Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/C7p1tTl-UgpCEGQoCRpD9ptsuWA.roa
File: C7p1tTl-UgpCEGQoCRpD9ptsuWA.roa (raw, json)
Hash identifier: y5zkrsJFT8XGVMXejU0baw+GPm+OaTuaxstMgOXrMe8=
Subject key identifier: 0B:BA:75:B5:39:7E:52:0A:42:10:64:28:09:1A:43:F6:9B:6C:B9:60
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0185A6010C21B47741218FB48708FDC666DF
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/C7p1tTl-UgpCEGQoCRpD9ptsuWA.roa
Signing time: Thu 12 Jan 2023 12:42:44 +0000
ROA not before: Thu 12 Jan 2023 12:42:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
213.173.32.0/22 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a6:01:0c:21:b4:77:41:21:8f:b4:87:08:fd:c6:66:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 12 12:42:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0bba75b5397e520a42106428091a43f69b6cb960
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:ea:32:0a:69:a8:32:2c:53:79:41:36:27:97:
ee:10:4f:0e:3c:19:4b:f3:39:3f:4d:38:9e:eb:94:
47:b4:a0:b9:ad:9d:20:02:e3:c7:ab:7b:38:4a:fb:
d3:e2:82:23:8f:c8:47:79:b1:c1:de:95:bc:03:b5:
05:04:37:10:dc:a6:ad:3f:fe:a8:7d:ea:7d:fc:3f:
2e:e4:be:20:ce:b3:e4:21:9e:ee:e3:eb:56:76:3c:
1f:d2:18:b9:b0:93:86:d1:bc:cd:a5:ac:11:ad:6b:
ee:28:fe:97:79:79:8d:c0:a8:61:c8:f1:e4:6f:2e:
de:36:c2:4a:7e:74:fd:0d:6e:4e:0b:16:74:27:ac:
67:9f:d9:13:3a:73:23:17:16:c6:22:0c:1e:58:55:
84:11:6c:3a:c5:cd:c4:ed:94:00:79:1b:53:b5:3c:
6f:60:dd:99:ce:a8:42:97:b9:78:a5:0d:f4:a5:a5:
59:7a:3a:16:17:95:ad:4f:d4:5f:14:4d:7e:f0:51:
70:af:5d:6e:b4:5b:53:16:f9:69:55:07:54:24:6b:
99:ab:5a:c7:b1:90:0f:34:96:54:f3:a6:6b:ed:86:
67:5d:fe:52:33:79:fd:d4:34:ba:be:42:93:62:06:
66:0d:4d:da:61:2e:e5:9b:6e:e8:c2:d9:ea:77:3b:
98:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:BA:75:B5:39:7E:52:0A:42:10:64:28:09:1A:43:F6:9B:6C:B9:60
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/C7p1tTl-UgpCEGQoCRpD9ptsuWA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
20:8d:3a:e7:71:b6:e0:d6:ef:b9:65:7b:d9:be:82:98:1e:13:
3f:0e:09:c0:9b:cc:23:1c:61:5b:f1:f0:05:d9:ed:c0:32:c1:
99:9b:5c:3e:b1:0f:6c:f4:3e:bc:21:c5:8f:60:aa:9c:f2:fe:
4b:a3:19:9c:6e:ca:aa:83:a6:eb:a1:bf:de:51:2c:b6:2a:c4:
69:94:cd:f9:92:ae:47:e3:92:00:c2:ea:c4:1e:dc:24:47:ef:
aa:ca:d8:e9:be:a0:29:fb:f8:62:ff:6a:71:5d:d1:a5:a6:85:
33:ce:88:95:60:c9:92:3b:e6:2e:6f:da:f7:58:f2:83:6e:39:
12:8b:94:4c:95:33:a4:d7:70:7e:6d:0f:b9:f4:f5:78:2a:e2:
28:26:b3:21:ce:94:17:fe:65:c1:d6:3b:11:46:90:e1:38:bf:
73:9c:41:a0:29:9f:87:2d:43:a9:2c:51:f5:7c:f5:51:61:67:
e7:27:cb:75:58:d5:ab:d6:f8:7f:58:87:21:75:d8:fb:40:13:
20:3d:54:ea:1e:54:a8:25:bb:90:85:d8:00:bb:a4:ec:f1:87:
f7:8f:0b:cb:bf:d1:1d:ec:83:91:92:43:3d:2d:9b:b8:ec:9c:
d6:7c:57:7f:41:53:51:93:12:6f:58:4c:58:0f:fb:2a:06:a5:
57:0a:58:e5
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYWmAQwhtHdBIY+0hwj9xmbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMTEyMTI0MjQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmJhNzViNTM5N2U1MjBhNDIxMDY0MjgwOTFhNDNmNjliNmNiOTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuoyCmmoMixTeUE2J5fuEE8OPBlL
8zk/TTie65RHtKC5rZ0gAuPHq3s4SvvT4oIjj8hHebHB3pW8A7UFBDcQ3KatP/6o
fep9/D8u5L4gzrPkIZ7u4+tWdjwf0hi5sJOG0bzNpawRrWvuKP6XeXmNwKhhyPHk
by7eNsJKfnT9DW5OCxZ0J6xnn9kTOnMjFxbGIgweWFWEEWw6xc3E7ZQAeRtTtTxv
YN2ZzqhCl7l4pQ30paVZejoWF5WtT9RfFE1+8FFwr11utFtTFvlpVQdUJGuZq1rH
sZAPNJZU86Zr7YZnXf5SM3n91DS6vkKTYgZmDU3aYS7lm27owtnqdzuYrwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFAu6dbU5flIKQhBkKAkaQ/abbLlgMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQzdwMXRUbC1VZ3BDRUdRb0NScEQ5cHRzdVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQEBSLQAwQC
uYFsAwQCudzsAwQAvNGbAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQAgjTrncbbg
1u+5ZXvZvoKYHhM/DgnAm8wjHGFb8fAF2e3AMsGZm1w+sQ9s9D68IcWPYKqc8v5L
oxmcbsqqg6brob/eUSy2KsRplM35kq5H45IAwurEHtwkR++qytjpvqAp+/hi/2px
XdGlpoUzzoiVYMmSO+Yub9r3WPKDbjkSi5RMlTOk13B+bQ+59PV4KuIoJrMhzpQX
/mXB1jsRRpDhOL9znEGgKZ+HLUOpLFH1fPVRYWfnJ8t1WNWr1vh/WIchddj7QBMg
PVTqHlSoJbuQhdgAu6Ts8Yf3jwvLv9Ed7IORkkM9LZu47JzWfFd/QVNRkxJvWExY
D/sqBqVXCljl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org