Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/PMb7y_t5RwCSsdqoStNB1JT6n6Q.roa
File: PMb7y_t5RwCSsdqoStNB1JT6n6Q.roa (raw, json)
Hash identifier: jdpHpwcHLnhfMvaIoLkelgGPZGT0KH8ZXEwbpZGPanc=
Subject key identifier: 3C:C6:FB:CB:FB:79:47:00:92:B1:DA:A8:4A:D3:41:D4:94:FA:9F:A4
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018570BFE357DBD3220440C23C68EBFD51A5
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/PMb7y_t5RwCSsdqoStNB1JT6n6Q.roa
Signing time: Mon 02 Jan 2023 04:31:41 +0000
ROA not before: Mon 02 Jan 2023 04:31:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.215.244.0/23 maxlen: 24
213.173.32.0/22 maxlen: 24
193.36.84.0/23 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:bf:e3:57:db:d3:22:04:40:c2:3c:68:eb:fd:51:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 2 04:31:41 2023 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3cc6fbcbfb79470092b1daa84ad341d494fa9fa4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:a7:98:fe:2c:f4:ad:60:64:fe:4d:f9:8a:92:
8e:f8:38:c0:f1:68:36:6b:03:b7:ae:cd:7b:d8:00:
81:2d:be:a0:f8:80:30:7e:21:b2:3b:bf:1e:e6:02:
d3:f5:e6:67:f9:18:e8:c4:9a:3c:2d:84:c3:6f:09:
60:28:c9:01:6d:b7:17:ba:c4:52:72:6a:c5:eb:19:
5b:a1:70:7d:d4:f9:e1:73:b8:03:74:f1:01:b6:a3:
c6:43:bf:d4:5c:0c:d7:29:0b:6a:22:f4:81:84:bb:
9e:41:4e:c3:f9:86:4a:22:be:2a:88:54:3a:d1:bc:
f8:5f:8e:03:b8:a2:69:ed:94:37:e7:1f:3b:98:bd:
39:b2:6c:a3:65:13:90:e1:af:3a:88:f6:bb:dc:3c:
aa:e6:48:1e:95:22:70:0a:c3:55:a0:ca:0e:65:98:
43:62:c7:99:6f:ba:19:7b:95:b7:b2:f8:78:98:e8:
40:09:2d:29:23:35:bf:95:5d:72:6b:1d:35:e8:7a:
9d:ba:31:57:d7:21:54:61:84:ed:f2:af:20:0e:70:
b2:ec:6d:19:c9:b8:57:4e:c4:0b:21:85:1a:80:68:
82:a0:e9:39:e4:1d:fa:7e:08:0c:e7:eb:db:32:64:
21:38:02:73:22:bf:b2:8d:3c:f3:ad:9c:cf:78:90:
e7:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:C6:FB:CB:FB:79:47:00:92:B1:DA:A8:4A:D3:41:D4:94:FA:9F:A4
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/PMb7y_t5RwCSsdqoStNB1JT6n6Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
185.129.108.0/22
185.215.244.0/23
185.220.236.0/22
188.209.155.0/24
193.36.84.0/23
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
28:27:a7:c4:07:f5:56:0c:2b:70:53:1f:aa:ce:38:bc:5e:2f:
73:52:17:cd:f7:51:7a:6f:bb:bf:5a:da:ce:b1:94:17:46:55:
85:18:cf:ac:ee:25:8d:b0:e3:ab:20:c5:3e:f1:ed:d1:89:4d:
3a:14:40:ea:2f:65:c0:67:16:9b:9b:e9:48:f5:7d:6b:d8:30:
45:ac:41:ef:be:04:93:27:97:03:7b:8e:aa:01:07:da:0c:cc:
ab:d6:39:3e:28:7b:f3:96:27:9d:f9:8e:ba:a5:2f:a2:6f:4d:
bf:2a:ec:c5:e9:fc:25:e7:4d:26:ad:a3:a4:7c:7b:83:6a:7e:
20:26:4f:33:f1:e2:d4:5f:51:7c:b1:5a:bc:56:af:f2:3e:5f:
50:3e:be:a0:36:a3:82:bf:f0:00:90:d5:c4:1e:a8:c8:67:19:
ca:c7:a5:cc:b9:ad:9e:59:9f:09:bf:3f:ba:a8:1b:65:f3:68:
af:ca:21:d3:96:13:71:f4:6e:df:0d:f5:a8:24:58:27:c4:8f:
63:9a:6a:4e:51:63:59:42:d6:1a:88:4d:3e:2b:a1:9d:92:6e:
00:c7:a2:32:41:3c:f1:48:56:b7:60:03:f3:9b:98:35:39:12:
ce:e0:d2:24:50:40:c0:cc:7a:9c:65:08:e4:34:db:8d:20:12:
98:48:63:4b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVwv+NX29MiBEDCPGjr/VGlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMTAyMDQzMTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2M2ZmJjYmZiNzk0NzAwOTJiMWRhYTg0YWQzNDFkNDk0ZmE5ZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKeY/iz0rWBk/k35ipKO+DjA8Wg2
awO3rs172ACBLb6g+IAwfiGyO78e5gLT9eZn+RjoxJo8LYTDbwlgKMkBbbcXusRS
cmrF6xlboXB91Pnhc7gDdPEBtqPGQ7/UXAzXKQtqIvSBhLueQU7D+YZKIr4qiFQ6
0bz4X44DuKJp7ZQ35x87mL05smyjZROQ4a86iPa73Dyq5kgelSJwCsNVoMoOZZhD
YseZb7oZe5W3svh4mOhACS0pIzW/lV1yax016HqdujFX1yFUYYTt8q8gDnCy7G0Z
ybhXTsQLIYUagGiCoOk55B36fggM5+vbMmQhOAJzIr+yjTzzrZzPeJDnHwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDzG+8v7eUcAkrHaqErTQdSU+p+kMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUE1iN3lfdDVSd0NTc2Rxb1N0TkIxSlQ2bjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQEBSLQAwQC
uYFsAwQBudf0AwQCudzsAwQAvNGbAwQBwSRUAwQC1a0gMA0GCSqGSIb3DQEBCwUA
A4IBAQAoJ6fEB/VWDCtwUx+qzji8Xi9zUhfN91F6b7u/WtrOsZQXRlWFGM+s7iWN
sOOrIMU+8e3RiU06FEDqL2XAZxabm+lI9X1r2DBFrEHvvgSTJ5cDe46qAQfaDMyr
1jk+KHvzlied+Y66pS+ib02/KuzF6fwl500mraOkfHuDan4gJk8z8eLUX1F8sVq8
Vq/yPl9QPr6gNqOCv/AAkNXEHqjIZxnKx6XMua2eWZ8Jvz+6qBtl82ivyiHTlhNx
9G7fDfWoJFgnxI9jmmpOUWNZQtYaiE0+K6Gdkm4Ax6IyQTzxSFa3YAPzm5g1ORLO
4NIkUEDAzHqcZQjkNNuNIBKYSGNL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org