Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/cFPv9kjonGgufqP7KK3bEeISiZ0.roa
File: cFPv9kjonGgufqP7KK3bEeISiZ0.roa (raw, json)
Hash identifier: 1oAiBVXWND5w0SxuYPFyhZ1WHdhidbALwxj6EQ8nA0I=
Subject key identifier: 70:53:EF:F6:48:E8:9C:68:2E:7E:A3:FB:28:AD:DB:11:E2:12:89:9D
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0183238775D93CE82B5C52B712DE36263859
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/cFPv9kjonGgufqP7KK3bEeISiZ0.roa
Signing time: Fri 09 Sep 2022 18:33:43 +0000
ROA not before: Fri 09 Sep 2022 18:33:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.208.0/20 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.215.244.0/24 maxlen: 24
185.215.245.0/24 maxlen: 24
185.215.246.0/24 maxlen: 24
213.173.32.0/22 maxlen: 24
185.36.192.0/22 maxlen: 22
82.115.24.0/22 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:23:87:75:d9:3c:e8:2b:5c:52:b7:12:de:36:26:38:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Sep 9 18:33:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7053eff648e89c682e7ea3fb28addb11e212899d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:b4:04:de:c3:db:b4:af:09:15:a6:2f:5d:52:
e6:e5:fb:8a:62:2a:c5:0e:73:5f:3c:a0:a0:0b:34:
c7:84:ee:0c:ff:ea:d5:2f:f1:64:c6:ab:74:85:f6:
d6:a1:66:d5:b5:37:00:16:4b:25:31:65:d1:5c:ee:
ca:82:c7:03:09:59:7a:34:ab:8b:11:02:fc:5a:a5:
d9:a8:8f:2e:0d:3a:32:cb:aa:dc:98:3e:0f:69:00:
af:4c:8b:2b:2b:c0:5f:c5:f9:4e:45:8d:b2:2e:a7:
90:f3:e6:fe:7b:62:f0:d7:f5:08:3f:ba:b5:80:6d:
f8:07:e9:e2:26:9f:c9:73:0f:ba:b2:4a:9a:9d:91:
7f:e6:5a:9e:3b:cb:70:04:0e:44:a9:d6:bc:f9:0a:
32:97:f0:7b:c8:f1:20:1d:e7:ee:35:8b:0b:2e:52:
dc:bc:a0:3a:1c:b4:2e:9c:fd:2e:e5:a4:f4:c4:fb:
c5:f2:41:03:07:aa:ba:55:71:59:f7:79:47:02:a8:
21:c1:66:a0:1b:88:50:4f:f9:db:51:ab:6c:dd:2e:
65:51:3b:d3:6e:5b:5b:d1:52:d5:c6:cd:11:32:96:
15:87:03:1d:9c:59:a8:32:e1:2d:0d:62:83:77:dd:
88:77:af:4f:0e:a8:42:4d:56:c8:d3:81:71:08:31:
ed:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:53:EF:F6:48:E8:9C:68:2E:7E:A3:FB:28:AD:DB:11:E2:12:89:9D
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/cFPv9kjonGgufqP7KK3bEeISiZ0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
82.115.24.0/22
185.36.192.0/22
185.129.108.0/22
185.215.244.0-185.215.246.255
185.220.236.0/22
188.209.155.0/24
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
c7:1d:5f:23:49:d4:ec:34:f2:8f:84:2c:ee:2a:2e:5e:fb:a2:
87:9a:6d:43:b7:95:3a:9c:bf:77:a8:cc:75:f0:25:e2:75:65:
26:60:a3:96:7f:26:42:b0:09:c5:47:ca:7e:c0:b0:84:e6:9e:
84:dd:71:24:ff:95:f4:7c:23:71:0a:76:cc:70:0f:71:14:1d:
e0:8f:e4:61:72:da:a3:31:44:59:d3:15:9a:ee:ad:4f:81:3e:
8c:69:90:95:f4:72:6d:c9:e5:cb:64:f9:e2:dd:90:52:70:18:
73:89:fd:05:66:0a:01:d9:2f:26:45:0a:a5:12:5a:eb:42:c7:
42:60:51:1a:d4:12:f8:2b:be:cb:2a:b4:10:8f:43:ff:2e:b5:
6a:e5:cf:e0:1b:d6:4b:d6:22:aa:3d:1c:d1:cb:0f:b7:3c:0a:
95:b0:c9:48:b6:20:e2:6c:1b:bc:66:4d:7e:97:61:06:28:78:
89:11:2d:93:bd:e8:28:a8:1b:d5:18:03:f1:89:8e:52:d5:df:
ab:ad:d3:87:5a:e1:f6:e6:06:70:9d:32:fd:c1:0d:14:95:8a:
d6:03:fb:f6:3f:5e:ff:5e:f7:59:1b:1b:2f:4e:13:82:c1:29:
e4:c9:ce:d0:fc:1b:55:08:80:d3:e4:33:8a:7b:9b:54:fc:6a:
d9:61:71:bc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYMjh3XZPOgrXFK3Et42JjhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIwOTA5MTgzMzQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDUzZWZmNjQ4ZTg5YzY4MmU3ZWEzZmIyOGFkZGIxMWUyMTI4OTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07QE3sPbtK8JFaYvXVLm5fuKYirF
DnNfPKCgCzTHhO4M/+rVL/Fkxqt0hfbWoWbVtTcAFkslMWXRXO7KgscDCVl6NKuL
EQL8WqXZqI8uDToyy6rcmD4PaQCvTIsrK8BfxflORY2yLqeQ8+b+e2Lw1/UIP7q1
gG34B+niJp/Jcw+6skqanZF/5lqeO8twBA5Eqda8+Qoyl/B7yPEgHefuNYsLLlLc
vKA6HLQunP0u5aT0xPvF8kEDB6q6VXFZ93lHAqghwWagG4hQT/nbUats3S5lUTvT
bltb0VLVxs0RMpYVhwMdnFmoMuEtDWKDd92Id69PDqhCTVbI04FxCDHtHQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHBT7/ZI6JxoLn6j+yit2xHiEomdMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvY0ZQdjlram9uR2d1ZnFQN0tLM2JFZUlTaVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQEBSLQAwQC
UnMYAwQCuSTAAwQCuYFsMAwDBAK51/QDBAC51/YDBAK53OwDBAC80ZsDBALVrSAw
DQYJKoZIhvcNAQELBQADggEBAMcdXyNJ1Ow08o+ELO4qLl77ooeabUO3lTqcv3eo
zHXwJeJ1ZSZgo5Z/JkKwCcVHyn7AsITmnoTdcST/lfR8I3EKdsxwD3EUHeCP5GFy
2qMxRFnTFZrurU+BPoxpkJX0cm3J5ctk+eLdkFJwGHOJ/QVmCgHZLyZFCqUSWutC
x0JgURrUEvgrvssqtBCPQ/8utWrlz+Ab1kvWIqo9HNHLD7c8CpWwyUi2IOJsG7xm
TX6XYQYoeIkRLZO96CioG9UYA/GJjlLV36ut04da4fbmBnCdMv3BDRSVitYD+/Y/
Xv9e91kbGy9OE4LBKeTJztD8G1UIgNPkM4p7m1T8atlhcbw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org