Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/f7YQzg-OoSH2JApTnhcY3NH3ZAU.roa
File: f7YQzg-OoSH2JApTnhcY3NH3ZAU.roa (raw, json)
Hash identifier: nEidWhVIUiKlXS8geUINdV1drk2qVDQMw7HgoHWYbu8=
Subject key identifier: 7F:B6:10:CE:0F:8E:A1:21:F6:24:0A:53:9E:17:18:DC:D1:F7:64:05
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01836978104E8A750A32787BCA48453515A6
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/f7YQzg-OoSH2JApTnhcY3NH3ZAU.roa
Signing time: Fri 23 Sep 2022 08:30:19 +0000
ROA not before: Fri 23 Sep 2022 08:30:19 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60808
IP address blocks: 85.8.164.0/22 maxlen: 24
5.34.208.0/20 maxlen: 24
188.253.96.0/19 maxlen: 24
185.215.246.0/24 maxlen: 24
45.137.180.0/22 maxlen: 24
193.36.84.0/23 maxlen: 23
185.36.192.0/22 maxlen: 24
2a05:ec80::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:69:78:10:4e:8a:75:0a:32:78:7b:ca:48:45:35:15:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Sep 23 08:30:19 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7fb610ce0f8ea121f6240a539e1718dcd1f76405
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:21:93:bb:89:2f:b1:6c:8b:1d:74:fc:4a:0f:
67:2f:37:76:ec:d7:fb:34:5b:0d:0d:39:3a:d3:f1:
47:77:47:97:ee:1a:bc:af:6f:cb:52:c1:c1:c4:dc:
b1:66:77:da:1d:93:9f:5b:11:8e:e5:cf:8c:d3:6f:
b1:da:b4:9b:81:eb:89:91:1b:57:a8:8b:92:5d:0c:
e7:c5:dd:bd:84:1e:a7:0c:96:f2:fc:2d:07:ed:0d:
aa:3e:b4:c7:5b:97:93:fc:e4:23:d4:e1:32:64:b9:
d3:2d:25:15:48:2e:d0:92:3c:a4:ed:6e:ba:73:4e:
61:34:a4:15:58:20:9f:44:6d:d6:f4:02:4f:f9:b7:
2c:94:4e:d9:2f:d6:fd:ed:36:3f:93:5a:2c:48:e9:
be:3b:28:b9:7e:64:2b:1c:18:03:3f:b3:d8:e2:42:
69:fa:94:72:fa:65:24:4c:40:52:c7:5d:37:6a:ad:
83:31:e7:f8:d3:ae:61:68:60:b5:59:54:16:2d:12:
0d:35:66:db:58:90:06:57:75:99:e1:39:8a:9a:13:
df:56:90:0d:31:33:d2:d2:c1:0f:c2:64:59:ee:a6:
0c:91:30:48:f7:a9:9c:1f:5a:25:20:74:d3:87:55:
1d:a5:81:39:e1:7f:b3:b3:ab:46:e4:84:3c:00:1b:
20:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:B6:10:CE:0F:8E:A1:21:F6:24:0A:53:9E:17:18:DC:D1:F7:64:05
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/f7YQzg-OoSH2JApTnhcY3NH3ZAU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
45.137.180.0/22
85.8.164.0/22
185.36.192.0/22
185.215.246.0/24
188.253.96.0/19
193.36.84.0/23
IPv6:
2a05:ec80::/29
Signature Algorithm: sha256WithRSAEncryption
7c:3f:51:fc:6f:ad:5c:d2:99:e5:86:d4:39:e0:66:1b:53:f2:
9b:62:40:c5:5d:2b:a9:51:b1:9c:1c:27:20:16:fe:75:2f:88:
8d:22:b6:cd:2e:b4:3b:f0:25:26:d1:83:9f:75:ed:fd:8e:22:
92:13:2c:39:d6:0a:e0:8c:0d:cd:bf:54:e5:eb:3d:3d:a1:05:
ea:96:41:b4:f7:50:c5:fa:01:63:bd:93:67:55:f9:19:9c:5e:
cf:08:c9:5a:64:83:86:62:75:07:75:23:7b:10:53:36:f2:3e:
7e:cd:17:13:f0:9a:d0:56:ed:f3:7d:9d:a0:d3:9f:9b:cc:4d:
d1:f9:d7:eb:0a:25:82:96:8c:fe:a7:52:36:ac:0b:93:6e:ed:
8b:9b:7d:6e:ca:86:b8:19:dc:1f:7d:55:14:a2:5f:71:0e:22:
4f:45:cd:90:f2:b5:cf:49:6a:6f:a2:2f:52:b2:1b:62:51:48:
8b:2f:be:78:36:4d:56:87:68:f6:2c:ef:40:58:73:13:55:e7:
9b:22:68:65:ae:b0:f8:0a:55:39:49:90:02:76:b3:c4:a5:39:
1a:ae:8d:08:eb:64:12:d2:da:14:bc:8a:9b:48:99:79:d8:65:
59:79:2e:36:6a:1c:9d:36:a8:7a:26:52:17:15:8f:9d:45:e6:
6b:9d:10:cb
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYNpeBBOinUKMnh7ykhFNRWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIwOTIzMDgzMDE5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmI2MTBjZTBmOGVhMTIxZjYyNDBhNTM5ZTE3MThkY2QxZjc2NDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriGTu4kvsWyLHXT8Sg9nLzd27Nf7
NFsNDTk60/FHd0eX7hq8r2/LUsHBxNyxZnfaHZOfWxGO5c+M02+x2rSbgeuJkRtX
qIuSXQznxd29hB6nDJby/C0H7Q2qPrTHW5eT/OQj1OEyZLnTLSUVSC7Qkjyk7W66
c05hNKQVWCCfRG3W9AJP+bcslE7ZL9b97TY/k1osSOm+Oyi5fmQrHBgDP7PY4kJp
+pRy+mUkTEBSx103aq2DMef4065haGC1WVQWLRINNWbbWJAGV3WZ4TmKmhPfVpAN
MTPS0sEPwmRZ7qYMkTBI96mcH1olIHTTh1UdpYE54X+zs6tG5IQ8ABsgJQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFH+2EM4PjqEh9iQKU54XGNzR92QFMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvZjdZUXpnLU9vU0gySkFwVG5oY1kzTkgzWkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEBSLQAwQC
LYm0AwQCVQikAwQCuSTAAwQAudf2AwQFvP1gAwQBwSRUMA0EAgACMAcDBQMqBeyA
MA0GCSqGSIb3DQEBCwUAA4IBAQB8P1H8b61c0pnlhtQ54GYbU/KbYkDFXSupUbGc
HCcgFv51L4iNIrbNLrQ78CUm0YOfde39jiKSEyw51grgjA3Nv1Tl6z09oQXqlkG0
91DF+gFjvZNnVfkZnF7PCMlaZIOGYnUHdSN7EFM28j5+zRcT8JrQVu3zfZ2g05+b
zE3R+dfrCiWCloz+p1I2rAuTbu2Lm31uyoa4GdwffVUUol9xDiJPRc2Q8rXPSWpv
oi9SshtiUUiLL754Nk1Wh2j2LO9AWHMTVeebImhlrrD4ClU5SZACdrPEpTkaro0I
62QS0toUvIqbSJl52GVZeS42ahydNqh6JlIXFY+dReZrnRDL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org