Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/glKnMAsV1h_rUPUEnStJdE-Qb9Q.roa
File: glKnMAsV1h_rUPUEnStJdE-Qb9Q.roa (raw, json)
Hash identifier: c4JDzv9zyYKaHKWxd61+AcOiry2I/yAtcGaiMOagl3Y=
Subject key identifier: 82:52:A7:30:0B:15:D6:1F:EB:50:F5:04:9D:2B:49:74:4F:90:6F:D4
Certificate issuer: /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial: 01856F429C4A7B295FA5758750E33F0AB57E
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/glKnMAsV1h_rUPUEnStJdE-Qb9Q.roa
Signing time: Sun 01 Jan 2023 21:35:14 +0000
ROA not before: Sun 01 Jan 2023 21:35:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34289
IP address blocks: 92.204.0.0/15 maxlen: 24
2a01:7a0::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:42:9c:4a:7b:29:5f:a5:75:87:50:e3:3f:0a:b5:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Validity
Not Before: Jan 1 21:35:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8252a7300b15d61feb50f5049d2b49744f906fd4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:bd:5d:93:f0:e8:1c:6c:07:53:f6:be:13:5f:
dd:e9:4d:fc:b9:eb:1f:bd:94:fa:9e:c2:1b:19:ca:
69:5c:9d:53:e5:e2:0b:eb:21:5c:0d:11:83:a5:3f:
cc:73:a3:fb:28:3d:2e:2b:84:57:31:57:f7:e5:b0:
e7:ea:65:9b:16:39:66:8b:13:28:ed:6b:fb:49:22:
fa:10:c2:dd:e1:d2:af:e2:9c:61:a7:4f:13:12:48:
20:5d:31:29:95:73:a5:d0:cf:90:79:1b:8d:2b:58:
76:0f:f0:fc:e0:68:3d:f4:bf:64:77:81:cd:ae:93:
6e:c6:3e:82:e2:95:d3:cd:65:da:a9:4d:1c:7d:23:
72:be:cd:1a:45:7b:79:d3:3d:ad:c1:4a:68:05:9e:
1d:3c:91:39:43:a2:8d:14:9b:ae:51:87:97:50:40:
00:66:70:e4:35:43:b5:84:3b:fd:15:55:fb:6c:86:
fd:49:c5:c0:9b:ad:60:86:06:43:3d:59:09:df:1f:
48:65:21:a5:a2:82:e3:39:60:87:4b:68:52:81:d8:
58:83:82:0b:14:e6:06:c7:be:48:a9:e6:0a:ba:97:
d5:04:67:df:7e:aa:ef:38:dc:a0:4a:eb:66:b0:5e:
7d:55:fd:6e:72:23:33:e2:e1:8c:bb:d8:09:ba:63:
a5:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:52:A7:30:0B:15:D6:1F:EB:50:F5:04:9D:2B:49:74:4F:90:6F:D4
X509v3 Authority Key Identifier:
keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/glKnMAsV1h_rUPUEnStJdE-Qb9Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.204.0.0/15
IPv6:
2a01:7a0::/29
Signature Algorithm: sha256WithRSAEncryption
2d:a7:66:ef:37:2a:1a:6d:c9:e5:7f:48:88:55:52:5a:a7:44:
c7:74:fb:ff:e2:c9:ec:e8:dc:00:4f:b6:7e:6b:08:cf:4e:5c:
31:ac:82:f7:52:2b:2e:fa:f5:3a:5f:ce:c5:fe:d3:fe:8f:aa:
82:a2:45:01:27:9c:6c:25:92:61:60:82:4e:17:41:b5:8f:c7:
36:f6:c3:d3:bd:8f:ba:a7:c5:72:38:2f:f8:57:0b:a1:5f:a3:
cc:e4:a4:da:de:25:ac:0a:b2:cc:4b:2e:76:1d:a0:42:a3:1e:
fd:f4:8a:52:e0:f6:a6:79:a9:10:ef:e4:64:a7:f5:ee:a0:02:
ca:1e:5e:63:24:db:74:b4:ae:0f:c7:78:28:df:40:54:56:2b:
5f:1e:8f:9e:e5:f3:d4:fa:f3:1a:16:9a:78:dc:d4:db:bb:df:
2e:e4:29:95:e8:31:4b:81:21:6b:e8:ec:71:ea:a2:09:85:f2:
eb:75:5e:cc:bc:13:56:8c:0e:d8:7a:fa:36:09:35:d8:e5:f9:
80:cd:41:35:bb:83:10:bc:47:4c:4a:a6:1e:79:86:fd:a1:f4:
17:ac:69:9a:28:00:98:8b:d2:3f:54:a3:7e:d7:a8:1a:68:d9:
11:fd:27:da:c9:46:bc:1e:5c:9a:36:6a:fc:db:d0:48:de:fd:
46:81:6b:5d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVvQpxKeylfpXWHUOM/CrV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjMwMTAxMjEzNTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjUyYTczMDBiMTVkNjFmZWI1MGY1MDQ5ZDJiNDk3NDRmOTA2ZmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoL1dk/DoHGwHU/a+E1/d6U38uesf
vZT6nsIbGcppXJ1T5eIL6yFcDRGDpT/Mc6P7KD0uK4RXMVf35bDn6mWbFjlmixMo
7Wv7SSL6EMLd4dKv4pxhp08TEkggXTEplXOl0M+QeRuNK1h2D/D84Gg99L9kd4HN
rpNuxj6C4pXTzWXaqU0cfSNyvs0aRXt50z2twUpoBZ4dPJE5Q6KNFJuuUYeXUEAA
ZnDkNUO1hDv9FVX7bIb9ScXAm61ghgZDPVkJ3x9IZSGlooLjOWCHS2hSgdhYg4IL
FOYGx75IqeYKupfVBGfffqrvONygSutmsF59Vf1uciMz4uGMu9gJumOlnwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIJSpzALFdYf61D1BJ0rSXRPkG/UMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvZ2xLbk1Bc1YxaF9yVVBVRW5TdEpkRS1RYjlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMBXMwwDQQC
AAIwBwMFAyoBB6AwDQYJKoZIhvcNAQELBQADggEBAC2nZu83KhptyeV/SIhVUlqn
RMd0+//iyezo3ABPtn5rCM9OXDGsgvdSKy769TpfzsX+0/6PqoKiRQEnnGwlkmFg
gk4XQbWPxzb2w9O9j7qnxXI4L/hXC6Ffo8zkpNreJawKssxLLnYdoEKjHv30ilLg
9qZ5qRDv5GSn9e6gAsoeXmMk23S0rg/HeCjfQFRWK18ej57l89T68xoWmnjc1Nu7
3y7kKZXoMUuBIWvo7HHqogmF8ut1Xsy8E1aMDth6+jYJNdjl+YDNQTW7gxC8R0xK
ph55hv2h9BesaZooAJiL0j9Uo37XqBpo2RH9J9rJRrweXJo2avzb0Eje/UaBa10=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:03 2024 by rpki-client on console-fra.rpki-client.org