Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qFTYgOIPGgM247ItpMwYKQ_FrXs.roa
File: qFTYgOIPGgM247ItpMwYKQ_FrXs.roa (raw, json)
Hash identifier: TDYZI/V0AJhE4EromeBWw4I/biXoSvZ/Ws2nDgjtIF4=
Subject key identifier: A8:54:D8:80:E2:0F:1A:03:36:E3:B2:2D:A4:CC:18:29:0F:C5:AD:7B
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01821B99F9710C9487582319E21D3679EFF6
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qFTYgOIPGgM247ItpMwYKQ_FrXs.roa
Signing time: Wed 20 Jul 2022 12:34:11 +0000
ROA not before: Wed 20 Jul 2022 12:34:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 185.220.236.0/22 maxlen: 24
45.146.240.0/23 maxlen: 24
45.146.242.0/23 maxlen: 24
213.173.32.0/22 maxlen: 24
185.129.116.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:1b:99:f9:71:0c:94:87:58:23:19:e2:1d:36:79:ef:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jul 20 12:34:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a854d880e20f1a0336e3b22da4cc18290fc5ad7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:63:6b:b2:cb:96:43:f4:70:50:f4:af:ff:99:
29:bf:c7:eb:02:61:dd:be:65:09:60:19:f7:f2:cd:
ff:8a:a6:ba:e5:7c:3f:85:aa:c9:42:4e:79:05:95:
7d:92:a2:86:da:fb:bc:bf:8d:c0:31:fb:6a:82:c2:
3d:26:15:3e:a1:21:49:55:37:84:ec:e3:b8:a9:6f:
1b:e3:22:62:da:eb:88:8e:97:ac:5d:8e:9d:78:6c:
b2:54:e9:f8:d4:41:4d:2b:ca:94:0f:a4:bc:5e:05:
21:a9:a5:07:29:45:65:e5:92:ea:e4:dc:63:b6:57:
be:e7:1e:c7:68:0e:92:df:b7:fa:2e:f7:a7:7e:ee:
4b:0f:c5:43:0b:8e:b9:0e:2c:d0:95:f9:68:ab:57:
1b:fc:b1:a6:28:2a:fc:11:12:8e:28:fe:8e:f5:a1:
cd:07:dc:fe:9f:5a:31:3f:93:d3:38:c4:ef:04:d2:
21:5e:e1:60:38:58:2d:d6:03:88:7b:a1:b5:e2:19:
4e:ef:52:ad:42:87:83:aa:39:2d:5e:7d:68:2c:33:
d2:fc:9b:14:be:3b:f3:50:9e:f9:4b:09:21:3d:90:
35:3c:6e:1e:62:09:0e:32:2e:e0:41:ad:91:74:4a:
8a:79:29:04:e9:01:1e:50:57:44:43:e9:27:6a:e3:
0a:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:54:D8:80:E2:0F:1A:03:36:E3:B2:2D:A4:CC:18:29:0F:C5:AD:7B
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qFTYgOIPGgM247ItpMwYKQ_FrXs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.240.0/22
185.129.116.0/22
185.220.236.0/22
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
37:7c:1d:25:b6:be:cf:0b:50:6e:a6:db:90:31:52:af:65:eb:
f1:d4:27:92:1f:91:da:5d:d5:c3:7c:96:49:46:2b:a8:d4:9e:
bf:5b:a2:04:70:7a:40:09:41:6c:91:56:58:41:35:c2:10:eb:
64:78:62:32:36:39:2a:a1:5c:98:a5:31:c7:26:1e:3e:c6:c6:
a4:f1:9a:69:73:3b:ca:15:94:4d:aa:61:a8:07:f4:a7:a0:da:
97:5e:e4:7f:ed:80:e0:04:11:27:a3:a4:cd:6f:3a:9b:d1:48:
6e:c2:40:69:02:7f:33:5f:a9:63:7d:b3:90:c4:87:cd:ac:34:
44:4a:52:43:e2:b6:ce:fa:6b:6f:d9:7a:d8:a0:50:b6:28:f8:
db:eb:8d:93:0b:cb:5c:cd:25:d2:81:80:f0:42:21:6a:53:33:
08:6c:f8:e1:f3:4b:2b:0f:5d:d8:a7:3a:5d:2d:6e:5a:ce:c4:
cd:84:d8:08:9d:ea:42:59:21:db:72:a9:aa:a9:3d:8b:67:53:
7a:11:51:f2:5d:f3:4d:ac:a1:17:a1:4d:31:5c:1e:f1:43:27:
63:fc:19:d9:eb:9f:e4:3d:ff:c1:12:c8:c5:0a:bc:c6:7f:1f:
41:f2:66:01:a1:bb:20:99:b5:d7:bf:36:fb:81:31:20:bb:dd:
2b:7c:00:75
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYIbmflxDJSHWCMZ4h02ee/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIwNzIwMTIzNDExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODU0ZDg4MGUyMGYxYTAzMzZlM2IyMmRhNGNjMTgyOTBmYzVhZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2NrssuWQ/RwUPSv/5kpv8frAmHd
vmUJYBn38s3/iqa65Xw/harJQk55BZV9kqKG2vu8v43AMftqgsI9JhU+oSFJVTeE
7OO4qW8b4yJi2uuIjpesXY6deGyyVOn41EFNK8qUD6S8XgUhqaUHKUVl5ZLq5Nxj
tle+5x7HaA6S37f6Lvenfu5LD8VDC465DizQlfloq1cb/LGmKCr8ERKOKP6O9aHN
B9z+n1oxP5PTOMTvBNIhXuFgOFgt1gOIe6G14hlO71KtQoeDqjktXn1oLDPS/JsU
vjvzUJ75SwkhPZA1PG4eYgkOMi7gQa2RdEqKeSkE6QEeUFdEQ+knauMKtwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKhU2IDiDxoDNuOyLaTMGCkPxa17MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvcUZUWWdPSVBHZ00yNDdJdHBNd1lLUV9GclhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLZLwAwQC
uYF0AwQCudzsAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQA3fB0ltr7PC1BuptuQ
MVKvZevx1CeSH5HaXdXDfJZJRiuo1J6/W6IEcHpACUFskVZYQTXCEOtkeGIyNjkq
oVyYpTHHJh4+xsak8ZppczvKFZRNqmGoB/SnoNqXXuR/7YDgBBEno6TNbzqb0Uhu
wkBpAn8zX6ljfbOQxIfNrDRESlJD4rbO+mtv2XrYoFC2KPjb642TC8tczSXSgYDw
QiFqUzMIbPjh80srD13YpzpdLW5azsTNhNgInepCWSHbcqmqqT2LZ1N6EVHyXfNN
rKEXoU0xXB7xQydj/BnZ65/kPf/BEsjFCrzGfx9B8mYBobsgmbXXvzb7gTEgu90r
fAB1
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org