Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KcpuWyf1hBjYKm6HHnRL0cbPotg.roa
File: KcpuWyf1hBjYKm6HHnRL0cbPotg.roa (raw, json)
Hash identifier: kdImZLB46M+6qHJhrrcSOAFNQh+ukMPwPvjNDGb2EpM=
Subject key identifier: 29:CA:6E:5B:27:F5:84:18:D8:2A:6E:87:1E:74:4B:D1:C6:CF:A2:D8
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 13CFC9D7
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KcpuWyf1hBjYKm6HHnRL0cbPotg.roa
Signing time: Fri 18 Feb 2022 23:38:51 +0000
ROA not before: Fri 18 Feb 2022 23:38:51 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 85.8.164.0/22 maxlen: 24
212.90.100.0/22 maxlen: 24
185.248.184.0/22 maxlen: 24
185.220.236.0/22 maxlen: 24
188.253.0.0/23 maxlen: 24
91.132.59.0/24 maxlen: 24
193.36.73.0/24 maxlen: 24
193.36.85.0/24 maxlen: 24
193.36.84.0/24 maxlen: 24
212.87.192.0/22 maxlen: 24
185.234.144.0/22 maxlen: 24
185.59.115.0/24 maxlen: 24
82.115.16.0/24 maxlen: 24
82.115.20.0/23 maxlen: 24
82.115.18.0/23 maxlen: 24
82.115.24.0/22 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 332384727 (0x13cfc9d7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Feb 18 23:38:51 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=29ca6e5b27f58418d82a6e871e744bd1c6cfa2d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:bf:c8:dc:57:8f:74:b3:60:ff:10:17:9a:b8:
f1:6b:97:c0:10:ae:21:c3:f6:a5:96:55:03:df:57:
74:b4:be:46:21:fc:b8:06:44:6b:9b:f5:d6:04:56:
a3:9d:ff:1a:85:f5:7c:82:8c:39:f7:ba:9b:5e:e1:
fa:41:60:36:4b:48:06:c2:af:bb:6e:d9:06:2d:86:
05:0a:e8:61:11:5e:b1:45:d8:ae:4d:d2:f6:cb:b4:
6d:07:76:38:b6:36:c0:b4:e8:96:c9:0a:aa:60:26:
3d:cc:a1:2b:cc:16:ed:95:0c:07:68:2d:e5:f1:5a:
06:26:1f:5a:e3:e2:b0:78:5a:70:83:15:f2:42:77:
e4:30:39:69:f2:78:06:48:ea:06:0d:cc:28:89:53:
b5:8b:04:56:84:4c:2a:73:b8:33:fb:43:5f:cd:76:
53:82:f5:e6:90:9e:25:bb:7e:e4:66:e2:f1:d5:81:
41:1e:eb:bb:8a:1b:c6:72:c2:46:ae:08:ca:93:96:
ed:20:76:2e:d3:ce:7e:32:bf:79:fe:ed:f8:40:f5:
4b:ed:0f:1b:84:11:02:33:5d:32:83:be:29:1d:ca:
02:da:04:1d:ca:d9:8e:56:e2:fd:c9:11:fc:54:08:
da:07:11:de:ec:fb:51:f7:a7:0c:7f:e1:c4:02:8c:
95:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:CA:6E:5B:27:F5:84:18:D8:2A:6E:87:1E:74:4B:D1:C6:CF:A2:D8
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KcpuWyf1hBjYKm6HHnRL0cbPotg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.115.16.0/24
82.115.18.0-82.115.21.255
82.115.24.0/22
85.8.164.0/22
91.132.59.0/24
185.59.115.0/24
185.129.108.0/23
185.220.236.0/22
185.234.144.0/22
185.248.184.0/22
188.253.0.0/23
193.36.73.0/24
193.36.84.0/23
212.87.192.0/22
212.90.100.0/22
Signature Algorithm: sha256WithRSAEncryption
3c:de:63:f2:e3:d7:3e:ee:90:b2:cc:23:96:38:6c:cf:e4:f5:
bf:c9:ac:51:91:6f:e4:ae:47:61:d0:d5:6c:3d:26:ea:b6:72:
26:71:c8:44:8a:f4:8f:76:a2:ad:fe:04:38:ef:f9:9f:f5:5b:
59:b8:9b:f6:43:ff:fd:89:87:ea:b7:48:4b:20:13:a2:a6:85:
8e:a8:07:32:5e:1d:05:9c:11:90:7a:0d:cc:e1:0f:4f:8f:12:
46:03:66:43:2a:9d:d3:f6:d8:5b:b5:2b:94:db:4f:92:df:e5:
ea:89:6b:57:09:81:c3:32:4a:4f:18:09:03:ac:1a:52:59:56:
3e:10:0e:4c:86:8e:4b:e2:54:c7:a3:a9:63:10:f4:df:0c:f7:
3e:03:a6:36:2c:15:27:57:6e:a6:92:ec:0e:60:f8:78:f2:1e:
c3:a5:19:e2:1e:c6:c2:ee:ff:bf:86:2a:de:e4:a9:7c:f6:29:
e8:5b:d9:79:20:c2:f2:40:9e:2f:cc:3c:dd:7c:cc:05:f6:4b:
a2:8a:14:70:fe:99:74:7d:4f:bf:0d:a7:d2:4b:8e:62:ee:1a:
3c:fa:46:cd:ad:8a:66:f7:66:fd:0b:49:f7:af:6f:b5:40:b2:
ad:6b:e7:af:0d:0e:2b:08:f6:75:30:74:fc:3d:4f:e0:d2:fb:
e2:c2:bf:16
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgIEE8/J1zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDIx
ODIzMzg1MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjljYTZlNWIyN2Y1
ODQxOGQ4MmE2ZTg3MWU3NDRiZDFjNmNmYTJkODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANm/yNxXj3SzYP8QF5q48WuXwBCuIcP2pZZVA99XdLS+RiH8
uAZEa5v11gRWo53/GoX1fIKMOfe6m17h+kFgNktIBsKvu27ZBi2GBQroYRFesUXY
rk3S9su0bQd2OLY2wLTolskKqmAmPcyhK8wW7ZUMB2gt5fFaBiYfWuPisHhacIMV
8kJ35DA5afJ4BkjqBg3MKIlTtYsEVoRMKnO4M/tDX812U4L15pCeJbt+5Gbi8dWB
QR7ru4obxnLCRq4IypOW7SB2LtPOfjK/ef7t+ED1S+0PG4QRAjNdMoO+KR3KAtoE
HcrZjlbi/ckR/FQI2gcR3uz7UfenDH/hxAKMlYMCAwEAAaOCAmUwggJhMB0GA1Ud
DgQWBBQpym5bJ/WEGNgqbocedEvRxs+i2DAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
L0tjcHVXeWYxaEJqWUttNkhIblJMMGNiUG90Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB7
BggrBgEFBQcBBwEB/wRsMGowaAQCAAEwYgMEAFJzEDAMAwQBUnMSAwQBUnMUAwQC
UnMYAwQCVQikAwQAW4Q7AwQAuTtzAwQBuYFsAwQCudzsAwQCueqQAwQCufi4AwQB
vP0AAwQAwSRJAwQBwSRUAwQC1FfAAwQC1FpkMA0GCSqGSIb3DQEBCwUAA4IBAQA8
3mPy49c+7pCyzCOWOGzP5PW/yaxRkW/krkdh0NVsPSbqtnImcchEivSPdqKt/gQ4
7/mf9VtZuJv2Q//9iYfqt0hLIBOipoWOqAcyXh0FnBGQeg3M4Q9PjxJGA2ZDKp3T
9thbtSuU20+S3+XqiWtXCYHDMkpPGAkDrBpSWVY+EA5Mho5L4lTHo6ljEPTfDPc+
A6Y2LBUnV26mkuwOYPh48h7DpRniHsbC7v+/hire5Kl89inoW9l5IMLyQJ4vzDzd
fMwF9kuiihRw/pl0fU+/DafSS45i7ho8+kbNrYpm92b9C0n3r2+1QLKta+evDQ4r
CPZ1MHT8PU/g0vviwr8W
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:24 2023 by rpki-client on console-ams.rpki-client.org