Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/kwpSP4-3SFuWWSGEUkaEU0_lelU.roa
File: kwpSP4-3SFuWWSGEUkaEU0_lelU.roa (raw, json)
Hash identifier: IFsb90/LVkT6G9sjdGtoGEV0lKdHmiYjc2niwpFzkBQ=
Subject key identifier: 93:0A:52:3F:8F:B7:48:5B:96:59:21:84:52:46:84:53:4F:E5:7A:55
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 018C24E1EAFA385000894D6F6E58E7AAA0F1
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/kwpSP4-3SFuWWSGEUkaEU0_lelU.roa
Signing time: Fri 01 Dec 2023 10:17:14 +0000
ROA not before: Fri 01 Dec 2023 10:17:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47869
IP address blocks: 109.235.48.0/21 maxlen: 21
94.185.80.0/21 maxlen: 21
194.110.67.0/24 maxlen: 24
37.46.192.0/22 maxlen: 22
91.205.232.0/22 maxlen: 22
37.46.199.0/24 maxlen: 24
91.199.50.0/24 maxlen: 24
37.46.196.0/23 maxlen: 23
31.171.132.0/22 maxlen: 24
94.228.208.0/20 maxlen: 20
2a00:dd0::/32 maxlen: 48
2a00:dd0:bbbb::/48 maxlen: 48
2a00:dd0:aaaa::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:24:e1:ea:fa:38:50:00:89:4d:6f:6e:58:e7:aa:a0:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Dec 1 10:17:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=930a523f8fb7485b96592184524684534fe57a55
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:6f:88:47:63:0e:7f:aa:ed:d4:71:16:33:31:
ef:ad:aa:6d:ce:ce:c3:b3:70:d7:e8:1d:47:18:2e:
7a:56:b2:ae:4d:a5:d2:c8:11:51:02:f1:a9:29:3f:
99:8e:a5:c9:23:e1:a4:88:a0:fc:29:ce:eb:39:af:
ca:d3:60:93:37:d1:16:7b:0a:1f:81:e5:ca:ec:c9:
e9:a4:46:aa:17:e6:76:2b:76:fb:a5:09:16:4c:f9:
3f:cf:09:9e:43:4f:01:ce:8e:79:2c:bd:9c:2e:ac:
56:55:78:41:4c:05:be:ba:5a:3e:4c:41:e0:fe:67:
2e:63:11:cc:f0:30:a7:b4:b4:52:01:af:c0:21:a6:
fc:e2:f3:a2:f0:80:58:32:4c:1d:11:26:1e:e1:6f:
30:a8:f1:e8:9f:7e:ef:82:17:91:e3:16:be:98:f0:
66:97:9b:11:a9:fe:77:56:88:59:42:c8:40:12:1c:
e0:ab:7f:28:00:0f:53:6f:5e:1a:b2:98:16:28:a9:
bd:43:b5:a0:66:45:c5:49:6d:a0:a1:48:e7:05:5c:
84:cb:49:af:74:25:75:d2:96:b3:d5:c6:40:20:af:
72:6e:cd:e0:24:6d:2b:9c:e9:54:13:81:a4:51:19:
82:bb:ca:09:85:10:95:38:8c:d5:2d:25:0a:cc:d6:
63:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:0A:52:3F:8F:B7:48:5B:96:59:21:84:52:46:84:53:4F:E5:7A:55
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/kwpSP4-3SFuWWSGEUkaEU0_lelU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.132.0/22
37.46.192.0-37.46.197.255
37.46.199.0/24
91.199.50.0/24
91.205.232.0/22
94.185.80.0/21
94.228.208.0/20
109.235.48.0/21
194.110.67.0/24
IPv6:
2a00:dd0::/32
Signature Algorithm: sha256WithRSAEncryption
ab:59:b3:5f:26:f1:a4:e6:59:20:17:1f:69:8e:2c:08:52:d7:
ca:84:61:f7:97:78:f2:83:fc:fd:b1:9e:fe:43:1b:24:26:c7:
91:30:ef:a4:b0:5c:9f:34:0e:94:c8:56:04:d7:3f:32:3a:d8:
6d:56:5f:27:89:34:e7:b4:8d:22:af:ff:93:72:ca:8a:17:ae:
3d:75:80:3c:3d:c5:3d:ef:d9:ff:80:4e:da:11:10:7e:80:31:
ae:3c:ae:86:97:88:e3:35:51:3f:d1:2d:bb:e4:73:b6:b5:19:
14:43:92:db:24:17:2a:d3:fd:58:69:7e:7d:f3:41:6e:f1:8d:
04:37:ad:12:35:5c:f8:ac:59:77:42:f4:95:3b:d1:1f:67:4a:
1c:74:27:73:48:47:e0:f1:a3:22:81:24:72:b9:44:67:c3:b3:
a4:12:44:09:36:ed:e9:93:9c:d2:f8:61:bc:2c:a7:88:00:8f:
12:17:cb:89:a0:7a:17:79:8f:fe:fe:70:f7:30:b0:b7:15:98:
b3:2a:5b:20:ef:20:34:9c:c5:d8:7f:09:8c:05:4e:1c:4f:60:
e5:9e:2d:55:89:18:02:41:c5:57:41:03:61:54:e3:ba:b8:78:
bf:bb:a8:54:92:90:d6:e1:02:f7:3c:a8:de:a6:e5:84:c3:95:
3e:ec:b8:e4
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYwk4er6OFAAiU1vbljnqqDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjMxMjAxMTAxNzE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzBhNTIzZjhmYjc0ODViOTY1OTIxODQ1MjQ2ODQ1MzRmZTU3YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2+IR2MOf6rt1HEWMzHvraptzs7D
s3DX6B1HGC56VrKuTaXSyBFRAvGpKT+ZjqXJI+GkiKD8Kc7rOa/K02CTN9EWewof
geXK7MnppEaqF+Z2K3b7pQkWTPk/zwmeQ08Bzo55LL2cLqxWVXhBTAW+ulo+TEHg
/mcuYxHM8DCntLRSAa/AIab84vOi8IBYMkwdESYe4W8wqPHon37vgheR4xa+mPBm
l5sRqf53VohZQshAEhzgq38oAA9Tb14aspgWKKm9Q7WgZkXFSW2goUjnBVyEy0mv
dCV10paz1cZAIK9ybs3gJG0rnOlUE4GkURmCu8oJhRCVOIzVLSUKzNZjQQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFJMKUj+Pt0hbllkhhFJGhFNP5XpVMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEva3dwU1A0LTNTRnVXV1NHRVVrYUVVMF9sZWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQCH6uEMAwD
BAYlLsADBAElLsQDBAAlLscDBABbxzIDBAJbzegDBANeuVADBARe5NADBANt6zAD
BADCbkMwDQQCAAIwBwMFACoADdAwDQYJKoZIhvcNAQELBQADggEBAKtZs18m8aTm
WSAXH2mOLAhS18qEYfeXePKD/P2xnv5DGyQmx5Ew76SwXJ80DpTIVgTXPzI62G1W
XyeJNOe0jSKv/5NyyooXrj11gDw9xT3v2f+ATtoREH6AMa48roaXiOM1UT/RLbvk
c7a1GRRDktskFyrT/Vhpfn3zQW7xjQQ3rRI1XPisWXdC9JU70R9nShx0J3NIR+Dx
oyKBJHK5RGfDs6QSRAk27emTnNL4Ybwsp4gAjxIXy4mgehd5j/7+cPcwsLcVmLMq
WyDvIDScxdh/CYwFThxPYOWeLVWJGAJBxVdBA2FU47q4eL+7qFSSkNbhAvc8qN6m
5YTDlT7suOQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:12 2024 by rpki-client on console-ams.rpki-client.org