Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/pdVcmkAUQGH2OLL8FRg0GbbEpvE.roa
File: pdVcmkAUQGH2OLL8FRg0GbbEpvE.roa (raw, json)
Hash identifier: 9qp6KeYiNHWqt/KbcdyF9YoBTGvw3M5F6bZhqyOA+XM=
Subject key identifier: A5:D5:5C:9A:40:14:40:61:F6:38:B2:FC:15:18:34:19:B6:C4:A6:F1
Certificate issuer: /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial: 01839E0D81D70B749BA9C54F69DBE5E61DA6
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/pdVcmkAUQGH2OLL8FRg0GbbEpvE.roa
Signing time: Mon 03 Oct 2022 13:33:48 +0000
ROA not before: Mon 03 Oct 2022 13:33:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 199270
IP address blocks: 147.234.96.0/21 maxlen: 21
147.234.92.0/23 maxlen: 23
147.234.95.0/24 maxlen: 24
147.234.94.0/23 maxlen: 23
141.226.249.0/24 maxlen: 24
185.23.172.0/24 maxlen: 24
185.23.172.0/23 maxlen: 23
185.23.174.0/24 maxlen: 24
2a00:66a0::/35 maxlen: 35
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:9e:0d:81:d7:0b:74:9b:a9:c5:4f:69:db:e5:e6:1d:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
Validity
Not Before: Oct 3 13:33:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a5d55c9a40144061f638b2fc15183419b6c4a6f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:70:a8:5f:05:bb:3d:94:7b:70:b0:e4:cd:93:
0f:1d:a2:5b:09:7e:5e:73:31:4c:86:08:61:d9:19:
00:ad:1b:ec:ed:95:39:a1:11:22:01:4c:17:34:18:
15:c1:c0:43:91:2f:2b:6f:fa:f0:b9:21:6f:c1:71:
d4:f1:ee:34:75:a0:ef:e9:e4:b7:48:da:c9:e4:78:
fc:2d:38:9f:ff:eb:dc:29:20:3f:ba:74:1c:10:4e:
7c:2e:f7:57:d9:19:c6:c2:a3:e8:9a:2a:67:f7:4c:
44:98:46:a5:f5:4c:8d:fe:f4:98:b9:35:0d:d3:23:
a0:c0:33:da:b4:90:92:fc:3e:0d:15:b4:12:73:3f:
44:0d:9b:f6:b0:1a:c3:70:60:6d:90:63:2b:8d:0c:
8e:15:b7:98:4c:42:09:27:2f:fa:6c:90:1d:24:1e:
cb:e6:ce:94:97:2b:36:84:e4:ab:72:b6:58:79:27:
2d:da:c5:18:55:9f:e9:e5:49:68:d6:ff:14:aa:84:
a9:1a:b4:e4:24:3b:d4:d5:96:85:b8:60:31:99:d0:
bb:88:7c:a8:34:3b:f1:d8:0c:cc:bb:4b:df:05:64:
ff:ee:81:7f:25:76:e6:a2:d4:c1:57:d5:8b:23:96:
94:a7:4d:5d:87:d8:28:8a:f5:f8:fd:52:93:ff:bb:
e4:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:D5:5C:9A:40:14:40:61:F6:38:B2:FC:15:18:34:19:B6:C4:A6:F1
X509v3 Authority Key Identifier:
keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/pdVcmkAUQGH2OLL8FRg0GbbEpvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.226.249.0/24
147.234.92.0-147.234.103.255
185.23.172.0-185.23.174.255
IPv6:
2a00:66a0::/35
Signature Algorithm: sha256WithRSAEncryption
a8:5e:11:cf:ed:82:c0:40:89:55:ca:1c:93:32:8e:6c:b9:83:
79:47:28:43:3f:51:a5:97:bd:33:7f:e5:e9:b0:0f:69:63:70:
f9:8e:b9:37:a5:6c:b4:b7:9d:a2:64:95:59:bb:9a:b4:e8:05:
1b:60:b5:3d:5d:34:0c:24:04:21:e9:91:71:f5:54:85:68:3b:
0e:bf:77:0f:fc:ef:9b:a9:7b:61:08:d8:ef:2c:78:af:0e:46:
d4:26:81:35:cc:c2:b4:7a:6c:bd:a4:dd:f8:e8:0d:f7:52:c9:
39:20:39:64:52:fa:f0:e5:8b:70:26:f2:e1:c0:cc:f1:9f:ad:
40:c3:7e:9a:6d:66:a6:a5:1a:a3:05:50:19:d4:c7:4c:ac:b3:
2d:69:02:78:04:e3:e6:21:6a:93:f7:6e:16:fc:56:ce:c6:a8:
e6:61:44:51:6b:95:cb:c1:6e:38:36:4f:87:bb:fd:9e:c0:21:
f3:b8:24:9d:cd:c8:7a:a4:39:d8:80:1a:c9:ec:b9:10:4e:58:
f9:1c:a5:0b:ab:84:87:97:af:d6:77:d0:92:e2:58:12:3d:50:
94:db:c6:7e:d5:c0:ef:2a:24:6d:08:e8:1f:f8:e7:56:c0:a0:
fc:83:e3:cd:2f:d8:5a:e2:26:b3:c3:3b:2c:11:fd:23:a3:74:
bd:1f:12:6b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYOeDYHXC3SbqcVPadvl5h2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjIxMDAzMTMzMzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWQ1NWM5YTQwMTQ0MDYxZjYzOGIyZmMxNTE4MzQxOWI2YzRhNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3CoXwW7PZR7cLDkzZMPHaJbCX5e
czFMhghh2RkArRvs7ZU5oREiAUwXNBgVwcBDkS8rb/rwuSFvwXHU8e40daDv6eS3
SNrJ5Hj8LTif/+vcKSA/unQcEE58LvdX2RnGwqPomipn90xEmEal9UyN/vSYuTUN
0yOgwDPatJCS/D4NFbQScz9EDZv2sBrDcGBtkGMrjQyOFbeYTEIJJy/6bJAdJB7L
5s6Ulys2hOSrcrZYeSct2sUYVZ/p5Ulo1v8UqoSpGrTkJDvU1ZaFuGAxmdC7iHyo
NDvx2AzMu0vfBWT/7oF/JXbmotTBV9WLI5aUp01dh9goivX4/VKT/7vk6wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKXVXJpAFEBh9jiy/BUYNBm2xKbxMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvcGRWY21rQVVRR0gyT0xMOEZSZzBHYmJFcHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAoBAIAATAiAwQAjeL5MAwD
BAKT6lwDBAOT6mAwDAMEArkXrAMEALkXrjAOBAIAAjAIAwYFKgBmoAAwDQYJKoZI
hvcNAQELBQADggEBAKheEc/tgsBAiVXKHJMyjmy5g3lHKEM/UaWXvTN/5emwD2lj
cPmOuTelbLS3naJklVm7mrToBRtgtT1dNAwkBCHpkXH1VIVoOw6/dw/875upe2EI
2O8seK8ORtQmgTXMwrR6bL2k3fjoDfdSyTkgOWRS+vDli3Am8uHAzPGfrUDDfppt
ZqalGqMFUBnUx0yssy1pAngE4+YhapP3bhb8Vs7GqOZhRFFrlcvBbjg2T4e7/Z7A
IfO4JJ3NyHqkOdiAGsnsuRBOWPkcpQurhIeXr9Z30JLiWBI9UJTbxn7VwO8qJG0I
6B/451bAoPyD480v2FriJrPDOywR/SOjdL0fEms=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:06 2024 by rpki-client on console-fra.rpki-client.org