Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/Wzg9IWF1P4Tjlk77RORiGZkVnXA.roa
File: Wzg9IWF1P4Tjlk77RORiGZkVnXA.roa (raw, json)
Hash identifier: yJ4rLAAI9+B98B94C1ZjRPYh4osmPLsWc63Ygl3yP6s=
Subject key identifier: 5B:38:3D:21:61:75:3F:84:E3:96:4E:FB:44:E4:62:19:99:15:9D:70
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 0184E9E2E67E2EC13440037C14CBC106F146
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/Wzg9IWF1P4Tjlk77RORiGZkVnXA.roa
Signing time: Wed 07 Dec 2022 00:01:12 +0000
ROA not before: Wed 07 Dec 2022 00:01:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 13285
IP address blocks: 78.144.0.0/13 maxlen: 24
2.96.0.0/13 maxlen: 24
217.68.128.0/20 maxlen: 24
84.13.0.0/16 maxlen: 24
185.173.120.0/22 maxlen: 24
92.0.0.0/11 maxlen: 24
62.24.128.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
212.139.148.0/22 maxlen: 22
91.146.112.0/21 maxlen: 24
62.241.160.0/19 maxlen: 24
185.173.116.0/22 maxlen: 24
212.139.133.0/24 maxlen: 24
2001:4a00::/27 maxlen: 27
2001:7e0::/32 maxlen: 32
2a0b:e900::/29 maxlen: 29
2a0b:db00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e9:e2:e6:7e:2e:c1:34:40:03:7c:14:cb:c1:06:f1:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Dec 7 00:01:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5b383d2161753f84e3964efb44e4621999159d70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:c7:27:07:04:be:ba:21:7f:4d:55:a9:e3:cc:
7e:24:cf:21:22:05:4b:35:00:4a:ac:fb:9a:e5:e6:
46:15:3d:ed:a3:49:da:47:52:7d:39:fb:b8:b9:1e:
c2:bd:1e:8a:5e:54:00:02:bc:fe:4d:9a:09:d4:29:
fb:4a:0b:2d:5b:d8:ff:a7:1f:60:9d:39:41:a6:2c:
b6:6c:6b:2c:88:30:e1:20:2e:4e:e3:78:2d:42:f7:
04:91:0a:9d:49:1a:76:8e:e3:03:58:4d:19:35:9d:
9b:59:fc:87:39:12:01:1a:d3:aa:4b:f0:02:cf:62:
0c:b4:72:de:9e:44:d6:03:b6:02:24:81:f7:9f:46:
c9:49:c0:02:73:1c:88:1c:8e:1f:6b:cb:c7:f8:fd:
38:53:e5:67:60:46:7f:76:1a:c3:2f:0b:6f:14:3b:
b3:59:3b:a7:cb:49:b4:a5:95:cc:b2:cc:48:ab:96:
7a:6f:04:6a:8a:56:8c:f2:f6:31:8f:08:d2:15:d6:
04:16:39:95:3b:f2:f2:a7:a0:57:b7:12:41:66:3d:
fe:40:35:84:ec:a5:91:3b:b0:43:23:3b:d1:62:b4:
58:d3:56:13:30:78:d9:e4:50:86:fe:33:10:c5:ce:
e4:cf:76:6d:9c:69:77:c1:39:9a:25:2e:01:6e:99:
db:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:38:3D:21:61:75:3F:84:E3:96:4E:FB:44:E4:62:19:99:15:9D:70
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/Wzg9IWF1P4Tjlk77RORiGZkVnXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
84.13.0.0/16
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
185.173.116.0-185.173.123.255
212.139.133.0/24
212.139.148.0/22
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
54:1a:a9:56:5a:44:7c:80:31:a6:d9:95:07:a4:2c:51:33:e5:
b6:f6:0d:f6:fa:56:5c:00:c3:98:90:21:cf:6f:2e:0a:31:86:
f0:5c:df:41:85:a6:f5:1e:c0:7d:27:6f:c8:9f:86:09:af:a4:
c2:58:c5:f9:13:ce:28:56:b8:88:d5:7d:34:73:21:d4:f6:f6:
e3:2d:5a:10:d7:aa:73:0e:e5:a9:dd:64:26:21:dd:bb:5f:53:
c0:c5:2a:5c:3c:17:61:0f:94:8d:73:dd:e0:fd:21:b1:22:15:
8e:7d:f3:22:be:63:c8:d7:e0:91:2e:56:5c:82:a8:a4:30:5b:
75:67:25:48:23:75:f2:bd:d6:82:f8:7a:78:ff:5d:1a:9f:6a:
75:bf:ed:be:5b:0f:2d:20:2f:a6:b6:68:d8:5d:ea:e6:0f:f4:
92:eb:94:37:61:75:6c:dd:aa:fb:c5:00:61:e6:89:50:da:db:
12:a2:0f:2e:21:a6:ac:43:bd:7e:62:77:e3:4d:22:a8:7c:2c:
a5:1a:9c:e9:55:15:c3:1c:df:fd:1d:1b:61:aa:d5:f8:63:13:
2f:ba:05:22:a4:35:e3:cc:c3:ba:23:ec:2c:49:26:c4:03:71:
a8:ad:ea:f8:74:08:45:72:7a:2b:b8:12:be:50:aa:12:84:37:
33:59:f6:c0
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgISAYTp4uZ+LsE0QAN8FMvBBvFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjIxMjA3MDAwMTEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjM4M2QyMTYxNzUzZjg0ZTM5NjRlZmI0NGU0NjIxOTk5MTU5ZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArccnBwS+uiF/TVWp48x+JM8hIgVL
NQBKrPua5eZGFT3to0naR1J9Ofu4uR7CvR6KXlQAArz+TZoJ1Cn7SgstW9j/px9g
nTlBpiy2bGssiDDhIC5O43gtQvcEkQqdSRp2juMDWE0ZNZ2bWfyHORIBGtOqS/AC
z2IMtHLenkTWA7YCJIH3n0bJScACcxyIHI4fa8vH+P04U+VnYEZ/dhrDLwtvFDuz
WTuny0m0pZXMssxIq5Z6bwRqilaM8vYxjwjSFdYEFjmVO/Lyp6BXtxJBZj3+QDWE
7KWRO7BDIzvRYrRY01YTMHjZ5FCG/jMQxc7kz3ZtnGl3wTmaJS4BbpnbXQIDAQAB
o4ICczCCAm8wHQYDVR0OBBYEFFs4PSFhdT+E45ZO+0TkYhmZFZ1wMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvV3pnOUlXRjFQNFRqbGs3N1JPUmlHWmtWblhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGIBggrBgEFBQcBBwEB/wR5MHcwUQQCAAEwSwMDAwJgAwQH
PhiAAwQFPvGgAwMDTpADAwBUDQMDAlnwAwQDW5JwAwMFXAAwDAMEArmtdAMEArmt
eAMEANSLhQMEAtSLlAMEBNlEgDAiBAIAAjAcAwUAIAEH4AMFBSABSgADBQMqC9sA
AwUDKgvpADANBgkqhkiG9w0BAQsFAAOCAQEAVBqpVlpEfIAxptmVB6QsUTPltvYN
9vpWXADDmJAhz28uCjGG8FzfQYWm9R7AfSdvyJ+GCa+kwljF+RPOKFa4iNV9NHMh
1Pb24y1aENeqcw7lqd1kJiHdu19TwMUqXDwXYQ+UjXPd4P0hsSIVjn3zIr5jyNfg
kS5WXIKopDBbdWclSCN18r3Wgvh6eP9dGp9qdb/tvlsPLSAvprZo2F3q5g/0kuuU
N2F1bN2q+8UAYeaJUNrbEqIPLiGmrEO9fmJ3400iqHwspRqc6VUVwxzf/R0bYarV
+GMTL7oFIqQ148zDuiPsLEkmxANxqK3q+HQIRXJ6K7gSvlCqEoQ3M1n2wA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:37 2023 by rpki-client on console-ams.rpki-client.org