Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/h4MFEwk43wCtA0ielJ2849fVs7s.roa
File: h4MFEwk43wCtA0ielJ2849fVs7s.roa (raw, json)
Hash identifier: MHZ/uoFeKJP8JKbrzYYLJEK0rPpaVz4gLoN8QMyLW5c=
Subject key identifier: 87:83:05:13:09:38:DF:00:AD:03:48:9E:94:9D:BC:E3:D7:D5:B3:BB
Certificate issuer: /CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Certificate serial: 018C635DE231606823E7B4C737CB45C84110
Authority key identifier: 5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/h4MFEwk43wCtA0ielJ2849fVs7s.roa
Signing time: Wed 13 Dec 2023 13:29:06 +0000
ROA not before: Wed 13 Dec 2023 13:29:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12697
IP address blocks: 109.95.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:63:5d:e2:31:60:68:23:e7:b4:c7:37:cb:45:c8:41:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Validity
Not Before: Dec 13 13:29:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=878305130938df00ad03489e949dbce3d7d5b3bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:aa:28:de:ca:31:0e:7a:b0:e3:ab:c2:03:7b:
cd:35:8e:13:59:52:08:07:49:04:c6:5b:fb:03:1e:
50:5e:b1:8d:85:29:3c:ba:8d:aa:68:86:00:06:68:
45:79:0e:31:2f:be:72:b4:3d:0a:f3:ed:10:3d:1f:
0a:57:02:77:c9:cd:cd:93:3f:7c:c1:93:31:03:7c:
ea:60:d0:b6:1c:c7:d7:bf:db:85:63:fd:20:dc:fd:
2f:76:b5:2f:1f:91:b6:cc:59:7a:1c:8d:6d:23:56:
69:55:06:9f:61:7c:42:dc:fd:31:95:b8:6f:90:23:
a1:00:a5:0f:57:c3:35:7e:32:64:34:7f:88:03:f7:
50:a0:55:d6:1c:3c:39:3b:3e:eb:31:3c:a1:6e:10:
3c:d7:af:f7:32:51:cf:37:ec:88:25:02:26:43:2e:
91:4e:8f:d5:39:a8:e1:3f:9a:2d:92:48:86:12:40:
7d:5e:ba:ac:d3:0d:39:e1:1c:f2:f2:dd:0e:bf:bc:
2c:4c:02:0c:06:1f:6e:34:b3:60:11:37:cc:36:9e:
e4:7f:c5:63:71:63:86:61:6e:2d:cc:fc:cc:c3:a9:
80:d5:ab:32:52:2e:aa:4a:7a:81:0d:ec:a8:52:d7:
55:0e:9c:5b:87:ee:b1:31:9a:35:70:90:ab:3d:ea:
60:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:83:05:13:09:38:DF:00:AD:03:48:9E:94:9D:BC:E3:D7:D5:B3:BB
X509v3 Authority Key Identifier:
keyid:5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/h4MFEwk43wCtA0ielJ2849fVs7s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/X1G82J639bOrCIBu9Rp8L265jvw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.95.60.0/24
Signature Algorithm: sha256WithRSAEncryption
88:61:d0:fd:9c:56:d9:43:a0:10:01:b5:17:3e:55:e0:fb:98:
34:5c:d4:59:33:d9:62:5c:d8:12:60:ae:68:4f:f7:e2:0f:0c:
6f:a7:18:03:ea:74:69:b6:ab:e7:0e:9c:55:d0:27:54:14:1d:
49:c4:2c:c5:34:19:39:d2:48:f1:5d:bd:f8:8f:0a:5d:f7:fc:
ae:9a:1f:e8:af:9a:0d:44:3c:cd:a2:fb:c3:cc:da:38:d1:3b:
f6:fe:2e:18:3d:e7:5c:6c:94:09:51:e2:35:8a:41:8f:45:d9:
30:31:b8:c4:11:ff:8b:bf:41:60:f7:61:ad:8e:b8:a2:67:60:
39:77:5f:ca:b1:55:f9:d9:e9:42:fe:b6:f5:fe:15:fc:8a:3a:
c7:70:c4:a5:90:6b:f4:8e:d8:45:a8:c4:19:b5:ea:ad:d9:96:
02:c4:e8:60:c8:be:1d:14:2e:08:89:34:94:a3:af:d1:5f:3b:
02:1c:6d:d4:ba:1c:07:61:9b:0f:93:ba:95:43:77:ac:6e:cc:
c8:82:d6:91:f1:33:12:b7:12:3c:08:1f:91:62:44:a1:c8:17:
52:ca:45:15:2c:c5:65:9e:a2:59:92:81:63:48:f3:01:2b:a7:
44:ef:f3:d9:db:5e:a9:a4:9d:05:3f:06:2c:6f:92:2c:48:e4:
cf:e3:ba:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYxjXeIxYGgj57THN8tFyEEQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTFiY2Q4OWViN2Y1YjNhYjA4ODA2ZWY1MWE3YzJmNmVi
OThlZmMwHhcNMjMxMjEzMTMyOTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzgzMDUxMzA5MzhkZjAwYWQwMzQ4OWU5NDlkYmNlM2Q3ZDViM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6oo3soxDnqw46vCA3vNNY4TWVII
B0kExlv7Ax5QXrGNhSk8uo2qaIYABmhFeQ4xL75ytD0K8+0QPR8KVwJ3yc3Nkz98
wZMxA3zqYNC2HMfXv9uFY/0g3P0vdrUvH5G2zFl6HI1tI1ZpVQafYXxC3P0xlbhv
kCOhAKUPV8M1fjJkNH+IA/dQoFXWHDw5Oz7rMTyhbhA816/3MlHPN+yIJQImQy6R
To/VOajhP5otkkiGEkB9Xrqs0w054Rzy8t0Ov7wsTAIMBh9uNLNgETfMNp7kf8Vj
cWOGYW4tzPzMw6mA1asyUi6qSnqBDeyoUtdVDpxbh+6xMZo1cJCrPepg1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeDBRMJON8ArQNInpSdvOPX1bO7MB8GA1UdIwQY
MBaAFF9RvNiet/WzqwiAbvUafC9uuY78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDct
MGE4NTk4NjIwOGE5LzEvaDRNRkV3azQzd0N0QTBpZWxKMjg0OWZWczdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDctMGE4NTk4NjIwOGE5
LzEvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV88MA0G
CSqGSIb3DQEBCwUAA4IBAQCIYdD9nFbZQ6AQAbUXPlXg+5g0XNRZM9liXNgSYK5o
T/fiDwxvpxgD6nRptqvnDpxV0CdUFB1JxCzFNBk50kjxXb34jwpd9/yumh/or5oN
RDzNovvDzNo40Tv2/i4YPedcbJQJUeI1ikGPRdkwMbjEEf+Lv0Fg92GtjriiZ2A5
d1/KsVX52elC/rb1/hX8ijrHcMSlkGv0jthFqMQZteqt2ZYCxOhgyL4dFC4IiTSU
o6/RXzsCHG3UuhwHYZsPk7qVQ3esbszIgtaR8TMStxI8CB+RYkShyBdSykUVLMVl
nqJZkoFjSPMBK6dE7/PZ216ppJ0FPwYsb5IsSOTP47pO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:23 2024 by rpki-client on console-ams.rpki-client.org