Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/zQalUR1L_0nn1AVHH6zQYd2tHeE.roa
File: zQalUR1L_0nn1AVHH6zQYd2tHeE.roa (raw, json)
Hash identifier: PguxIZzOUnXq2c8f6/0RAzKrcqDu61zS1DzwGBKkIb8=
Subject key identifier: CD:06:A5:51:1D:4B:FF:49:E7:D4:05:47:1F:AC:D0:61:DD:AD:1D:E1
Certificate issuer: /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial: 018799A552DFE2B80E80DEF90DF3D34F29CC
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/zQalUR1L_0nn1AVHH6zQYd2tHeE.roa
Signing time: Wed 19 Apr 2023 13:12:41 +0000
ROA not before: Wed 19 Apr 2023 13:12:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39783
IP address blocks: 185.35.184.0/22 maxlen: 24
46.226.8.0/21 maxlen: 24
193.93.220.0/22 maxlen: 24
62.122.248.0/21 maxlen: 24
91.192.220.0/22 maxlen: 24
185.7.60.0/22 maxlen: 24
91.189.168.0/21 maxlen: 24
91.189.168.0/24 maxlen: 24
2a02:2690::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:99:a5:52:df:e2:b8:0e:80:de:f9:0d:f3:d3:4f:29:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Validity
Not Before: Apr 19 13:12:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cd06a5511d4bff49e7d405471facd061ddad1de1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:1a:05:9b:f1:f6:0a:3f:59:90:5b:bb:de:b3:
9d:a7:b0:06:11:4d:b2:e7:7b:77:aa:68:5d:58:e2:
33:d2:d2:28:d1:b8:88:f9:62:fd:db:4f:8a:a3:63:
58:4a:07:b7:cc:d2:6e:bc:54:6b:42:e7:f6:80:2c:
6a:88:ca:24:40:0d:a0:bd:6a:e3:ae:af:87:38:f6:
bd:57:7a:65:fa:4b:88:7f:19:8a:50:37:21:cd:1e:
18:37:bc:4c:a7:ad:0c:0c:ed:4d:c3:c3:50:0e:42:
b2:ac:95:12:41:ec:21:03:67:b0:4f:a4:cf:f9:11:
92:69:f0:09:8f:ab:a2:92:d5:1b:69:6c:5d:8c:7d:
ce:9a:26:a3:03:cb:e1:1a:dc:8a:03:e6:14:76:5a:
81:97:d8:66:85:09:67:83:5f:da:c9:a9:19:33:e9:
7a:cc:5e:fe:e8:2e:a4:f3:3a:3f:a2:2d:c3:34:4a:
4c:8b:5d:a2:1e:48:84:7d:21:5b:4b:6c:98:ab:8b:
3e:a3:c8:d6:68:e5:44:8d:9c:df:98:d7:87:c8:43:
1c:dc:ea:d5:6e:58:19:e0:25:e4:59:8c:9d:b3:39:
9e:41:e1:c4:dd:54:3b:38:8a:1f:59:18:cd:49:38:
bb:0e:0f:ca:9b:77:38:62:09:90:c9:74:fd:d5:3e:
4c:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:06:A5:51:1D:4B:FF:49:E7:D4:05:47:1F:AC:D0:61:DD:AD:1D:E1
X509v3 Authority Key Identifier:
keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/zQalUR1L_0nn1AVHH6zQYd2tHeE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.226.8.0/21
62.122.248.0/21
91.189.168.0/21
91.192.220.0/22
185.7.60.0/22
185.35.184.0/22
193.93.220.0/22
IPv6:
2a02:2690::/32
Signature Algorithm: sha256WithRSAEncryption
9d:22:76:9a:49:fb:c9:43:5a:e8:80:e3:fd:29:a9:83:20:9c:
1b:42:6c:ad:04:23:0c:ba:ab:71:22:64:8a:ab:a7:41:07:28:
c3:c5:69:ea:00:98:6d:62:05:93:e5:cc:d8:ba:61:8e:d1:28:
97:18:23:ff:67:67:40:69:5d:9d:6a:e0:75:23:80:d7:19:14:
42:48:1f:1e:bf:af:5c:33:63:10:a5:e3:aa:d3:7f:7c:07:95:
72:64:d3:1b:df:ed:30:36:86:5c:fd:2e:ac:20:de:60:e2:54:
a0:6b:1d:15:86:58:c1:e3:6a:f3:96:90:3d:29:42:0c:1e:24:
b3:f6:e1:3e:82:a2:2d:0e:d9:fa:4a:fc:8c:87:65:6e:fa:40:
29:71:a8:5e:e6:39:02:62:98:b4:a9:81:71:7b:b2:a3:be:36:
68:de:9e:16:db:84:fa:61:ee:d4:ff:78:c2:98:53:18:1d:39:
2e:6c:c9:bc:f2:b7:76:cc:d7:a0:84:f2:f1:d1:5f:28:66:46:
2d:14:d2:28:d5:d7:91:59:93:ff:f2:dc:20:86:f7:14:8d:e7:
9c:8b:4b:b7:17:d2:34:21:49:c8:88:b1:9d:2a:a0:a9:88:fc:
ba:5a:04:c4:46:8b:cf:da:e7:8c:91:e0:40:56:b9:ce:72:17:
5d:55:e4:0d
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYeZpVLf4rgOgN75DfPTTynMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjMwNDE5MTMxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDA2YTU1MTFkNGJmZjQ5ZTdkNDA1NDcxZmFjZDA2MWRkYWQxZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRoFm/H2Cj9ZkFu73rOdp7AGEU2y
53t3qmhdWOIz0tIo0biI+WL920+Ko2NYSge3zNJuvFRrQuf2gCxqiMokQA2gvWrj
rq+HOPa9V3pl+kuIfxmKUDchzR4YN7xMp60MDO1Nw8NQDkKyrJUSQewhA2ewT6TP
+RGSafAJj6uiktUbaWxdjH3OmiajA8vhGtyKA+YUdlqBl9hmhQlng1/ayakZM+l6
zF7+6C6k8zo/oi3DNEpMi12iHkiEfSFbS2yYq4s+o8jWaOVEjZzfmNeHyEMc3OrV
blgZ4CXkWYydszmeQeHE3VQ7OIofWRjNSTi7Dg/Km3c4YgmQyXT91T5MhQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFM0GpVEdS/9J59QFRx+s0GHdrR3hMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvelFhbFVSMUxfMG5uMUFWSEg2elFZZDJ0SGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDLuIIAwQD
Pnr4AwQDW72oAwQCW8DcAwQCuQc8AwQCuSO4AwQCwV3cMA0EAgACMAcDBQAqAiaQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCdInaaSfvJQ1rogOP9KamDIJwbQmytBCMMuqtx
ImSKq6dBByjDxWnqAJhtYgWT5czYumGO0SiXGCP/Z2dAaV2dauB1I4DXGRRCSB8e
v69cM2MQpeOq0398B5VyZNMb3+0wNoZc/S6sIN5g4lSgax0VhljB42rzlpA9KUIM
HiSz9uE+gqItDtn6SvyMh2Vu+kApcahe5jkCYpi0qYFxe7KjvjZo3p4W24T6Ye7U
/3jCmFMYHTkubMm88rd2zNeghPLx0V8oZkYtFNIo1deRWZP/8twghvcUjeeci0u3
F9I0IUnIiLGdKqCpiPy6WgTERovP2ueMkeBAVrnOchddVeQN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:03 2024 by rpki-client on console-fra.rpki-client.org