Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/wXTfAcRDczvpMFVD5-mTfrDX55I.roa
File: wXTfAcRDczvpMFVD5-mTfrDX55I.roa (raw, json)
Hash identifier: BU7jL+4zppMxs8OQIAGSt6+SNLwRa50VUf1y/uoz2ks=
Subject key identifier: C1:74:DF:01:C4:43:73:3B:E9:30:55:43:E7:E9:93:7E:B0:D7:E7:92
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 1592F962
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/wXTfAcRDczvpMFVD5-mTfrDX55I.roa
Signing time: Sun 03 Jul 2022 03:05:25 +0000
ROA not before: Sun 03 Jul 2022 03:05:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.215.245.0/24 maxlen: 24
185.215.246.0/24 maxlen: 24
5.226.48.0/21 maxlen: 24
185.129.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 361953634 (0x1592f962)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jul 3 03:05:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c174df01c443733be9305543e7e9937eb0d7e792
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:79:2e:9c:f0:0f:b3:5a:fb:a7:cd:0a:7e:86:
eb:a7:91:36:42:88:a6:a3:47:1b:ae:05:c5:f1:11:
93:8d:a3:38:0a:80:dc:5d:68:30:ff:96:ee:72:bf:
12:38:a1:3c:08:85:6a:c4:60:2c:d5:e9:cf:03:c7:
0b:a6:b0:d3:f8:d5:c8:72:5f:1c:f3:e8:f3:99:87:
ce:db:4c:64:bf:8a:3e:36:69:d5:a6:2e:f1:d7:5c:
73:a6:1d:8e:20:e6:f7:dd:2b:e8:c5:10:38:97:96:
d5:75:58:e7:56:cc:0b:4a:36:e5:16:ce:80:ac:71:
6e:56:48:71:f7:ff:a3:35:76:8d:f3:37:28:c9:28:
9d:c4:de:ef:d2:fc:c0:65:ea:66:dc:84:91:9c:47:
f4:c5:00:0f:23:15:5a:d7:a6:b4:4d:84:08:4d:07:
f9:7a:d9:db:11:39:a9:2e:e0:cd:02:5d:88:17:a9:
45:2b:4b:88:2c:87:c6:0f:53:fd:99:7d:18:82:2a:
05:79:6d:6b:2c:f2:6b:cf:23:50:79:e0:aa:31:cf:
02:e4:54:af:ce:73:b0:ab:30:85:51:ec:53:4c:45:
d4:8a:26:ad:65:6f:b3:8a:1b:68:94:fb:2d:97:55:
fc:50:53:3e:25:85:2f:42:f9:3e:4a:73:3a:19:c9:
4b:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:74:DF:01:C4:43:73:3B:E9:30:55:43:E7:E9:93:7E:B0:D7:E7:92
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/wXTfAcRDczvpMFVD5-mTfrDX55I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.226.48.0/21
185.129.108.0/22
185.215.245.0-185.215.246.255
185.220.236.0/22
188.209.155.0/24
Signature Algorithm: sha256WithRSAEncryption
7b:5e:86:e5:a3:66:9e:4a:d0:1a:59:94:a3:a1:f3:c5:0a:f4:
a9:bb:54:b4:d8:e1:cf:07:1c:ad:03:3b:19:1c:ad:73:9f:2a:
60:6e:fd:62:bb:7b:64:94:b1:a0:24:70:5d:ac:e4:90:42:f2:
40:0f:05:5f:6f:6a:c6:56:ef:fe:99:dd:44:92:de:f8:d0:ef:
9a:46:07:3e:25:23:12:93:f8:bc:93:7a:af:58:d9:e2:44:eb:
20:69:a4:3f:63:9e:86:d4:16:48:8e:dd:14:a2:90:d1:6b:9e:
7b:ee:26:8c:94:b2:e1:92:b2:5a:e4:ab:8b:8d:45:01:68:79:
c3:26:56:6e:6c:85:3d:2c:b3:a9:49:ef:8c:0b:43:0c:6a:9e:
b4:0a:b0:55:36:8c:df:4b:28:07:6e:54:69:bf:e0:38:f7:b1:
56:d2:25:7d:f1:db:23:62:6e:32:a0:8e:f5:e8:54:c1:86:7d:
be:1c:59:26:77:5d:d4:90:9f:7b:4d:f0:ce:9e:a7:7e:b9:ae:
a4:06:c2:da:bd:46:1a:dc:4e:df:90:7a:19:0c:1b:0c:cc:3d:
e8:19:9b:6b:85:b9:1c:5f:a1:3d:d0:1d:a8:a9:39:95:b7:a2:
a6:42:10:d7:54:68:64:7d:16:25:8c:bd:7e:6e:c5:91:75:99:
a1:07:81:a7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEFZL5YjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDcw
MzAzMDUyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzE3NGRmMDFjNDQz
NzMzYmU5MzA1NTQzZTdlOTkzN2ViMGQ3ZTc5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI55LpzwD7Na+6fNCn6G66eRNkKIpqNHG64FxfERk42jOAqA
3F1oMP+W7nK/EjihPAiFasRgLNXpzwPHC6aw0/jVyHJfHPPo85mHzttMZL+KPjZp
1aYu8ddcc6YdjiDm990r6MUQOJeW1XVY51bMC0o25RbOgKxxblZIcff/ozV2jfM3
KMkoncTe79L8wGXqZtyEkZxH9MUADyMVWtemtE2ECE0H+XrZ2xE5qS7gzQJdiBep
RStLiCyHxg9T/Zl9GIIqBXltayzya88jUHngqjHPAuRUr85zsKswhVHsU0xF1Iom
rWVvs4obaJT7LZdV/FBTPiWFL0L5PkpzOhnJS/sCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBTBdN8BxENzO+kwVUPn6ZN+sNfnkjAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
L3dYVGZBY1JEY3p2cE1GVkQ1LW1UZnJEWDU1SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAEwJgMEAwXiMAMEArmBbDAMAwQAudf1AwQA
udf2AwQCudzsAwQAvNGbMA0GCSqGSIb3DQEBCwUAA4IBAQB7Xoblo2aeStAaWZSj
ofPFCvSpu1S02OHPBxytAzsZHK1znypgbv1iu3tklLGgJHBdrOSQQvJADwVfb2rG
Vu/+md1Ekt740O+aRgc+JSMSk/i8k3qvWNniROsgaaQ/Y56G1BZIjt0UopDRa557
7iaMlLLhkrJa5KuLjUUBaHnDJlZubIU9LLOpSe+MC0MMap60CrBVNozfSygHblRp
v+A497FW0iV98dsjYm4yoI716FTBhn2+HFkmd13UkJ97TfDOnqd+ua6kBsLavUYa
3E7fkHoZDBsMzD3oGZtrhbkcX6E90B2oqTmVt6KmQhDXVGhkfRYljL1+bsWRdZmh
B4Gn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org