Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/j0A2YaVbr8i2uubG0fM8On7zNgU.roa
File: j0A2YaVbr8i2uubG0fM8On7zNgU.roa (raw, json)
Hash identifier: bIlBPDObCOy39GD9nZXGsS9e2ZlH64YAiK5zDP1vNjE=
Subject key identifier: 8F:40:36:61:A5:5B:AF:C8:B6:BA:E6:C6:D1:F3:3C:3A:7E:F3:36:05
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 0188B930CE3870886290FE96C89ED396D148
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/j0A2YaVbr8i2uubG0fM8On7zNgU.roa
Signing time: Wed 14 Jun 2023 09:16:03 +0000
ROA not before: Wed 14 Jun 2023 09:16:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50591
IP address blocks: 109.230.64.0/22 maxlen: 22
109.230.69.0/24 maxlen: 24
109.230.68.0/22 maxlen: 22
109.230.73.0/24 maxlen: 24
109.230.72.0/24 maxlen: 24
109.230.76.0/22 maxlen: 22
109.230.75.0/24 maxlen: 24
109.230.74.0/24 maxlen: 24
109.230.80.0/22 maxlen: 22
109.230.84.0/22 maxlen: 22
109.230.88.0/22 maxlen: 22
109.230.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b9:30:ce:38:70:88:62:90:fe:96:c8:9e:d3:96:d1:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Jun 14 09:16:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8f403661a55bafc8b6bae6c6d1f33c3a7ef33605
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:ec:b0:01:6b:83:0c:69:09:9f:fd:31:16:f9:
b1:48:ed:65:36:34:ea:37:8c:db:0a:65:a4:c4:a6:
f5:c7:65:c2:4a:d1:19:8a:40:1d:7c:cb:7a:cd:e2:
21:43:e0:cb:4b:b2:99:8a:66:04:1d:b3:d1:0c:c9:
ae:5d:ca:86:d1:d0:70:36:21:94:9d:60:03:e0:68:
bd:0f:01:d7:d6:65:4f:a7:cc:ca:20:aa:ec:65:2e:
2b:fb:5a:3e:97:ef:7e:0a:38:63:de:50:1b:23:a8:
ec:09:68:66:c7:00:9e:6c:81:f5:cc:bc:68:ee:74:
d7:d8:f4:26:5d:83:0e:49:1b:24:c5:61:05:24:d0:
54:c2:cc:2a:c9:f9:0a:cb:6c:dd:9f:48:09:66:05:
a0:6f:cc:5f:ad:76:bf:81:eb:fd:93:2e:aa:04:29:
20:ac:6b:71:ec:09:1d:ef:13:05:23:48:26:3e:01:
b4:9a:b6:37:7b:c1:d5:22:1d:43:cc:84:61:91:dd:
fe:8b:d1:2e:af:f7:c2:ea:be:f2:84:dc:62:b0:3b:
42:cc:f4:5d:69:d9:d9:98:06:d3:25:62:0e:04:82:
c5:f8:58:d2:38:a0:14:d0:6f:da:86:07:2b:31:c9:
2f:52:f7:f4:b5:6e:fb:7d:4d:18:c1:38:68:38:7e:
4f:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:40:36:61:A5:5B:AF:C8:B6:BA:E6:C6:D1:F3:3C:3A:7E:F3:36:05
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/j0A2YaVbr8i2uubG0fM8On7zNgU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.64.0/19
Signature Algorithm: sha256WithRSAEncryption
32:66:93:b8:d2:dc:66:b9:16:d8:ed:38:ae:1a:4e:da:50:fb:
59:82:29:71:e8:9f:13:75:ef:a7:b1:d6:97:bc:f0:2b:9a:1f:
8d:e5:b2:57:df:21:81:6f:7c:6d:c6:a4:d1:f4:10:24:41:3a:
92:5f:d5:7e:1f:eb:13:00:d5:5e:48:33:6a:3f:45:63:a5:12:
13:47:cb:bb:5e:ce:cc:63:4a:8e:94:e2:f8:7f:25:4a:03:13:
8b:7d:d4:fd:d4:05:69:54:33:9a:f3:93:df:05:a1:69:20:f2:
5a:9c:dd:70:62:76:32:af:2e:e3:e4:dc:02:32:4f:b8:a4:03:
71:3e:23:20:a1:21:ca:7f:cc:34:1f:35:a9:69:d7:ad:ae:b0:
dc:a5:a6:e8:06:53:10:02:a8:91:7d:48:e5:53:3d:7e:90:dc:
74:4d:d7:81:5a:e0:32:fb:4e:83:04:ce:08:ff:76:03:7f:27:
39:a1:a9:f6:a5:4f:7d:2d:58:58:11:fc:b2:3c:73:15:9f:39:
30:b4:70:a3:ea:46:39:53:68:71:e6:a3:5b:9b:f0:1a:2f:f9:
0c:c0:02:5d:9f:69:41:9d:11:e4:d6:e5:59:30:07:22:82:96:
9a:e5:e2:2f:c3:24:43:af:07:a3:f8:db:25:c0:98:74:06:0e:
8e:e9:53:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYi5MM44cIhikP6WyJ7TltFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjMwNjE0MDkxNjAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjQwMzY2MWE1NWJhZmM4YjZiYWU2YzZkMWYzM2MzYTdlZjMzNjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuywAWuDDGkJn/0xFvmxSO1lNjTq
N4zbCmWkxKb1x2XCStEZikAdfMt6zeIhQ+DLS7KZimYEHbPRDMmuXcqG0dBwNiGU
nWAD4Gi9DwHX1mVPp8zKIKrsZS4r+1o+l+9+Cjhj3lAbI6jsCWhmxwCebIH1zLxo
7nTX2PQmXYMOSRskxWEFJNBUwswqyfkKy2zdn0gJZgWgb8xfrXa/gev9ky6qBCkg
rGtx7Akd7xMFI0gmPgG0mrY3e8HVIh1DzIRhkd3+i9Eur/fC6r7yhNxisDtCzPRd
adnZmAbTJWIOBILF+FjSOKAU0G/ahgcrMckvUvf0tW77fU0YwThoOH5PpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9ANmGlW6/ItrrmxtHzPDp+8zYFMB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEvajBBMllhVmJyOGkydXViRzBmTThPbjd6TmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbeZAMA0G
CSqGSIb3DQEBCwUAA4IBAQAyZpO40txmuRbY7TiuGk7aUPtZgilx6J8Tde+nsdaX
vPArmh+N5bJX3yGBb3xtxqTR9BAkQTqSX9V+H+sTANVeSDNqP0VjpRITR8u7Xs7M
Y0qOlOL4fyVKAxOLfdT91AVpVDOa85PfBaFpIPJanN1wYnYyry7j5NwCMk+4pANx
PiMgoSHKf8w0HzWpadetrrDcpaboBlMQAqiRfUjlUz1+kNx0TdeBWuAy+06DBM4I
/3YDfyc5oan2pU99LVhYEfyyPHMVnzkwtHCj6kY5U2hx5qNbm/AaL/kMwAJdn2lB
nRHk1uVZMAcigpaa5eIvwyRDrwej+NslwJh0Bg6O6VNS
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:24:47 2025 by rpki-client