Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/IcynLYw5LjGLmzHlHg6JhmemusQ.roa
File: IcynLYw5LjGLmzHlHg6JhmemusQ.roa (raw, json)
Hash identifier: j0sysBO3VkUyNqjyQbn28H/xOKvyJtMYkUVakZ05kWk=
Subject key identifier: 21:CC:A7:2D:8C:39:2E:31:8B:9B:31:E5:1E:0E:89:86:67:A6:BA:C4
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0A9FDDEC
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/IcynLYw5LjGLmzHlHg6JhmemusQ.roa
Signing time: Thu 24 Mar 2022 15:09:52 +0000
ROA not before: Thu 24 Mar 2022 15:09:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 171.22.146.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
177.222.64.0/19 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.13.0/24 maxlen: 24
89.46.98.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 178249196 (0xa9fddec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Mar 24 15:09:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=21cca72d8c392e318b9b31e51e0e898667a6bac4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:b8:ec:31:10:59:47:79:99:b8:6f:d6:3c:38:
cf:dc:11:c0:ec:4b:63:cc:fe:23:ad:e5:c3:39:04:
36:3f:9a:8a:88:0f:20:5c:ba:fc:fd:2f:2b:c3:6d:
2d:01:00:ab:39:a2:2a:27:33:09:46:fb:50:0d:db:
05:2f:63:92:13:18:d1:1d:7e:3e:da:38:97:f1:e7:
bb:97:92:3f:b3:38:19:1b:a2:fa:b9:b1:34:0f:02:
d8:cb:6d:a5:77:4c:e8:f7:e8:80:05:7a:10:30:9a:
c6:7b:80:6a:14:63:1b:5d:74:38:6b:82:af:12:3a:
ff:37:e0:35:25:2a:c3:1f:6d:98:32:d8:1e:00:b4:
d4:db:f1:9d:55:ef:e5:1f:07:36:ab:27:38:5c:82:
d7:37:84:bd:04:f3:ff:9f:f7:20:17:5a:73:bf:58:
fd:84:58:19:36:69:98:fa:a8:e2:5d:69:b9:2f:96:
b5:84:b9:17:6a:e4:7a:95:61:b6:14:8a:5e:41:ca:
f0:54:f0:bd:a9:54:73:74:20:24:75:c9:c2:b0:22:
a8:ce:d5:8e:43:03:07:4a:09:51:0a:ce:0e:4e:fd:
18:de:08:ef:cb:6a:2d:27:df:ed:0b:10:b3:85:4b:
d4:25:af:87:30:5c:f9:92:0a:6f:e7:c2:05:4e:7f:
36:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:CC:A7:2D:8C:39:2E:31:8B:9B:31:E5:1E:0E:89:86:67:A6:BA:C4
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/IcynLYw5LjGLmzHlHg6JhmemusQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.98.0/24
95.111.128.0/19
171.22.146.0/24
177.222.64.0/19
185.149.13.0/24
Signature Algorithm: sha256WithRSAEncryption
72:cf:db:62:ec:e4:9c:bc:21:af:1b:13:39:6e:f9:17:4f:fc:
08:ef:7f:e0:2e:a9:a7:da:b4:14:f3:15:83:58:7e:2d:0b:c9:
31:88:bc:91:25:b8:df:42:f7:8e:3c:d5:a7:b6:1b:f1:c1:b9:
a9:ce:57:96:a3:bd:eb:90:1a:78:67:3e:ce:c8:1f:62:f6:44:
5e:76:52:37:b5:a4:bc:9c:25:2d:a7:ee:e4:84:27:61:96:0e:
26:82:8e:cd:58:23:61:aa:50:be:9f:18:75:f0:84:28:3b:22:
a0:ec:52:cd:be:0d:65:ad:9b:d5:d7:53:5e:1f:8c:b0:de:00:
fc:8d:8c:07:80:b6:e7:a0:a6:6f:a2:76:52:bd:02:45:6a:4a:
5c:fa:1f:f0:36:09:d2:05:74:4f:2f:b9:b5:c4:0e:2c:24:9d:
d6:70:df:aa:1a:6b:08:09:c1:43:f6:ff:ed:ce:51:75:6a:9d:
bf:3e:23:f4:7d:9c:10:3b:f7:95:5d:b0:b1:4a:e6:9c:5e:ca:
68:42:13:a5:bf:fb:23:27:aa:43:16:5f:69:04:37:4e:0b:ca:
03:2d:c1:93:38:c5:53:e2:8f:90:30:cc:13:3d:fd:c4:66:39:
f6:a6:f9:68:10:08:09:14:95:45:be:04:ae:66:a3:7c:4d:65:
d6:4f:17:87
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIECp/d7DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDMy
NDE1MDk1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjFjY2E3MmQ4YzM5
MmUzMThiOWIzMWU1MWUwZTg5ODY2N2E2YmFjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJu47DEQWUd5mbhv1jw4z9wRwOxLY8z+I63lwzkENj+aiogP
IFy6/P0vK8NtLQEAqzmiKiczCUb7UA3bBS9jkhMY0R1+Pto4l/Hnu5eSP7M4GRui
+rmxNA8C2MttpXdM6PfogAV6EDCaxnuAahRjG110OGuCrxI6/zfgNSUqwx9tmDLY
HgC01NvxnVXv5R8HNqsnOFyC1zeEvQTz/5/3IBdac79Y/YRYGTZpmPqo4l1puS+W
tYS5F2rkepVhthSKXkHK8FTwvalUc3QgJHXJwrAiqM7VjkMDB0oJUQrODk79GN4I
78tqLSff7QsQs4VL1CWvhzBc+ZIKb+fCBU5/NmsCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBQhzKctjDkuMYubMeUeDomGZ6a6xDAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L0ljeW5MWXc1TGpHTG16SGxIZzZKaG1lbXVzUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAFkuYgMEBV9vgAMEAKsWkgMEBbHe
QAMEALmVDTANBgkqhkiG9w0BAQsFAAOCAQEAcs/bYuzknLwhrxsTOW75F0/8CO9/
4C6pp9q0FPMVg1h+LQvJMYi8kSW430L3jjzVp7Yb8cG5qc5XlqO965AaeGc+zsgf
YvZEXnZSN7WkvJwlLafu5IQnYZYOJoKOzVgjYapQvp8YdfCEKDsioOxSzb4NZa2b
1ddTXh+MsN4A/I2MB4C256Cmb6J2Ur0CRWpKXPof8DYJ0gV0Ty+5tcQOLCSd1nDf
qhprCAnBQ/b/7c5RdWqdvz4j9H2cEDv3lV2wsUrmnF7KaEITpb/7IyeqQxZfaQQ3
TgvKAy3BkzjFU+KPkDDMEz39xGY59qb5aBAICRSVRb4ErmajfE1l1k8Xhw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org