylXp++irW2PGd36vXce1aEWVQgm8QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFOo2Q8Q7pqcZwxfjhHQtO2hoRTPCMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvNmpaRHhEdW1weG5ERi1PRWRDMDdhR2hGTThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCUnMYAwQA
W4Q7AwQBuYFsAwQCudzsAwQCueqQAwQBvP0AAwQAwSRVMA0GCSqGSIb3DQEBCwUA
A4IBAQCZITL+n6VFxbT7OGmQG0SrrJhzvyt3XJqXQO4NPGSXB4KwEAuJ7B9X6wJW
RXWAdN+qyY/kBXYYrkcLp4z/DZ80/rU+YKsiC/S37Z84Xxj2h3dM+c+EazX8+YrL
T+lrMM9QJ2kCwpwj/fs027znFKZeML67wqkvmStYYqFdNR14dn0gZYQDoo9fmEWq
/D4w+poo5pRPl5ERo1w6rcS3I4B6Zr4vuDQFNAM1TzLpTZAxPYMFKZlLX0IvHKhc
jopRsA38jXg0m1qTPUo78zSJmV7CIf/8Bb7tmBS7nEbds/ODm4CjKnoBHSwOAs8k
WbV58GFeqeIK+C1UnONu6rY/PpD2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org