Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/WpV9tRbjPP79ErEvAPz3EBHYabs.roa
File: WpV9tRbjPP79ErEvAPz3EBHYabs.roa (raw, json)
Hash identifier: 4LK/cFC58f2egf0pwNDBOgWzA6ui/4jJn1Bo9HFaGsU=
Subject key identifier: 5A:95:7D:B5:16:E3:3C:FE:FD:12:B1:2F:00:FC:F7:10:11:D8:69:BB
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0183F33B9550A8D53952208355F20B64686C
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/WpV9tRbjPP79ErEvAPz3EBHYabs.roa
Signing time: Thu 20 Oct 2022 02:31:51 +0000
ROA not before: Thu 20 Oct 2022 02:31:51 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.215.244.0/23 maxlen: 24
185.234.144.0/22 maxlen: 24
213.173.32.0/22 maxlen: 24
185.129.108.0/22 maxlen: 24
188.214.236.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:f3:3b:95:50:a8:d5:39:52:20:83:55:f2:0b:64:68:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 20 02:31:51 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5a957db516e33cfefd12b12f00fcf71011d869bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:e6:af:ef:3c:70:74:cf:39:1d:0d:98:6d:06:
3f:c2:1b:7b:c8:51:79:b1:60:7d:01:e1:f1:14:bd:
8f:43:e4:8b:fc:10:09:a8:39:0e:ff:53:e6:28:87:
dd:3b:50:a2:2f:7b:4f:3a:22:95:6d:b9:3d:ba:da:
bc:bb:e7:1f:c5:3e:5d:3b:0a:26:70:9c:53:dc:fd:
80:70:65:fc:f9:47:b4:77:c8:cf:e9:d3:8b:7b:09:
43:4a:49:59:b7:a0:8b:46:f1:fa:3b:b2:15:ed:6f:
fc:35:20:1d:19:17:5c:56:d7:6c:cb:82:c4:0d:4f:
f1:da:16:86:96:de:a2:a4:36:5a:cf:88:2d:1f:fb:
08:76:37:dc:27:47:9a:8d:46:05:f3:2c:88:91:bf:
d3:c9:f0:c3:02:80:1c:26:82:c7:5e:c5:eb:db:21:
16:52:2f:d5:b1:b7:e4:9d:f2:d2:f3:10:77:bf:d6:
4e:29:2d:49:69:26:39:1d:eb:40:b7:aa:89:9d:5e:
5f:0d:28:c4:b5:0a:f2:6a:07:52:06:65:48:99:ac:
84:96:8b:f3:3c:c7:a7:0c:26:f0:1e:24:51:a9:43:
d0:26:08:55:44:68:df:76:9e:5e:f0:9a:32:55:01:
2f:db:b4:82:7f:35:d4:3c:17:ab:13:90:4a:16:1d:
6c:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:95:7D:B5:16:E3:3C:FE:FD:12:B1:2F:00:FC:F7:10:11:D8:69:BB
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/WpV9tRbjPP79ErEvAPz3EBHYabs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
185.129.108.0/22
185.215.244.0/23
185.220.236.0/22
185.234.144.0/22
188.209.155.0/24
188.214.236.0/22
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
96:1f:19:a2:f4:fd:58:4f:e1:19:cb:41:9d:97:00:01:1d:b2:
f6:d5:53:2e:2f:25:e0:49:b0:2d:47:f4:dd:7f:e0:fe:0e:cc:
e0:18:7b:9d:c3:00:5e:ef:c1:ec:56:aa:8a:55:eb:c8:cb:e1:
9b:75:66:85:c3:6d:04:87:69:81:8a:20:e7:f8:8a:d8:9a:8e:
1d:ce:73:11:d1:56:50:8f:e7:c5:eb:6d:86:d4:de:42:bb:d2:
bc:16:19:f7:93:80:9a:25:a2:f8:17:db:00:cc:43:62:15:d0:
4a:31:09:63:32:b7:a1:1e:23:da:98:42:b2:46:d8:66:10:71:
0a:a9:00:d8:b2:f3:69:81:3d:bc:97:3a:e1:52:f2:35:93:4e:
47:d0:ea:14:de:85:4a:6a:fc:7c:4e:5c:0c:88:79:db:38:c7:
a0:97:c1:ae:f2:07:10:17:79:a5:a2:57:92:f7:a1:1e:47:1f:
0c:71:64:9f:ac:c9:d9:9f:31:28:4e:fc:8a:ff:c6:d6:5f:21:
a1:12:63:e8:ce:91:51:b8:4b:57:3a:3b:92:48:09:90:b1:46:
c7:b1:e5:2a:b5:e0:34:3d:87:f8:bd:c4:1c:f3:f4:3b:75:a8:
09:93:ae:c6:1a:fe:b5:cb:ce:35:2e:7c:9b:19:bb:f9:f6:86:
d1:e7:68:2d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYPzO5VQqNU5UiCDVfILZGhsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIxMDIwMDIzMTUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTk1N2RiNTE2ZTMzY2ZlZmQxMmIxMmYwMGZjZjcxMDExZDg2OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+av7zxwdM85HQ2YbQY/wht7yFF5
sWB9AeHxFL2PQ+SL/BAJqDkO/1PmKIfdO1CiL3tPOiKVbbk9utq8u+cfxT5dOwom
cJxT3P2AcGX8+Ue0d8jP6dOLewlDSklZt6CLRvH6O7IV7W/8NSAdGRdcVtdsy4LE
DU/x2haGlt6ipDZaz4gtH/sIdjfcJ0eajUYF8yyIkb/TyfDDAoAcJoLHXsXr2yEW
Ui/VsbfknfLS8xB3v9ZOKS1JaSY5HetAt6qJnV5fDSjEtQryagdSBmVImayElovz
PMenDCbwHiRRqUPQJghVRGjfdp5e8JoyVQEv27SCfzXUPBerE5BKFh1shwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFqVfbUW4zz+/RKxLwD89xAR2Gm7MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvV3BWOXRSYmpQUDc5RXJFdkFQejNFQkhZYWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBSLQAwQC
uYFsAwQBudf0AwQCudzsAwQCueqQAwQAvNGbAwQCvNbsAwQC1a0gMA0GCSqGSIb3
DQEBCwUAA4IBAQCWHxmi9P1YT+EZy0GdlwABHbL21VMuLyXgSbAtR/Tdf+D+Dszg
GHudwwBe78HsVqqKVevIy+GbdWaFw20Eh2mBiiDn+IrYmo4dznMR0VZQj+fF622G
1N5Cu9K8Fhn3k4CaJaL4F9sAzENiFdBKMQljMrehHiPamEKyRthmEHEKqQDYsvNp
gT28lzrhUvI1k05H0OoU3oVKavx8TlwMiHnbOMegl8Gu8gcQF3mloleS96EeRx8M
cWSfrMnZnzEoTvyK/8bWXyGhEmPozpFRuEtXOjuSSAmQsUbHseUqteA0PYf4vcQc
8/Q7dagJk67GGv61y841LnybGbv59obR52gt
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org