Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZSoXkumR2tS2Kvk9eyv23cjttXk.roa
File: ZSoXkumR2tS2Kvk9eyv23cjttXk.roa (raw, json)
Hash identifier: mBZuOUEns8I0vH62td7nzaBA0qF/9tExD8D7E4tSwi4=
Subject key identifier: 65:2A:17:92:E9:91:DA:D4:B6:2A:F9:3D:7B:2B:F6:DD:C8:ED:B5:79
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 15333E84
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZSoXkumR2tS2Kvk9eyv23cjttXk.roa
Signing time: Thu 02 Jun 2022 08:47:20 +0000
ROA not before: Thu 02 Jun 2022 08:47:20 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 212.90.102.0/23 maxlen: 23
185.220.236.0/22 maxlen: 24
213.173.32.0/22 maxlen: 24
185.36.192.0/22 maxlen: 22
185.129.116.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 355679876 (0x15333e84)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jun 2 08:47:20 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=652a1792e991dad4b62af93d7b2bf6ddc8edb579
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:fe:8f:dc:4d:39:ea:cd:3c:bd:ba:56:63:44:
53:6c:3a:ad:c8:5a:b6:2d:db:9d:25:0f:ba:03:92:
f9:d4:56:19:b7:a3:53:ea:f4:6f:87:74:eb:dd:f1:
f5:3c:27:d5:38:9d:f0:e5:9a:d2:30:2d:13:bc:45:
75:54:f4:d3:cc:17:4d:ce:03:bf:20:1e:f3:68:c9:
65:d7:c9:6f:a3:eb:70:87:fe:34:34:2c:be:33:3b:
08:16:be:50:2b:7c:e2:e7:60:0d:21:94:51:89:aa:
ae:3d:12:4e:d2:c3:e5:3d:09:59:53:63:06:44:7b:
82:bc:3d:ad:60:b3:30:fc:49:6e:7e:3f:c9:d8:c5:
8b:b6:89:f5:fa:c8:5f:c9:c9:92:f0:1e:54:5f:f3:
12:cb:e6:ad:d3:be:fa:df:51:b8:61:01:96:36:52:
4e:62:f7:e7:71:43:12:b7:44:61:8d:5d:f7:37:45:
22:c5:e5:43:94:4c:ae:ad:ff:8c:9e:37:23:78:f5:
fa:87:a7:0d:ea:fe:d3:41:eb:0c:00:ff:0d:6f:68:
d7:6f:26:98:96:80:a0:ce:1c:bd:b9:d7:ac:08:86:
f5:2d:fb:c4:cd:f3:16:b7:d7:64:f1:48:b5:3d:4f:
4a:7a:1b:36:57:68:6c:90:5a:e3:d6:a9:29:65:cd:
0c:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:2A:17:92:E9:91:DA:D4:B6:2A:F9:3D:7B:2B:F6:DD:C8:ED:B5:79
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZSoXkumR2tS2Kvk9eyv23cjttXk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.36.192.0/22
185.129.116.0/22
185.220.236.0/22
212.90.102.0/23
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
38:5c:c5:65:6a:8c:74:55:40:ef:33:41:4c:79:14:35:f4:6a:
e8:be:f5:1c:df:66:e6:f0:7b:9f:87:e6:af:dd:7f:15:d1:d0:
fd:9f:10:88:54:b8:cc:88:5e:05:18:56:7d:2f:a1:40:c2:6e:
2c:2e:99:27:f6:be:27:89:f2:68:25:85:4b:cf:48:85:79:50:
de:cf:94:6d:53:a3:7e:a4:32:6a:a9:3d:32:fd:fe:42:56:57:
99:8b:97:1f:76:c9:8a:d3:47:27:d5:24:b3:16:d6:d8:c7:2e:
55:1a:d9:fe:43:ba:cb:5c:1c:ee:c0:d6:30:c4:2c:fa:1d:38:
1c:b6:be:91:6c:f8:c6:ca:bf:09:6a:a2:a8:72:ff:a4:d5:3b:
2b:a4:76:fa:8d:b5:4f:9b:60:92:6b:79:0b:b4:c8:db:f0:dd:
64:de:c8:05:64:0c:0e:86:ed:f9:b3:29:b3:4b:13:2c:ea:d4:
4f:14:5b:04:b8:de:57:2f:92:a8:2f:6c:6a:fa:3f:6c:d5:f6:
d3:07:93:b2:8b:32:ea:cf:20:e6:ba:af:34:0e:45:dc:10:a3:
5f:8f:c9:37:83:c3:7e:a6:e7:82:0d:d9:07:2f:70:42:a1:5e:
b6:12:7c:70:0e:ab:90:a4:02:24:cc:91:63:14:3f:41:5f:27:
ac:59:8d:fa
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEFTM+hDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDYw
MjA4NDcyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjUyYTE3OTJlOTkx
ZGFkNGI2MmFmOTNkN2IyYmY2ZGRjOGVkYjU3OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALf+j9xNOerNPL26VmNEU2w6rchati3bnSUPugOS+dRWGbej
U+r0b4d0693x9Twn1Tid8OWa0jAtE7xFdVT008wXTc4DvyAe82jJZdfJb6PrcIf+
NDQsvjM7CBa+UCt84udgDSGUUYmqrj0STtLD5T0JWVNjBkR7grw9rWCzMPxJbn4/
ydjFi7aJ9frIX8nJkvAeVF/zEsvmrdO++t9RuGEBljZSTmL353FDErdEYY1d9zdF
IsXlQ5RMrq3/jJ43I3j1+oenDer+00HrDAD/DW9o128mmJaAoM4cvbnXrAiG9S37
xM3zFrfXZPFItT1PSnobNldobJBa49apKWXNDD8CAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBRlKheS6ZHa1LYq+T17K/bdyO21eTAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
L1pTb1hrdW1SMnRTMkt2azlleXYyM2NqdHRYay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEArkkwAMEArmBdAMEArnc7AMEAdRa
ZgMEAtWtIDANBgkqhkiG9w0BAQsFAAOCAQEAOFzFZWqMdFVA7zNBTHkUNfRq6L71
HN9m5vB7n4fmr91/FdHQ/Z8QiFS4zIheBRhWfS+hQMJuLC6ZJ/a+J4nyaCWFS89I
hXlQ3s+UbVOjfqQyaqk9Mv3+QlZXmYuXH3bJitNHJ9UksxbW2McuVRrZ/kO6y1wc
7sDWMMQs+h04HLa+kWz4xsq/CWqiqHL/pNU7K6R2+o21T5tgkmt5C7TI2/DdZN7I
BWQMDobt+bMps0sTLOrUTxRbBLjeVy+SqC9savo/bNX20weTsosy6s8g5rqvNA5F
3BCjX4/JN4PDfqbngg3ZBy9wQqFethJ8cA6rkKQCJMyRYxQ/QV8nrFmN+g==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:45 2023 by rpki-client on console-fra.rpki-client.org