Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/j9XwPzo7o27ElxkIZsiXWdhscuk.roa
File: j9XwPzo7o27ElxkIZsiXWdhscuk.roa (raw, json)
Hash identifier: RLnFxFm1z0pANh5aDYQs4Hqjt+BmTtDDONkf+FudInM=
Subject key identifier: 8F:D5:F0:3F:3A:3B:A3:6E:C4:97:19:08:66:C8:97:59:D8:6C:72:E9
Certificate issuer: /CN=8756d27768e11d94a0bbcdfb3fbcd740d45a00f4
Certificate serial: 019229EE7E2E2B03BDFB067781FFA2634F04
Authority key identifier: 87:56:D2:77:68:E1:1D:94:A0:BB:CD:FB:3F:BC:D7:40:D4:5A:00:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/h1bSd2jhHZSgu837P7zXQNRaAPQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/j9XwPzo7o27ElxkIZsiXWdhscuk.roa
Signing time: Wed 25 Sep 2024 16:05:48 +0000
ROA not before: Wed 25 Sep 2024 16:05:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43260
IP address blocks: 84.238.160.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:29:ee:7e:2e:2b:03:bd:fb:06:77:81:ff:a2:63:4f:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8756d27768e11d94a0bbcdfb3fbcd740d45a00f4
Validity
Not Before: Sep 25 16:05:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8fd5f03f3a3ba36ec497190866c89759d86c72e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:d5:11:40:51:24:ab:dc:50:52:01:68:ea:d0:
26:1e:b3:a4:53:4c:2c:2d:ff:12:f4:cb:f5:d1:d2:
bd:3e:a6:47:74:fb:1e:75:52:e1:9e:39:7e:ba:93:
ca:91:4a:1b:be:6f:5a:b0:37:bd:a4:08:e0:26:88:
ac:75:5c:f4:0d:64:0d:aa:61:30:0a:de:f2:b6:d7:
9c:f4:19:ef:41:dd:c7:49:c1:bf:c2:35:05:58:01:
9d:4a:25:bb:37:91:99:bd:4f:25:05:10:2e:90:71:
44:7d:7e:87:f0:f4:ac:b5:7e:64:3f:62:93:c5:8a:
7a:76:e7:02:3b:23:05:5e:c1:e4:9b:31:9a:d2:92:
1d:91:13:f5:be:41:5a:38:76:f0:00:75:0d:68:19:
3a:43:64:c2:c9:da:58:5b:20:dd:d9:ef:d6:62:2e:
33:12:7c:72:99:40:10:ae:f2:5c:93:f1:cb:91:0d:
3b:b7:07:60:ea:d2:8f:74:57:d5:3c:c1:ef:62:49:
9c:8e:23:69:c9:d8:f1:bf:50:35:39:fa:c7:b4:c0:
a4:47:d1:1b:a0:ec:4f:9c:60:c8:4f:02:14:e2:01:
bc:29:91:7a:c3:eb:82:98:0c:e4:1f:53:36:74:85:
b1:ed:31:fc:82:d7:1f:e6:60:9d:dd:81:d3:27:e3:
2b:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:D5:F0:3F:3A:3B:A3:6E:C4:97:19:08:66:C8:97:59:D8:6C:72:E9
X509v3 Authority Key Identifier:
keyid:87:56:D2:77:68:E1:1D:94:A0:BB:CD:FB:3F:BC:D7:40:D4:5A:00:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h1bSd2jhHZSgu837P7zXQNRaAPQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/j9XwPzo7o27ElxkIZsiXWdhscuk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/957bb3-2de5-45cf-acf3-c3a02d7c0697/1/h1bSd2jhHZSgu837P7zXQNRaAPQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.238.160.0/22
Signature Algorithm: sha256WithRSAEncryption
19:83:2c:c6:40:01:cb:90:12:82:0f:dd:3d:4a:0a:65:b0:a8:
3f:71:93:68:33:12:78:6d:59:5d:9a:f3:b8:51:1c:71:5f:fe:
2f:4f:0e:25:60:7d:ae:d9:5c:bd:7b:c6:8e:6c:55:84:be:0d:
4d:a7:ed:30:0a:eb:13:98:1a:5e:06:1c:19:65:52:a0:fe:49:
09:37:4b:d6:03:d8:5b:42:96:cc:de:a2:97:3e:76:13:36:7f:
db:84:c5:8b:ea:27:d8:75:82:ca:d6:65:1f:c3:68:1f:19:0b:
9f:f4:ff:b6:9c:a1:c6:0b:6d:42:59:bc:5f:e3:4b:83:c4:fb:
04:4d:04:af:56:bc:71:5d:0f:36:15:a4:eb:14:d1:67:19:9e:
6d:41:f8:bc:f8:74:b6:3f:40:21:53:c5:e7:9c:97:6a:a9:4e:
2f:b2:12:95:35:34:04:2c:b0:5c:d9:34:d9:92:d9:c1:ff:aa:
c3:b3:fb:dd:26:51:8d:6c:13:95:14:5c:2e:82:34:97:a6:84:
70:16:97:64:68:63:2a:ae:4c:2e:66:92:27:d4:8b:be:f8:9d:
00:8d:9e:8a:91:cc:9f:51:f7:f8:c2:c9:26:a8:6b:2e:e4:fb:
13:ea:1e:61:91:9a:90:94:c2:af:65:a3:90:3b:11:cd:d5:b3:
ac:21:f4:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIp7n4uKwO9+wZ3gf+iY08EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NTZkMjc3NjhlMTFkOTRhMGJiY2RmYjNmYmNkNzQwZDQ1
YTAwZjQwHhcNMjQwOTI1MTYwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ1ZjAzZjNhM2JhMzZlYzQ5NzE5MDg2NmM4OTc1OWQ4NmM3MmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tURQFEkq9xQUgFo6tAmHrOkU0ws
Lf8S9Mv10dK9PqZHdPsedVLhnjl+upPKkUobvm9asDe9pAjgJoisdVz0DWQNqmEw
Ct7yttec9BnvQd3HScG/wjUFWAGdSiW7N5GZvU8lBRAukHFEfX6H8PSstX5kP2KT
xYp6ducCOyMFXsHkmzGa0pIdkRP1vkFaOHbwAHUNaBk6Q2TCydpYWyDd2e/WYi4z
EnxymUAQrvJck/HLkQ07twdg6tKPdFfVPMHvYkmcjiNpydjxv1A1OfrHtMCkR9Eb
oOxPnGDITwIU4gG8KZF6w+uCmAzkH1M2dIWx7TH8gtcf5mCd3YHTJ+MrmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/V8D86O6NuxJcZCGbIl1nYbHLpMB8GA1UdIwQY
MBaAFIdW0ndo4R2UoLvN+z+810DUWgD0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDFiU2QyamhIWlNndTgzN1A3elhRTlJhQVBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi85NTdiYjMtMmRlNS00NWNmLWFjZjMt
YzNhMDJkN2MwNjk3LzEvajlYd1B6bzdvMjdFbHhrSVpzaVhXZGhzY3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi85NTdiYjMtMmRlNS00NWNmLWFjZjMtYzNhMDJkN2MwNjk3
LzEvaDFiU2QyamhIWlNndTgzN1A3elhRTlJhQVBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVO6gMA0G
CSqGSIb3DQEBCwUAA4IBAQAZgyzGQAHLkBKCD909SgplsKg/cZNoMxJ4bVldmvO4
URxxX/4vTw4lYH2u2Vy9e8aObFWEvg1Np+0wCusTmBpeBhwZZVKg/kkJN0vWA9hb
QpbM3qKXPnYTNn/bhMWL6ifYdYLK1mUfw2gfGQuf9P+2nKHGC21CWbxf40uDxPsE
TQSvVrxxXQ82FaTrFNFnGZ5tQfi8+HS2P0AhU8XnnJdqqU4vshKVNTQELLBc2TTZ
ktnB/6rDs/vdJlGNbBOVFFwugjSXpoRwFpdkaGMqrkwuZpIn1Iu++J0AjZ6Kkcyf
Uff4wskmqGsu5PsT6h5hkZqQlMKvZaOQOxHN1bOsIfRc
-----END CERTIFICATE-----
Generated at Sat Apr 5 23:22:19 2025 by rpki-client