Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/wXLm0g-ujuz16j7IyizYCyI8-nQ.roa
File: wXLm0g-ujuz16j7IyizYCyI8-nQ.roa (raw, json)
Hash identifier: U4OfLZC9p+tab9sb+le0R889g996wnFhv7V/nck0A/Y=
Subject key identifier: C1:72:E6:D2:0F:AE:8E:EC:F5:EA:3E:C8:CA:2C:D8:0B:22:3C:FA:74
Certificate issuer: /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial: 01856F429DC124EFFF87D36410222F26B0EC
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/wXLm0g-ujuz16j7IyizYCyI8-nQ.roa
Signing time: Sun 01 Jan 2023 21:35:14 +0000
ROA not before: Sun 01 Jan 2023 21:35:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39783
IP address blocks: 185.35.184.0/22 maxlen: 24
46.226.8.0/21 maxlen: 24
193.93.220.0/22 maxlen: 24
62.122.248.0/21 maxlen: 24
91.192.220.0/22 maxlen: 24
185.7.60.0/22 maxlen: 24
91.189.168.0/21 maxlen: 24
91.189.168.0/24 maxlen: 24
2a02:2690::/32 maxlen: 32
2a01:488:bb06::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:42:9d:c1:24:ef:ff:87:d3:64:10:22:2f:26:b0:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Validity
Not Before: Jan 1 21:35:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c172e6d20fae8eecf5ea3ec8ca2cd80b223cfa74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:f8:30:16:04:f3:c8:c4:5c:aa:54:04:22:58:
ba:fb:3e:80:b4:62:a9:14:5a:87:47:ee:1e:b7:a2:
59:ba:cf:85:36:b1:09:00:5a:62:39:61:5c:93:f5:
a7:32:40:fb:6b:b7:1d:ca:a6:4c:03:9d:04:e2:88:
0b:e6:42:69:a7:ed:1a:2c:61:99:de:eb:82:0e:04:
df:dc:9b:27:a9:f0:28:d9:00:e3:e4:5e:45:ce:8a:
9a:26:4b:50:46:55:5f:0b:44:e0:57:52:13:0e:1c:
54:e1:7b:82:02:2d:56:09:ce:cb:bb:d5:1c:ac:8d:
eb:8f:c4:49:a5:5b:04:60:00:94:9b:47:2b:ef:fe:
ee:0e:69:70:ca:6d:6a:87:ea:d5:de:8e:a6:5b:5c:
45:ea:4b:e1:f3:ec:f9:cd:33:ad:c1:6d:d3:a0:10:
de:93:66:df:1d:99:b3:bf:3c:47:dd:b1:6b:f0:33:
a2:7e:3c:d3:00:7f:f9:05:e9:3d:ab:f9:6e:8e:f4:
a8:3e:64:b2:56:20:0f:dc:2d:0f:88:b5:6c:dd:e9:
a8:66:71:05:de:d8:ce:41:91:f3:6b:f6:74:5a:f7:
cc:3a:bb:21:1a:33:91:82:e9:15:9b:2f:97:ba:4a:
c1:cb:f9:18:26:d4:3f:2d:43:a5:3a:4e:ce:f3:78:
39:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:72:E6:D2:0F:AE:8E:EC:F5:EA:3E:C8:CA:2C:D8:0B:22:3C:FA:74
X509v3 Authority Key Identifier:
keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/wXLm0g-ujuz16j7IyizYCyI8-nQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.226.8.0/21
62.122.248.0/21
91.189.168.0/21
91.192.220.0/22
185.7.60.0/22
185.35.184.0/22
193.93.220.0/22
IPv6:
2a01:488:bb06::/48
2a02:2690::/32
Signature Algorithm: sha256WithRSAEncryption
73:50:a8:c1:4c:a2:72:bf:cb:7f:4a:89:ab:54:3b:76:e8:94:
31:30:4c:81:28:73:5b:2d:a3:b4:91:1e:a5:34:d2:8a:4c:bf:
73:49:15:65:71:b4:37:45:b5:09:7c:2c:46:8f:0b:ea:df:e6:
fe:64:73:ce:36:d2:91:10:4f:35:59:48:56:40:fe:cb:dc:7d:
1d:e4:f8:d6:4c:f1:af:eb:02:5c:07:1c:a2:c9:a1:39:24:d5:
ce:99:97:1c:d2:9d:47:a4:69:6b:9c:74:c4:ad:b1:da:3c:43:
2f:a8:1e:94:24:7d:94:bc:74:e9:21:47:61:b9:35:91:51:20:
f2:49:10:6c:f9:de:1a:a3:f2:42:a1:59:50:f2:b8:1b:88:66:
47:5e:2a:a2:2d:60:78:4e:48:92:43:40:8c:b1:f1:5a:82:e8:
16:f7:9c:68:82:73:40:f2:d7:64:6c:07:33:b2:c0:8c:a9:5c:
90:5a:e0:87:cc:67:22:ca:e0:20:98:80:aa:32:d9:00:1f:2f:
22:bb:ec:ab:56:71:c3:6e:9f:b1:67:6b:d1:c9:fd:b9:fb:88:
7f:f5:66:5e:c0:64:a8:81:44:61:a2:30:dc:f0:35:48:78:fc:
df:27:3d:ed:52:f3:92:97:ae:51:60:3e:46:eb:0f:6d:79:8f:
61:59:f1:6b
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYVvQp3BJO//h9NkECIvJrDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjMwMTAxMjEzNTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTcyZTZkMjBmYWU4ZWVjZjVlYTNlYzhjYTJjZDgwYjIyM2NmYTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9fgwFgTzyMRcqlQEIli6+z6AtGKp
FFqHR+4et6JZus+FNrEJAFpiOWFck/WnMkD7a7cdyqZMA50E4ogL5kJpp+0aLGGZ
3uuCDgTf3JsnqfAo2QDj5F5FzoqaJktQRlVfC0TgV1ITDhxU4XuCAi1WCc7Lu9Uc
rI3rj8RJpVsEYACUm0cr7/7uDmlwym1qh+rV3o6mW1xF6kvh8+z5zTOtwW3ToBDe
k2bfHZmzvzxH3bFr8DOifjzTAH/5Bek9q/lujvSoPmSyViAP3C0PiLVs3emoZnEF
3tjOQZHza/Z0WvfMOrshGjORgukVmy+XukrBy/kYJtQ/LUOlOk7O83g5RwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFMFy5tIPro7s9eo+yMos2AsiPPp0MB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvd1hMbTBnLXVqdXoxNmo3SXlpellDeUk4LW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAwBAIAATAqAwQDLuIIAwQD
Pnr4AwQDW72oAwQCW8DcAwQCuQc8AwQCuSO4AwQCwV3cMBYEAgACMBADBwAqAQSI
uwYDBQAqAiaQMA0GCSqGSIb3DQEBCwUAA4IBAQBzUKjBTKJyv8t/SomrVDt26JQx
MEyBKHNbLaO0kR6lNNKKTL9zSRVlcbQ3RbUJfCxGjwvq3+b+ZHPONtKREE81WUhW
QP7L3H0d5PjWTPGv6wJcBxyiyaE5JNXOmZcc0p1HpGlrnHTErbHaPEMvqB6UJH2U
vHTpIUdhuTWRUSDySRBs+d4ao/JCoVlQ8rgbiGZHXiqiLWB4TkiSQ0CMsfFagugW
95xognNA8tdkbAczssCMqVyQWuCHzGciyuAgmICqMtkAHy8iu+yrVnHDbp+xZ2vR
yf25+4h/9WZewGSogURhojDc8DVIePzfJz3tUvOSl65RYD5G6w9teY9hWfFr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:40 2024 by rpki-client on console-ams.rpki-client.org