Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/OpCxv-knVJ6nB4tc2pIeIwvcs88.roa
File: OpCxv-knVJ6nB4tc2pIeIwvcs88.roa (raw, json)
Hash identifier: 2BAwFTxj3ZsEqq3umII2rBf4sdNAsgDNQzCT9u8JTYc=
Subject key identifier: 3A:90:B1:BF:E9:27:54:9E:A7:07:8B:5C:DA:92:1E:23:0B:DC:B3:CF
Certificate issuer: /CN=bfabf5a474afe7212331670e831e119da38f284f
Certificate serial: 0B1BD631
Authority key identifier: BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/OpCxv-knVJ6nB4tc2pIeIwvcs88.roa
Signing time: Wed 11 May 2022 16:22:03 +0000
ROA not before: Wed 11 May 2022 16:22:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 21232
IP address blocks: 185.41.132.0/22 maxlen: 22
185.108.244.0/22 maxlen: 22
213.188.32.0/19 maxlen: 19
185.70.68.0/22 maxlen: 22
185.110.184.0/22 maxlen: 22
185.119.36.0/22 maxlen: 22
62.32.0.0/19 maxlen: 19
185.41.76.0/22 maxlen: 22
82.192.224.0/19 maxlen: 19
185.110.88.0/22 maxlen: 22
77.74.56.0/21 maxlen: 21
213.160.32.0/19 maxlen: 19
79.142.128.0/20 maxlen: 20
195.216.64.0/19 maxlen: 19
185.132.16.0/22 maxlen: 22
185.64.184.0/22 maxlen: 22
185.31.248.0/22 maxlen: 22
185.110.72.0/22 maxlen: 22
185.45.236.0/22 maxlen: 22
93.184.16.0/20 maxlen: 20
2a02:5c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 186373681 (0xb1bd631)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfabf5a474afe7212331670e831e119da38f284f
Validity
Not Before: May 11 16:22:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3a90b1bfe927549ea7078b5cda921e230bdcb3cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:12:bd:6f:77:4d:b6:70:6a:73:88:76:36:55:
1f:a8:02:b6:0e:a0:05:12:f7:db:b0:87:70:16:32:
1e:42:12:9b:02:45:e9:fc:7a:bc:34:3a:4f:5b:f5:
1b:38:36:cf:5d:ef:ea:80:4e:38:e2:41:aa:3b:9d:
7a:43:41:d6:30:8c:0c:0f:bc:18:b0:f7:c7:aa:89:
3a:a1:82:9e:79:d0:3a:57:60:aa:f4:53:09:e7:67:
d5:9b:9f:b9:32:66:63:bd:18:17:e5:d3:49:ea:59:
10:69:71:af:15:f4:33:db:d0:c2:93:8a:3c:6f:fa:
96:96:2a:db:23:b0:cf:07:62:6b:b1:a7:59:7d:97:
88:c8:76:50:5e:29:fd:7c:b4:77:01:d5:36:62:d9:
51:a0:91:5c:b4:1b:b0:f4:a0:8a:23:13:f4:b3:04:
a2:34:00:11:b7:f9:25:48:bc:4c:87:6b:06:31:5f:
9a:0f:be:3e:05:54:d5:25:29:44:e9:0e:ba:a4:0b:
0e:91:14:7a:8c:06:ef:d0:b2:a7:96:4a:6d:ed:01:
97:4d:3b:de:50:35:75:e2:39:8f:9b:bb:08:7d:43:
ed:44:eb:5f:08:3b:3d:da:84:42:54:78:f6:ef:eb:
76:19:ac:07:35:4e:cf:8e:28:68:f0:6d:f2:ad:c7:
8a:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:90:B1:BF:E9:27:54:9E:A7:07:8B:5C:DA:92:1E:23:0B:DC:B3:CF
X509v3 Authority Key Identifier:
keyid:BF:AB:F5:A4:74:AF:E7:21:23:31:67:0E:83:1E:11:9D:A3:8F:28:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v6v1pHSv5yEjMWcOgx4RnaOPKE8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/OpCxv-knVJ6nB4tc2pIeIwvcs88.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0188da-3655-482d-881b-febbc4a3b45b/1/v6v1pHSv5yEjMWcOgx4RnaOPKE8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.32.0.0/19
77.74.56.0/21
79.142.128.0/20
82.192.224.0/19
93.184.16.0/20
185.31.248.0/22
185.41.76.0/22
185.41.132.0/22
185.45.236.0/22
185.64.184.0/22
185.70.68.0/22
185.108.244.0/22
185.110.72.0/22
185.110.88.0/22
185.110.184.0/22
185.119.36.0/22
185.132.16.0/22
195.216.64.0/19
213.160.32.0/19
213.188.32.0/19
IPv6:
2a02:5c0::/32
Signature Algorithm: sha256WithRSAEncryption
96:bc:00:ad:7f:30:35:7a:28:b1:ee:3f:f1:d6:57:ac:2f:db:
7e:c5:17:f5:e2:86:a1:6a:df:76:58:7e:2f:b8:dc:66:71:4f:
d8:e3:b0:b5:b2:dc:55:f3:e8:61:67:c5:23:b9:74:c8:49:f3:
76:98:68:ad:17:c9:d2:a2:48:0f:e1:cc:53:a3:5b:05:ad:df:
b8:90:8b:0c:1d:52:95:8a:38:4f:29:62:42:db:7b:b1:cd:14:
ee:d7:ff:a6:3d:56:60:53:c0:7f:7d:86:9c:84:de:16:00:95:
d7:77:bc:3a:0d:97:79:e8:db:78:bc:36:ac:e4:c6:51:97:b2:
bb:5c:75:8d:31:1e:05:35:41:6f:a3:4e:cf:7d:5d:56:0a:02:
d6:63:ed:ac:60:ed:79:c2:c9:e7:4b:9f:7a:9c:f0:84:40:93:
fb:a4:ac:22:b6:92:a4:d3:9e:ff:dc:1b:24:da:a4:e9:d3:b6:
75:26:80:ee:5d:dc:cb:71:9b:60:02:6b:7d:8a:ba:8b:27:5b:
e7:d5:d2:29:fc:51:ef:cc:56:c2:8f:2e:22:30:21:f9:65:ec:
33:eb:13:11:67:fb:77:1e:83:45:4b:06:e2:6f:a4:3f:9c:cf:
2a:2e:91:89:4a:e6:a7:31:f2:7e:30:6e:89:81:87:74:b1:8f:
5f:3d:52:f3
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIECxvWMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZmFiZjVhNDc0YWZlNzIxMjMzMTY3MGU4MzFlMTE5ZGEzOGYyODRmMB4XDTIyMDUx
MTE2MjIwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2E5MGIxYmZlOTI3
NTQ5ZWE3MDc4YjVjZGE5MjFlMjMwYmRjYjNjZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMISvW93TbZwanOIdjZVH6gCtg6gBRL327CHcBYyHkISmwJF
6fx6vDQ6T1v1Gzg2z13v6oBOOOJBqjudekNB1jCMDA+8GLD3x6qJOqGCnnnQOldg
qvRTCedn1ZufuTJmY70YF+XTSepZEGlxrxX0M9vQwpOKPG/6lpYq2yOwzwdia7Gn
WX2XiMh2UF4p/Xy0dwHVNmLZUaCRXLQbsPSgiiMT9LMEojQAEbf5JUi8TIdrBjFf
mg++PgVU1SUpROkOuqQLDpEUeowG79Cyp5ZKbe0Bl0073lA1deI5j5u7CH1D7UTr
Xwg7PdqEQlR49u/rdhmsBzVOz44oaPBt8q3HirMCAwEAAaOCAo0wggKJMB0GA1Ud
DgQWBBQ6kLG/6SdUnqcHi1zakh4jC9yzzzAfBgNVHSMEGDAWgBS/q/WkdK/nISMx
Zw6DHhGdo48oTzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3Y2djFwSFN2NXlFak1XY09neDRSbmFPUEtFOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjEvMDE4OGRhLTM2NTUtNDgyZC04ODFiLWZlYmJjNGEzYjQ1Yi8x
L09wQ3h2LWtuVko2bkI0dGMycEllSXd2Y3M4OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEv
MDE4OGRhLTM2NTUtNDgyZC04ODFiLWZlYmJjNGEzYjQ1Yi8xL3Y2djFwSFN2NXlF
ak1XY09neDRSbmFPUEtFOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
ogYIKwYBBQUHAQcBAf8EgZIwgY8wfgQCAAEweAMEBT4gAAMEA01KOAMEBE+OgAME
BVLA4AMEBF24EAMEArkf+AMEArkpTAMEArkphAMEArkt7AMEArlAuAMEArlGRAME
Arls9AMEArluSAMEArluWAMEArluuAMEArl3JAMEArmEEAMEBcPYQAMEBdWgIAME
BdW8IDANBAIAAjAHAwUAKgIFwDANBgkqhkiG9w0BAQsFAAOCAQEAlrwArX8wNXoo
se4/8dZXrC/bfsUX9eKGoWrfdlh+L7jcZnFP2OOwtbLcVfPoYWfFI7l0yEnzdpho
rRfJ0qJID+HMU6NbBa3fuJCLDB1SlYo4TyliQtt7sc0U7tf/pj1WYFPAf32GnITe
FgCV13e8Og2XeejbeLw2rOTGUZeyu1x1jTEeBTVBb6NOz31dVgoC1mPtrGDtecLJ
50ufepzwhECT+6SsIraSpNOe/9wbJNqk6dO2dSaA7l3cy3GbYAJrfYq6iydb59XS
KfxR78xWwo8uIjAh+WXsM+sTEWf7dx6DRUsG4m+kP5zPKi6RiUrmpzHyfjBuiYGH
dLGPXz1S8w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:13 2024 by rpki-client on console-fra.rpki-client.org