Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/1-XCcNNR5olpBe0W45ky8xCxpmo8.roa
File: 1-XCcNNR5olpBe0W45ky8xCxpmo8.roa (raw, json)
Hash identifier: WqOjfl+1gdY1QMCXMwv/2N+rxh2HwPCzX6r+e2MX4wM=
Subject key identifier: F9:70:9C:34:D4:79:A2:5A:41:7B:45:B8:E6:4C:BC:C4:2C:69:9A:8F
Certificate issuer: /CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Certificate serial: 018A69335AEA63B74A417AA80E0134464A2E
Authority key identifier: 1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/1-XCcNNR5olpBe0W45ky8xCxpmo8.roa
Signing time: Wed 06 Sep 2023 06:34:47 +0000
ROA not before: Wed 06 Sep 2023 06:34:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204467
IP address blocks: 185.247.156.0/22 maxlen: 22
92.39.48.0/21 maxlen: 21
2a0d:c680::/29 maxlen: 29
2a01:6dc0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:69:33:5a:ea:63:b7:4a:41:7a:a8:0e:01:34:46:4a:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Validity
Not Before: Sep 6 06:34:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f9709c34d479a25a417b45b8e64cbcc42c699a8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:81:39:ad:75:f3:87:fc:a6:c1:cb:24:6d:b2:
b0:84:a4:47:22:ab:0b:38:ce:78:dc:b9:10:80:f7:
e4:ec:97:1e:b0:16:83:35:78:da:1c:b2:e4:95:6c:
71:bc:30:94:f4:0c:e2:05:8c:5f:09:da:e4:41:46:
d2:08:81:55:e5:54:ad:bc:07:93:91:76:f8:46:aa:
1c:bc:71:cd:37:ea:a6:ad:2b:cf:f0:36:63:ac:b5:
ac:c6:db:85:24:f0:7c:56:14:d1:51:ec:03:97:72:
8a:2d:55:6b:05:fd:13:be:98:82:e0:78:c5:7d:af:
bd:87:12:24:67:df:6d:d1:5e:79:71:e1:56:77:f3:
41:50:ff:1b:4c:eb:09:d7:ec:1d:d8:ff:86:82:ac:
ca:ca:d2:f6:0b:46:d5:75:26:ec:7b:4b:0e:85:56:
d7:3d:da:e1:99:61:4e:1b:a5:5f:63:2f:8b:eb:82:
c0:5e:b5:7a:9f:8e:14:18:bb:39:37:bf:8b:0e:c0:
99:ca:7a:4d:0c:f0:51:7b:ce:f9:b0:7a:2e:68:f4:
80:c6:2c:ef:2f:11:e9:38:ba:78:6d:b2:e7:fa:47:
35:7b:0c:c0:20:60:de:10:9a:c4:2c:e5:fd:9f:94:
a7:1f:19:5a:85:97:a5:f0:8a:e3:f8:e0:9b:c7:da:
68:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:70:9C:34:D4:79:A2:5A:41:7B:45:B8:E6:4C:BC:C4:2C:69:9A:8F
X509v3 Authority Key Identifier:
keyid:1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/1-XCcNNR5olpBe0W45ky8xCxpmo8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.39.48.0/21
185.247.156.0/22
IPv6:
2a01:6dc0::/32
2a0d:c680::/29
Signature Algorithm: sha256WithRSAEncryption
03:9c:83:36:f0:ff:44:53:3c:e3:cd:b6:3e:e4:13:56:b8:8b:
a6:68:98:81:da:21:ec:5f:d6:43:a5:43:95:4d:a4:8b:34:70:
2d:ae:7d:83:8c:fe:29:72:5f:dd:c8:8e:0e:19:2a:eb:4e:73:
03:0a:03:14:7b:08:49:f7:f6:45:c9:b0:49:d9:b3:05:a0:9c:
1d:ab:c8:bb:d3:b4:c2:56:fc:d0:1e:e4:02:90:da:c5:74:43:
06:9b:a0:8a:d5:5c:ea:0b:15:0d:90:09:74:51:f1:31:bb:68:
21:35:87:ff:9c:4e:4b:08:d8:c9:e3:67:24:06:51:30:9c:da:
7e:58:39:80:38:09:e1:16:79:13:01:8a:74:c1:f9:a1:0c:d6:
bb:90:ca:d8:ce:54:ef:19:2f:de:2f:73:e1:17:62:24:dc:20:
de:ee:20:ea:aa:d9:50:3d:47:97:7d:cf:18:99:5f:b2:2b:9c:
cd:42:ad:21:2d:a2:05:61:6a:c1:e7:a5:a5:37:82:4f:90:b3:
0f:29:5b:b4:ee:77:a5:ed:aa:b7:4d:e3:00:5a:48:cd:52:9b:
79:c4:20:4c:53:93:da:f4:6b:3d:03:4a:09:5e:3e:eb:c8:c6:
8c:67:94:04:11:56:64:b0:76:06:df:93:44:70:3f:e0:81:7d:
3b:28:ea:88
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYppM1rqY7dKQXqoDgE0RkouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDJkNDYzYWUxNTM0NmQ1ZWRkNzkzN2I4YmZhOGUwOWIx
NDM3NmQwHhcNMjMwOTA2MDYzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTcwOWMzNGQ0NzlhMjVhNDE3YjQ1YjhlNjRjYmNjNDJjNjk5YThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYE5rXXzh/ymwcskbbKwhKRHIqsL
OM543LkQgPfk7JcesBaDNXjaHLLklWxxvDCU9AziBYxfCdrkQUbSCIFV5VStvAeT
kXb4RqocvHHNN+qmrSvP8DZjrLWsxtuFJPB8VhTRUewDl3KKLVVrBf0TvpiC4HjF
fa+9hxIkZ99t0V55ceFWd/NBUP8bTOsJ1+wd2P+GgqzKytL2C0bVdSbse0sOhVbX
PdrhmWFOG6VfYy+L64LAXrV6n44UGLs5N7+LDsCZynpNDPBRe875sHouaPSAxizv
LxHpOLp4bbLn+kc1ewzAIGDeEJrELOX9n5SnHxlahZel8Irj+OCbx9porQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFPlwnDTUeaJaQXtFuOZMvMQsaZqPMB8GA1UdIwQY
MBaAFBvS1GOuFTRtXt15N7i/qOCbFDdtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2Njkt
MWY5M2MyMzlhMDEyLzEvMS1YQ2NOTlI1b2xwQmUwVzQ1a3k4eEN4cG1vOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODgvNzBjNDc3LWE4Y2QtNGE3Mi1iNjY5LTFmOTNjMjM5YTAx
Mi8xL0c5TFVZNjRWTkcxZTNYazN1TC1vNEpzVU4yMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA7BggrBgEFBQcBBwEB/wQsMCowEgQCAAEwDAMEA1wnMAME
Arn3nDAUBAIAAjAOAwUAKgFtwAMFAyoNxoAwDQYJKoZIhvcNAQELBQADggEBAAOc
gzbw/0RTPOPNtj7kE1a4i6ZomIHaIexf1kOlQ5VNpIs0cC2ufYOM/ilyX93Ijg4Z
KutOcwMKAxR7CEn39kXJsEnZswWgnB2ryLvTtMJW/NAe5AKQ2sV0QwaboIrVXOoL
FQ2QCXRR8TG7aCE1h/+cTksI2MnjZyQGUTCc2n5YOYA4CeEWeRMBinTB+aEM1ruQ
ytjOVO8ZL94vc+EXYiTcIN7uIOqq2VA9R5d9zxiZX7IrnM1CrSEtogVhasHnpaU3
gk+Qsw8pW7Tud6XtqrdN4wBaSM1Sm3nEIExTk9r0az0DSglePuvIxoxnlAQRVmSw
dgbfk0RwP+CBfTso6og=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:53 2024 by rpki-client on console-ams.rpki-client.org