Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/TUSL0SJ1kx9HzRU9JKXafrc-gkc.roa
File: TUSL0SJ1kx9HzRU9JKXafrc-gkc.roa (raw, json)
Hash identifier: UwRjaO7kuXVkDj4We17eeYVKr0jlORc+qvYXexKCUu8=
Subject key identifier: 4D:44:8B:D1:22:75:93:1F:47:CD:15:3D:24:A5:DA:7E:B7:3E:82:47
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0183F33B968AC6B12A65E002875E24DD8A3D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/TUSL0SJ1kx9HzRU9JKXafrc-gkc.roa
Signing time: Thu 20 Oct 2022 02:31:51 +0000
ROA not before: Thu 20 Oct 2022 02:31:51 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 185.220.236.0/22 maxlen: 24
91.132.59.0/24 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:f3:3b:96:8a:c6:b1:2a:65:e0:02:87:5e:24:dd:8a:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 20 02:31:51 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4d448bd12275931f47cd153d24a5da7eb73e8247
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:52:11:e0:d3:3d:49:49:33:5b:38:4c:88:33:
f9:94:bf:74:ab:9f:15:41:70:8f:3e:d7:8f:a6:5b:
cd:7f:1f:f9:71:da:d8:23:da:b8:e2:f1:df:4b:b1:
01:ac:f9:c1:31:5a:48:86:b1:3b:68:7e:5b:ec:55:
79:27:fc:29:f4:21:9f:f8:47:12:ce:85:f1:ec:82:
50:17:2d:41:68:0d:dd:1e:9b:78:7f:e0:36:56:f2:
d0:7d:94:32:7a:5a:a9:b5:31:80:63:68:0d:8d:d0:
51:74:16:c6:e5:be:7c:b9:2e:7c:b9:8e:b8:4a:4c:
1b:df:a7:69:44:9d:cc:d4:5f:f2:b6:66:2a:b5:2e:
08:da:d4:23:05:7d:e1:4b:0b:67:d5:c8:69:ac:f7:
c4:c0:74:e1:6e:f2:d7:1c:17:20:3e:23:bd:42:ae:
3c:a3:43:d1:de:2a:c4:e3:cf:7e:77:3c:05:3c:37:
47:f4:b5:2d:fa:0e:89:99:03:0a:72:a7:a5:dd:af:
4f:b6:36:09:bb:63:c4:dc:a9:e2:ec:76:79:41:0c:
23:0a:da:42:f0:c8:69:fe:da:f7:16:64:3c:66:b1:
86:f4:f7:5c:e0:a8:b7:50:3d:cb:e3:67:9a:1d:43:
33:84:e0:c6:3a:7e:2c:d6:4c:0d:3f:54:4a:27:b8:
48:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:44:8B:D1:22:75:93:1F:47:CD:15:3D:24:A5:DA:7E:B7:3E:82:47
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/TUSL0SJ1kx9HzRU9JKXafrc-gkc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.132.59.0/24
185.129.108.0/23
185.220.236.0/22
Signature Algorithm: sha256WithRSAEncryption
8f:5b:8e:cc:bb:b9:7c:96:b2:01:06:2b:f0:d4:a7:a5:d2:ae:
6b:72:fe:ba:a5:28:0a:80:ec:d5:29:84:9a:9d:c8:a0:e3:e9:
46:07:bf:10:2b:ba:bc:af:b2:6e:2f:63:e7:b6:b0:dc:ee:43:
03:38:76:61:85:4a:a8:c1:06:a5:18:3e:f8:be:47:fb:47:16:
3c:7e:2b:a4:41:e1:a1:21:d0:c8:4d:39:e7:41:74:f4:88:20:
7d:aa:42:85:d7:37:34:84:48:0e:27:34:43:41:9e:0a:9b:fa:
59:b1:5c:68:77:2e:07:31:b2:c5:a5:9b:31:bd:23:47:b7:b9:
f1:01:51:43:de:92:26:5d:fa:11:5c:6a:91:7f:4d:a4:98:cc:
63:b6:ff:8d:5c:6a:fe:c2:b8:e2:11:38:b9:0b:30:dd:0e:d2:
20:bc:e0:26:9d:b6:d0:3c:ee:17:1f:5c:fa:38:e2:30:c6:76:
be:33:da:2e:cc:c1:1e:2d:4f:fb:ec:91:34:95:8b:55:6d:d8:
ff:09:bd:eb:21:08:7e:e2:5b:79:9a:3a:36:72:5b:bf:62:4f:
8a:20:39:71:1c:0e:f4:1b:56:82:d1:7c:59:60:60:cc:1b:a9:
87:0b:82:4e:4c:65:05:5e:5b:23:b4:56:7b:b2:cf:3c:20:8a:
5f:71:1b:77
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYPzO5aKxrEqZeACh14k3Yo9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIxMDIwMDIzMTUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ0OGJkMTIyNzU5MzFmNDdjZDE1M2QyNGE1ZGE3ZWI3M2U4MjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFIR4NM9SUkzWzhMiDP5lL90q58V
QXCPPtePplvNfx/5cdrYI9q44vHfS7EBrPnBMVpIhrE7aH5b7FV5J/wp9CGf+EcS
zoXx7IJQFy1BaA3dHpt4f+A2VvLQfZQyelqptTGAY2gNjdBRdBbG5b58uS58uY64
Skwb36dpRJ3M1F/ytmYqtS4I2tQjBX3hSwtn1chprPfEwHThbvLXHBcgPiO9Qq48
o0PR3irE489+dzwFPDdH9LUt+g6JmQMKcqel3a9PtjYJu2PE3Kni7HZ5QQwjCtpC
8Mhp/tr3FmQ8ZrGG9Pdc4Ki3UD3L42eaHUMzhODGOn4s1kwNP1RKJ7hIuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE1Ei9EidZMfR80VPSSl2n63PoJHMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVFVTTDBTSjFreDlIelJVOUpLWGFmcmMtZ2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW4Q7AwQB
uYFsAwQCudzsMA0GCSqGSIb3DQEBCwUAA4IBAQCPW47Mu7l8lrIBBivw1Kel0q5r
cv66pSgKgOzVKYSancig4+lGB78QK7q8r7JuL2PntrDc7kMDOHZhhUqowQalGD74
vkf7RxY8fiukQeGhIdDITTnnQXT0iCB9qkKF1zc0hEgOJzRDQZ4Km/pZsVxody4H
MbLFpZsxvSNHt7nxAVFD3pImXfoRXGqRf02kmMxjtv+NXGr+wrjiETi5CzDdDtIg
vOAmnbbQPO4XH1z6OOIwxna+M9ouzMEeLU/77JE0lYtVbdj/Cb3rIQh+4lt5mjo2
clu/Yk+KIDlxHA70G1aC0XxZYGDMG6mHC4JOTGUFXlsjtFZ7ss88IIpfcRt3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org