Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Pux4CEoLghJ-pLA2wMx7qqSrvQs.roa
File: Pux4CEoLghJ-pLA2wMx7qqSrvQs.roa (raw, json)
Hash identifier: nN/Ih0H6AsegoXaJw9eMfAo9DmLqnQV8VbiN/JnSQs0=
Subject key identifier: 3E:EC:78:08:4A:0B:82:12:7E:A4:B0:36:C0:CC:7B:AA:A4:AB:BD:0B
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0187525329EABB854F3015E7D179BA75F758
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Pux4CEoLghJ-pLA2wMx7qqSrvQs.roa
Signing time: Wed 05 Apr 2023 16:49:54 +0000
ROA not before: Wed 05 Apr 2023 16:49:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 82.97.240.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
185.80.196.0/23 maxlen: 24
188.209.155.0/24 maxlen: 24
45.137.180.0/22 maxlen: 24
82.115.12.0/23 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:52:53:29:ea:bb:85:4f:30:15:e7:d1:79:ba:75:f7:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Apr 5 16:49:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3eec78084a0b82127ea4b036c0cc7baaa4abbd0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:53:52:80:07:9f:7a:e5:85:d5:65:9e:64:bd:
49:54:11:60:6e:ec:82:f3:f6:80:c9:89:7b:ef:51:
b7:26:55:80:ce:bf:0e:aa:4d:b3:1d:9d:30:6c:29:
78:dd:fb:ab:e9:43:20:c9:2e:ee:4a:98:ee:fa:24:
a3:6a:5a:34:ef:1a:da:07:0c:73:8f:ae:99:ba:95:
56:0b:74:38:69:ad:ad:a8:cf:54:53:e5:0d:8c:05:
b1:1a:3d:bb:c9:49:cb:4a:53:20:33:d7:1b:dd:48:
02:a3:f1:ec:d9:3d:93:30:6d:ef:33:23:8c:c0:93:
f3:57:53:a8:2b:91:8a:b8:14:dc:9b:52:8a:b7:f2:
93:eb:42:d2:06:96:5b:bb:05:4d:d4:0d:ec:ef:0e:
05:2d:e8:a6:31:68:16:0d:3d:ea:cb:33:e6:d0:fb:
43:4d:e2:72:f7:21:35:6d:a6:51:a2:f4:36:eb:b0:
e0:3d:4d:13:e0:c6:a8:c9:a8:43:2d:c0:f3:1e:53:
3b:7d:9d:9e:43:86:5e:db:52:22:46:1d:29:df:ba:
1b:95:42:88:6d:67:f3:19:4a:e6:78:67:d9:3e:f3:
be:f9:6d:e4:7a:6e:b6:22:4a:cb:bd:ef:b9:44:18:
73:f9:a7:40:fc:0f:9e:b4:4a:33:17:54:61:85:1f:
62:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:EC:78:08:4A:0B:82:12:7E:A4:B0:36:C0:CC:7B:AA:A4:AB:BD:0B
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Pux4CEoLghJ-pLA2wMx7qqSrvQs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.180.0/22
82.97.240.0/20
82.115.12.0/23
185.80.196.0/23
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
Signature Algorithm: sha256WithRSAEncryption
32:9c:34:81:77:a3:b0:ce:be:0b:41:ec:cd:b3:86:0d:60:39:
02:fa:a9:95:09:3d:8b:6f:79:72:9e:f9:2c:82:b6:60:a3:d5:
56:a7:66:19:55:be:94:60:0f:8f:ed:93:f8:40:2b:29:b7:d5:
bd:09:53:a5:84:34:9a:f4:c1:c3:22:78:73:ed:f4:28:e0:bf:
ed:26:a9:ed:6f:f6:f1:5b:19:e5:cf:d2:09:73:28:d4:a9:d3:
ea:ff:cc:3f:41:c8:f8:ac:2f:4f:b1:79:3e:b3:25:a0:01:f1:
b6:a3:28:75:c3:d2:f3:d4:30:90:42:6d:e8:76:14:20:84:f2:
d5:06:6e:91:1b:16:38:e6:32:55:46:02:d1:c1:68:5a:f7:ed:
ed:39:21:e9:17:d5:2e:de:c8:4f:d3:a2:46:ea:5a:3d:be:cf:
b7:64:6d:ac:6a:b9:37:b3:19:99:a1:53:a2:55:af:f8:6a:c1:
ba:c2:e0:f7:72:17:4b:7e:6d:71:66:14:5b:7e:81:69:eb:23:
52:d0:ac:15:d4:84:86:92:e2:65:ac:15:3e:eb:6e:c2:fe:c3:
10:3c:8f:46:a6:a0:41:e7:38:3c:be:37:fc:40:b5:e7:5a:a5:
26:4f:4f:d3:a6:5c:58:f3:91:40:05:9d:40:eb:55:f8:a8:73:
08:e8:98:5d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYdSUynqu4VPMBXn0Xm6dfdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwNDA1MTY0OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWVjNzgwODRhMGI4MjEyN2VhNGIwMzZjMGNjN2JhYWE0YWJiZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlNSgAefeuWF1WWeZL1JVBFgbuyC
8/aAyYl771G3JlWAzr8Oqk2zHZ0wbCl43fur6UMgyS7uSpju+iSjalo07xraBwxz
j66ZupVWC3Q4aa2tqM9UU+UNjAWxGj27yUnLSlMgM9cb3UgCo/Hs2T2TMG3vMyOM
wJPzV1OoK5GKuBTcm1KKt/KT60LSBpZbuwVN1A3s7w4FLeimMWgWDT3qyzPm0PtD
TeJy9yE1baZRovQ267DgPU0T4MaoyahDLcDzHlM7fZ2eQ4Ze21IiRh0p37oblUKI
bWfzGUrmeGfZPvO++W3kem62IkrLve+5RBhz+adA/A+etEozF1RhhR9ilQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFD7seAhKC4ISfqSwNsDMe6qkq70LMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUHV4NENFb0xnaEotcExBMndNeDdxcVNydlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCLYm0AwQE
UmHwAwQBUnMMAwQBuVDEAwQCuYFsAwQCudzsAwQAvNGbMA0GCSqGSIb3DQEBCwUA
A4IBAQAynDSBd6Owzr4LQezNs4YNYDkC+qmVCT2Lb3lynvksgrZgo9VWp2YZVb6U
YA+P7ZP4QCspt9W9CVOlhDSa9MHDInhz7fQo4L/tJqntb/bxWxnlz9IJcyjUqdPq
/8w/Qcj4rC9PsXk+syWgAfG2oyh1w9Lz1DCQQm3odhQghPLVBm6RGxY45jJVRgLR
wWha9+3tOSHpF9Uu3shP06JG6lo9vs+3ZG2sark3sxmZoVOiVa/4asG6wuD3chdL
fm1xZhRbfoFp6yNS0KwV1ISGkuJlrBU+627C/sMQPI9GpqBB5zg8vjf8QLXnWqUm
T0/TplxY85FABZ1A61X4qHMI6Jhd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org