Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/1drSbTY3yZS3hWmXGv0gqfKRrWQ.roa
File: 1drSbTY3yZS3hWmXGv0gqfKRrWQ.roa (raw, json)
Hash identifier: jgNGQ7Twvaddt8aQOcVlYCwzn07WFPV4b6+DSaHRw9k=
Subject key identifier: D5:DA:D2:6D:36:37:C9:94:B7:85:69:97:1A:FD:20:A9:F2:91:AD:64
Certificate issuer: /CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Certificate serial: 01839BF46ADE13D4535F42001F7710C8922E
Authority key identifier: 96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/1drSbTY3yZS3hWmXGv0gqfKRrWQ.roa
Signing time: Mon 03 Oct 2022 03:47:10 +0000
ROA not before: Mon 03 Oct 2022 03:47:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 213081
IP address blocks: 147.78.192.0/22 maxlen: 24
91.194.139.0/24 maxlen: 24
147.78.194.0/23 maxlen: 24
185.203.114.0/23 maxlen: 23
2a0a:e5c0::/29 maxlen: 48
2a09:2940::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:9b:f4:6a:de:13:d4:53:5f:42:00:1f:77:10:c8:92:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96bfc5a172654dd6009db1d82d92ffaf71234120
Validity
Not Before: Oct 3 03:47:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d5dad26d3637c994b78569971afd20a9f291ad64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:d8:87:3e:89:3a:8f:88:f7:17:7b:de:a2:bc:
0a:0a:22:7e:bd:e2:60:d4:94:df:40:59:36:f9:1d:
9d:30:bf:14:93:72:a4:2b:72:9e:d1:4d:35:14:37:
41:d3:f4:07:f9:34:52:fe:19:32:e8:dd:ab:c0:2c:
28:bd:ba:ec:db:4f:c1:a7:9d:a8:c7:57:11:b2:04:
18:c2:0c:5d:41:b5:37:5b:21:e1:1e:3a:4a:c0:b9:
83:ae:20:b9:e1:22:78:0a:51:05:cf:f8:c9:fc:7f:
5d:69:e5:ed:5e:0f:c2:41:9c:ee:45:fe:62:3a:dd:
a2:1f:2e:37:b7:f4:86:2a:81:0c:75:91:9e:40:cf:
57:d4:c7:8a:a7:ee:b2:7a:d0:2e:07:29:5c:7a:db:
10:72:89:2a:c6:2e:bc:f8:d0:5c:ce:bb:13:eb:6d:
e2:b7:3a:87:12:5b:41:af:02:45:2c:20:07:a7:5d:
af:12:bd:33:0d:96:30:48:d6:dc:4b:db:30:d3:97:
4b:a5:83:b2:ec:b4:8e:70:fb:e1:a4:31:71:7b:51:
59:4e:be:3c:10:24:53:37:86:46:87:0c:28:df:ca:
21:93:89:85:da:3c:52:a7:c7:8e:12:a8:5f:7d:1f:
26:6d:05:45:b5:78:3e:00:31:7b:3c:64:18:9e:0a:
2c:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:DA:D2:6D:36:37:C9:94:B7:85:69:97:1A:FD:20:A9:F2:91:AD:64
X509v3 Authority Key Identifier:
keyid:96:BF:C5:A1:72:65:4D:D6:00:9D:B1:D8:2D:92:FF:AF:71:23:41:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lr_FoXJlTdYAnbHYLZL_r3EjQSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/1drSbTY3yZS3hWmXGv0gqfKRrWQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3630cb-ebec-4d86-b12b-bffb757c3134/1/lr_FoXJlTdYAnbHYLZL_r3EjQSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.139.0/24
147.78.192.0/22
185.203.114.0/23
IPv6:
2a09:2940::/29
2a0a:e5c0::/29
Signature Algorithm: sha256WithRSAEncryption
6a:3f:df:de:40:bc:49:72:fd:af:d9:22:bf:5f:29:3b:5f:38:
13:c5:b3:cc:89:cb:ba:a0:b6:ae:41:72:42:dc:6e:17:ef:fd:
f3:9d:b5:a2:1a:40:23:c1:a5:80:37:3d:02:f5:a7:40:a8:de:
55:9d:03:a5:01:3c:be:56:02:52:48:18:a1:3d:7f:ef:10:d7:
e9:a2:23:35:05:c3:37:8d:6c:1e:e5:7f:eb:0c:54:83:3f:c2:
76:30:9d:f2:2d:ec:1d:54:4c:3b:db:41:46:27:86:39:56:29:
6b:40:59:1f:56:a4:6c:76:0b:9d:92:cf:37:c7:c8:ff:9b:2d:
02:c5:08:73:81:3f:f1:f5:1a:7b:2d:33:f1:8c:0b:68:e0:ff:
fd:c8:e3:d0:5d:c3:17:4b:0e:80:76:e7:d6:cf:e0:12:69:f7:
70:85:61:94:a0:aa:10:95:11:4d:ef:3a:9f:f1:eb:78:bb:38:
fa:aa:93:4b:a6:18:5d:e5:1b:99:ae:8c:39:84:11:bf:51:71:
19:41:ab:11:2b:74:1e:fe:a3:1b:76:f9:ce:3c:5f:d9:1f:e3:
ff:5c:53:6d:e2:77:20:d1:96:9f:7b:6f:a6:c5:a4:66:58:6e:
43:42:4c:b1:90:2c:d7:56:00:51:69:25:e2:b1:e5:92:f7:c5:
82:5b:d7:1a
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYOb9GreE9RTX0IAH3cQyJIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YmZjNWExNzI2NTRkZDYwMDlkYjFkODJkOTJmZmFmNzEy
MzQxMjAwHhcNMjIxMDAzMDM0NzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWRhZDI2ZDM2MzdjOTk0Yjc4NTY5OTcxYWZkMjBhOWYyOTFhZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7diHPok6j4j3F3veorwKCiJ+veJg
1JTfQFk2+R2dML8Uk3KkK3Ke0U01FDdB0/QH+TRS/hky6N2rwCwovbrs20/Bp52o
x1cRsgQYwgxdQbU3WyHhHjpKwLmDriC54SJ4ClEFz/jJ/H9daeXtXg/CQZzuRf5i
Ot2iHy43t/SGKoEMdZGeQM9X1MeKp+6yetAuBylcetsQcokqxi68+NBczrsT623i
tzqHEltBrwJFLCAHp12vEr0zDZYwSNbcS9sw05dLpYOy7LSOcPvhpDFxe1FZTr48
ECRTN4ZGhwwo38ohk4mF2jxSp8eOEqhffR8mbQVFtXg+ADF7PGQYngoseQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFNXa0m02N8mUt4Vplxr9IKnyka1kMB8GA1UdIwQY
MBaAFJa/xaFyZU3WAJ2x2C2S/69xI0EgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmIt
YmZmYjc1N2MzMTM0LzEvMWRyU2JUWTN5WlMzaFdtWEd2MGdxZktScldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zNjMwY2ItZWJlYy00ZDg2LWIxMmItYmZmYjc1N2MzMTM0
LzEvbHJfRm9YSmxUZFlBbmJIWUxaTF9yM0VqUVNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQAW8KLAwQC
k07AAwQBuctyMBQEAgACMA4DBQMqCSlAAwUDKgrlwDANBgkqhkiG9w0BAQsFAAOC
AQEAaj/f3kC8SXL9r9kiv18pO184E8WzzInLuqC2rkFyQtxuF+/98521ohpAI8Gl
gDc9AvWnQKjeVZ0DpQE8vlYCUkgYoT1/7xDX6aIjNQXDN41sHuV/6wxUgz/CdjCd
8i3sHVRMO9tBRieGOVYpa0BZH1akbHYLnZLPN8fI/5stAsUIc4E/8fUaey0z8YwL
aOD//cjj0F3DF0sOgHbn1s/gEmn3cIVhlKCqEJURTe86n/HreLs4+qqTS6YYXeUb
ma6MOYQRv1FxGUGrESt0Hv6jG3b5zjxf2R/j/1xTbeJ3INGWn3tvpsWkZlhuQ0JM
sZAs11YAUWkl4rHlkvfFglvXGg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:54 2023 by rpki-client on console-ams.rpki-client.org