Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Czv9zsRjdKklKcqxlyoGYFphKLI.roa
File: Czv9zsRjdKklKcqxlyoGYFphKLI.roa (raw, json)
Hash identifier: XOo7L0pivdnTCXMRWrzH3FGaVRKykdQ2yo/ggOs+bHA=
Subject key identifier: 0B:3B:FD:CE:C4:63:74:A9:25:29:CA:B1:97:2A:06:60:5A:61:28:B2
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0189F855EFDC5B5F64B315A6A3BF74D3F44C
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Czv9zsRjdKklKcqxlyoGYFphKLI.roa
Signing time: Tue 15 Aug 2023 08:35:28 +0000
ROA not before: Tue 15 Aug 2023 08:35:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.216.0/21 maxlen: 21
188.209.155.0/24 maxlen: 24
185.151.236.0/22 maxlen: 24
188.253.8.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:f8:55:ef:dc:5b:5f:64:b3:15:a6:a3:bf:74:d3:f4:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Aug 15 08:35:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0b3bfdcec46374a92529cab1972a06605a6128b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:87:5b:e7:f8:b4:a6:79:bb:8a:b5:2f:9a:ea:
98:d3:9d:e4:a5:e1:88:41:2c:ac:aa:63:83:84:53:
ce:0b:04:8d:60:a0:6e:2c:0e:e7:72:c0:15:d7:99:
b1:44:47:01:70:5a:1e:a8:78:45:29:27:e8:11:88:
39:32:f5:43:18:7d:c7:9c:a3:47:92:3a:fd:23:95:
a5:0b:0e:f6:d2:d9:53:7f:42:b5:fa:fe:a8:62:b9:
92:47:63:9c:f9:86:16:ed:fe:2d:82:7d:21:6b:74:
5f:dd:b4:76:65:b5:1b:90:3a:d7:88:32:55:44:9d:
81:1a:67:19:24:0b:99:ae:a3:b5:4c:bf:ca:45:93:
70:90:e4:01:9b:0d:73:96:72:29:fb:31:6d:f2:44:
4f:54:3f:26:33:87:32:a7:c8:40:e0:db:b2:c5:8b:
61:d4:99:04:45:b3:fd:66:f2:5a:14:f1:15:29:25:
07:e8:25:67:0a:06:10:dc:23:16:6e:04:17:49:9a:
84:dd:9d:ad:71:47:79:f3:11:e4:09:b5:4f:72:63:
b1:d5:6b:e4:2e:15:ea:1b:8a:26:fc:ac:1f:32:66:
9c:36:76:6f:cb:88:df:c8:19:e3:03:4e:e9:a2:a4:
ce:f4:5b:61:40:31:ce:02:9c:f3:fd:28:61:4c:2c:
4c:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:3B:FD:CE:C4:63:74:A9:25:29:CA:B1:97:2A:06:60:5A:61:28:B2
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Czv9zsRjdKklKcqxlyoGYFphKLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.216.0/21
185.151.236.0/22
188.209.155.0/24
188.253.8.0/21
Signature Algorithm: sha256WithRSAEncryption
5d:ac:95:c1:f0:85:50:eb:4b:32:ed:91:36:fe:84:8e:44:29:
38:cb:71:85:ac:f1:1f:61:d2:f3:5e:06:2d:cd:14:18:73:9a:
df:91:79:ab:8f:fa:79:cd:aa:77:7e:b8:1b:f0:71:81:b3:54:
e3:38:ba:3a:c5:61:b9:e3:12:fc:41:be:63:11:48:a9:4d:80:
43:8e:6e:39:bf:a2:9a:da:59:ab:bb:09:3b:37:9c:ea:86:1a:
f6:0a:e5:fc:e0:a8:37:40:30:fb:89:39:88:6d:a2:6e:fa:55:
7d:90:e0:e7:c2:91:17:54:6d:dd:1c:18:b9:47:e5:15:4c:83:
25:7c:5c:2d:1e:67:56:b8:ff:32:a3:68:d3:74:17:55:39:bb:
d6:a2:36:99:e5:a2:91:2c:eb:0b:bc:88:a6:1f:4b:e6:dd:39:
ed:5c:1e:4a:12:ca:36:35:e4:57:08:32:86:91:e5:ba:7a:83:
e5:00:94:78:e1:48:55:3e:51:ea:a7:b8:56:3c:6d:3b:f9:11:
2b:55:d3:b5:d0:35:ca:4e:d8:6e:f4:3f:4a:93:08:60:45:c7:
27:af:7c:2b:62:2b:d6:6c:96:3e:c9:cf:88:bd:2d:c0:5e:ef:
d7:2f:60:2a:27:75:31:f2:64:40:04:30:f2:d9:22:1a:62:c3:
a7:28:4b:0c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYn4Ve/cW19ksxWmo7900/RMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwODE1MDgzNTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjNiZmRjZWM0NjM3NGE5MjUyOWNhYjE5NzJhMDY2MDVhNjEyOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4db5/i0pnm7irUvmuqY053kpeGI
QSysqmODhFPOCwSNYKBuLA7ncsAV15mxREcBcFoeqHhFKSfoEYg5MvVDGH3HnKNH
kjr9I5WlCw720tlTf0K1+v6oYrmSR2Oc+YYW7f4tgn0ha3Rf3bR2ZbUbkDrXiDJV
RJ2BGmcZJAuZrqO1TL/KRZNwkOQBmw1zlnIp+zFt8kRPVD8mM4cyp8hA4NuyxYth
1JkERbP9ZvJaFPEVKSUH6CVnCgYQ3CMWbgQXSZqE3Z2tcUd58xHkCbVPcmOx1Wvk
LhXqG4om/KwfMmacNnZvy4jfyBnjA07poqTO9FthQDHOApzz/ShhTCxMNQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAs7/c7EY3SpJSnKsZcqBmBaYSiyMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQ3p2OXpzUmpkS2tsS2NxeGx5b0dZRnBoS0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBSLYAwQC
uZfsAwQAvNGbAwQDvP0IMA0GCSqGSIb3DQEBCwUAA4IBAQBdrJXB8IVQ60sy7ZE2
/oSORCk4y3GFrPEfYdLzXgYtzRQYc5rfkXmrj/p5zap3frgb8HGBs1TjOLo6xWG5
4xL8Qb5jEUipTYBDjm45v6Ka2lmruwk7N5zqhhr2CuX84Kg3QDD7iTmIbaJu+lV9
kODnwpEXVG3dHBi5R+UVTIMlfFwtHmdWuP8yo2jTdBdVObvWojaZ5aKRLOsLvIim
H0vm3TntXB5KEso2NeRXCDKGkeW6eoPlAJR44UhVPlHqp7hWPG07+RErVdO10DXK
Tthu9D9KkwhgRccnr3wrYivWbJY+yc+IvS3AXu/XL2AqJ3Ux8mRABDDy2SIaYsOn
KEsM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org