Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/ruLXaBv8sjo6eEGug-6-D4xN2bw.roa
File: ruLXaBv8sjo6eEGug-6-D4xN2bw.roa (raw, json)
Hash identifier: eRXxd/QfQXt/4hdfaYIdnYoHxNRUH7WvdCVr/4/kGds=
Subject key identifier: AE:E2:D7:68:1B:FC:B2:3A:3A:78:41:AE:83:EE:BE:0F:8C:4D:D9:BC
Certificate issuer: /CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Certificate serial: 018E427802CAFA35C524C56B03805547ECCF
Authority key identifier: 5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/ruLXaBv8sjo6eEGug-6-D4xN2bw.roa
Signing time: Fri 15 Mar 2024 14:15:45 +0000
ROA not before: Fri 15 Mar 2024 14:15:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 56749
IP address blocks: 109.95.60.0/24 maxlen: 24
109.95.62.0/24 maxlen: 24
109.95.63.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:42:78:02:ca:fa:35:c5:24:c5:6b:03:80:55:47:ec:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f51bcd89eb7f5b3ab08806ef51a7c2f6eb98efc
Validity
Not Before: Mar 15 14:15:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aee2d7681bfcb23a3a7841ae83eebe0f8c4dd9bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:24:ea:27:5f:a6:bd:9e:0b:cc:ce:94:78:cf:
1f:91:92:40:0c:b5:93:99:a3:18:76:53:33:53:ef:
c7:eb:0e:42:97:83:3b:18:ee:ad:fd:f5:7a:d8:1d:
5b:3b:5c:5a:06:fe:4a:7f:a0:21:83:a4:57:1e:38:
b7:ff:9f:61:79:be:a1:ce:4f:6a:e1:a3:38:a8:75:
2c:40:c8:ca:b6:3a:83:fa:cf:ec:21:2a:65:90:c2:
f1:56:76:ef:97:c8:2f:87:20:bc:9e:2c:b3:98:8f:
87:f6:de:ee:c5:b2:f3:ae:c1:48:29:3d:8d:33:83:
5e:07:f7:25:a0:d3:fe:bc:11:f3:54:68:21:d2:8c:
2c:c6:b5:fd:3d:e0:06:c7:cb:36:c0:75:80:20:a0:
57:fd:b8:76:9b:c1:2a:29:84:33:9e:02:ed:ef:d7:
76:ae:8d:db:a8:dc:6b:e6:e8:bc:26:86:02:4d:08:
a3:10:9c:b8:44:cf:67:0d:e9:75:e4:51:c1:e4:9a:
9a:3d:d2:4e:37:92:68:ca:df:99:14:f8:a0:6f:de:
b2:82:2b:eb:63:a7:b4:7f:d9:ad:56:37:2c:09:fc:
7a:cd:3d:d7:ee:af:31:e4:a9:2a:f2:e9:95:5a:86:
8e:47:09:8b:da:45:a7:1a:da:1c:54:cc:b4:fd:cb:
76:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:E2:D7:68:1B:FC:B2:3A:3A:78:41:AE:83:EE:BE:0F:8C:4D:D9:BC
X509v3 Authority Key Identifier:
keyid:5F:51:BC:D8:9E:B7:F5:B3:AB:08:80:6E:F5:1A:7C:2F:6E:B9:8E:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1G82J639bOrCIBu9Rp8L265jvw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/ruLXaBv8sjo6eEGug-6-D4xN2bw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/41f6f5-cef0-4a57-8e47-0a85986208a9/1/X1G82J639bOrCIBu9Rp8L265jvw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.95.60.0/24
109.95.62.0/23
Signature Algorithm: sha256WithRSAEncryption
9d:db:cf:c3:c4:4b:17:cb:d3:bb:1a:c4:0f:1a:3f:7f:a3:bf:
fa:3b:1e:e3:0d:a7:71:4d:17:77:1b:38:f6:44:2f:9b:97:a7:
61:1a:47:c6:56:f2:e3:9e:88:ca:05:4a:27:f3:d5:4b:fc:6c:
9d:3b:46:9a:b1:1e:a6:e4:6f:e4:26:ea:57:94:c5:c7:96:5a:
95:b7:4e:43:c5:51:29:64:82:d8:bd:49:89:64:e7:7a:42:aa:
75:26:02:20:d9:43:e4:70:5c:f5:5a:51:5e:93:7e:95:40:65:
b9:62:40:1b:c2:53:07:4f:b9:80:cb:da:98:ab:82:9a:88:30:
72:92:6a:14:09:6a:5a:7b:03:67:4f:4c:d8:ce:c8:08:0b:f2:
2c:cc:82:07:58:07:fa:1d:a8:76:a7:af:b0:f2:d9:07:47:3f:
f7:7e:b8:3f:f7:0a:41:ee:c4:31:a4:a2:34:d2:6a:7c:6e:e2:
b7:76:b5:64:20:7e:6b:9a:38:17:37:58:ff:a0:8c:e5:e3:73:
cd:8c:72:b8:52:9b:18:a5:23:f3:49:ba:ba:87:53:8e:f2:67:
aa:e8:e2:0f:ae:1c:03:c9:d0:23:07:76:03:db:fa:64:a4:78:
5f:0c:78:c6:e1:c2:2c:47:c4:24:63:39:a6:23:3e:58:b0:52:
34:61:c9:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5CeALK+jXFJMVrA4BVR+zPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTFiY2Q4OWViN2Y1YjNhYjA4ODA2ZWY1MWE3YzJmNmVi
OThlZmMwHhcNMjQwMzE1MTQxNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWUyZDc2ODFiZmNiMjNhM2E3ODQxYWU4M2VlYmUwZjhjNGRkOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiTqJ1+mvZ4LzM6UeM8fkZJADLWT
maMYdlMzU+/H6w5Cl4M7GO6t/fV62B1bO1xaBv5Kf6Ahg6RXHji3/59heb6hzk9q
4aM4qHUsQMjKtjqD+s/sISplkMLxVnbvl8gvhyC8niyzmI+H9t7uxbLzrsFIKT2N
M4NeB/cloNP+vBHzVGgh0owsxrX9PeAGx8s2wHWAIKBX/bh2m8EqKYQzngLt79d2
ro3bqNxr5ui8JoYCTQijEJy4RM9nDel15FHB5JqaPdJON5Joyt+ZFPigb96ygivr
Y6e0f9mtVjcsCfx6zT3X7q8x5Kkq8umVWoaORwmL2kWnGtocVMy0/ct2XQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK7i12gb/LI6OnhBroPuvg+MTdm8MB8GA1UdIwQY
MBaAFF9RvNiet/WzqwiAbvUafC9uuY78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDct
MGE4NTk4NjIwOGE5LzEvcnVMWGFCdjhzam82ZUVHdWctNi1ENHhOMmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80MWY2ZjUtY2VmMC00YTU3LThlNDctMGE4NTk4NjIwOGE5
LzEvWDFHODJKNjM5Yk9yQ0lCdTlScDhMMjY1anZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbV88AwQB
bV8+MA0GCSqGSIb3DQEBCwUAA4IBAQCd28/DxEsXy9O7GsQPGj9/o7/6Ox7jDadx
TRd3Gzj2RC+bl6dhGkfGVvLjnojKBUon89VL/GydO0aasR6m5G/kJupXlMXHllqV
t05DxVEpZILYvUmJZOd6Qqp1JgIg2UPkcFz1WlFek36VQGW5YkAbwlMHT7mAy9qY
q4KaiDBykmoUCWpaewNnT0zYzsgIC/IszIIHWAf6Hah2p6+w8tkHRz/3frg/9wpB
7sQxpKI00mp8buK3drVkIH5rmjgXN1j/oIzl43PNjHK4UpsYpSPzSbq6h1OO8meq
6OIPrhwDydAjB3YD2/pkpHhfDHjG4cIsR8QkYzmmIz5YsFI0YcnS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:03 2024 by rpki-client on console-fra.rpki-client.org