Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/JJII2Bx4OdAmd5_rF-gKkjfrvOM.roa
File: JJII2Bx4OdAmd5_rF-gKkjfrvOM.roa (raw, json)
Hash identifier: NefzT8bvxB0lyx/aCOHFFfwOLvv71l9Ofx7l7q/68Gk=
Subject key identifier: 24:92:08:D8:1C:78:39:D0:26:77:9F:EB:17:E8:0A:92:37:EB:BC:E3
Certificate issuer: /CN=4777da157768423fcba9217392ec7f483b3b9442
Certificate serial: 0185729EDD50BB7BDCDFAA4D9841ED6FA3E6
Authority key identifier: 47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/JJII2Bx4OdAmd5_rF-gKkjfrvOM.roa
Signing time: Mon 02 Jan 2023 13:14:52 +0000
ROA not before: Mon 02 Jan 2023 13:14:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60274
IP address blocks: 185.123.176.0/22 maxlen: 22
109.69.168.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:9e:dd:50:bb:7b:dc:df:aa:4d:98:41:ed:6f:a3:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4777da157768423fcba9217392ec7f483b3b9442
Validity
Not Before: Jan 2 13:14:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=249208d81c7839d026779feb17e80a9237ebbce3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:3d:d9:d7:ec:4c:34:29:9a:29:17:10:3f:ce:
a1:d1:f9:b1:e9:3b:29:9c:4f:fd:8e:9f:a1:fd:87:
05:eb:cf:30:da:fd:db:5d:11:10:3f:62:d9:33:a6:
25:04:cf:8a:44:0b:dd:f1:ea:25:e7:f2:57:c5:4d:
de:d5:1f:06:5d:47:3f:4b:6e:f0:98:77:fc:a0:ac:
6d:cf:2c:50:4d:df:74:00:0c:d3:5c:10:ce:bd:7d:
32:ee:3a:28:79:89:83:1e:48:75:63:8e:bc:81:d8:
38:bf:32:b5:0f:4f:9f:ad:9c:98:87:2d:ea:e7:ad:
6e:c2:6b:12:90:be:41:68:4f:08:00:39:4e:41:03:
40:33:2c:10:18:ed:fb:80:f3:e1:13:59:eb:79:dd:
bb:e1:86:a6:79:b9:a1:73:d4:5b:12:37:b3:64:b4:
71:15:bd:c0:4d:23:b9:89:dd:ed:c1:91:62:84:36:
ee:ed:ed:64:0d:3f:87:f4:ab:7e:f3:64:ca:22:5b:
f1:04:45:7a:8d:d7:41:71:6d:7f:af:99:2e:4f:18:
e5:9a:13:fd:40:91:bd:84:9c:80:7b:8d:70:a0:e4:
d7:13:3d:6c:42:c7:b7:45:d8:8d:5b:98:bf:64:77:
7a:42:32:89:1f:9e:e1:b8:57:15:02:83:23:d5:e9:
94:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:92:08:D8:1C:78:39:D0:26:77:9F:EB:17:E8:0A:92:37:EB:BC:E3
X509v3 Authority Key Identifier:
keyid:47:77:DA:15:77:68:42:3F:CB:A9:21:73:92:EC:7F:48:3B:3B:94:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3faFXdoQj_LqSFzkux_SDs7lEI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/JJII2Bx4OdAmd5_rF-gKkjfrvOM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/b21a38-db62-4438-ba9c-f57f86df4f16/1/R3faFXdoQj_LqSFzkux_SDs7lEI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.69.168.0/21
185.123.176.0/22
Signature Algorithm: sha256WithRSAEncryption
8a:71:97:82:6b:ef:57:6a:2d:60:a1:84:1b:06:a7:7a:84:a8:
28:93:c1:ba:6a:02:24:eb:ea:8a:d9:cc:dd:44:a3:02:ec:1a:
6b:ac:f0:5e:0f:4e:0e:70:a5:10:00:c0:65:75:5f:89:68:69:
a0:0a:f2:8b:3f:46:7a:56:4f:d4:62:d2:b0:6e:93:cf:c4:1c:
db:99:16:4d:e9:83:c8:76:de:ea:d3:79:0b:03:7c:10:30:57:
ec:7f:d2:3d:eb:c4:a4:f7:26:d2:66:a2:49:1a:4f:db:fc:8e:
ce:f0:ff:19:70:86:05:8f:46:da:0a:eb:1c:de:56:e9:a8:b7:
ae:7a:45:3a:f5:1d:b4:58:ff:48:23:da:23:3d:b2:af:bc:77:
57:e5:8a:07:a5:18:57:94:bc:3f:93:87:00:16:3f:ba:a0:7e:
3b:d4:72:75:59:df:0c:44:c1:c2:d6:0e:41:d0:62:e6:ab:e1:
e5:3c:20:2b:3e:3c:fe:ea:22:3d:1d:3e:9e:3f:1e:92:ac:7e:
06:94:39:0e:93:d1:62:05:73:44:58:fb:b7:e1:b6:aa:90:ef:
30:f7:53:2e:91:2e:88:bb:ae:53:06:e1:e0:a1:93:c6:ce:57:
71:15:5c:13:c1:82:c6:28:b1:10:2f:71:09:e4:54:f4:60:06:
f3:25:a6:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVynt1Qu3vc36pNmEHtb6PmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzdkYTE1Nzc2ODQyM2ZjYmE5MjE3MzkyZWM3ZjQ4M2Iz
Yjk0NDIwHhcNMjMwMTAyMTMxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDkyMDhkODFjNzgzOWQwMjY3NzlmZWIxN2U4MGE5MjM3ZWJiY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz3Z1+xMNCmaKRcQP86h0fmx6Tsp
nE/9jp+h/YcF688w2v3bXREQP2LZM6YlBM+KRAvd8eol5/JXxU3e1R8GXUc/S27w
mHf8oKxtzyxQTd90AAzTXBDOvX0y7jooeYmDHkh1Y468gdg4vzK1D0+frZyYhy3q
561uwmsSkL5BaE8IADlOQQNAMywQGO37gPPhE1nred274Yamebmhc9RbEjezZLRx
Fb3ATSO5id3twZFihDbu7e1kDT+H9Kt+82TKIlvxBEV6jddBcW1/r5kuTxjlmhP9
QJG9hJyAe41woOTXEz1sQse3RdiNW5i/ZHd6QjKJH57huFcVAoMj1emUUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCSSCNgceDnQJnef6xfoCpI367zjMB8GA1UdIwQY
MBaAFEd32hV3aEI/y6khc5Lsf0g7O5RCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMt
ZjU3Zjg2ZGY0ZjE2LzEvSkpJSTJCeDRPZEFtZDVfckYtZ0tramZydk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9iMjFhMzgtZGI2Mi00NDM4LWJhOWMtZjU3Zjg2ZGY0ZjE2
LzEvUjNmYUZYZG9Ral9McVNGemt1eF9TRHM3bEVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbUWoAwQC
uXuwMA0GCSqGSIb3DQEBCwUAA4IBAQCKcZeCa+9Xai1goYQbBqd6hKgok8G6agIk
6+qK2czdRKMC7BprrPBeD04OcKUQAMBldV+JaGmgCvKLP0Z6Vk/UYtKwbpPPxBzb
mRZN6YPIdt7q03kLA3wQMFfsf9I968Sk9ybSZqJJGk/b/I7O8P8ZcIYFj0baCusc
3lbpqLeuekU69R20WP9II9ojPbKvvHdX5YoHpRhXlLw/k4cAFj+6oH471HJ1Wd8M
RMHC1g5B0GLmq+HlPCArPjz+6iI9HT6ePx6SrH4GlDkOk9FiBXNEWPu34baqkO8w
91MukS6Iu65TBuHgoZPGzldxFVwTwYLGKLEQL3EJ5FT0YAbzJaa9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:32 2024 by rpki-client on console-ams.rpki-client.org