Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/D9SuuD3ePAHf3-jBAax4CvseYjo.roa
File: D9SuuD3ePAHf3-jBAax4CvseYjo.roa (raw, json)
Hash identifier: BZDikh5v9nBMS6/mzghfh/BWXN9z38oHe7C4bs2mkLs=
Subject key identifier: 0F:D4:AE:B8:3D:DE:3C:01:DF:DF:E8:C1:01:AC:78:0A:FB:1E:62:3A
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01865390F11BEB2B26B40EDD501793CD048F
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/D9SuuD3ePAHf3-jBAax4CvseYjo.roa
Signing time: Wed 15 Feb 2023 05:34:13 +0000
ROA not before: Wed 15 Feb 2023 05:34:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
45.137.180.0/22 maxlen: 24
213.173.32.0/22 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:53:90:f1:1b:eb:2b:26:b4:0e:dd:50:17:93:cd:04:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Feb 15 05:34:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0fd4aeb83dde3c01dfdfe8c101ac780afb1e623a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:b7:34:0a:7b:37:03:6b:49:00:3b:1b:36:77:
71:70:7a:60:92:c6:d3:43:cd:c1:51:a5:a3:3f:4a:
83:21:34:f2:ac:22:a0:55:46:ab:46:fd:19:5e:d6:
93:76:1b:04:56:3f:4a:c5:58:55:d5:7a:9d:69:ac:
bb:9c:da:f3:a8:80:2a:10:63:e2:07:77:31:85:b0:
9b:9d:45:92:9f:7b:0d:c5:7d:1c:48:0c:1f:d0:df:
30:da:ff:d3:2f:f2:64:5b:bb:a4:ae:7a:40:a5:de:
3b:de:5c:28:22:27:84:b8:a6:0a:d6:28:92:6c:57:
43:ce:f4:e5:62:62:04:ce:3b:2d:1d:bf:be:f5:9b:
34:3d:7d:c8:69:dc:46:da:25:a4:c7:a0:17:7e:71:
b9:51:79:a4:19:0b:a2:8b:fa:b0:03:f9:89:37:aa:
ff:db:53:da:1d:4b:45:72:50:d7:2a:ce:d1:62:b7:
18:6b:01:fd:14:4e:eb:0a:44:1f:19:03:e8:31:5e:
45:96:a0:7a:19:a3:0f:53:ac:9a:09:71:ab:4a:62:
b0:d0:32:a4:32:08:af:36:18:61:59:7d:b7:0f:73:
ef:18:1d:66:e5:d7:10:47:39:af:94:5d:cb:79:8c:
1a:4f:c2:d6:9c:07:22:c9:5d:3f:0e:68:71:ad:71:
78:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:D4:AE:B8:3D:DE:3C:01:DF:DF:E8:C1:01:AC:78:0A:FB:1E:62:3A
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/D9SuuD3ePAHf3-jBAax4CvseYjo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
45.137.180.0/22
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
4e:36:c2:4b:73:07:f5:81:37:fc:8a:48:b0:28:90:5d:e9:51:
7a:a9:80:c5:12:49:db:75:72:94:95:a2:8d:a7:14:3e:e2:11:
70:fe:b3:22:43:f8:06:9f:a9:28:38:dd:aa:64:cb:8e:31:8e:
60:c9:0e:0d:05:83:27:8d:7f:a7:09:a3:8c:6f:7a:af:98:39:
4c:94:48:0f:db:9e:f0:2b:5d:89:07:f2:62:26:80:0d:1a:d2:
0b:31:1d:39:4f:55:3f:dd:08:a2:28:aa:6d:37:9a:5e:6a:6f:
ac:40:1d:d4:db:73:86:cf:b3:4d:06:f5:82:ed:72:89:0d:b0:
7f:21:a4:bd:41:eb:30:d3:6a:88:95:79:57:c1:5e:04:07:26:
90:c6:ad:67:bb:db:4a:f7:b6:4b:60:ed:88:49:3a:9c:d3:7f:
84:cc:66:49:93:6d:df:c0:40:28:e7:a6:9e:4c:aa:a8:72:95:
55:82:d2:2d:77:3d:1a:42:c6:85:79:ec:fa:f5:6b:f1:0f:b8:
de:2c:8b:81:d5:63:26:b4:38:20:d7:9c:17:9a:77:80:a2:80:
5d:6c:8d:e0:b0:6e:86:a4:95:a5:64:8a:4f:ab:19:b3:4b:2f:
9b:31:72:88:b2:7f:20:32:52:0d:b2:7a:3c:e6:c0:a4:19:35:
70:e8:2b:28
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYZTkPEb6ysmtA7dUBeTzQSPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMjE1MDUzNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmQ0YWViODNkZGUzYzAxZGZkZmU4YzEwMWFjNzgwYWZiMWU2MjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbc0Cns3A2tJADsbNndxcHpgksbT
Q83BUaWjP0qDITTyrCKgVUarRv0ZXtaTdhsEVj9KxVhV1Xqdaay7nNrzqIAqEGPi
B3cxhbCbnUWSn3sNxX0cSAwf0N8w2v/TL/JkW7ukrnpApd473lwoIieEuKYK1iiS
bFdDzvTlYmIEzjstHb++9Zs0PX3IadxG2iWkx6AXfnG5UXmkGQuii/qwA/mJN6r/
21PaHUtFclDXKs7RYrcYawH9FE7rCkQfGQPoMV5FlqB6GaMPU6yaCXGrSmKw0DKk
MgivNhhhWX23D3PvGB1m5dcQRzmvlF3LeYwaT8LWnAciyV0/DmhxrXF46wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFA/Urrg93jwB39/owQGseAr7HmI6MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRDlTdXVEM2VQQUhmMy1qQkFheDRDdnNlWWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQEBSLQAwQC
LYm0AwQCuYFsAwQCudzsAwQAvNGbAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQBO
NsJLcwf1gTf8ikiwKJBd6VF6qYDFEknbdXKUlaKNpxQ+4hFw/rMiQ/gGn6koON2q
ZMuOMY5gyQ4NBYMnjX+nCaOMb3qvmDlMlEgP257wK12JB/JiJoANGtILMR05T1U/
3QiiKKptN5peam+sQB3U23OGz7NNBvWC7XKJDbB/IaS9Qesw02qIlXlXwV4EByaQ
xq1nu9tK97ZLYO2ISTqc03+EzGZJk23fwEAo56aeTKqocpVVgtItdz0aQsaFeez6
9WvxD7jeLIuB1WMmtDgg15wXmneAooBdbI3gsG6GpJWlZIpPqxmzSy+bMXKIsn8g
MlINsno85sCkGTVw6Cso
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org