Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/nGglvIszQERTD9Pi3cddgyGR3m0.roa
File: nGglvIszQERTD9Pi3cddgyGR3m0.roa (raw, json)
Hash identifier: WriUeUSGI0d3/8pM8kLaB1vPbuIY3CC+J9rUZkAGafM=
Subject key identifier: 9C:68:25:BC:8B:33:40:44:53:0F:D3:E2:DD:C7:5D:83:21:91:DE:6D
Certificate issuer: /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial: 01857CF0EB2CCF2DBFB80137FE4F5A47FF1D
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/nGglvIszQERTD9Pi3cddgyGR3m0.roa
Signing time: Wed 04 Jan 2023 13:20:41 +0000
ROA not before: Wed 04 Jan 2023 13:20:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 6718
IP address blocks: 91.208.75.0/24 maxlen: 24
128.0.34.0/24 maxlen: 24
128.0.33.0/24 maxlen: 24
128.0.36.0/24 maxlen: 24
91.239.230.0/24 maxlen: 24
185.36.252.0/24 maxlen: 24
5.154.224.0/24 maxlen: 24
2a05:1c04::/32 maxlen: 32
2a05:1c00::/32 maxlen: 32
2a05:1c02::/32 maxlen: 32
2a00:ece0::/32 maxlen: 32
2a05:1c03::/32 maxlen: 32
2a04:6c80::/48 maxlen: 48
2a05:1c01::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:7c:f0:eb:2c:cf:2d:bf:b8:01:37:fe:4f:5a:47:ff:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Validity
Not Before: Jan 4 13:20:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9c6825bc8b334044530fd3e2ddc75d832191de6d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:2e:e5:d8:cc:6d:2c:a2:d4:92:52:73:08:d1:
ab:57:4a:fe:62:cc:69:79:30:69:8c:5e:12:7f:7d:
d9:83:bd:fb:18:a2:0d:c3:e9:cf:e0:71:f3:71:10:
f8:22:eb:73:1d:be:71:10:c6:06:99:88:96:00:45:
51:cf:7a:ee:19:d5:8f:e0:9a:4e:41:db:7d:41:0b:
a3:b7:e9:da:38:25:e1:86:8b:d5:75:db:37:59:b5:
de:74:73:e7:da:68:93:1b:5b:b0:53:76:26:97:91:
12:fd:7f:82:30:ea:75:39:e7:f2:bc:5b:f6:32:e0:
d3:11:19:35:39:a9:2e:45:e2:03:b9:d2:14:db:d5:
54:2d:c5:05:7b:d5:b5:5b:dd:3e:26:20:e4:09:a6:
ec:db:22:de:71:dc:27:4a:a3:24:9f:dc:07:af:a8:
06:c7:cf:5f:0a:26:ff:c3:ca:1c:56:12:a3:fc:77:
09:65:59:99:89:4f:26:b2:cb:b4:4f:f0:bf:50:bc:
a6:d5:8d:61:20:41:5b:ce:45:a0:ef:bd:e7:40:37:
62:82:9c:86:fb:8b:cb:ba:b5:6b:9e:36:ea:77:8e:
94:3a:9e:3f:f9:f5:50:3c:e8:67:3d:94:34:e2:9e:
40:6f:24:85:69:b7:d6:00:f1:51:30:4a:79:ef:d0:
32:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:68:25:BC:8B:33:40:44:53:0F:D3:E2:DD:C7:5D:83:21:91:DE:6D
X509v3 Authority Key Identifier:
keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/nGglvIszQERTD9Pi3cddgyGR3m0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.154.224.0/24
91.208.75.0/24
91.239.230.0/24
128.0.33.0-128.0.34.255
128.0.36.0/24
185.36.252.0/24
IPv6:
2a00:ece0::/32
2a04:6c80::/48
2a05:1c00::-2a05:1c04:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
79:4e:e6:13:cd:00:be:29:78:e3:2c:bb:39:e3:0d:1f:9e:2e:
9e:bb:6a:98:9b:bc:db:66:a5:f5:3b:5f:72:29:7d:0e:ce:4b:
d2:e3:d4:dd:e1:f2:0b:de:a3:b8:02:c2:f4:1f:cf:af:98:f7:
ff:ca:60:7e:8d:fd:78:4f:61:0a:da:db:8a:a1:ff:d0:9e:c7:
92:9c:7d:2f:f1:37:e1:14:f4:cc:6f:8e:83:9f:55:1f:84:dd:
4c:ee:fc:58:a7:18:d1:a3:6c:12:f4:e1:37:7a:29:3a:8b:23:
d6:4d:56:5d:65:b9:1e:38:40:2f:67:aa:09:13:c2:20:2b:7a:
5e:a0:2e:6a:8c:56:f8:11:0b:92:a9:b7:59:f9:f9:9f:73:22:
50:a4:d1:04:2e:e0:6b:e9:8d:82:c0:d1:d1:c4:32:83:11:b4:
9a:1d:1f:96:23:43:f7:9b:ab:86:cd:60:2f:1b:ee:64:54:ec:
ee:b2:14:3d:e9:37:df:02:b3:70:75:6a:48:ab:02:a4:be:51:
10:5b:31:ea:76:f3:63:39:d7:21:9f:53:18:a2:1b:71:7a:8f:
7e:c6:a7:7a:e5:6f:58:59:50:01:4e:42:39:e9:24:41:5e:c1:
2e:95:4a:b4:ec:66:a3:89:50:76:17:d5:62:5a:5e:19:67:5b:
8a:33:cf:81
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYV88Osszy2/uAE3/k9aR/8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzIwYWUxZGFjY2EzMTgxNWIyNzQ3MDI5MjdjMWE1YTlk
YmM3YjMwHhcNMjMwMTA0MTMyMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY4MjViYzhiMzM0MDQ0NTMwZmQzZTJkZGM3NWQ4MzIxOTFkZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAki7l2MxtLKLUklJzCNGrV0r+Ysxp
eTBpjF4Sf33Zg737GKINw+nP4HHzcRD4IutzHb5xEMYGmYiWAEVRz3ruGdWP4JpO
Qdt9QQujt+naOCXhhovVdds3WbXedHPn2miTG1uwU3Yml5ES/X+CMOp1OefyvFv2
MuDTERk1OakuReIDudIU29VULcUFe9W1W90+JiDkCabs2yLecdwnSqMkn9wHr6gG
x89fCib/w8ocVhKj/HcJZVmZiU8mssu0T/C/ULym1Y1hIEFbzkWg773nQDdigpyG
+4vLurVrnjbqd46UOp4/+fVQPOhnPZQ04p5AbySFabfWAPFRMEp579AyfwIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFJxoJbyLM0BEUw/T4t3HXYMhkd5tMB8GA1UdIwQY
MBaAFLDCCuHazKMYFbJ0cCknwaWp28ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYt
NTQ4NDQwMmNlYjdhLzEvbkdnbHZJc3pRRVJURDlQaTNjZGRneUdSM20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYtNTQ4NDQwMmNlYjdh
LzEvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzAyBAIAATAsAwQABZrgAwQA
W9BLAwQAW+/mMAwDBACAACEDBACAACIDBACAACQDBAC5JPwwJQQCAAIwHwMFACoA
7OADBwAqBGyAAAAwDQMEAioFHAMFACoFHAQwDQYJKoZIhvcNAQELBQADggEBAHlO
5hPNAL4peOMsuznjDR+eLp67apibvNtmpfU7X3IpfQ7OS9Lj1N3h8gveo7gCwvQf
z6+Y9//KYH6N/XhPYQra24qh/9Cex5KcfS/xN+EU9MxvjoOfVR+E3Uzu/FinGNGj
bBL04Td6KTqLI9ZNVl1luR44QC9nqgkTwiArel6gLmqMVvgRC5Kpt1n5+Z9zIlCk
0QQu4GvpjYLA0dHEMoMRtJodH5YjQ/ebq4bNYC8b7mRU7O6yFD3pN98Cs3B1akir
AqS+URBbMep282M51yGfUxiiG3F6j37Gp3rlb1hZUAFOQjnpJEFewS6VSrTsZqOJ
UHYX1WJaXhlnW4ozz4E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:08 2024 by rpki-client on console-ams.rpki-client.org