Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/P0l7i0MFF2DgGRHmSMNc-HhrXKw.roa
File: P0l7i0MFF2DgGRHmSMNc-HhrXKw.roa (raw, json)
Hash identifier: utC/HexLJNUsrhMx1cT0VPA8z5EoWP+DpUvB7y9H77c=
Subject key identifier: 3F:49:7B:8B:43:05:17:60:E0:19:11:E6:48:C3:5C:F8:78:6B:5C:AC
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0183686FEB0B8A6AE325EEB11EDD394C0C70
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/P0l7i0MFF2DgGRHmSMNc-HhrXKw.roa
Signing time: Fri 23 Sep 2022 03:41:48 +0000
ROA not before: Fri 23 Sep 2022 03:41:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.215.244.0/23 maxlen: 24
213.173.32.0/22 maxlen: 24
185.36.192.0/22 maxlen: 22
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:68:6f:eb:0b:8a:6a:e3:25:ee:b1:1e:dd:39:4c:0c:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Sep 23 03:41:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3f497b8b43051760e01911e648c35cf8786b5cac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:46:aa:f4:55:93:87:fa:59:75:e8:86:78:e0:
78:b6:be:8b:39:19:38:9f:27:d3:ab:09:36:ab:4a:
ac:47:bd:eb:6c:bc:d1:80:33:cf:aa:fe:77:9c:e4:
3e:d8:a4:76:ad:a7:8e:33:6c:a1:64:69:77:11:8b:
13:a4:13:45:24:a6:55:52:2b:f9:00:84:73:31:c6:
a2:b0:d4:2a:be:13:ee:d2:3c:28:b2:bb:e3:37:fe:
76:f1:05:c2:62:b6:17:86:4f:fa:6d:e1:96:37:84:
2e:37:c4:90:6d:cf:9f:fa:4f:e5:0e:ad:d8:77:dc:
1d:86:62:73:0a:3c:98:1a:bd:df:df:5a:4c:f1:87:
74:ee:91:0f:cf:2c:9c:e7:f8:2d:85:64:77:16:59:
ae:b4:d7:7a:57:84:1f:a5:d9:79:7e:c1:8b:a0:c5:
8e:50:2d:ed:24:db:00:14:42:0f:f9:c0:6e:d5:7b:
7f:9b:0b:f6:60:d9:74:76:02:61:ba:00:67:07:3c:
80:0d:99:43:1e:cf:93:72:9b:84:72:28:e3:7a:35:
08:3b:39:93:e2:15:41:bd:2c:26:34:fc:e2:ef:32:
52:3f:3e:45:d1:50:6f:b1:75:45:ab:8d:4d:49:e5:
f5:c8:ef:e8:d2:c9:46:d5:c3:17:3c:5a:c3:47:fe:
72:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:49:7B:8B:43:05:17:60:E0:19:11:E6:48:C3:5C:F8:78:6B:5C:AC
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/P0l7i0MFF2DgGRHmSMNc-HhrXKw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
185.36.192.0/22
185.129.108.0/22
185.215.244.0/23
185.220.236.0/22
188.209.155.0/24
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
d7:08:86:41:7d:97:a1:a4:52:3a:55:d2:dc:90:1e:64:77:fc:
73:13:65:85:40:95:7e:f0:a4:d7:5e:55:1e:4e:ca:56:fb:5e:
b0:b6:40:c6:a7:1c:2e:d9:e8:e0:ba:dd:3c:ee:e8:6f:79:3b:
2f:27:30:07:9f:e4:7e:58:96:d0:4d:77:4a:8e:14:5c:bb:da:
60:32:af:9f:36:43:b4:8a:f4:52:8f:34:0a:7e:11:9c:91:d2:
e9:8f:f5:bf:96:47:d0:7a:93:37:30:bb:ed:53:37:86:b7:e1:
82:76:23:f3:cf:45:b4:fb:b5:a1:b7:79:5a:c5:a7:92:5f:35:
75:95:a2:72:5e:0a:2a:dd:b8:fb:5a:57:08:de:e9:47:a3:61:
15:6c:52:7a:a4:41:14:ea:41:55:0d:64:9d:55:06:3d:7b:66:
07:94:9e:53:5d:d0:8a:ab:97:d3:c7:25:67:d6:14:c8:0a:6b:
8a:49:1d:35:24:d0:b7:39:15:4a:92:db:fe:80:d2:b1:e9:d5:
39:05:7b:ea:78:24:73:af:47:9e:1f:ac:6e:a2:e8:54:01:72:
8d:62:57:41:82:53:7f:f9:45:f0:28:32:02:3b:31:6a:b6:30:
07:78:f1:53:56:02:0b:81:f0:0b:a2:79:ed:fd:de:96:53:ef:
30:ce:d5:36
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYNob+sLimrjJe6xHt05TAxwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIwOTIzMDM0MTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQ5N2I4YjQzMDUxNzYwZTAxOTExZTY0OGMzNWNmODc4NmI1Y2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkaq9FWTh/pZdeiGeOB4tr6LORk4
nyfTqwk2q0qsR73rbLzRgDPPqv53nOQ+2KR2raeOM2yhZGl3EYsTpBNFJKZVUiv5
AIRzMcaisNQqvhPu0jwosrvjN/528QXCYrYXhk/6beGWN4QuN8SQbc+f+k/lDq3Y
d9wdhmJzCjyYGr3f31pM8Yd07pEPzyyc5/gthWR3FlmutNd6V4Qfpdl5fsGLoMWO
UC3tJNsAFEIP+cBu1Xt/mwv2YNl0dgJhugBnBzyADZlDHs+TcpuEcijjejUIOzmT
4hVBvSwmNPzi7zJSPz5F0VBvsXVFq41NSeX1yO/o0slG1cMXPFrDR/5yPQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFD9Je4tDBRdg4BkR5kjDXPh4a1ysMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUDBsN2kwTUZGMkRnR1JIbVNNTmMtSGhyWEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQEBSLQAwQC
uSTAAwQCuYFsAwQBudf0AwQCudzsAwQAvNGbAwQC1a0gMA0GCSqGSIb3DQEBCwUA
A4IBAQDXCIZBfZehpFI6VdLckB5kd/xzE2WFQJV+8KTXXlUeTspW+16wtkDGpxwu
2ejgut087uhveTsvJzAHn+R+WJbQTXdKjhRcu9pgMq+fNkO0ivRSjzQKfhGckdLp
j/W/lkfQepM3MLvtUzeGt+GCdiPzz0W0+7Wht3laxaeSXzV1laJyXgoq3bj7WlcI
3ulHo2EVbFJ6pEEU6kFVDWSdVQY9e2YHlJ5TXdCKq5fTxyVn1hTICmuKSR01JNC3
ORVKktv+gNKx6dU5BXvqeCRzr0eeH6xuouhUAXKNYldBglN/+UXwKDICOzFqtjAH
ePFTVgILgfALonnt/d6WU+8wztU2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org