Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/QMliYMWvearnC4Xvlte40a12-Hg.roa
File: QMliYMWvearnC4Xvlte40a12-Hg.roa (raw, json)
Hash identifier: yelDTkyA9j7IwcqqSzUZKl8Iv46fjqUSUvxA3ht6hGA=
Subject key identifier: 40:C9:62:60:C5:AF:79:AA:E7:0B:85:EF:96:D7:B8:D1:AD:76:F8:78
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018331D3D852EA1948C4C4DEEA6E3EF93523
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/QMliYMWvearnC4Xvlte40a12-Hg.roa
Signing time: Mon 12 Sep 2022 13:11:50 +0000
ROA not before: Mon 12 Sep 2022 13:11:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.215.244.0/23 maxlen: 24
185.215.246.0/24 maxlen: 24
213.173.32.0/22 maxlen: 24
185.36.192.0/22 maxlen: 22
82.115.24.0/22 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:31:d3:d8:52:ea:19:48:c4:c4:de:ea:6e:3e:f9:35:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Sep 12 13:11:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=40c96260c5af79aae70b85ef96d7b8d1ad76f878
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:fd:c8:c7:c6:8c:44:d7:2b:82:0e:9b:ff:5a:
7b:ed:0f:87:ba:6a:74:b8:34:6f:b0:05:1e:6b:42:
38:8e:79:a6:23:02:57:e1:45:fe:84:9b:50:9e:74:
89:da:0b:3c:52:64:c0:04:1f:59:91:a2:26:0a:05:
3c:ff:ec:fd:11:b3:2f:67:33:75:d7:ea:c0:50:b1:
2b:59:90:23:f2:01:31:3d:24:06:c7:25:b4:3b:9e:
08:c1:87:2c:88:db:40:b5:80:ea:b6:72:16:44:d6:
b4:ae:04:35:3d:cf:f7:ee:b3:64:51:21:ba:44:c7:
84:e6:5b:e3:be:d5:43:29:ff:e9:7f:79:62:71:f4:
28:f0:22:53:2a:05:6d:40:df:c0:49:8c:ec:31:c9:
bf:2c:52:90:10:41:e2:0e:bb:1e:71:1e:a1:b2:d9:
c7:e7:92:84:59:db:79:0c:a7:3d:94:5f:50:b2:cc:
bb:1c:90:14:27:4d:a6:b0:fd:ce:18:b4:9e:2e:bc:
f6:7a:dd:80:a9:7d:88:ee:7b:53:20:ed:af:07:ea:
f4:62:80:a7:83:f7:d0:a4:d1:56:c0:df:c3:a2:2f:
32:73:f7:6a:2d:bf:6f:92:33:b3:34:af:5a:17:54:
a1:55:23:8d:22:83:e9:d3:b2:9c:be:b4:52:96:b3:
bb:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:C9:62:60:C5:AF:79:AA:E7:0B:85:EF:96:D7:B8:D1:AD:76:F8:78
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/QMliYMWvearnC4Xvlte40a12-Hg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
82.115.24.0/22
185.36.192.0/22
185.129.108.0/22
185.215.244.0-185.215.246.255
185.220.236.0/22
188.209.155.0/24
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
44:84:76:f0:fe:49:ec:f4:9e:25:db:ef:5b:03:a4:12:e0:16:
58:5b:30:6f:13:5c:96:bb:9f:17:c9:3a:15:e7:6b:e8:40:85:
c4:16:5b:f0:d2:02:2d:23:a5:60:fb:1a:aa:6a:42:62:58:51:
14:b6:7d:3c:b1:47:f4:2e:90:a7:7e:10:9c:44:57:1d:1d:ad:
d2:e1:57:8c:7a:76:6d:35:75:ae:4e:81:8b:a7:a2:db:63:cb:
eb:54:8e:43:f1:46:f8:32:94:1b:67:79:28:1c:c6:7f:d6:b7:
21:e1:17:99:e0:bb:15:44:67:33:e6:f7:58:0b:50:b7:55:44:
b1:0e:2c:7d:f9:8d:18:87:8a:3e:4a:ea:24:a3:b7:b5:a6:d6:
8e:e8:30:65:7a:0e:04:c6:92:b1:48:ba:a7:28:7c:3a:57:4f:
1e:5b:ca:0d:7b:6a:a9:0b:bd:8c:fd:e8:07:3e:b9:9f:81:2f:
78:09:70:1f:8f:47:65:bf:e2:b1:42:bc:18:35:97:97:df:b5:
4e:4b:99:99:f9:f1:1e:06:1d:1d:94:0c:26:3f:0e:64:0d:88:
e6:65:6e:a6:c0:8e:6c:91:e2:b1:ea:8f:1b:e3:74:66:ed:84:
b8:13:64:57:0a:d0:c0:26:d9:60:8a:95:21:88:87:d3:8f:df:
75:94:7d:9b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYMx09hS6hlIxMTe6m4++TUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIwOTEyMTMxMTUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGM5NjI2MGM1YWY3OWFhZTcwYjg1ZWY5NmQ3YjhkMWFkNzZmODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf3Ix8aMRNcrgg6b/1p77Q+Hump0
uDRvsAUea0I4jnmmIwJX4UX+hJtQnnSJ2gs8UmTABB9ZkaImCgU8/+z9EbMvZzN1
1+rAULErWZAj8gExPSQGxyW0O54IwYcsiNtAtYDqtnIWRNa0rgQ1Pc/37rNkUSG6
RMeE5lvjvtVDKf/pf3licfQo8CJTKgVtQN/ASYzsMcm/LFKQEEHiDrsecR6hstnH
55KEWdt5DKc9lF9Qssy7HJAUJ02msP3OGLSeLrz2et2AqX2I7ntTIO2vB+r0YoCn
g/fQpNFWwN/Doi8yc/dqLb9vkjOzNK9aF1ShVSONIoPp07KcvrRSlrO7nwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEDJYmDFr3mq5wuF75bXuNGtdvh4MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUU1saVlNV3ZlYXJuQzRYdmx0ZTQwYTEyLUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQEBSLQAwQC
UnMYAwQCuSTAAwQCuYFsMAwDBAK51/QDBAC51/YDBAK53OwDBAC80ZsDBALVrSAw
DQYJKoZIhvcNAQELBQADggEBAESEdvD+Sez0niXb71sDpBLgFlhbMG8TXJa7nxfJ
OhXna+hAhcQWW/DSAi0jpWD7GqpqQmJYURS2fTyxR/QukKd+EJxEVx0drdLhV4x6
dm01da5OgYunottjy+tUjkPxRvgylBtneSgcxn/WtyHhF5nguxVEZzPm91gLULdV
RLEOLH35jRiHij5K6iSjt7Wm1o7oMGV6DgTGkrFIuqcofDpXTx5byg17aqkLvYz9
6Ac+uZ+BL3gJcB+PR2W/4rFCvBg1l5fftU5LmZn58R4GHR2UDCY/DmQNiOZlbqbA
jmyR4rHqjxvjdGbthLgTZFcK0MAm2WCKlSGIh9OP33WUfZs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org