Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/6e615f-5fd7-45b6-8acb-76999bf9999f/1/rJVbHM4TfKdGsr775fQpp1PjCc8.roa
File: rJVbHM4TfKdGsr775fQpp1PjCc8.roa (raw, json)
Hash identifier: PVhVsfZu3nLLqXHko2JOG63Oyw5PZsDGeGLbuqDUi0o=
Subject key identifier: AC:95:5B:1C:CE:13:7C:A7:46:B2:BE:FB:E5:F4:29:A7:53:E3:09:CF
Certificate issuer: /CN=468c267a6474fcb7cc49cf325d0e9dcc5fe8d20d
Certificate serial: 018BCE6B4E0C22048C269DD5436AC75FBC91
Authority key identifier: 46:8C:26:7A:64:74:FC:B7:CC:49:CF:32:5D:0E:9D:CC:5F:E8:D2:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RowmemR0_LfMSc8yXQ6dzF_o0g0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/6e615f-5fd7-45b6-8acb-76999bf9999f/1/rJVbHM4TfKdGsr775fQpp1PjCc8.roa
Signing time: Tue 14 Nov 2023 15:20:20 +0000
ROA not before: Tue 14 Nov 2023 15:20:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41114
IP address blocks: 109.106.24.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ce:6b:4e:0c:22:04:8c:26:9d:d5:43:6a:c7:5f:bc:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=468c267a6474fcb7cc49cf325d0e9dcc5fe8d20d
Validity
Not Before: Nov 14 15:20:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac955b1cce137ca746b2befbe5f429a753e309cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:00:7a:ce:c4:4b:c2:d1:c7:02:da:0a:1e:13:
64:0f:05:23:3e:04:7a:c7:0d:96:0d:5f:7c:92:ef:
f1:da:1a:1c:69:a1:e9:09:2f:e5:40:7d:3e:c6:7d:
d6:b3:e5:89:74:13:cb:fa:32:a8:3f:1f:ac:53:e6:
33:2d:12:e9:14:33:f3:6a:bd:31:d4:70:ca:5e:be:
11:f8:bc:9b:b4:4c:10:c7:ca:ea:63:fb:8c:51:6a:
1d:25:73:68:ef:5a:45:d8:e5:df:b7:9a:e9:1d:2b:
8c:70:74:06:c9:fa:0e:8f:23:bf:8b:a5:8a:b4:9e:
7a:48:79:a0:4f:fb:fe:e9:c3:ee:0e:c2:2f:b5:bf:
4d:c5:61:65:b0:3c:ee:bb:df:7d:d5:f5:80:07:65:
92:69:e6:7a:22:c7:8e:a0:28:22:88:bc:13:50:fd:
ad:38:02:55:66:e1:e4:b9:d3:7d:9f:3d:0b:8c:f9:
2c:4a:fc:4a:54:bd:59:67:02:89:dc:f4:e8:dd:a9:
ad:a2:b6:54:0e:c7:be:21:17:30:90:63:2e:e3:ed:
69:cc:b9:42:cd:93:d4:71:2b:eb:9b:07:78:7f:4f:
62:8b:45:3c:c5:83:10:34:17:f2:e0:1f:ba:cb:ae:
1f:e0:d2:bb:6e:46:72:88:ee:83:b7:79:d3:b7:bb:
34:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:95:5B:1C:CE:13:7C:A7:46:B2:BE:FB:E5:F4:29:A7:53:E3:09:CF
X509v3 Authority Key Identifier:
keyid:46:8C:26:7A:64:74:FC:B7:CC:49:CF:32:5D:0E:9D:CC:5F:E8:D2:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RowmemR0_LfMSc8yXQ6dzF_o0g0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/6e615f-5fd7-45b6-8acb-76999bf9999f/1/rJVbHM4TfKdGsr775fQpp1PjCc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/6e615f-5fd7-45b6-8acb-76999bf9999f/1/RowmemR0_LfMSc8yXQ6dzF_o0g0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.106.24.0/22
Signature Algorithm: sha256WithRSAEncryption
2c:32:e8:8d:ed:0e:74:49:4b:b5:b2:73:64:7b:7f:92:f2:db:
f9:3a:01:c6:2f:6f:5a:4b:c7:cd:8d:0f:d5:02:b2:e6:48:47:
31:02:4b:2d:60:b8:75:87:b1:2e:0d:ca:7c:85:eb:3f:71:71:
e9:12:bc:96:d5:40:37:d2:84:35:f9:f5:6c:43:00:1f:14:22:
ad:4b:48:e4:44:72:16:bf:15:93:d0:ea:92:da:f5:10:67:f8:
53:9f:a4:e1:eb:2c:18:09:9b:ff:26:19:fb:26:06:eb:9c:83:
6b:fa:99:df:e6:b5:c3:eb:53:45:09:40:9d:b1:66:e5:4b:aa:
2d:9d:98:f8:6b:3c:7f:2e:d2:95:93:12:c1:3f:2d:e1:1f:a6:
3a:9d:f7:27:af:1b:b1:61:c5:b1:a9:11:bd:04:b5:1c:d7:e5:
1b:d4:19:96:c8:76:55:d7:22:a5:d1:58:31:57:fd:07:e3:a2:
b7:23:ad:68:2a:e5:58:86:80:b4:47:a3:08:44:78:af:3f:2f:
25:48:70:d4:af:a2:99:40:d1:4f:d2:23:18:22:a7:75:43:52:
d8:36:3b:9a:2e:df:16:d1:82:9d:70:45:ec:0f:77:80:79:26:
fe:ab:b3:7c:eb:ce:c0:05:de:ff:b4:4d:3d:31:c8:18:4a:9b:
41:4c:4a:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYvOa04MIgSMJp3VQ2rHX7yRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGMyNjdhNjQ3NGZjYjdjYzQ5Y2YzMjVkMGU5ZGNjNWZl
OGQyMGQwHhcNMjMxMTE0MTUyMDIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzk1NWIxY2NlMTM3Y2E3NDZiMmJlZmJlNWY0MjlhNzUzZTMwOWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQB6zsRLwtHHAtoKHhNkDwUjPgR6
xw2WDV98ku/x2hocaaHpCS/lQH0+xn3Ws+WJdBPL+jKoPx+sU+YzLRLpFDPzar0x
1HDKXr4R+LybtEwQx8rqY/uMUWodJXNo71pF2OXft5rpHSuMcHQGyfoOjyO/i6WK
tJ56SHmgT/v+6cPuDsIvtb9NxWFlsDzuu9991fWAB2WSaeZ6IseOoCgiiLwTUP2t
OAJVZuHkudN9nz0LjPksSvxKVL1ZZwKJ3PTo3amtorZUDse+IRcwkGMu4+1pzLlC
zZPUcSvrmwd4f09ii0U8xYMQNBfy4B+6y64f4NK7bkZyiO6Dt3nTt7s0FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyVWxzOE3ynRrK+++X0KadT4wnPMB8GA1UdIwQY
MBaAFEaMJnpkdPy3zEnPMl0Oncxf6NINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm93bWVtUjBfTGZNU2M4eVhRNmR6Rl9vMGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC82ZTYxNWYtNWZkNy00NWI2LThhY2It
NzY5OTliZjk5OTlmLzEvckpWYkhNNFRmS2RHc3I3NzVmUXBwMVBqQ2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC82ZTYxNWYtNWZkNy00NWI2LThhY2ItNzY5OTliZjk5OTlm
LzEvUm93bWVtUjBfTGZNU2M4eVhRNmR6Rl9vMGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbWoYMA0G
CSqGSIb3DQEBCwUAA4IBAQAsMuiN7Q50SUu1snNke3+S8tv5OgHGL29aS8fNjQ/V
ArLmSEcxAkstYLh1h7EuDcp8hes/cXHpEryW1UA30oQ1+fVsQwAfFCKtS0jkRHIW
vxWT0OqS2vUQZ/hTn6Th6ywYCZv/Jhn7JgbrnINr+pnf5rXD61NFCUCdsWblS6ot
nZj4azx/LtKVkxLBPy3hH6Y6nfcnrxuxYcWxqRG9BLUc1+Ub1BmWyHZV1yKl0Vgx
V/0H46K3I61oKuVYhoC0R6MIRHivPy8lSHDUr6KZQNFP0iMYIqd1Q1LYNjuaLt8W
0YKdcEXsD3eAeSb+q7N8687ABd7/tE09McgYSptBTEpD
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:30:56 2025 by rpki-client