Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/so4caE5WZJQfNSJ3btZi2l23MsE.roa
File: so4caE5WZJQfNSJ3btZi2l23MsE.roa (raw, json)
Hash identifier: cLqY2g0RO4IEiyrZmzBhkK8V+ibhZVOeuMTsSbZfCQw=
Subject key identifier: B2:8E:1C:68:4E:56:64:94:1F:35:22:77:6E:D6:62:DA:5D:B7:32:C1
Certificate issuer: /CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Certificate serial: 01856C138FB09815A74A5F4AEB424BA153E7
Authority key identifier: 1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/so4caE5WZJQfNSJ3btZi2l23MsE.roa
Signing time: Sun 01 Jan 2023 06:44:59 +0000
ROA not before: Sun 01 Jan 2023 06:44:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204467
IP address blocks: 185.247.156.0/22 maxlen: 22
92.39.48.0/20 maxlen: 20
2a0d:c680::/29 maxlen: 29
2a01:6dc0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:13:8f:b0:98:15:a7:4a:5f:4a:eb:42:4b:a1:53:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Validity
Not Before: Jan 1 06:44:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b28e1c684e5664941f3522776ed662da5db732c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:81:c1:54:44:a6:8b:0c:47:4c:a2:04:2d:61:
a1:32:30:5d:6b:56:32:11:f8:dd:ee:6a:46:1f:c0:
26:27:a4:e1:50:70:fe:dd:21:bd:d3:66:18:cd:37:
92:1d:dd:d2:fa:ed:ce:52:f3:de:d0:c4:36:78:5d:
2b:c2:98:02:e6:77:cf:fc:03:c3:bb:12:93:ac:c1:
33:8a:fb:97:e7:ec:3f:b2:5e:c7:f8:f5:c3:91:14:
eb:ec:50:80:ad:85:b0:09:03:71:88:4b:9a:47:a8:
ea:6d:fc:51:60:e2:2e:bf:74:a1:cb:a4:0c:68:c1:
44:75:40:84:dc:1a:a0:85:39:79:e9:7b:1e:2f:c9:
4d:db:75:97:74:e2:42:30:f1:64:ea:b5:51:e9:21:
09:97:d7:80:1a:21:0d:07:37:a4:42:d6:ad:d1:fc:
35:6d:ac:9a:04:01:54:52:d8:0c:98:97:85:4e:c5:
ab:67:e0:0f:a5:3b:97:47:42:55:61:98:4f:51:21:
40:64:28:76:aa:1c:fd:fe:79:73:9d:11:cf:07:26:
b9:81:cd:7b:b2:e0:9e:b1:94:90:61:24:6b:2e:a0:
f5:26:1f:b8:d5:3f:c5:8e:62:a3:b3:f5:97:be:15:
22:78:e7:26:7b:2f:68:04:f4:bc:77:6c:b9:5e:53:
5d:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:8E:1C:68:4E:56:64:94:1F:35:22:77:6E:D6:62:DA:5D:B7:32:C1
X509v3 Authority Key Identifier:
keyid:1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/so4caE5WZJQfNSJ3btZi2l23MsE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.39.48.0/20
185.247.156.0/22
IPv6:
2a01:6dc0::/32
2a0d:c680::/29
Signature Algorithm: sha256WithRSAEncryption
aa:e8:a7:ca:c9:9e:23:49:99:db:50:6a:a7:98:c0:9c:54:f7:
49:b5:0d:89:90:78:62:e6:b5:7a:8e:d7:90:b6:f2:41:e9:b5:
46:2f:dd:fe:00:d5:ce:b7:a8:73:ee:09:59:06:e5:03:ea:cf:
fa:d7:0c:9c:cd:4c:45:3f:47:ae:3b:f8:78:30:8c:de:c8:9a:
53:66:4a:33:20:6b:27:bf:5d:73:3f:61:5d:0c:d0:fe:1b:a3:
21:c2:39:d8:bb:16:e6:9b:68:22:8c:0c:02:7f:04:1f:b2:5c:
18:db:50:eb:20:90:6a:c3:a1:9c:0f:dc:f3:e6:79:10:17:cd:
24:90:61:0c:88:57:f5:28:61:6d:ad:fe:84:b2:e9:cf:35:83:
58:d0:aa:30:c0:86:73:f9:c9:b2:44:c2:a9:ec:71:2a:f6:1e:
70:81:34:ad:76:3a:42:e7:40:e0:c2:7c:f7:3d:c0:1f:35:ec:
7a:2f:b3:8a:2f:19:1e:9a:92:89:a1:df:f2:08:69:5f:49:8b:
02:d4:e9:9d:58:98:6a:fb:90:55:14:d1:21:88:68:0b:f9:ab:
9a:00:b7:22:7f:16:c5:26:61:fd:1f:f1:9e:0b:bc:56:c8:98:
86:45:fc:b0:78:90:b7:ca:e3:3c:ca:14:67:4c:e8:7c:16:68:
77:b7:b8:1b
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVsE4+wmBWnSl9K60JLoVPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDJkNDYzYWUxNTM0NmQ1ZWRkNzkzN2I4YmZhOGUwOWIx
NDM3NmQwHhcNMjMwMTAxMDY0NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjhlMWM2ODRlNTY2NDk0MWYzNTIyNzc2ZWQ2NjJkYTVkYjczMmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4HBVESmiwxHTKIELWGhMjBda1Yy
Efjd7mpGH8AmJ6ThUHD+3SG902YYzTeSHd3S+u3OUvPe0MQ2eF0rwpgC5nfP/APD
uxKTrMEzivuX5+w/sl7H+PXDkRTr7FCArYWwCQNxiEuaR6jqbfxRYOIuv3Shy6QM
aMFEdUCE3BqghTl56XseL8lN23WXdOJCMPFk6rVR6SEJl9eAGiENBzekQtat0fw1
bayaBAFUUtgMmJeFTsWrZ+APpTuXR0JVYZhPUSFAZCh2qhz9/nlznRHPBya5gc17
suCesZSQYSRrLqD1Jh+41T/FjmKjs/WXvhUieOcmey9oBPS8d2y5XlNdHwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFLKOHGhOVmSUHzUid27WYtpdtzLBMB8GA1UdIwQY
MBaAFBvS1GOuFTRtXt15N7i/qOCbFDdtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2Njkt
MWY5M2MyMzlhMDEyLzEvc280Y2FFNVdaSlFmTlNKM2J0WmkybDIzTXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2NjktMWY5M2MyMzlhMDEy
LzEvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQEXCcwAwQC
ufecMBQEAgACMA4DBQAqAW3AAwUDKg3GgDANBgkqhkiG9w0BAQsFAAOCAQEAquin
ysmeI0mZ21Bqp5jAnFT3SbUNiZB4Yua1eo7XkLbyQem1Ri/d/gDVzreoc+4JWQbl
A+rP+tcMnM1MRT9Hrjv4eDCM3siaU2ZKMyBrJ79dcz9hXQzQ/hujIcI52LsW5pto
IowMAn8EH7JcGNtQ6yCQasOhnA/c8+Z5EBfNJJBhDIhX9Shhba3+hLLpzzWDWNCq
MMCGc/nJskTCqexxKvYecIE0rXY6QudA4MJ89z3AHzXsei+zii8ZHpqSiaHf8ghp
X0mLAtTpnViYavuQVRTRIYhoC/mrmgC3In8WxSZh/R/xngu8VsiYhkX8sHiQt8rj
PMoUZ0zofBZod7e4Gw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:52 2024 by rpki-client on console-fra.rpki-client.org