Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/FRNsn5brbvurwBfeT-8L9FelMLE.roa
File: FRNsn5brbvurwBfeT-8L9FelMLE.roa (raw, json)
Hash identifier: ostUKu+sHWwMXYWokDON3NO9A/Uz7/6apJvAVfsD1wI=
Subject key identifier: 15:13:6C:9F:96:EB:6E:FB:AB:C0:17:DE:4F:EF:0B:F4:57:A5:30:B1
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 14E95630
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/FRNsn5brbvurwBfeT-8L9FelMLE.roa
Signing time: Mon 09 May 2022 23:56:55 +0000
ROA not before: Mon 09 May 2022 23:56:55 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 212.90.100.0/22 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
45.146.240.0/22 maxlen: 24
82.115.0.0/21 maxlen: 24
5.226.48.0/21 maxlen: 24
46.249.104.0/21 maxlen: 21
46.249.100.0/22 maxlen: 22
185.129.108.0/22 maxlen: 24
46.249.112.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 350836272 (0x14e95630)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: May 9 23:56:55 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=15136c9f96eb6efbabc017de4fef0bf457a530b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:3c:52:3a:48:eb:63:ee:8e:36:10:59:0d:9a:
4b:bf:be:5d:0a:e4:c7:1e:54:01:53:b1:2e:2f:de:
1d:42:19:8c:3e:41:ad:bd:61:50:c0:7f:ec:49:09:
d2:72:85:35:cb:fd:1b:b6:2d:cf:ab:f8:53:0d:30:
63:72:bb:84:dc:97:09:36:bd:f9:ef:8d:d5:42:f4:
80:05:f7:15:84:3f:69:e3:f5:10:52:1c:15:04:f3:
86:ff:ec:c3:6c:39:25:2d:42:25:30:45:a6:5e:fe:
69:a7:42:a4:7c:49:4a:41:ef:fa:74:bb:dc:d9:dd:
c7:2d:d9:81:de:02:b9:8c:ff:45:1f:d9:f7:8b:d9:
48:69:c3:15:c9:19:ab:94:99:90:cd:af:c2:ac:03:
0b:d7:75:cc:05:59:18:a1:8c:a0:2f:4e:f9:0b:35:
4b:e2:cd:1f:11:24:44:c1:d2:d2:f6:cb:ce:16:2c:
2e:c1:f2:45:fa:2b:09:a7:e0:c2:ab:81:d6:4e:d1:
9d:63:f5:4b:79:62:cd:bc:4a:b8:db:0e:11:41:82:
18:99:75:e8:5e:51:6e:53:4c:c4:75:4b:f9:12:8a:
bd:6f:19:1b:5c:c8:76:49:21:a5:a5:a3:9c:76:af:
24:1b:09:e5:c1:e0:30:74:67:81:a7:11:f3:5f:d7:
42:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:13:6C:9F:96:EB:6E:FB:AB:C0:17:DE:4F:EF:0B:F4:57:A5:30:B1
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/FRNsn5brbvurwBfeT-8L9FelMLE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.226.48.0/21
45.146.240.0/22
46.249.100.0-46.249.119.255
82.115.0.0/21
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
212.90.100.0/22
Signature Algorithm: sha256WithRSAEncryption
36:fd:bc:71:ee:20:60:95:9e:75:ff:0b:f8:80:01:36:1a:08:
e0:53:95:d3:bd:ce:de:93:eb:19:62:b5:39:ad:e5:44:93:26:
6e:08:eb:1c:75:51:08:c9:7e:d6:11:e6:99:f6:2e:1d:50:23:
d8:25:d9:e4:89:20:6b:d3:d9:5b:3c:d6:8e:8d:64:1a:c8:cc:
01:84:b1:0b:ad:77:8a:a8:f6:da:7e:9b:22:5b:95:38:71:80:
4d:52:18:0b:ff:80:02:d7:27:09:35:b4:35:48:fd:f0:35:43:
85:84:54:79:98:14:d1:e4:e8:f3:bb:81:d7:28:0e:6a:ce:38:
b9:0d:c5:80:22:27:57:4d:56:e8:d3:e1:b9:b5:d3:a8:de:2d:
88:e2:b5:a5:2e:c1:13:a4:01:34:b5:97:93:35:fa:21:ec:c2:
e5:d7:5e:5c:56:9e:8c:07:d2:9c:9c:c6:bf:83:a3:71:f9:26:
67:e0:b4:c3:e4:c1:f3:ce:01:6e:2d:28:74:22:1f:96:cf:7c:
b3:f2:b3:52:02:1a:c4:e9:22:66:12:da:75:b3:ef:d1:d4:e8:
52:c1:84:4d:51:05:01:35:cf:b4:60:09:43:22:d3:5e:ee:36:
db:a9:40:c6:33:f0:ba:d0:fe:f0:b6:a4:d7:c7:48:f7:b9:be:
8d:dd:d9:ed
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEFOlWMDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDUw
OTIzNTY1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTUxMzZjOWY5NmVi
NmVmYmFiYzAxN2RlNGZlZjBiZjQ1N2E1MzBiMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANA8UjpI62PujjYQWQ2aS7++XQrkxx5UAVOxLi/eHUIZjD5B
rb1hUMB/7EkJ0nKFNcv9G7Ytz6v4Uw0wY3K7hNyXCTa9+e+N1UL0gAX3FYQ/aeP1
EFIcFQTzhv/sw2w5JS1CJTBFpl7+aadCpHxJSkHv+nS73Nndxy3Zgd4CuYz/RR/Z
94vZSGnDFckZq5SZkM2vwqwDC9d1zAVZGKGMoC9O+Qs1S+LNHxEkRMHS0vbLzhYs
LsHyRforCafgwquB1k7RnWP1S3lizbxKuNsOEUGCGJl16F5RblNMxHVL+RKKvW8Z
G1zIdkkhpaWjnHavJBsJ5cHgMHRngacR81/XQqsCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBQVE2yflutu+6vAF95P7wv0V6UwsTAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
L0ZSTnNuNWJyYnZ1cndCZmVULThMOUZlbE1MRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEAwXiMAMEAi2S8DAMAwQCLvlkAwQD
LvlwAwQDUnMAAwQCuYFsAwQCudzsAwQAvNGbAwQC1FpkMA0GCSqGSIb3DQEBCwUA
A4IBAQA2/bxx7iBglZ51/wv4gAE2GgjgU5XTvc7ek+sZYrU5reVEkyZuCOscdVEI
yX7WEeaZ9i4dUCPYJdnkiSBr09lbPNaOjWQayMwBhLELrXeKqPbafpsiW5U4cYBN
UhgL/4AC1ycJNbQ1SP3wNUOFhFR5mBTR5Ojzu4HXKA5qzji5DcWAIidXTVbo0+G5
tdOo3i2I4rWlLsETpAE0tZeTNfoh7MLl115cVp6MB9KcnMa/g6Nx+SZn4LTD5MHz
zgFuLSh0Ih+Wz3yz8rNSAhrE6SJmEtp1s+/R1OhSwYRNUQUBNc+0YAlDItNe7jbb
qUDGM/C60P7wtqTXx0j3ub6N3dnt
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org