Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/BIEB_nTD4X5b6KUV3a8tR60m3h0.roa
File: BIEB_nTD4X5b6KUV3a8tR60m3h0.roa (raw, json)
Hash identifier: xFxDR9vn6CttyGch+5dIGbAngHhhjHG4u5TZgX8EO2Q=
Subject key identifier: 04:81:01:FE:74:C3:E1:7E:5B:E8:A5:15:DD:AF:2D:47:AD:26:DE:1D
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 018571D7AFE592F6C81563680F5AA23E625A
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/BIEB_nTD4X5b6KUV3a8tR60m3h0.roa
Signing time: Mon 02 Jan 2023 09:37:18 +0000
ROA not before: Mon 02 Jan 2023 09:37:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50591
IP address blocks: 109.230.64.0/22 maxlen: 22
109.230.69.0/24 maxlen: 24
109.230.68.0/22 maxlen: 22
109.230.73.0/24 maxlen: 24
109.230.72.0/24 maxlen: 24
109.230.76.0/22 maxlen: 22
109.230.75.0/24 maxlen: 24
109.230.74.0/24 maxlen: 24
109.230.80.0/22 maxlen: 22
109.230.84.0/22 maxlen: 22
109.230.88.0/22 maxlen: 22
109.230.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:d7:af:e5:92:f6:c8:15:63:68:0f:5a:a2:3e:62:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Jan 2 09:37:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=048101fe74c3e17e5be8a515ddaf2d47ad26de1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:28:76:96:ca:9a:8d:7a:55:94:3c:a3:33:59:
88:4a:5e:0f:eb:9b:de:53:ed:76:9d:15:ad:5e:76:
c3:98:73:25:83:fe:ed:70:b8:ff:9f:ea:ae:6a:80:
8b:48:97:d1:44:67:d6:23:dc:f3:30:c7:1a:9f:0d:
c3:9b:7c:2d:74:25:e8:1d:b5:01:a5:a0:60:f6:31:
25:96:72:e6:3f:b2:ce:95:f8:07:07:1a:c7:22:76:
47:9b:37:75:2e:b7:e0:67:f8:f4:db:21:2d:e3:3a:
b6:62:bc:ec:3b:0c:8e:4b:4f:62:a6:c1:e9:83:7a:
4f:11:60:a5:db:4c:d5:03:d5:55:90:e9:e7:32:93:
d1:b4:fc:f2:b3:69:f2:d6:30:c2:ca:9d:7f:29:cc:
25:c8:f3:95:dd:59:f3:95:ae:47:2e:a1:46:f8:d1:
79:e7:73:7e:39:fa:28:83:1f:89:85:05:35:b5:43:
ea:bb:25:2e:05:ec:b0:c7:c4:85:d1:cd:69:bb:5f:
42:bb:2d:7d:ab:b6:a4:67:44:51:66:e3:53:ec:91:
10:ca:9a:cc:8e:87:32:0c:19:0a:aa:eb:9d:dc:96:
a6:db:cf:b2:7a:2d:07:97:7c:25:f2:fb:10:88:45:
6e:ff:55:45:61:94:ae:ae:0b:f2:fe:ea:5c:53:52:
04:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:81:01:FE:74:C3:E1:7E:5B:E8:A5:15:DD:AF:2D:47:AD:26:DE:1D
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/BIEB_nTD4X5b6KUV3a8tR60m3h0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.64.0/19
Signature Algorithm: sha256WithRSAEncryption
02:3d:9f:27:79:dd:36:9a:34:44:33:86:fd:5b:b9:23:fe:e1:
80:9c:06:1f:4b:9e:b2:30:5c:5e:ba:24:8b:cc:03:e0:03:07:
0a:b3:54:55:bf:52:1f:b5:af:fe:dd:66:e8:63:34:ec:a4:35:
a8:82:85:fd:e7:81:fa:55:07:a6:c9:b4:5d:1c:a7:75:55:49:
0a:95:33:ba:b7:f5:dd:61:e5:70:ce:69:f1:e3:c9:64:e4:f0:
d2:88:b0:fe:4e:c1:97:1c:ab:24:4b:ea:d5:0a:99:15:e6:21:
28:c8:a8:fd:c2:83:e9:21:db:96:82:89:23:9c:a7:24:c6:95:
8c:49:b7:3a:cc:51:98:12:59:bb:0d:09:a6:75:85:0e:3c:46:
fa:6f:ec:9b:46:4e:0e:1a:87:71:c8:05:4f:e3:32:97:55:af:
bf:af:f0:de:d5:3a:91:22:3c:f0:96:34:51:36:f9:cc:ff:b9:
82:2f:62:fa:0f:a6:4d:87:d6:2e:28:49:19:62:d4:81:e5:aa:
da:f6:b8:7d:6c:be:a3:d6:bb:68:55:13:83:ca:3c:40:d4:02:
b0:d1:12:9d:8b:bc:f9:42:a1:50:84:d9:13:af:0f:fa:de:09:
30:04:26:7a:2c:22:2e:3d:d7:56:9a:7d:00:f4:ed:39:df:72:
fb:19:25:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVx16/lkvbIFWNoD1qiPmJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjMwMTAyMDkzNzE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDgxMDFmZTc0YzNlMTdlNWJlOGE1MTVkZGFmMmQ0N2FkMjZkZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySh2lsqajXpVlDyjM1mISl4P65ve
U+12nRWtXnbDmHMlg/7tcLj/n+quaoCLSJfRRGfWI9zzMMcanw3Dm3wtdCXoHbUB
paBg9jEllnLmP7LOlfgHBxrHInZHmzd1LrfgZ/j02yEt4zq2YrzsOwyOS09ipsHp
g3pPEWCl20zVA9VVkOnnMpPRtPzys2ny1jDCyp1/KcwlyPOV3Vnzla5HLqFG+NF5
53N+Ofoogx+JhQU1tUPquyUuBeywx8SF0c1pu19Cuy19q7akZ0RRZuNT7JEQyprM
jocyDBkKquud3Jam28+yei0Hl3wl8vsQiEVu/1VFYZSurgvy/upcU1IE2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASBAf50w+F+W+ilFd2vLUetJt4dMB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEvQklFQl9uVEQ0WDViNktVVjNhOHRSNjBtM2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbeZAMA0G
CSqGSIb3DQEBCwUAA4IBAQACPZ8ned02mjREM4b9W7kj/uGAnAYfS56yMFxeuiSL
zAPgAwcKs1RVv1Ifta/+3WboYzTspDWogoX954H6VQemybRdHKd1VUkKlTO6t/Xd
YeVwzmnx48lk5PDSiLD+TsGXHKskS+rVCpkV5iEoyKj9woPpIduWgokjnKckxpWM
Sbc6zFGYElm7DQmmdYUOPEb6b+ybRk4OGodxyAVP4zKXVa+/r/De1TqRIjzwljRR
NvnM/7mCL2L6D6ZNh9YuKEkZYtSB5ara9rh9bL6j1rtoVRODyjxA1AKw0RKdi7z5
QqFQhNkTrw/63gkwBCZ6LCIuPddWmn0A9O0533L7GSXN
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:18 2024 by rpki-client on console-ams.rpki-client.org