Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/v5uXrEohHkJxH0Nw4XKwGJ5GTgo.roa
File: v5uXrEohHkJxH0Nw4XKwGJ5GTgo.roa (raw, json)
Hash identifier: VbWuzsADoHmbULvRcB1waeSkSCwLhUK2FUu+mTMW25s=
Subject key identifier: BF:9B:97:AC:4A:21:1E:42:71:1F:43:70:E1:72:B0:18:9E:46:4E:0A
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 156F427D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/v5uXrEohHkJxH0Nw4XKwGJ5GTgo.roa
Signing time: Tue 21 Jun 2022 13:02:44 +0000
ROA not before: Tue 21 Jun 2022 13:02:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 85.8.164.0/22 maxlen: 24
185.220.236.0/22 maxlen: 24
188.253.0.0/23 maxlen: 24
185.234.144.0/22 maxlen: 24
91.132.59.0/24 maxlen: 24
193.36.73.0/24 maxlen: 24
193.36.85.0/24 maxlen: 24
82.115.20.0/23 maxlen: 24
82.115.24.0/22 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 359613053 (0x156f427d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jun 21 13:02:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bf9b97ac4a211e42711f4370e172b0189e464e0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:88:4e:74:2e:69:4e:91:79:35:03:4a:05:48:
ff:c8:e2:51:69:4f:b4:5e:98:4c:cc:12:35:35:2d:
7b:fd:3c:07:1a:d7:61:00:ce:35:b3:9f:0b:92:e3:
ab:38:d4:01:76:78:6c:48:90:3e:a2:c7:a5:e7:83:
74:45:9d:02:a1:57:9f:51:8a:f0:ed:39:78:6c:4e:
1c:13:be:ad:e5:2f:24:25:eb:eb:42:28:4f:dc:6a:
bf:7a:a2:74:24:2e:87:83:34:57:ad:f3:3a:5d:32:
a4:58:11:4a:2f:ce:4c:48:f1:87:8c:37:bc:0c:ed:
de:f8:06:ff:f3:bf:ac:b2:ce:d1:85:8b:d8:c2:77:
41:89:eb:cb:d3:98:07:7f:28:88:ea:11:92:bc:1c:
7b:f2:0c:85:21:d0:24:48:90:b5:05:66:0a:18:3b:
8e:c2:1b:ac:24:78:07:dc:2c:72:2a:ab:9c:f4:17:
a0:77:51:c2:6a:db:42:09:d8:03:ab:81:55:3f:f0:
f4:6a:75:b7:45:aa:92:fe:9b:81:0d:a0:7e:10:f8:
2c:26:ca:a1:1e:5c:d6:ab:93:e1:b9:e0:0f:c7:be:
47:da:59:82:c8:d2:9c:7e:01:d9:c1:65:4b:17:72:
42:84:21:d2:0d:6f:2d:f6:39:08:7c:83:15:16:9f:
20:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:9B:97:AC:4A:21:1E:42:71:1F:43:70:E1:72:B0:18:9E:46:4E:0A
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/v5uXrEohHkJxH0Nw4XKwGJ5GTgo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.115.20.0/23
82.115.24.0/22
85.8.164.0/22
91.132.59.0/24
185.129.108.0/23
185.220.236.0/22
185.234.144.0/22
188.253.0.0/23
193.36.73.0/24
193.36.85.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:a4:61:48:74:4e:6f:b1:29:d2:47:84:60:48:90:b0:51:7a:
59:59:51:4c:90:56:af:46:f8:42:20:9e:c4:dd:0d:c5:46:b3:
4e:61:20:62:c0:ba:44:85:bf:28:a5:68:da:72:96:1f:61:b0:
08:94:c1:47:a2:d0:66:91:47:05:57:30:3f:43:8c:fa:27:43:
3f:eb:91:cd:4f:9e:e2:f2:55:26:3a:f8:f3:32:e9:54:f2:41:
5d:42:ff:1f:54:ba:33:66:b4:75:ae:2a:e8:c0:5e:f2:5a:90:
12:a0:12:1e:76:da:aa:20:4e:7a:56:0f:fc:39:85:b6:89:ed:
10:28:5e:70:66:d3:6f:7b:8f:15:8c:cf:93:ca:14:36:b1:3c:
1a:3e:cc:98:bd:04:43:5d:a9:22:94:0e:44:ce:34:2a:f6:1a:
f7:0c:b3:b7:83:63:ec:62:1c:8d:f7:9f:fe:6e:76:87:35:d2:
6b:76:16:f9:fc:e9:2f:ad:b1:ac:b2:03:10:6f:6b:78:7a:e3:
fd:24:c2:8e:45:bc:9b:d7:c2:20:50:f8:3b:a8:0d:d9:bf:f2:
e5:ca:aa:06:e8:b0:32:18:47:71:cb:97:d8:75:75:5d:cf:89:
b9:ff:a5:a0:81:f1:c8:e1:5f:cc:bb:06:79:eb:2b:eb:a5:3c:
d7:2e:18:d2
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEFW9CfTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDYy
MTEzMDI0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmY5Yjk3YWM0YTIx
MWU0MjcxMWY0MzcwZTE3MmIwMTg5ZTQ2NGUwYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKyITnQuaU6ReTUDSgVI/8jiUWlPtF6YTMwSNTUte/08BxrX
YQDONbOfC5LjqzjUAXZ4bEiQPqLHpeeDdEWdAqFXn1GK8O05eGxOHBO+reUvJCXr
60IoT9xqv3qidCQuh4M0V63zOl0ypFgRSi/OTEjxh4w3vAzt3vgG//O/rLLO0YWL
2MJ3QYnry9OYB38oiOoRkrwce/IMhSHQJEiQtQVmChg7jsIbrCR4B9wsciqrnPQX
oHdRwmrbQgnYA6uBVT/w9Gp1t0Wqkv6bgQ2gfhD4LCbKoR5c1quT4bngD8e+R9pZ
gsjSnH4B2cFlSxdyQoQh0g1vLfY5CHyDFRafIGUCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBS/m5esSiEeQnEfQ3DhcrAYnkZOCjAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
L3Y1dVhyRW9oSGtKeEgwTnc0WEt3R0o1R1Rnby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAVJzFAMEAlJzGAMEAlUIpAMEAFuE
OwMEAbmBbAMEArnc7AMEArnqkAMEAbz9AAMEAMEkSQMEAMEkVTANBgkqhkiG9w0B
AQsFAAOCAQEAO6RhSHROb7Ep0keEYEiQsFF6WVlRTJBWr0b4QiCexN0NxUazTmEg
YsC6RIW/KKVo2nKWH2GwCJTBR6LQZpFHBVcwP0OM+idDP+uRzU+e4vJVJjr48zLp
VPJBXUL/H1S6M2a0da4q6MBe8lqQEqASHnbaqiBOelYP/DmFtontEChecGbTb3uP
FYzPk8oUNrE8Gj7MmL0EQ12pIpQORM40KvYa9wyzt4Nj7GIcjfef/m52hzXSa3YW
+fzpL62xrLIDEG9reHrj/STCjkW8m9fCIFD4O6gN2b/y5cqqBuiwMhhHccuX2HV1
Xc+Juf+loIHxyOFfzLsGeesr66U81y4Y0g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org