Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/uiF2F6OSTpep_hO3T50DCd2qOhM.roa
File: uiF2F6OSTpep_hO3T50DCd2qOhM.roa (raw, json)
Hash identifier: xkJZQPM6BsANgqjtN0sD0A5I5L3QGB3PsKU8bW0b12U=
Subject key identifier: BA:21:76:17:A3:92:4E:97:A9:FE:13:B7:4F:9D:03:09:DD:AA:3A:13
Certificate issuer: /CN=cdc84082be96e609d9de9808fbc37866feb4c54b
Certificate serial: 018920D13B3BA95914252028C72F361CA50E
Authority key identifier: CD:C8:40:82:BE:96:E6:09:D9:DE:98:08:FB:C3:78:66:FE:B4:C5:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zchAgr6W5gnZ3pgI-8N4Zv60xUs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/uiF2F6OSTpep_hO3T50DCd2qOhM.roa
Signing time: Tue 04 Jul 2023 12:12:10 +0000
ROA not before: Tue 04 Jul 2023 12:12:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 37.235.121.0/24 maxlen: 24
37.235.122.0/24 maxlen: 24
37.235.123.0/24 maxlen: 24
37.235.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:20:d1:3b:3b:a9:59:14:25:20:28:c7:2f:36:1c:a5:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdc84082be96e609d9de9808fbc37866feb4c54b
Validity
Not Before: Jul 4 12:12:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ba217617a3924e97a9fe13b74f9d0309ddaa3a13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:7d:86:80:bb:36:b7:94:12:51:01:88:5a:51:
6a:10:b9:dd:b5:43:8a:65:2c:81:02:41:8e:ae:80:
04:d5:7a:98:45:a0:67:19:62:47:ae:78:a4:40:67:
9e:01:19:c0:41:6d:ad:28:31:6f:78:ad:43:f8:86:
9f:9d:ac:74:6e:27:d0:4a:e7:63:81:05:7a:b4:29:
9e:81:9c:6b:d2:89:93:f7:eb:bb:f8:d9:31:63:7f:
d5:35:ab:f3:2e:7b:30:b1:ed:94:36:c0:c2:93:78:
93:92:9b:2a:04:67:b8:ca:6f:97:ba:20:17:a9:f9:
5c:6b:68:34:b1:c0:11:b0:3b:8b:50:18:cc:cd:7d:
2e:38:3e:27:ed:31:96:c6:63:2b:42:9f:e7:57:cf:
28:4b:71:1c:92:e6:49:88:af:72:fe:56:3e:d5:4f:
35:45:3d:52:b1:59:ab:70:1b:63:0f:74:c9:87:b3:
85:96:99:f5:be:16:16:97:d2:43:66:f8:5c:5b:8b:
df:69:33:96:50:94:fc:e5:8f:0e:b8:99:70:b7:b1:
97:b7:a9:28:39:65:38:63:e2:e2:ca:f9:0c:63:f1:
f6:a3:ac:27:19:69:b8:14:8f:d1:bf:42:07:a7:ad:
24:22:27:b6:e4:b9:dd:a9:4a:fa:6f:9b:92:47:b9:
d3:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:21:76:17:A3:92:4E:97:A9:FE:13:B7:4F:9D:03:09:DD:AA:3A:13
X509v3 Authority Key Identifier:
keyid:CD:C8:40:82:BE:96:E6:09:D9:DE:98:08:FB:C3:78:66:FE:B4:C5:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zchAgr6W5gnZ3pgI-8N4Zv60xUs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/uiF2F6OSTpep_hO3T50DCd2qOhM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b7bf94-377b-4400-8b9c-cbf164e8be01/1/zchAgr6W5gnZ3pgI-8N4Zv60xUs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.120.0/22
Signature Algorithm: sha256WithRSAEncryption
af:61:e1:24:3b:9f:66:6b:66:5c:79:bc:ad:99:49:f6:d9:34:
02:62:7b:e0:32:84:48:47:50:9d:25:5f:96:cc:b5:74:94:f2:
49:d6:a1:22:20:e5:18:e6:53:42:dc:f4:77:8b:c9:76:8e:62:
45:6e:31:cb:ae:54:00:5b:ac:2b:45:b2:28:3b:b2:02:6a:3b:
32:a8:24:0b:04:2d:c4:a9:fc:00:9a:40:14:ba:dd:25:d3:ef:
2d:7d:b9:5d:e5:7e:88:5b:2d:ff:04:0b:1a:96:54:55:6f:76:
2e:a2:7b:2b:ad:bc:c7:4f:9e:db:0e:0d:8d:57:af:90:d6:70:
7c:bb:65:ff:a7:ff:86:83:92:81:99:10:5e:f4:c8:e0:65:5f:
4b:47:e1:89:49:32:7f:11:95:a9:0c:93:bf:fd:34:50:ce:19:
33:12:a5:0d:1b:f8:a9:f3:bf:56:56:7a:ae:6b:ec:77:c3:18:
de:18:90:fa:11:f8:c4:76:77:36:0a:ec:28:78:de:77:08:a8:
11:5b:20:b2:3c:18:73:f2:dd:ae:41:8e:c9:35:6a:e7:ea:e8:
ad:8d:11:26:1b:f8:60:97:99:a4:f5:88:df:72:89:8c:a3:90:
64:8a:c9:cf:a4:e9:ea:ce:78:38:93:e9:75:29:77:39:4e:08:
27:70:0e:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYkg0Ts7qVkUJSAoxy82HKUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYzg0MDgyYmU5NmU2MDlkOWRlOTgwOGZiYzM3ODY2ZmVi
NGM1NGIwHhcNMjMwNzA0MTIxMjEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTIxNzYxN2EzOTI0ZTk3YTlmZTEzYjc0ZjlkMDMwOWRkYWEzYTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA532GgLs2t5QSUQGIWlFqELndtUOK
ZSyBAkGOroAE1XqYRaBnGWJHrnikQGeeARnAQW2tKDFveK1D+Iafnax0bifQSudj
gQV6tCmegZxr0omT9+u7+NkxY3/VNavzLnswse2UNsDCk3iTkpsqBGe4ym+XuiAX
qflca2g0scARsDuLUBjMzX0uOD4n7TGWxmMrQp/nV88oS3EckuZJiK9y/lY+1U81
RT1SsVmrcBtjD3TJh7OFlpn1vhYWl9JDZvhcW4vfaTOWUJT85Y8OuJlwt7GXt6ko
OWU4Y+LiyvkMY/H2o6wnGWm4FI/Rv0IHp60kIie25LndqUr6b5uSR7nTcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLohdhejkk6Xqf4Tt0+dAwndqjoTMB8GA1UdIwQY
MBaAFM3IQIK+luYJ2d6YCPvDeGb+tMVLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemNoQWdyNlc1Z25aM3BnSS04TjRadjYweFVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iN2JmOTQtMzc3Yi00NDAwLThiOWMt
Y2JmMTY0ZThiZTAxLzEvdWlGMkY2T1NUcGVwX2hPM1Q1MERDZDJxT2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iN2JmOTQtMzc3Yi00NDAwLThiOWMtY2JmMTY0ZThiZTAx
LzEvemNoQWdyNlc1Z25aM3BnSS04TjRadjYweFVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJet4MA0G
CSqGSIb3DQEBCwUAA4IBAQCvYeEkO59ma2ZcebytmUn22TQCYnvgMoRIR1CdJV+W
zLV0lPJJ1qEiIOUY5lNC3PR3i8l2jmJFbjHLrlQAW6wrRbIoO7ICajsyqCQLBC3E
qfwAmkAUut0l0+8tfbld5X6IWy3/BAsallRVb3YuonsrrbzHT57bDg2NV6+Q1nB8
u2X/p/+Gg5KBmRBe9MjgZV9LR+GJSTJ/EZWpDJO//TRQzhkzEqUNG/ip879WVnqu
a+x3wxjeGJD6EfjEdnc2CuwoeN53CKgRWyCyPBhz8t2uQY7JNWrn6uitjREmG/hg
l5mk9YjfcomMo5BkisnPpOnqzng4k+l1KXc5TggncA5a
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:32:31 2025 by rpki-client