Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/9mZGCB4fhDpi2mREi9a3BpMiZKo.roa
File: 9mZGCB4fhDpi2mREi9a3BpMiZKo.roa (raw, json)
Hash identifier: UX6+Om/avoUU0IP445v0fPEP2pgzseNCd+hviwN8C/s=
Subject key identifier: F6:66:46:08:1E:1F:84:3A:62:DA:64:44:8B:D6:B7:06:93:22:64:AA
Certificate issuer: /CN=cdc84082be96e609d9de9808fbc37866feb4c54b
Certificate serial: 01881E6F497E1D9C22FEB5098FE1EBE2EFB7
Authority key identifier: CD:C8:40:82:BE:96:E6:09:D9:DE:98:08:FB:C3:78:66:FE:B4:C5:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zchAgr6W5gnZ3pgI-8N4Zv60xUs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/9mZGCB4fhDpi2mREi9a3BpMiZKo.roa
Signing time: Mon 15 May 2023 08:03:09 +0000
ROA not before: Mon 15 May 2023 08:03:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 37.235.123.0/24 maxlen: 24
37.235.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1e:6f:49:7e:1d:9c:22:fe:b5:09:8f:e1:eb:e2:ef:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdc84082be96e609d9de9808fbc37866feb4c54b
Validity
Not Before: May 15 08:03:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f66646081e1f843a62da64448bd6b706932264aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:38:d9:c2:b6:5d:35:a8:89:44:70:38:76:c8:
20:d5:de:9b:1d:a3:30:fc:3c:75:3e:ab:57:23:9a:
93:59:5a:23:a1:a2:ca:cd:dc:36:1d:f9:41:86:6d:
07:c1:72:07:fe:82:35:c8:24:17:b4:5c:bb:c6:e8:
9c:6e:92:2a:7a:0f:4c:1a:f4:62:c4:d3:dc:6a:6c:
57:59:f5:9c:40:89:63:b5:b7:6c:7f:bb:f4:9d:07:
30:fd:43:a3:1c:60:26:8b:63:3f:04:d1:06:97:6d:
a5:bd:21:40:4b:59:8d:57:2d:33:3b:52:9b:5e:fe:
b4:df:33:3f:a8:50:a7:1a:85:76:01:0b:56:24:0b:
81:8c:05:ce:25:49:30:3f:a2:36:05:29:a3:38:c3:
18:38:28:8b:2b:44:7a:4a:9c:30:dc:2b:2f:1e:cd:
80:ba:60:0d:f8:3b:16:2a:cf:49:3e:c3:12:ad:ab:
b2:a3:fc:51:43:ae:8b:d7:55:23:c1:54:58:ce:d0:
2f:38:07:15:af:f5:58:de:27:91:f3:00:0d:10:e3:
f8:3d:75:82:c5:86:e8:96:66:84:0f:1d:ed:65:95:
c6:7c:40:64:df:5d:bc:a6:df:70:31:03:f7:78:fe:
3f:05:01:6e:95:df:7e:90:7e:29:d1:62:41:ad:31:
f6:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:66:46:08:1E:1F:84:3A:62:DA:64:44:8B:D6:B7:06:93:22:64:AA
X509v3 Authority Key Identifier:
keyid:CD:C8:40:82:BE:96:E6:09:D9:DE:98:08:FB:C3:78:66:FE:B4:C5:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zchAgr6W5gnZ3pgI-8N4Zv60xUs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/9mZGCB4fhDpi2mREi9a3BpMiZKo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/zchAgr6W5gnZ3pgI-8N4Zv60xUs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.120.0/24
37.235.123.0/24
Signature Algorithm: sha256WithRSAEncryption
77:f0:ae:71:42:db:05:b9:59:cf:b7:cb:ee:94:3a:ad:22:ce:
da:fb:e9:93:82:b9:65:79:71:3d:2f:71:f8:73:4f:de:9a:aa:
01:d5:a3:3d:84:cf:04:28:45:e9:0a:59:33:fa:71:0c:8b:0f:
6d:b0:11:6f:94:e9:9a:33:48:75:f6:aa:b8:81:ee:4e:24:3f:
95:c1:9a:c1:28:09:7f:3a:af:da:d3:37:ce:bc:ef:8c:e7:9f:
5e:7e:55:c7:0d:39:43:85:02:32:ff:70:a7:1a:59:00:89:3a:
52:6a:7d:40:f2:5c:28:1a:e5:cb:20:4e:e1:ed:b3:85:c1:6d:
5c:4d:f4:11:b3:c7:81:76:c0:19:06:9e:e4:6c:cd:cb:08:bb:
fd:6a:50:d1:5b:03:d7:b9:79:df:7d:e7:c7:f8:cf:8c:1a:95:
e0:17:c7:01:b4:96:ad:41:48:c2:aa:94:90:e7:fd:cf:f7:3e:
0a:65:d5:58:6a:ca:b7:83:3a:ee:64:e5:a6:51:a4:ef:aa:15:
0c:08:5e:17:3e:b1:6e:76:7b:73:d8:a2:f5:b1:f1:38:4d:97:
30:e4:03:8f:8c:40:ec:20:e2:3f:2f:26:95:06:a1:20:29:be:
72:f4:05:35:7c:50:59:6c:f0:38:17:d5:61:f8:8f:b5:db:b6:
5d:56:72:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYgeb0l+HZwi/rUJj+Hr4u+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYzg0MDgyYmU5NmU2MDlkOWRlOTgwOGZiYzM3ODY2ZmVi
NGM1NGIwHhcNMjMwNTE1MDgwMzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjY2NDYwODFlMWY4NDNhNjJkYTY0NDQ4YmQ2YjcwNjkzMjI2NGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTjZwrZdNaiJRHA4dsgg1d6bHaMw
/Dx1PqtXI5qTWVojoaLKzdw2HflBhm0HwXIH/oI1yCQXtFy7xuicbpIqeg9MGvRi
xNPcamxXWfWcQIljtbdsf7v0nQcw/UOjHGAmi2M/BNEGl22lvSFAS1mNVy0zO1Kb
Xv603zM/qFCnGoV2AQtWJAuBjAXOJUkwP6I2BSmjOMMYOCiLK0R6Spww3CsvHs2A
umAN+DsWKs9JPsMSrauyo/xRQ66L11UjwVRYztAvOAcVr/VY3ieR8wANEOP4PXWC
xYbolmaEDx3tZZXGfEBk3128pt9wMQP3eP4/BQFuld9+kH4p0WJBrTH2KwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPZmRggeH4Q6YtpkRIvWtwaTImSqMB8GA1UdIwQY
MBaAFM3IQIK+luYJ2d6YCPvDeGb+tMVLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemNoQWdyNlc1Z25aM3BnSS04TjRadjYweFVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iN2JmOTQtMzc3Yi00NDAwLThiOWMt
Y2JmMTY0ZThiZTAxLzEvOW1aR0NCNGZoRHBpMm1SRWk5YTNCcE1pWktvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iN2JmOTQtMzc3Yi00NDAwLThiOWMtY2JmMTY0ZThiZTAx
LzEvemNoQWdyNlc1Z25aM3BnSS04TjRadjYweFVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJet4AwQA
Jet7MA0GCSqGSIb3DQEBCwUAA4IBAQB38K5xQtsFuVnPt8vulDqtIs7a++mTgrll
eXE9L3H4c0/emqoB1aM9hM8EKEXpClkz+nEMiw9tsBFvlOmaM0h19qq4ge5OJD+V
wZrBKAl/Oq/a0zfOvO+M559eflXHDTlDhQIy/3CnGlkAiTpSan1A8lwoGuXLIE7h
7bOFwW1cTfQRs8eBdsAZBp7kbM3LCLv9alDRWwPXuXnffefH+M+MGpXgF8cBtJat
QUjCqpSQ5/3P9z4KZdVYasq3gzruZOWmUaTvqhUMCF4XPrFudntz2KL1sfE4TZcw
5AOPjEDsIOI/LyaVBqEgKb5y9AU1fFBZbPA4F9Vh+I+127ZdVnL6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:07 2024 by rpki-client on console-ams.rpki-client.org