Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/xGTWs4R7erVLHj5wS5DiYDG8PKU.roa
File: xGTWs4R7erVLHj5wS5DiYDG8PKU.roa (raw, json)
Hash identifier: ri9M+Eff3v2ColuWac8CXb8dRa88pPAG3iM1yS7Z+1o=
Subject key identifier: C4:64:D6:B3:84:7B:7A:B5:4B:1E:3E:70:4B:90:E2:60:31:BC:3C:A5
Certificate issuer: /CN=1034068b5e9f7314277e2be9726c732131b1756c
Certificate serial: 018571276EC8B54563FA17F30C8CFC3DC9B1
Authority key identifier: 10:34:06:8B:5E:9F:73:14:27:7E:2B:E9:72:6C:73:21:31:B1:75:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EDQGi16fcxQnfivpcmxzITGxdWw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/xGTWs4R7erVLHj5wS5DiYDG8PKU.roa
Signing time: Mon 02 Jan 2023 06:24:47 +0000
ROA not before: Mon 02 Jan 2023 06:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8529
IP address blocks: 213.202.0.0/21 maxlen: 21
134.0.216.0/22 maxlen: 22
82.178.32.0/24 maxlen: 24
82.178.33.0/24 maxlen: 24
134.0.220.0/22 maxlen: 22
185.200.124.0/24 maxlen: 24
185.200.125.0/24 maxlen: 24
82.178.158.0/24 maxlen: 24
82.178.159.0/24 maxlen: 24
82.178.158.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:27:6e:c8:b5:45:63:fa:17:f3:0c:8c:fc:3d:c9:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1034068b5e9f7314277e2be9726c732131b1756c
Validity
Not Before: Jan 2 06:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c464d6b3847b7ab54b1e3e704b90e26031bc3ca5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:d6:0e:fb:74:95:08:52:76:2b:dd:d4:4e:33:
75:6b:24:d6:f8:a8:e8:19:52:81:70:7f:84:19:12:
95:11:6d:6d:2b:9c:eb:cb:1f:fa:6b:3d:a9:e5:b3:
61:30:59:38:56:b9:45:a5:c2:c5:56:78:07:de:5c:
11:8d:1d:7b:23:55:23:d6:6a:82:55:e9:aa:a0:1c:
44:67:9c:68:fc:52:72:18:b0:6c:d8:2a:2d:33:20:
1d:2e:2e:50:c0:83:28:21:bb:aa:e2:e3:12:1b:c6:
ff:4d:67:af:99:05:b9:68:14:13:d8:48:2a:7b:35:
5a:6b:f4:1d:eb:16:b5:85:5c:09:de:48:d6:24:eb:
64:01:13:e8:35:9d:67:50:2c:5e:73:74:2e:5f:90:
c8:99:b5:39:18:e7:00:8c:be:a6:83:01:09:01:3a:
cc:84:6d:2c:fa:79:f2:1f:76:64:4d:3a:8a:f3:01:
36:ee:eb:f2:2a:7d:a4:4a:e9:e5:f4:42:e0:33:51:
e2:8f:03:ba:48:40:36:eb:03:3c:83:f2:6e:f5:81:
6e:c2:c1:6f:43:82:45:71:db:63:66:7d:88:33:ac:
7f:63:16:76:7a:56:7f:67:a9:01:dd:7a:34:20:49:
ac:5e:74:16:b3:58:1b:25:bd:e5:99:92:2f:62:44:
38:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:64:D6:B3:84:7B:7A:B5:4B:1E:3E:70:4B:90:E2:60:31:BC:3C:A5
X509v3 Authority Key Identifier:
keyid:10:34:06:8B:5E:9F:73:14:27:7E:2B:E9:72:6C:73:21:31:B1:75:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EDQGi16fcxQnfivpcmxzITGxdWw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/xGTWs4R7erVLHj5wS5DiYDG8PKU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a0450e-5634-458d-918f-103d93d251ab/1/EDQGi16fcxQnfivpcmxzITGxdWw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.178.32.0/23
82.178.158.0/23
134.0.216.0/21
185.200.124.0/23
213.202.0.0/21
Signature Algorithm: sha256WithRSAEncryption
90:b5:0f:af:a1:17:bf:5c:64:c2:1c:c8:e6:fb:2a:22:f7:09:
24:af:6c:5a:13:41:5e:31:d8:a6:82:75:ec:d8:53:ed:91:93:
f3:68:82:c4:d5:29:da:2f:b2:5c:a9:11:27:9a:f1:f4:66:aa:
3e:3b:e4:92:9a:ca:3b:95:18:65:b8:64:3e:c5:30:b1:97:10:
cb:b3:d9:18:77:d2:2f:47:47:0d:4b:16:55:90:88:70:6a:64:
72:25:79:0f:e5:0a:b7:7b:66:5f:a5:5d:44:eb:48:72:97:44:
df:12:fd:d9:06:84:fa:a3:f3:e5:2a:0d:01:81:bd:38:99:0c:
de:13:57:d9:3d:7b:a2:cb:8d:55:e8:da:8d:f2:74:b4:92:5b:
33:92:a4:a6:de:7f:1f:db:be:a2:aa:e5:d8:ee:1b:94:7a:88:
96:ee:a3:b5:46:a5:be:8f:b9:9e:2b:57:83:eb:e8:7f:42:e8:
ac:8e:27:a5:77:37:6b:aa:ae:dd:b5:52:22:ad:fb:cd:f0:9d:
37:97:da:e1:ee:4e:bd:14:9e:be:f5:dd:71:9b:7f:97:c4:3f:
45:4c:42:fb:2d:05:80:05:b7:b8:c6:29:e9:3d:59:0e:43:53:
2a:28:f8:29:f6:98:da:10:ab:2b:12:5d:55:54:e2:52:d9:f1:
4a:96:a1:4c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVxJ27ItUVj+hfzDIz8PcmxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMzQwNjhiNWU5ZjczMTQyNzdlMmJlOTcyNmM3MzIxMzFi
MTc1NmMwHhcNMjMwMTAyMDYyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDY0ZDZiMzg0N2I3YWI1NGIxZTNlNzA0YjkwZTI2MDMxYmMzY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNYO+3SVCFJ2K93UTjN1ayTW+Kjo
GVKBcH+EGRKVEW1tK5zryx/6az2p5bNhMFk4VrlFpcLFVngH3lwRjR17I1Uj1mqC
VemqoBxEZ5xo/FJyGLBs2CotMyAdLi5QwIMoIbuq4uMSG8b/TWevmQW5aBQT2Egq
ezVaa/Qd6xa1hVwJ3kjWJOtkARPoNZ1nUCxec3QuX5DImbU5GOcAjL6mgwEJATrM
hG0s+nnyH3ZkTTqK8wE27uvyKn2kSunl9ELgM1HijwO6SEA26wM8g/Ju9YFuwsFv
Q4JFcdtjZn2IM6x/YxZ2elZ/Z6kB3Xo0IEmsXnQWs1gbJb3lmZIvYkQ4mwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMRk1rOEe3q1Sx4+cEuQ4mAxvDylMB8GA1UdIwQY
MBaAFBA0Boten3MUJ34r6XJscyExsXVsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRURRR2kxNmZjeFFuZml2cGNteHpJVEd4ZFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hMDQ1MGUtNTYzNC00NThkLTkxOGYt
MTAzZDkzZDI1MWFiLzEveEdUV3M0UjdlclZMSGo1d1M1RGlZREc4UEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hMDQ1MGUtNTYzNC00NThkLTkxOGYtMTAzZDkzZDI1MWFi
LzEvRURRR2kxNmZjeFFuZml2cGNteHpJVEd4ZFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBUrIgAwQB
UrKeAwQDhgDYAwQBuch8AwQD1coAMA0GCSqGSIb3DQEBCwUAA4IBAQCQtQ+voRe/
XGTCHMjm+yoi9wkkr2xaE0FeMdimgnXs2FPtkZPzaILE1SnaL7JcqREnmvH0Zqo+
O+SSmso7lRhluGQ+xTCxlxDLs9kYd9IvR0cNSxZVkIhwamRyJXkP5Qq3e2ZfpV1E
60hyl0TfEv3ZBoT6o/PlKg0Bgb04mQzeE1fZPXuiy41V6NqN8nS0klszkqSm3n8f
276iquXY7huUeoiW7qO1RqW+j7meK1eD6+h/Quisjieldzdrqq7dtVIirfvN8J03
l9rh7k69FJ6+9d1xm3+XxD9FTEL7LQWABbe4xinpPVkOQ1MqKPgp9pjaEKsrEl1V
VOJS2fFKlqFM
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:47 2024 by rpki-client on console-ams.rpki-client.org