Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/90JeqtDM-xpiXBSpg-bhyrJGI9o.roa
File: 90JeqtDM-xpiXBSpg-bhyrJGI9o.roa (raw, json)
Hash identifier: 3HXzy0kpdbqF1EXe9xSbEFTPy0owmW9pP3I5XKjBiOs=
Subject key identifier: F7:42:5E:AA:D0:CC:FB:1A:62:5C:14:A9:83:E6:E1:CA:B2:46:23:DA
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01867936C2A66CC9A663A91CCAAD93E563E3
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/90JeqtDM-xpiXBSpg-bhyrJGI9o.roa
Signing time: Wed 22 Feb 2023 13:01:17 +0000
ROA not before: Wed 22 Feb 2023 13:01:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 82.97.240.0/20 maxlen: 24
5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
45.137.180.0/22 maxlen: 24
213.173.32.0/22 maxlen: 24
82.115.12.0/23 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:79:36:c2:a6:6c:c9:a6:63:a9:1c:ca:ad:93:e5:63:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Feb 22 13:01:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f7425eaad0ccfb1a625c14a983e6e1cab24623da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:de:5f:3b:27:14:f9:d2:b9:9f:f1:15:a8:65:
3f:da:49:43:1b:80:fd:f0:c6:57:48:b0:9c:78:8c:
8e:5f:b8:97:45:e6:59:61:0f:49:18:46:9c:01:35:
35:1e:dd:fd:14:35:a1:87:8b:14:0d:76:33:80:4f:
fc:08:5b:4c:58:a2:3c:69:18:aa:55:ba:9c:ca:6a:
36:3c:b9:79:ff:95:c0:0a:24:d6:fe:0e:00:8c:ac:
d1:1b:50:e6:ce:8e:e8:91:b9:ad:7f:34:e9:ed:20:
34:ed:a5:f0:26:e2:40:a6:b2:d1:15:14:0c:cb:fe:
e4:c6:89:a7:6e:01:bd:21:11:18:3d:0a:4a:d6:c4:
cf:58:6e:a6:e8:e9:64:f5:c8:e8:dd:a3:0e:7b:d1:
75:9d:97:6e:81:fb:b8:6f:86:3b:7a:8e:bf:72:31:
85:8a:c8:5d:77:9a:f6:e4:db:ca:7b:83:45:7c:ff:
a2:24:60:86:d8:fe:8a:08:7b:03:b6:19:57:49:cb:
3d:18:ce:33:fe:18:0f:c7:b7:7e:50:82:74:2e:63:
e0:cd:6a:1d:f6:72:78:bb:cc:c3:f2:13:6d:5f:61:
ef:dc:c5:5f:53:fa:cf:59:cd:48:9e:60:3b:5c:22:
05:90:96:80:a4:f7:05:ab:bc:10:bb:51:5a:7f:ac:
23:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:42:5E:AA:D0:CC:FB:1A:62:5C:14:A9:83:E6:E1:CA:B2:46:23:DA
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/90JeqtDM-xpiXBSpg-bhyrJGI9o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
45.137.180.0/22
82.97.240.0/20
82.115.12.0/23
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
d0:88:c4:2c:25:d6:79:4f:06:31:a9:c1:56:66:19:3f:7c:68:
be:a5:2e:2e:1e:99:cc:cf:ed:c6:4e:6b:cb:aa:2d:95:f7:13:
29:c9:89:a1:45:ce:a9:e9:cc:ba:ee:32:02:61:d5:e1:63:04:
d1:66:3e:8d:5f:ce:4a:08:a5:81:8c:77:57:ff:f1:c7:ed:ad:
c3:81:b1:33:2c:52:e4:cb:f9:55:4c:70:0b:81:be:53:58:25:
0d:ba:36:34:d6:ab:2e:f0:3a:49:f1:7a:90:fd:9e:4a:5c:bf:
12:00:e5:f1:a9:33:ed:d7:41:ba:01:6e:fe:39:52:35:86:5f:
2b:80:c0:b0:d2:c1:77:16:90:fc:9a:86:34:60:ca:0f:d6:03:
6e:5a:0e:f2:8c:8e:18:a2:55:7c:74:b8:15:05:01:fb:b0:22:
2a:2a:b1:f8:3c:ed:69:52:48:7a:11:cc:4b:7a:62:96:fb:60:
54:96:d8:9d:b0:b7:05:cd:f9:42:e5:f2:26:c1:4e:6c:db:c4:
05:ff:bf:a3:09:dd:0e:74:bb:3e:c9:8d:5e:f9:0b:2a:cc:67:
45:8e:16:a7:2a:a5:48:2f:1c:89:f5:0f:b4:2e:e9:65:7f:33:
45:46:16:c6:57:51:7e:4e:3d:34:ad:7a:af:03:d0:3a:91:3b:
3d:8c:73:42
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYZ5NsKmbMmmY6kcyq2T5WPjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMjIyMTMwMTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzQyNWVhYWQwY2NmYjFhNjI1YzE0YTk4M2U2ZTFjYWIyNDYyM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuN5fOycU+dK5n/EVqGU/2klDG4D9
8MZXSLCceIyOX7iXReZZYQ9JGEacATU1Ht39FDWhh4sUDXYzgE/8CFtMWKI8aRiq
Vbqcymo2PLl5/5XACiTW/g4AjKzRG1Dmzo7okbmtfzTp7SA07aXwJuJAprLRFRQM
y/7kxomnbgG9IREYPQpK1sTPWG6m6Olk9cjo3aMOe9F1nZdugfu4b4Y7eo6/cjGF
ishdd5r25NvKe4NFfP+iJGCG2P6KCHsDthlXScs9GM4z/hgPx7d+UIJ0LmPgzWod
9nJ4u8zD8hNtX2Hv3MVfU/rPWc1InmA7XCIFkJaApPcFq7wQu1Faf6wjYwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFPdCXqrQzPsaYlwUqYPm4cqyRiPaMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvOTBKZXF0RE0teHBpWEJTcGctYmh5ckpHSTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBSLQAwQC
LYm0AwQEUmHwAwQBUnMMAwQCuYFsAwQCudzsAwQAvNGbAwQC1a0gMA0GCSqGSIb3
DQEBCwUAA4IBAQDQiMQsJdZ5TwYxqcFWZhk/fGi+pS4uHpnMz+3GTmvLqi2V9xMp
yYmhRc6p6cy67jICYdXhYwTRZj6NX85KCKWBjHdX//HH7a3DgbEzLFLky/lVTHAL
gb5TWCUNujY01qsu8DpJ8XqQ/Z5KXL8SAOXxqTPt10G6AW7+OVI1hl8rgMCw0sF3
FpD8moY0YMoP1gNuWg7yjI4YolV8dLgVBQH7sCIqKrH4PO1pUkh6EcxLemKW+2BU
ltidsLcFzflC5fImwU5s28QF/7+jCd0OdLs+yY1e+QsqzGdFjhanKqVILxyJ9Q+0
LullfzNFRhbGV1F+Tj00rXqvA9A6kTs9jHNC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org