Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/cPREYYlZlD0DpkDpOPq9ifWYYUU.roa
File: cPREYYlZlD0DpkDpOPq9ifWYYUU.roa (raw, json)
Hash identifier: FvStnlc+mDYpC/x2Tr/bg+rbQkgsMp8E3aAClix07jg=
Subject key identifier: 70:F4:44:61:89:59:94:3D:03:A6:40:E9:38:FA:BD:89:F5:98:61:45
Certificate issuer: /CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Certificate serial: 0188DE0B33F51D6E73B33896516FFCB19A9D
Authority key identifier: 5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/cPREYYlZlD0DpkDpOPq9ifWYYUU.roa
Signing time: Wed 21 Jun 2023 13:00:56 +0000
ROA not before: Wed 21 Jun 2023 13:00:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48359
IP address blocks: 109.95.62.0/24 maxlen: 24
109.95.61.0/24 maxlen: 24
109.95.63.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:de:0b:33:f5:1d:6e:73:b3:38:96:51:6f:fc:b1:9a:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Validity
Not Before: Jun 21 13:00:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=70f444618959943d03a640e938fabd89f5986145
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:1d:c9:73:dc:34:ef:8d:75:cc:c9:ce:91:36:
97:61:9b:13:ef:a2:dd:5c:f6:79:ee:8d:ba:45:04:
49:87:71:9a:e1:dc:94:eb:dd:5a:85:b6:40:81:f2:
61:bc:86:15:0a:26:ea:5c:99:a1:3a:ee:ef:4e:29:
93:40:dc:5f:97:41:6d:5c:2f:09:57:03:4d:ec:2c:
80:7f:14:26:ec:ac:43:d2:aa:b3:11:2a:3a:80:42:
78:d4:64:56:d2:76:ba:cc:cc:b3:96:84:6b:67:52:
15:c6:c6:6e:39:59:a2:a0:e8:94:6e:5a:cd:3e:f8:
5e:38:bb:bf:a3:33:ca:7b:74:42:3a:bf:9e:71:63:
19:57:ed:e4:90:6b:4a:d4:53:6e:e5:95:00:3c:e5:
f9:eb:78:ce:5b:4f:bc:16:30:b4:a7:ab:9b:9c:53:
57:00:39:08:62:50:5f:e9:7e:da:9c:ef:e9:d8:ed:
c5:2a:72:a0:46:b4:90:de:6c:d5:9d:dd:23:8b:e5:
95:bd:fe:1e:9b:a7:12:5e:cf:0f:75:53:22:73:f5:
97:27:8b:61:04:ef:8e:fd:b2:74:22:cb:91:9b:fb:
93:6e:af:e5:40:c5:4c:31:91:4e:5d:8e:67:26:5f:
bf:2a:a4:6d:c6:d9:73:47:e7:a6:46:9c:3f:ca:58:
08:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:F4:44:61:89:59:94:3D:03:A6:40:E9:38:FA:BD:89:F5:98:61:45
X509v3 Authority Key Identifier:
keyid:5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/cPREYYlZlD0DpkDpOPq9ifWYYUU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/X1G82J639bOrCIBu9Rp8L265jvw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.95.61.0-109.95.63.255
Signature Algorithm: sha256WithRSAEncryption
30:97:67:58:4b:e7:7f:5d:b2:93:5d:61:22:93:0a:51:3f:f3:
36:e7:56:80:ce:46:5c:ef:69:c6:74:a1:83:d2:14:7b:bc:81:
6b:f2:d6:dd:1f:9b:16:7d:71:e6:8b:12:84:ba:7c:a8:37:5e:
e8:61:a3:50:e4:df:68:de:9e:ac:0f:fe:a7:d8:fe:77:45:55:
24:bd:19:49:da:ac:29:f3:d0:d9:12:4e:15:e6:99:1b:a7:ae:
a2:22:7d:ef:2b:d7:55:17:f2:3a:ed:44:6f:c3:2c:62:75:0a:
fe:46:ca:ca:08:0d:11:47:08:e1:09:65:81:01:d1:36:e0:3b:
7c:88:b5:cd:78:22:7c:25:da:c0:7c:1f:10:95:86:b4:d3:28:
70:55:2e:34:e5:45:a1:af:70:1e:b3:dd:7f:53:3a:3d:a8:cc:
98:2f:5a:1b:e5:f2:1a:7d:f7:b8:8e:43:5c:74:89:39:6a:d5:
9f:9c:20:76:4c:92:75:82:10:17:28:ea:51:67:ee:07:7d:a4:
13:92:09:00:6b:d0:ca:b2:0b:58:5f:e7:e8:0b:c8:d7:17:17:
ba:e8:52:0c:6b:7b:3e:de:28:90:34:a0:a4:00:d2:aa:57:ce:
64:ea:4a:ee:02:d0:c6:74:c0:b0:75:dc:c0:42:a2:b7:60:e8:
a6:a9:93:01
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYjeCzP1HW5zsziWUW/8sZqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTFiY2Q4OWViN2Y1YjNhYjA4ODA2ZWY1MWE3YzJmNmVi
OThlZmMwHhcNMjMwNjIxMTMwMDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGY0NDQ2MTg5NTk5NDNkMDNhNjQwZTkzOGZhYmQ4OWY1OTg2MTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR3Jc9w07411zMnOkTaXYZsT76Ld
XPZ57o26RQRJh3Ga4dyU691ahbZAgfJhvIYVCibqXJmhOu7vTimTQNxfl0FtXC8J
VwNN7CyAfxQm7KxD0qqzESo6gEJ41GRW0na6zMyzloRrZ1IVxsZuOVmioOiUblrN
PvheOLu/ozPKe3RCOr+ecWMZV+3kkGtK1FNu5ZUAPOX563jOW0+8FjC0p6ubnFNX
ADkIYlBf6X7anO/p2O3FKnKgRrSQ3mzVnd0ji+WVvf4em6cSXs8PdVMic/WXJ4th
BO+O/bJ0IsuRm/uTbq/lQMVMMZFOXY5nJl+/KqRtxtlzR+emRpw/ylgIRQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHD0RGGJWZQ9A6ZA6Tj6vYn1mGFFMB8GA1UdIwQY
MBaAFF9RvNiet/WzqwiAbvUafC9uuY78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDct
MGE4NTk4NjIwOGE5LzEvY1BSRVlZbFpsRDBEcGtEcE9QcTlpZldZWVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDctMGE4NTk4NjIwOGE5
LzEvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABtXz0D
BAZtXwAwDQYJKoZIhvcNAQELBQADggEBADCXZ1hL539dspNdYSKTClE/8zbnVoDO
RlzvacZ0oYPSFHu8gWvy1t0fmxZ9ceaLEoS6fKg3Xuhho1Dk32jenqwP/qfY/ndF
VSS9GUnarCnz0NkSThXmmRunrqIife8r11UX8jrtRG/DLGJ1Cv5GysoIDRFHCOEJ
ZYEB0TbgO3yItc14Inwl2sB8HxCVhrTTKHBVLjTlRaGvcB6z3X9TOj2ozJgvWhvl
8hp997iOQ1x0iTlq1Z+cIHZMknWCEBco6lFn7gd9pBOSCQBr0MqyC1hf5+gLyNcX
F7roUgxrez7eKJA0oKQA0qpXzmTqSu4C0MZ0wLB13MBCordg6KapkwE=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:24:51 2025 by rpki-client