Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/W5puCeQGEFHIBmODFp0a-2WyYiE.roa
File: W5puCeQGEFHIBmODFp0a-2WyYiE.roa (raw, json)
Hash identifier: d3UwxTxKd2JNZuBnZkTjepRiAaBxxIW9eUrZgnUSPqU=
Subject key identifier: 5B:9A:6E:09:E4:06:10:51:C8:06:63:83:16:9D:1A:FB:65:B2:62:21
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018412E1B559FD94A0D1F81006A845D37F5B
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/W5puCeQGEFHIBmODFp0a-2WyYiE.roa
Signing time: Wed 26 Oct 2022 06:01:32 +0000
ROA not before: Wed 26 Oct 2022 06:01:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.215.244.0/23 maxlen: 24
185.234.144.0/22 maxlen: 24
213.173.32.0/22 maxlen: 24
185.129.108.0/22 maxlen: 24
188.214.236.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:12:e1:b5:59:fd:94:a0:d1:f8:10:06:a8:45:d3:7f:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 26 06:01:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5b9a6e09e4061051c8066383169d1afb65b26221
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:75:8e:f0:fd:ad:78:c1:3f:09:f8:c3:b6:29:
da:de:b6:3a:cf:67:ef:16:dc:cc:e0:5b:01:ae:f0:
d4:2b:54:f5:77:03:0c:14:27:c5:0c:08:1f:d5:ba:
d3:74:ea:20:90:dd:5d:52:25:ea:37:f5:cf:3e:f6:
4c:b1:bf:1a:a1:9b:02:79:11:6d:5d:6f:18:bb:4d:
12:8e:e3:59:1b:14:c3:a6:07:3a:ed:3f:18:01:06:
95:83:92:45:0c:14:ee:d8:4a:3f:be:6a:3a:43:25:
7f:55:e0:64:fb:a9:b3:92:a0:09:23:a5:d7:2b:aa:
0f:23:19:74:a2:3c:c3:0e:30:a5:f4:0b:c7:a6:a6:
fb:25:72:27:23:3e:5c:9f:6b:34:a6:44:12:2c:49:
ba:90:74:79:80:3a:7b:67:d9:4d:11:21:83:2a:f1:
15:d0:4c:ba:12:4e:62:3f:f6:82:84:21:60:a4:b5:
72:59:d2:51:95:b1:67:10:af:fa:7e:9d:f7:c0:de:
58:97:79:56:8a:81:1d:0c:9d:c0:bd:3b:46:3b:22:
4d:8a:c2:ea:e4:7d:2a:f6:a5:5d:65:64:ed:8c:b4:
d2:77:0c:ba:60:46:33:c3:b9:1d:7b:43:c1:e6:9a:
7a:e9:8c:02:0f:7d:d6:ab:1d:ca:61:9c:7d:30:3e:
7c:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:9A:6E:09:E4:06:10:51:C8:06:63:83:16:9D:1A:FB:65:B2:62:21
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/W5puCeQGEFHIBmODFp0a-2WyYiE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
185.129.108.0/22
185.215.244.0/23
185.220.236.0/22
185.234.144.0/22
188.209.155.0/24
188.214.236.0/22
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
4b:07:a1:fb:63:43:9b:1f:2e:10:be:64:dc:ff:4c:3c:b1:c6:
0c:28:1d:e0:e6:e7:c7:87:88:70:13:9f:c8:97:e3:eb:ef:6c:
10:02:a8:6e:af:58:3c:f1:bd:5c:66:38:9f:fe:00:23:83:13:
aa:d9:d6:b8:2f:6b:6f:b3:1c:17:5c:4e:2d:89:71:a5:6e:8d:
fd:b9:35:8b:e0:ae:85:5f:6d:53:c9:89:be:c2:ee:2d:0a:6e:
1f:42:f4:19:51:a6:ce:bc:80:2a:b5:2d:6d:7c:78:1f:1e:c2:
1d:b3:4e:80:a4:d5:40:06:72:f8:58:13:74:e1:34:1a:1c:71:
0d:76:34:ef:c7:7a:94:83:41:8d:63:08:7b:18:03:fe:a3:da:
88:fb:7b:ec:32:b0:6f:6a:c5:97:13:9b:ba:3e:fc:6a:1b:5b:
b9:88:79:ad:fc:5e:d7:24:1d:bd:a6:b6:c7:1f:d2:95:6a:f4:
82:78:6d:0a:d0:86:d4:67:f5:37:1b:fa:ca:16:75:0d:5d:4f:
be:3c:50:40:7d:a7:8a:2f:f9:1d:90:d4:69:9b:b6:00:93:65:
56:fb:7a:d1:fa:3e:c5:ef:3b:51:d6:df:e7:e9:19:c8:87:fd:
82:37:65:f5:2f:b2:06:8b:d9:7b:48:ae:a2:7c:3c:c4:24:d0:
89:9f:25:4b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYQS4bVZ/ZSg0fgQBqhF039bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIxMDI2MDYwMTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjlhNmUwOWU0MDYxMDUxYzgwNjYzODMxNjlkMWFmYjY1YjI2MjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnWO8P2teME/CfjDtina3rY6z2fv
FtzM4FsBrvDUK1T1dwMMFCfFDAgf1brTdOogkN1dUiXqN/XPPvZMsb8aoZsCeRFt
XW8Yu00SjuNZGxTDpgc67T8YAQaVg5JFDBTu2Eo/vmo6QyV/VeBk+6mzkqAJI6XX
K6oPIxl0ojzDDjCl9AvHpqb7JXInIz5cn2s0pkQSLEm6kHR5gDp7Z9lNESGDKvEV
0Ey6Ek5iP/aChCFgpLVyWdJRlbFnEK/6fp33wN5Yl3lWioEdDJ3AvTtGOyJNisLq
5H0q9qVdZWTtjLTSdwy6YEYzw7kde0PB5pp66YwCD33Wqx3KYZx9MD58cQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFuabgnkBhBRyAZjgxadGvtlsmIhMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVzVwdUNlUUdFRkhJQm1PREZwMGEtMld5WWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBSLQAwQC
uYFsAwQBudf0AwQCudzsAwQCueqQAwQAvNGbAwQCvNbsAwQC1a0gMA0GCSqGSIb3
DQEBCwUAA4IBAQBLB6H7Y0ObHy4QvmTc/0w8scYMKB3g5ufHh4hwE5/Il+Pr72wQ
Aqhur1g88b1cZjif/gAjgxOq2da4L2tvsxwXXE4tiXGlbo39uTWL4K6FX21TyYm+
wu4tCm4fQvQZUabOvIAqtS1tfHgfHsIds06ApNVABnL4WBN04TQaHHENdjTvx3qU
g0GNYwh7GAP+o9qI+3vsMrBvasWXE5u6PvxqG1u5iHmt/F7XJB29prbHH9KVavSC
eG0K0IbUZ/U3G/rKFnUNXU++PFBAfaeKL/kdkNRpm7YAk2VW+3rR+j7F7ztR1t/n
6RnIh/2CN2X1L7IGi9l7SK6ifDzEJNCJnyVL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org