Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/33Ea6zzHcgGLrH8GcCr2YbKVb5k.roa
File: 33Ea6zzHcgGLrH8GcCr2YbKVb5k.roa (raw, json)
Hash identifier: 8FyfbryVgPn8KfaANlkbf/Du2d+n+fh7Yb90KJ3H9Kw=
Subject key identifier: DF:71:1A:EB:3C:C7:72:01:8B:AC:7F:06:70:2A:F6:61:B2:95:6F:99
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 142B55B3
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/33Ea6zzHcgGLrH8GcCr2YbKVb5k.roa
Signing time: Tue 15 Mar 2022 22:31:35 +0000
ROA not before: Tue 15 Mar 2022 22:31:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 212.90.102.0/23 maxlen: 24
185.220.236.0/22 maxlen: 24
185.129.116.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 338384307 (0x142b55b3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Mar 15 22:31:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=df711aeb3cc772018bac7f06702af661b2956f99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:52:db:b7:ea:fb:5a:bd:33:15:05:b7:cd:d3:
07:34:47:89:95:b9:42:9f:3d:40:41:1e:fd:45:5c:
3d:e8:76:cf:57:17:f2:02:4c:44:8e:9c:ed:e3:1a:
74:d1:f9:a9:ca:83:e3:ec:b5:34:11:56:08:55:16:
80:b6:5e:98:28:17:13:fa:33:72:58:5f:34:ab:8c:
77:46:56:cf:90:9f:eb:3c:7c:36:dc:8a:7e:a8:b5:
f5:b5:d2:cd:44:21:a2:53:87:44:1e:bb:af:0d:ca:
ae:72:46:88:23:be:2d:bb:60:af:45:d8:0b:17:07:
07:3a:d1:e4:70:91:32:47:01:91:6f:93:7e:c0:b2:
5a:57:a4:c6:24:76:6c:b9:51:90:f2:76:d5:e1:13:
bb:2e:e1:e1:ad:fb:88:be:33:a2:6a:1d:b7:92:81:
e3:79:6a:e7:87:cb:49:3d:ee:b1:f6:16:69:2d:b8:
6d:17:0c:eb:9d:ea:0e:82:2b:f2:1a:93:ba:4e:4d:
a0:1b:5d:b4:85:3e:32:1d:60:1d:d9:59:1c:0d:f3:
66:01:37:01:d6:73:2d:75:f5:c1:ce:f9:04:5c:ca:
35:b1:06:1f:a1:c2:aa:e6:08:d5:a9:bd:ff:a3:47:
b5:67:39:53:ff:8c:a5:72:0e:cd:f3:b1:03:bf:4c:
a7:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:71:1A:EB:3C:C7:72:01:8B:AC:7F:06:70:2A:F6:61:B2:95:6F:99
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/33Ea6zzHcgGLrH8GcCr2YbKVb5k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.129.116.0/22
185.220.236.0/22
212.90.102.0/23
Signature Algorithm: sha256WithRSAEncryption
76:5f:fc:74:07:b8:63:2a:e6:fe:e7:f0:3a:4e:52:a7:d2:9d:
26:77:3b:86:b7:2e:6e:0e:01:42:bb:1c:25:f7:9c:ae:9b:08:
2f:c7:d2:cf:d6:09:3d:fc:75:18:c6:04:ba:5d:2a:9f:18:98:
2b:a6:59:84:36:38:e9:45:67:b2:4b:95:48:cd:35:e8:e7:53:
7e:0f:d7:dc:bd:1b:c8:15:b7:f3:9c:a7:04:ed:8e:54:e3:81:
1a:37:69:f2:e3:ac:be:00:79:c0:23:c7:a8:a3:5d:6d:9f:ab:
f6:76:2c:81:f9:4d:fe:4e:c4:9e:b2:84:70:7a:f0:7a:ae:a2:
f6:d1:97:d9:fb:03:8a:e3:5b:21:d8:df:10:89:a3:4c:0f:b3:
ee:1b:cf:48:b7:81:2e:2e:bd:7b:f6:df:37:e7:79:af:3f:e5:
a1:eb:ce:3e:2c:b8:9b:4d:b3:03:59:0b:ae:dc:e7:fd:f9:75:
62:1a:d3:a6:6c:38:85:6f:3e:f8:37:fc:0e:f5:41:d7:7d:ed:
d6:1a:36:c0:44:52:d7:a0:2d:81:04:ae:57:20:1c:d5:84:39:
a5:9c:98:2d:aa:f7:97:c4:a6:de:0e:94:82:5c:bb:5b:89:39:
ad:6f:60:58:02:7e:63:5d:87:76:2c:6b:3b:d5:33:a0:ef:65:
ce:39:8c:21
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEFCtVszANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDMx
NTIyMzEzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGY3MTFhZWIzY2M3
NzIwMThiYWM3ZjA2NzAyYWY2NjFiMjk1NmY5OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALVS27fq+1q9MxUFt83TBzRHiZW5Qp89QEEe/UVcPeh2z1cX
8gJMRI6c7eMadNH5qcqD4+y1NBFWCFUWgLZemCgXE/ozclhfNKuMd0ZWz5Cf6zx8
NtyKfqi19bXSzUQholOHRB67rw3KrnJGiCO+Lbtgr0XYCxcHBzrR5HCRMkcBkW+T
fsCyWlekxiR2bLlRkPJ21eETuy7h4a37iL4zomodt5KB43lq54fLST3usfYWaS24
bRcM653qDoIr8hqTuk5NoBtdtIU+Mh1gHdlZHA3zZgE3AdZzLXX1wc75BFzKNbEG
H6HCquYI1am9/6NHtWc5U/+MpXIOzfOxA79Mp7sCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTfcRrrPMdyAYusfwZwKvZhspVvmTAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
LzMzRWE2enpIY2dHTHJIOEdjQ3IyWWJLVmI1ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEArmBdAMEArnc7AMEAdRaZjANBgkq
hkiG9w0BAQsFAAOCAQEAdl/8dAe4Yyrm/ufwOk5Sp9KdJnc7hrcubg4BQrscJfec
rpsIL8fSz9YJPfx1GMYEul0qnxiYK6ZZhDY46UVnskuVSM016OdTfg/X3L0byBW3
85ynBO2OVOOBGjdp8uOsvgB5wCPHqKNdbZ+r9nYsgflN/k7EnrKEcHrweq6i9tGX
2fsDiuNbIdjfEImjTA+z7hvPSLeBLi69e/bfN+d5rz/loevOPiy4m02zA1kLrtzn
/fl1YhrTpmw4hW8++Df8DvVB133t1ho2wERS16AtgQSuVyAc1YQ5pZyYLar3l8Sm
3g6Ugly7W4k5rW9gWAJ+Y12HdixrO9UzoO9lzjmMIQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:42 2023 by rpki-client on console-fra.rpki-client.org