Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/BJm67tA5_DX5c2vEys98Vn3DWOI.roa
File: BJm67tA5_DX5c2vEys98Vn3DWOI.roa (raw, json)
Hash identifier: 7NwCerqIpcKC+F0oo712QAE+owspLw06QemwxvXbWSc=
Subject key identifier: 04:99:BA:EE:D0:39:FC:35:F9:73:6B:C4:CA:CF:7C:56:7D:C3:58:E2
Certificate issuer: /CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Certificate serial: 018E43F5CA98B7DF40A64E826ECFF5F57580
Authority key identifier: 5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/BJm67tA5_DX5c2vEys98Vn3DWOI.roa
Signing time: Fri 15 Mar 2024 21:12:45 +0000
ROA not before: Fri 15 Mar 2024 21:12:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 56749
IP address blocks: 109.95.62.0/24 maxlen: 24
109.95.63.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:43:f5:ca:98:b7:df:40:a6:4e:82:6e:cf:f5:f5:75:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Validity
Not Before: Mar 15 21:12:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0499baeed039fc35f9736bc4cacf7c567dc358e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:4a:fa:6f:86:cc:70:8b:c7:6f:59:4b:bc:e9:
a5:4a:f9:82:6b:23:c4:f0:2b:a9:00:2a:5b:f3:16:
95:fa:5c:5c:63:53:16:7b:1f:5f:29:b6:1d:d8:d6:
a3:b3:c0:30:99:34:dd:28:d7:9c:9d:b6:da:13:b5:
31:53:aa:ca:d6:54:a2:52:01:5e:da:26:d3:b6:bc:
43:b7:a3:ef:4f:ad:7a:6b:4a:98:90:01:ca:46:47:
6a:c3:6b:f6:64:a6:75:2c:fe:3f:77:13:52:7a:7f:
05:3e:ec:5f:4d:de:4c:6a:da:31:36:3b:75:95:0d:
6e:90:a7:d9:4d:34:28:fc:d6:91:f4:53:a7:67:33:
bd:33:df:d0:d5:74:cd:a9:7c:79:9d:86:78:bb:3a:
08:4f:cf:5f:62:e3:be:aa:53:70:20:26:bd:1e:62:
38:78:9a:eb:80:9f:0b:d0:ba:cc:68:39:86:ea:a0:
24:e3:59:1a:cb:0c:ed:d2:17:f5:96:ae:f1:81:8d:
fe:0b:c4:f2:90:90:26:ff:25:bb:0c:f0:c1:53:c3:
7c:30:df:17:8d:12:09:22:23:26:e2:d3:aa:17:09:
21:bc:2a:a9:1e:b6:b5:c5:64:b3:82:35:02:54:03:
3b:d3:81:22:2f:33:fc:3c:0e:49:f2:6e:06:1b:8e:
51:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:99:BA:EE:D0:39:FC:35:F9:73:6B:C4:CA:CF:7C:56:7D:C3:58:E2
X509v3 Authority Key Identifier:
keyid:5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/BJm67tA5_DX5c2vEys98Vn3DWOI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/X1G82J639bOrCIBu9Rp8L265jvw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.95.62.0/23
Signature Algorithm: sha256WithRSAEncryption
52:9d:cd:d0:64:25:01:d6:c0:d8:4e:d4:4f:5a:a2:90:31:fa:
5a:93:94:fe:1d:fc:20:af:43:30:2c:e4:dd:a6:34:ff:69:51:
91:2e:9f:a1:7b:7b:02:3a:1f:10:24:d0:75:59:fd:c8:05:d7:
90:a1:59:d9:0e:b2:58:d7:4d:bb:15:a0:bf:93:05:b4:8f:e2:
3d:40:44:e2:4d:08:50:97:db:ba:aa:af:b4:4e:b5:b1:cb:04:
fd:ca:a9:17:c5:18:b7:b9:ff:3d:17:f9:f4:d8:1a:61:36:82:
b6:95:9b:04:7f:d2:17:6b:c0:54:8a:7f:f6:83:1b:48:c0:7e:
e6:a4:38:51:f8:a7:18:5c:78:cf:6f:b0:63:b8:c1:60:e1:85:
ad:99:f6:c7:74:03:15:50:92:71:39:43:13:9f:31:23:4b:9c:
a0:db:dd:6c:c0:81:dc:e5:17:cb:1e:6c:ac:f6:36:d1:7f:12:
10:5e:fe:68:43:cb:c7:46:fb:60:4a:07:18:46:bc:a6:ed:03:
5d:02:53:77:77:57:00:76:86:5d:b0:92:04:df:74:0b:54:6d:
6f:c8:84:54:9c:fc:7d:d6:1e:e5:f4:be:40:db:43:fa:00:99:
34:7e:53:80:b7:49:ab:f8:7a:34:8a:ac:44:58:f2:ba:de:9e:
94:dc:45:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5D9cqYt99Apk6Cbs/19XWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTFiY2Q4OWViN2Y1YjNhYjA4ODA2ZWY1MWE3YzJmNmVi
OThlZmMwHhcNMjQwMzE1MjExMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk5YmFlZWQwMzlmYzM1Zjk3MzZiYzRjYWNmN2M1NjdkYzM1OGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkr6b4bMcIvHb1lLvOmlSvmCayPE
8CupACpb8xaV+lxcY1MWex9fKbYd2Najs8AwmTTdKNecnbbaE7UxU6rK1lSiUgFe
2ibTtrxDt6PvT616a0qYkAHKRkdqw2v2ZKZ1LP4/dxNSen8FPuxfTd5MatoxNjt1
lQ1ukKfZTTQo/NaR9FOnZzO9M9/Q1XTNqXx5nYZ4uzoIT89fYuO+qlNwICa9HmI4
eJrrgJ8L0LrMaDmG6qAk41kaywzt0hf1lq7xgY3+C8TykJAm/yW7DPDBU8N8MN8X
jRIJIiMm4tOqFwkhvCqpHra1xWSzgjUCVAM704EiLzP8PA5J8m4GG45RBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASZuu7QOfw1+XNrxMrPfFZ9w1jiMB8GA1UdIwQY
MBaAFF9RvNiet/WzqwiAbvUafC9uuY78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDct
MGE4NTk4NjIwOGE5LzEvQkptNjd0QTVfRFg1YzJ2RXlzOThWbjNEV09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDctMGE4NTk4NjIwOGE5
LzEvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbV8+MA0G
CSqGSIb3DQEBCwUAA4IBAQBSnc3QZCUB1sDYTtRPWqKQMfpak5T+Hfwgr0MwLOTd
pjT/aVGRLp+he3sCOh8QJNB1Wf3IBdeQoVnZDrJY1027FaC/kwW0j+I9QETiTQhQ
l9u6qq+0TrWxywT9yqkXxRi3uf89F/n02BphNoK2lZsEf9IXa8BUin/2gxtIwH7m
pDhR+KcYXHjPb7BjuMFg4YWtmfbHdAMVUJJxOUMTnzEjS5yg291swIHc5RfLHmys
9jbRfxIQXv5oQ8vHRvtgSgcYRrym7QNdAlN3d1cAdoZdsJIE33QLVG1vyIRUnPx9
1h7l9L5A20P6AJk0flOAt0mr+Ho0iqxEWPK63p6U3EVM
-----END CERTIFICATE-----
Generated at Tue Apr 9 15:26:11 2024 by rpki-client on console-ams.rpki-client.org