Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/k4RtRY44Ul2QtQ6Knz2QttUn4hw.roa
File: k4RtRY44Ul2QtQ6Knz2QttUn4hw.roa (raw, json)
Hash identifier: lPwOLhLfgUn7ew/uWgwyRxfkvqkmV2u3nEdSOw/t1P4=
Subject key identifier: 93:84:6D:45:8E:38:52:5D:90:B5:0E:8A:9F:3D:90:B6:D5:27:E2:1C
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018B63ABAA16204A888B4F2F70A519517086
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/k4RtRY44Ul2QtQ6Knz2QttUn4hw.roa
Signing time: Tue 24 Oct 2023 21:51:16 +0000
ROA not before: Tue 24 Oct 2023 21:51:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.216.0/21 maxlen: 21
185.151.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:63:ab:aa:16:20:4a:88:8b:4f:2f:70:a5:19:51:70:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 24 21:51:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=93846d458e38525d90b50e8a9f3d90b6d527e21c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:07:f9:e9:9f:36:04:b2:90:16:f6:ce:0b:c9:
d2:4b:97:a0:c3:67:5b:fa:16:ed:e5:93:76:85:fb:
e8:96:a1:2f:3b:cb:f9:11:fa:32:20:1d:3c:cd:56:
12:8d:01:e1:1f:c0:76:a9:84:10:ef:0c:41:0f:30:
af:63:70:2b:cf:2b:f5:29:f6:d6:2f:dc:10:b5:b1:
3d:c5:ec:04:4a:8e:db:8e:90:91:56:9a:89:63:4a:
a4:54:41:76:01:ff:f0:8b:b3:59:57:b0:3b:8c:c1:
e6:60:bd:89:b7:cb:b9:4f:70:a8:e1:e5:b3:2a:57:
60:4a:fd:19:cb:4e:41:7b:0b:e0:4e:e6:f6:1e:3a:
61:4a:db:0e:7a:fd:65:08:2e:6b:05:f8:b2:c8:d2:
5b:d3:2c:49:a0:22:47:fe:f6:a9:1b:db:d5:48:0e:
ae:9d:45:60:ea:6e:18:f1:02:f7:d0:79:fe:98:2c:
e9:51:40:6f:2d:e1:42:c1:cc:b1:90:2d:6a:ef:15:
53:42:f0:b5:71:3b:ce:90:a7:31:c8:c5:53:e8:95:
32:ff:ae:94:1f:8d:3f:67:50:d7:84:b7:01:cf:72:
56:db:5c:86:7e:77:5e:e4:87:f0:b3:5a:57:a9:80:
ac:45:9f:a7:23:3f:bd:7d:f8:40:2c:ec:21:fb:5b:
e0:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:84:6D:45:8E:38:52:5D:90:B5:0E:8A:9F:3D:90:B6:D5:27:E2:1C
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/k4RtRY44Ul2QtQ6Knz2QttUn4hw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.216.0/21
185.151.236.0/22
188.209.155.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:c0:c9:71:9e:e9:eb:6e:b8:82:35:bb:ee:e7:03:2d:43:2f:
01:e4:8a:a4:f6:46:09:91:02:77:11:af:d8:1c:38:86:a2:c6:
bc:b0:3e:54:fc:b6:d8:63:54:fe:d9:e1:af:4a:a5:56:3a:80:
57:0c:93:ad:8e:9b:81:61:d3:15:c9:e3:fa:54:44:60:4c:80:
f3:04:c9:e0:e1:b2:7f:04:80:12:19:87:bc:59:54:f1:0e:60:
b2:b6:cc:92:df:b7:49:d5:e3:d8:12:d3:50:2e:14:2a:e4:5d:
61:01:66:7b:10:6b:8c:bd:ee:78:3d:20:e1:bb:84:cb:cc:ad:
b6:27:b7:31:e9:35:5a:25:85:eb:af:7c:be:63:87:a5:9a:f0:
5f:e2:70:1f:9c:f6:04:66:16:83:e6:f0:25:24:b1:74:38:ea:
5d:62:c6:0d:05:07:50:2b:e6:f5:64:5d:68:c0:93:b5:05:9e:
ef:d9:97:92:00:1a:a8:bf:87:a1:26:71:c2:c0:50:4e:84:e8:
1b:dc:db:e4:a1:c3:5f:bf:c7:2a:54:13:26:64:9d:d5:78:e5:
9d:c5:a6:65:56:24:40:c4:5a:5f:d8:93:c7:c5:92:fc:02:6f:
0c:21:7d:32:61:44:b7:b2:af:44:17:a8:cd:cc:a9:22:4a:9f:
30:e7:0d:3e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYtjq6oWIEqIi08vcKUZUXCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMxMDI0MjE1MTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzg0NmQ0NThlMzg1MjVkOTBiNTBlOGE5ZjNkOTBiNmQ1MjdlMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAf56Z82BLKQFvbOC8nSS5egw2db
+hbt5ZN2hfvolqEvO8v5EfoyIB08zVYSjQHhH8B2qYQQ7wxBDzCvY3Arzyv1KfbW
L9wQtbE9xewESo7bjpCRVpqJY0qkVEF2Af/wi7NZV7A7jMHmYL2Jt8u5T3Co4eWz
KldgSv0Zy05BewvgTub2HjphStsOev1lCC5rBfiyyNJb0yxJoCJH/vapG9vVSA6u
nUVg6m4Y8QL30Hn+mCzpUUBvLeFCwcyxkC1q7xVTQvC1cTvOkKcxyMVT6JUy/66U
H40/Z1DXhLcBz3JW21yGfnde5Ifws1pXqYCsRZ+nIz+9ffhALOwh+1vgvQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJOEbUWOOFJdkLUOip89kLbVJ+IcMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvazRSdFJZNDRVbDJRdFE2S256MlF0dFVuNGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBSLYAwQC
uZfsAwQAvNGbMA0GCSqGSIb3DQEBCwUAA4IBAQA/wMlxnunrbriCNbvu5wMtQy8B
5Iqk9kYJkQJ3Ea/YHDiGosa8sD5U/LbYY1T+2eGvSqVWOoBXDJOtjpuBYdMVyeP6
VERgTIDzBMng4bJ/BIASGYe8WVTxDmCytsyS37dJ1ePYEtNQLhQq5F1hAWZ7EGuM
ve54PSDhu4TLzK22J7cx6TVaJYXrr3y+Y4elmvBf4nAfnPYEZhaD5vAlJLF0OOpd
YsYNBQdQK+b1ZF1owJO1BZ7v2ZeSABqov4ehJnHCwFBOhOgb3NvkocNfv8cqVBMm
ZJ3VeOWdxaZlViRAxFpf2JPHxZL8Am8MIX0yYUS3sq9EF6jNzKkiSp8w5w0+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org