Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/S_PL-OgOJPpngrsIC5lXYc1G-SU.roa
File: S_PL-OgOJPpngrsIC5lXYc1G-SU.roa (raw, json)
Hash identifier: XEhh3WCHqz362poE5mtYgjD/EOW++lI/PkB7nu72pjE=
Subject key identifier: 4B:F3:CB:F8:E8:0E:24:FA:67:82:BB:08:0B:99:57:61:CD:46:F9:25
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01927BD46DDF6A2638031877200CCB2EA6FD
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/S_PL-OgOJPpngrsIC5lXYc1G-SU.roa
Signing time: Fri 11 Oct 2024 13:46:12 +0000
ROA not before: Fri 11 Oct 2024 13:46:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60808
IP address blocks: 185.215.246.0/24 maxlen: 24
188.253.96.0/19 maxlen: 24
193.36.72.0/24 maxlen: 24
193.36.73.0/24 maxlen: 24
2a05:ec80::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:7b:d4:6d:df:6a:26:38:03:18:77:20:0c:cb:2e:a6:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 11 13:46:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4bf3cbf8e80e24fa6782bb080b995761cd46f925
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:6b:69:3a:29:97:8c:db:40:44:6d:cd:2a:83:
be:e6:18:c6:dc:cb:cf:7f:be:25:79:4e:fa:d3:7c:
c6:5d:35:1a:1b:dd:97:8c:d3:0b:6c:66:15:29:f7:
0a:af:5c:cf:5b:e8:68:a1:39:21:1d:af:af:a6:f1:
06:73:ba:cc:22:ec:1c:1e:b7:27:6e:61:01:31:5d:
dd:c6:60:38:00:0f:66:bb:55:d9:de:19:a9:7a:d4:
79:fb:3f:a0:e0:a2:af:7e:30:82:2a:12:78:21:6c:
78:5b:d4:02:1b:27:59:d7:5c:7b:85:74:98:66:0f:
71:9b:2a:eb:e1:91:44:b6:50:3a:42:9e:ac:13:f5:
3f:42:92:a7:17:76:ef:27:ac:90:55:b7:74:2f:a7:
b0:9d:81:d2:18:01:bd:27:34:fd:c1:61:79:d7:0e:
b8:bd:71:4b:b3:0d:d5:4c:30:fb:50:f3:1a:ca:2c:
33:c4:62:59:10:1e:da:a6:47:43:93:40:66:36:37:
7a:e9:17:85:ac:15:58:41:b5:52:94:83:1e:44:aa:
9e:52:06:c3:76:e7:4d:78:b3:e9:3d:12:4b:9e:f2:
63:e3:3f:93:62:88:53:16:a0:ef:05:30:74:c1:48:
06:63:2c:da:1d:30:1c:1e:70:5b:94:6d:fb:5d:12:
0c:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:F3:CB:F8:E8:0E:24:FA:67:82:BB:08:0B:99:57:61:CD:46:F9:25
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/S_PL-OgOJPpngrsIC5lXYc1G-SU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.215.246.0/24
188.253.96.0/19
193.36.72.0/23
IPv6:
2a05:ec80::/29
Signature Algorithm: sha256WithRSAEncryption
bb:ea:df:06:88:55:a4:a6:96:b2:b2:e3:85:60:62:f0:dc:27:
86:ad:fa:4b:b1:42:62:2b:d6:cf:23:2c:ff:6a:ba:21:db:b4:
02:1b:8f:d0:76:33:85:f2:5b:26:c6:37:02:5e:aa:f6:23:53:
df:cb:b0:94:e3:f2:62:cb:45:50:d1:1b:d9:3e:1a:4d:bd:41:
97:1c:e4:ee:46:10:72:91:42:29:60:27:23:f8:87:d5:0c:f1:
bb:e5:7a:97:08:3b:d3:7e:df:c0:7f:84:a5:4e:2f:8b:4a:19:
7b:58:24:0b:d1:18:ec:1c:e8:16:29:12:1b:44:60:65:2d:68:
52:13:02:ad:e3:53:50:ec:e0:ac:35:6f:d5:9b:d8:5a:a7:94:
4d:c2:e2:88:c9:6e:b7:67:92:8a:e2:73:f8:98:34:d6:27:12:
9e:aa:b0:1b:7d:f5:f5:bc:32:a5:a2:4c:5b:8f:3e:5f:e5:9c:
cf:e9:dd:ed:e4:52:36:11:78:4d:8b:43:16:29:3e:da:2e:65:
e1:b8:9b:48:dc:b5:a4:95:30:17:e2:9f:cf:37:2f:71:7b:c3:
53:6c:eb:6f:10:30:f7:ea:0d:fd:88:18:9b:5b:6d:31:1c:ec:
fa:91:0d:51:5f:0f:26:47:e0:44:13:54:24:4c:d3:f9:29:c7:
76:a8:75:de
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZJ71G3faiY4Axh3IAzLLqb9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQxMDExMTM0NjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmYzY2JmOGU4MGUyNGZhNjc4MmJiMDgwYjk5NTc2MWNkNDZmOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumtpOimXjNtARG3NKoO+5hjG3MvP
f74leU7603zGXTUaG92XjNMLbGYVKfcKr1zPW+hooTkhHa+vpvEGc7rMIuwcHrcn
bmEBMV3dxmA4AA9mu1XZ3hmpetR5+z+g4KKvfjCCKhJ4IWx4W9QCGydZ11x7hXSY
Zg9xmyrr4ZFEtlA6Qp6sE/U/QpKnF3bvJ6yQVbd0L6ewnYHSGAG9JzT9wWF51w64
vXFLsw3VTDD7UPMayiwzxGJZEB7apkdDk0BmNjd66ReFrBVYQbVSlIMeRKqeUgbD
dudNeLPpPRJLnvJj4z+TYohTFqDvBTB0wUgGYyzaHTAcHnBblG37XRIMHwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFEvzy/joDiT6Z4K7CAuZV2HNRvklMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvU19QTC1PZ09KUHBuZ3JzSUM1bFhZYzFHLVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAudf2AwQF
vP1gAwQBwSRIMA0EAgACMAcDBQMqBeyAMA0GCSqGSIb3DQEBCwUAA4IBAQC76t8G
iFWkppaysuOFYGLw3CeGrfpLsUJiK9bPIyz/aroh27QCG4/QdjOF8lsmxjcCXqr2
I1Pfy7CU4/Jiy0VQ0RvZPhpNvUGXHOTuRhBykUIpYCcj+IfVDPG75XqXCDvTft/A
f4SlTi+LShl7WCQL0RjsHOgWKRIbRGBlLWhSEwKt41NQ7OCsNW/Vm9hap5RNwuKI
yW63Z5KK4nP4mDTWJxKeqrAbffX1vDKlokxbjz5f5ZzP6d3t5FI2EXhNi0MWKT7a
LmXhuJtI3LWklTAX4p/PNy9xe8NTbOtvEDD36g39iBibW20xHOz6kQ1RXw8mR+BE
E1QkTNP5Kcd2qHXe
-----END CERTIFICATE-----
Generated at Tue Nov 12 10:16:27 2024 by rpki-client on console-ams.rpki-client.org