Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NibUbFb4HhtHbXuuH5MyKFIedko.roa
File: NibUbFb4HhtHbXuuH5MyKFIedko.roa (raw, json)
Hash identifier: HMQs0LTiVbh9dNbKDYNRRIe1TD1CCZ3vnFp1y28BzYU=
Subject key identifier: 36:26:D4:6C:56:F8:1E:1B:47:6D:7B:AE:1F:93:32:28:52:1E:76:4A
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0186721339C63B4B6FA6E8DC579961D623D7
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NibUbFb4HhtHbXuuH5MyKFIedko.roa
Signing time: Tue 21 Feb 2023 03:45:07 +0000
ROA not before: Tue 21 Feb 2023 03:45:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 82.97.240.0/20 maxlen: 24
5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
45.137.180.0/22 maxlen: 24
213.173.32.0/22 maxlen: 24
82.115.12.0/23 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:72:13:39:c6:3b:4b:6f:a6:e8:dc:57:99:61:d6:23:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Feb 21 03:45:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3626d46c56f81e1b476d7bae1f933228521e764a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:15:38:35:1d:8e:8f:20:59:ce:45:b3:35:ad:
2f:10:91:40:94:b2:bb:b9:c4:e3:da:81:fd:06:96:
df:91:50:dd:b4:d8:85:ae:e8:e7:bc:32:6b:b5:61:
79:25:88:6d:55:ae:02:58:32:f6:93:d6:25:aa:f4:
75:aa:c6:23:ee:bf:67:d5:f9:c3:9a:de:25:33:e8:
38:b2:47:07:2f:0d:a6:f4:c0:8a:6e:c2:f1:8d:cf:
37:e2:6f:95:d5:b3:4f:ea:45:1c:50:58:c4:e0:56:
2c:f7:ee:54:8d:17:b6:2f:9d:e0:dc:77:a1:22:00:
e4:81:91:be:d5:21:6d:a7:59:46:d3:a8:60:c8:ab:
00:76:24:4b:81:4b:64:87:e9:ca:5a:f6:93:04:04:
1b:db:85:49:2f:4d:b3:cf:69:c4:31:fc:1b:3c:8e:
9f:e0:9f:80:2c:38:d2:a1:5b:aa:a2:49:1f:70:86:
d0:d1:47:3b:08:4b:87:0f:d0:fc:c6:29:ab:1d:07:
44:0f:6d:44:56:e8:7d:99:74:eb:91:64:88:6d:f7:
9f:0b:1d:0a:7c:e3:8d:dc:99:04:c2:2a:e5:9a:b8:
01:f6:73:98:e6:c7:b3:fe:17:ae:cd:e3:d4:3c:0c:
b3:57:07:7f:c3:c0:8d:f9:4f:c8:76:8c:85:7b:52:
4b:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:26:D4:6C:56:F8:1E:1B:47:6D:7B:AE:1F:93:32:28:52:1E:76:4A
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NibUbFb4HhtHbXuuH5MyKFIedko.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
45.137.180.0/22
82.97.240.0/20
82.115.12.0/23
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
0e:68:98:42:50:cd:1c:d2:77:78:44:ac:72:f0:fd:af:f3:1b:
ba:d5:a8:1e:76:d1:5a:b9:55:5a:da:c0:d2:2f:c2:4d:1b:aa:
51:76:f0:bd:5e:ed:ba:07:40:44:07:24:35:11:b4:9f:a4:7a:
32:d6:f7:bd:f8:4c:c4:f5:62:0a:a2:26:55:ec:90:f1:45:4a:
3b:62:6a:66:b3:d8:27:74:61:82:ba:fe:30:15:0b:fd:39:95:
5c:e3:e9:67:62:69:a0:5d:e7:13:9b:62:f5:5f:a6:f4:29:9e:
9a:6e:ef:94:a8:36:28:a8:fe:dc:7d:f3:5d:7f:be:f2:01:d0:
de:82:56:33:88:5c:d1:5d:ad:b3:25:d5:18:29:28:68:20:e3:
48:55:8c:a4:21:5d:09:1b:77:a3:1b:b5:96:73:29:44:60:ac:
86:27:42:6f:f1:ae:ab:7d:5c:28:4f:ae:ad:03:fd:55:94:7c:
22:46:6e:22:f6:39:1d:c1:6d:a6:2d:e5:59:f9:9c:5b:bd:6a:
21:e8:23:94:71:c6:09:aa:cb:30:9c:36:55:7d:38:2b:9a:76:
fd:99:b1:6e:13:77:a1:4d:8f:ee:05:77:6b:c3:ec:bb:25:94:
6a:af:33:cf:af:10:20:26:53:fa:70:6e:77:f6:90:f5:d7:86:
e3:f1:33:43
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYZyEznGO0tvpujcV5lh1iPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMjIxMDM0NTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI2ZDQ2YzU2ZjgxZTFiNDc2ZDdiYWUxZjkzMzIyODUyMWU3NjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhU4NR2OjyBZzkWzNa0vEJFAlLK7
ucTj2oH9BpbfkVDdtNiFrujnvDJrtWF5JYhtVa4CWDL2k9YlqvR1qsYj7r9n1fnD
mt4lM+g4skcHLw2m9MCKbsLxjc834m+V1bNP6kUcUFjE4FYs9+5UjRe2L53g3Heh
IgDkgZG+1SFtp1lG06hgyKsAdiRLgUtkh+nKWvaTBAQb24VJL02zz2nEMfwbPI6f
4J+ALDjSoVuqokkfcIbQ0Uc7CEuHD9D8ximrHQdED21EVuh9mXTrkWSIbfefCx0K
fOON3JkEwirlmrgB9nOY5sez/heuzePUPAyzVwd/w8CN+U/IdoyFe1JLCwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDYm1GxW+B4bR217rh+TMihSHnZKMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvTmliVWJGYjRIaHRIYlh1dUg1TXlLRkllZGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBSLQAwQC
LYm0AwQEUmHwAwQBUnMMAwQCuYFsAwQCudzsAwQAvNGbAwQC1a0gMA0GCSqGSIb3
DQEBCwUAA4IBAQAOaJhCUM0c0nd4RKxy8P2v8xu61agedtFauVVa2sDSL8JNG6pR
dvC9Xu26B0BEByQ1EbSfpHoy1ve9+EzE9WIKoiZV7JDxRUo7Ympms9gndGGCuv4w
FQv9OZVc4+lnYmmgXecTm2L1X6b0KZ6abu+UqDYoqP7cffNdf77yAdDeglYziFzR
Xa2zJdUYKShoIONIVYykIV0JG3ejG7WWcylEYKyGJ0Jv8a6rfVwoT66tA/1VlHwi
Rm4i9jkdwW2mLeVZ+ZxbvWoh6COUccYJqsswnDZVfTgrmnb9mbFuE3ehTY/uBXdr
w+y7JZRqrzPPrxAgJlP6cG539pD114bj8TND
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org