Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/tw9k8EMaOMUGb3oXSg7EA5IAFtk.roa
File: tw9k8EMaOMUGb3oXSg7EA5IAFtk.roa (raw, json)
Hash identifier: VGwbyYZ6/3gF7aNaFFZtPazVC35wLHX3VJqkGVwq0E8=
Subject key identifier: B7:0F:64:F0:43:1A:38:C5:06:6F:7A:17:4A:0E:C4:03:92:00:16:D9
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018B71523A455DB42923A567841136ADADE3
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/tw9k8EMaOMUGb3oXSg7EA5IAFtk.roa
Signing time: Fri 27 Oct 2023 13:28:15 +0000
ROA not before: Fri 27 Oct 2023 13:28:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 5.34.216.0/21 maxlen: 21
185.151.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
2001:16c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:71:52:3a:45:5d:b4:29:23:a5:67:84:11:36:ad:ad:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Oct 27 13:28:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b70f64f0431a38c5066f7a174a0ec403920016d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:13:84:bb:3c:f8:4b:bc:43:89:71:22:63:37:
1e:9c:f6:35:8b:80:94:5e:14:8a:0f:f7:cb:5d:29:
5a:27:89:f6:c6:2a:f4:f0:4a:d0:3a:45:66:3f:0b:
49:80:c1:64:ef:b0:73:ef:29:bd:e3:a0:33:27:f3:
f0:f1:d2:11:23:85:87:c2:56:3d:d1:d7:c8:56:00:
14:c9:35:55:b0:00:3a:35:03:f2:3c:6e:a6:8c:0d:
cc:ac:b8:61:c0:8a:d6:4a:62:f5:2e:98:85:71:c3:
de:99:64:a5:0e:cb:02:e5:fc:46:88:2d:d1:21:cc:
bb:a1:45:f5:cf:96:b4:70:74:83:9c:62:36:bc:91:
fe:a6:fd:3d:24:83:fa:64:ba:64:5c:d2:60:a3:35:
40:73:13:00:0c:5f:fa:12:df:d2:c2:26:04:88:54:
b8:df:c4:c5:cb:c3:55:f5:28:4a:0c:61:3d:57:7f:
38:c1:be:36:6f:ed:95:cf:b1:31:b9:41:32:b1:21:
fe:37:ab:a0:9f:9d:4d:9c:c7:f2:70:b9:7b:67:be:
ba:11:9f:3f:dd:44:fc:6d:5f:2f:3b:09:30:87:c0:
42:43:d0:99:26:e3:9a:87:bd:99:b6:e2:00:4a:74:
01:b5:d7:5d:6c:59:ac:eb:c0:ad:8a:d7:9f:19:0c:
ca:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:0F:64:F0:43:1A:38:C5:06:6F:7A:17:4A:0E:C4:03:92:00:16:D9
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/tw9k8EMaOMUGb3oXSg7EA5IAFtk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.216.0/21
185.151.236.0/22
188.209.155.0/24
IPv6:
2001:16c0::/29
Signature Algorithm: sha256WithRSAEncryption
79:a9:9d:65:0c:a8:57:30:b4:89:69:69:12:36:af:af:06:d3:
c1:f7:58:4d:20:8c:b1:ba:76:2a:f6:9f:e4:46:47:4f:a6:fb:
54:ad:eb:ea:e3:5b:87:9d:4c:de:9d:d8:ed:ba:05:04:ff:56:
4a:53:7a:f6:10:03:e2:e5:8b:d9:60:08:c0:3d:80:0c:e7:83:
91:87:60:79:cf:e5:33:2f:71:5b:a0:35:98:a9:84:e5:73:c0:
53:7e:dd:ec:86:e5:ca:f2:23:6e:8a:cc:18:a5:ec:23:e4:14:
91:06:8e:72:fa:78:90:2e:41:8e:d9:d8:9c:bd:55:c9:0e:61:
91:14:cf:05:ea:bf:6f:ee:9f:4a:22:62:47:c7:5c:6f:53:76:
36:fa:0f:98:be:8e:5e:15:33:2d:0e:29:c1:0b:fb:33:9a:82:
1b:d0:d1:ea:e2:eb:f1:9b:86:94:3f:10:2e:9c:e6:72:73:c1:
6a:6b:58:10:2a:8c:52:80:fc:1b:9d:c2:5a:7b:60:a7:5d:cd:
ea:1c:73:9e:c0:63:2f:67:2f:d4:99:9f:ee:57:52:26:f4:d0:
bd:2e:84:9e:a4:79:2f:e2:ea:37:af:3b:cd:d6:0a:73:2f:97:
5a:9c:3e:d2:e2:b6:2e:11:71:c5:27:b2:69:6f:72:67:e7:52:
c1:e2:a6:8a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYtxUjpFXbQpI6VnhBE2ra3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMxMDI3MTMyODE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzBmNjRmMDQzMWEzOGM1MDY2ZjdhMTc0YTBlYzQwMzkyMDAxNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhOEuzz4S7xDiXEiYzcenPY1i4CU
XhSKD/fLXSlaJ4n2xir08ErQOkVmPwtJgMFk77Bz7ym946AzJ/Pw8dIRI4WHwlY9
0dfIVgAUyTVVsAA6NQPyPG6mjA3MrLhhwIrWSmL1LpiFccPemWSlDssC5fxGiC3R
Icy7oUX1z5a0cHSDnGI2vJH+pv09JIP6ZLpkXNJgozVAcxMADF/6Et/SwiYEiFS4
38TFy8NV9ShKDGE9V384wb42b+2Vz7ExuUEysSH+N6ugn51NnMfycLl7Z766EZ8/
3UT8bV8vOwkwh8BCQ9CZJuOah72ZtuIASnQBtdddbFms68CtitefGQzK8wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLcPZPBDGjjFBm96F0oOxAOSABbZMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvdHc5azhFTWFPTVVHYjNvWFNnN0VBNUlBRnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBSLYAwQC
uZfsAwQAvNGbMA0EAgACMAcDBQMgARbAMA0GCSqGSIb3DQEBCwUAA4IBAQB5qZ1l
DKhXMLSJaWkSNq+vBtPB91hNIIyxunYq9p/kRkdPpvtUrevq41uHnUzendjtugUE
/1ZKU3r2EAPi5YvZYAjAPYAM54ORh2B5z+UzL3FboDWYqYTlc8BTft3shuXK8iNu
iswYpewj5BSRBo5y+niQLkGO2dicvVXJDmGRFM8F6r9v7p9KImJHx1xvU3Y2+g+Y
vo5eFTMtDinBC/szmoIb0NHq4uvxm4aUPxAunOZyc8Fqa1gQKoxSgPwbncJae2Cn
Xc3qHHOewGMvZy/UmZ/uV1Im9NC9LoSepHkv4uo3rzvN1gpzL5danD7S4rYuEXHF
J7Jpb3Jn51LB4qaK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org