Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/29QxU41jOiBPuA3k0Hc3Pgrslf8.roa
File: 29QxU41jOiBPuA3k0Hc3Pgrslf8.roa (raw, json)
Hash identifier: qI7U+kGIf9h7UZVSxTa4t0YdEnYCP3F3q11kcllPN/I=
Subject key identifier: DB:D4:31:53:8D:63:3A:20:4F:B8:0D:E4:D0:77:37:3E:0A:EC:95:FF
Certificate issuer: /CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Certificate serial: 018CC8DF814ECFC0B366D5F1DC8D2ED2729B
Authority key identifier: 02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/29QxU41jOiBPuA3k0Hc3Pgrslf8.roa
Signing time: Tue 02 Jan 2024 06:32:19 +0000
ROA not before: Tue 02 Jan 2024 06:32:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29676
IP address blocks: 109.224.192.0/20 maxlen: 20
109.224.208.0/21 maxlen: 21
109.224.216.0/22 maxlen: 22
109.224.222.0/24 maxlen: 24
109.224.220.0/23 maxlen: 23
109.224.224.0/23 maxlen: 23
109.224.228.0/22 maxlen: 22
109.224.233.0/24 maxlen: 24
109.224.236.0/22 maxlen: 22
109.224.244.0/22 maxlen: 22
109.224.248.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:81:4e:cf:c0:b3:66:d5:f1:dc:8d:2e:d2:72:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Validity
Not Before: Jan 2 06:32:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dbd431538d633a204fb80de4d077373e0aec95ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:64:76:fc:ef:10:0c:21:50:9c:97:95:ba:44:
d3:f0:3d:1a:fb:28:76:66:fd:1f:d7:1c:de:23:18:
d5:e5:c6:ed:ff:5f:5c:ba:62:e8:de:3d:28:71:87:
35:27:e7:90:77:5f:c3:a0:be:4e:4f:db:4b:f4:4d:
a0:32:a3:12:30:d7:fd:a6:69:60:0f:31:f9:d5:e6:
d1:84:5c:a9:b1:8c:5e:33:f7:88:0c:f1:b1:7e:b4:
83:58:36:07:01:ce:1b:38:12:1d:99:f8:66:a2:0c:
e6:74:a3:f8:89:d5:44:e6:37:0f:63:64:d3:b3:94:
27:f3:84:7c:b6:cb:05:36:1e:35:5e:08:25:2f:3f:
42:50:83:41:26:99:18:ce:4e:e2:7c:4f:0f:48:b2:
86:3d:47:f1:37:17:fb:e0:52:5b:fd:01:33:90:f6:
06:db:99:5c:ad:a3:9b:1d:a2:1c:90:fc:c4:5e:e1:
8f:34:c5:65:b6:f3:b5:0e:65:1a:62:eb:97:ef:e0:
c3:0f:61:3f:d8:fd:0d:50:9c:2b:1e:98:40:df:75:
a0:8a:a5:e0:6c:bb:1b:d2:c7:d2:3b:8f:44:19:37:
f6:98:34:b7:09:77:c9:e8:48:5f:22:6d:cb:a7:65:
0d:42:4f:fe:53:03:d5:8f:19:63:09:b7:95:2f:09:
7e:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:D4:31:53:8D:63:3A:20:4F:B8:0D:E4:D0:77:37:3E:0A:EC:95:FF
X509v3 Authority Key Identifier:
keyid:02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/29QxU41jOiBPuA3k0Hc3Pgrslf8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/ArmAwQ1xEPkf_54OzrY52edbNeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.192.0-109.224.222.255
109.224.224.0/23
109.224.228.0/22
109.224.233.0/24
109.224.236.0/22
109.224.244.0-109.224.255.255
Signature Algorithm: sha256WithRSAEncryption
c4:f8:40:46:f3:40:be:74:02:90:b5:cf:4c:30:71:63:8c:47:
a6:4b:09:34:fe:5a:d1:75:e4:14:cc:9a:82:71:b9:e4:ba:f2:
8c:ef:b5:d0:5c:32:b8:5b:27:96:fd:4a:5f:f4:12:57:0e:ce:
c0:85:6e:80:aa:95:19:9d:39:fc:5b:45:f4:24:d1:52:e5:27:
0b:9d:5f:e2:6a:ba:78:64:ba:a6:a4:f0:56:31:f9:8e:57:f7:
43:8d:45:7d:e0:5e:15:36:cc:a8:d5:7a:69:68:11:10:ce:d2:
96:f4:9e:65:06:3d:b9:35:51:b8:e6:8a:ac:1f:a8:c8:40:05:
92:79:9a:48:35:77:a2:5b:3e:8e:47:8d:3f:cf:0c:76:6f:30:
8d:8a:46:51:0e:e5:87:7a:8b:0c:b4:4c:5a:43:02:aa:11:14:
90:51:db:17:3c:a1:5a:28:2e:4f:5f:12:67:c9:b6:2b:c7:2b:
f4:af:be:58:19:25:8e:fb:c7:13:5d:41:ed:7a:d5:41:8c:23:
bb:f5:89:7b:3a:66:65:c7:e4:15:21:bb:7e:a1:08:51:5a:a3:
82:96:52:c3:78:93:14:36:be:b1:1e:b6:46:ba:59:55:40:17:
f8:2d:1d:81:b3:6e:4d:c2:f5:96:b1:8b:e3:75:97:f9:85:06:
e2:18:8a:72
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzI34FOz8CzZtXx3I0u0nKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjk4MGMxMGQ3MTEwZjkxZmZmOWUwZWNlYjYzOWQ5ZTc1
YjM1ZTIwHhcNMjQwMTAyMDYzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQ0MzE1MzhkNjMzYTIwNGZiODBkZTRkMDc3MzczZTBhZWM5NWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGR2/O8QDCFQnJeVukTT8D0a+yh2
Zv0f1xzeIxjV5cbt/19cumLo3j0ocYc1J+eQd1/DoL5OT9tL9E2gMqMSMNf9pmlg
DzH51ebRhFypsYxeM/eIDPGxfrSDWDYHAc4bOBIdmfhmogzmdKP4idVE5jcPY2TT
s5Qn84R8tssFNh41XgglLz9CUINBJpkYzk7ifE8PSLKGPUfxNxf74FJb/QEzkPYG
25lcraObHaIckPzEXuGPNMVltvO1DmUaYuuX7+DDD2E/2P0NUJwrHphA33WgiqXg
bLsb0sfSO49EGTf2mDS3CXfJ6EhfIm3Lp2UNQk/+UwPVjxljCbeVLwl+fwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFNvUMVONYzogT7gN5NB3Nz4K7JX/MB8GA1UdIwQY
MBaAFAK5gMENcRD5H/+eDs62OdnnWzXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUt
NzBjMGE1MDZkNzk3LzEvMjlReFU0MWpPaUJQdUEzazBIYzNQZ3JzbGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUtNzBjMGE1MDZkNzk3
LzEvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzA5BAIAATAzMAwDBAZt4MAD
BABt4N4DBAFt4OADBAJt4OQDBABt4OkDBAJt4OwwCwMEAm3g9AMDAG3gMA0GCSqG
SIb3DQEBCwUAA4IBAQDE+EBG80C+dAKQtc9MMHFjjEemSwk0/lrRdeQUzJqCcbnk
uvKM77XQXDK4WyeW/Upf9BJXDs7AhW6AqpUZnTn8W0X0JNFS5ScLnV/iarp4ZLqm
pPBWMfmOV/dDjUV94F4VNsyo1XppaBEQztKW9J5lBj25NVG45oqsH6jIQAWSeZpI
NXeiWz6OR40/zwx2bzCNikZRDuWHeosMtExaQwKqERSQUdsXPKFaKC5PXxJnybYr
xyv0r75YGSWO+8cTXUHtetVBjCO79Yl7OmZlx+QVIbt+oQhRWqOCllLDeJMUNr6x
HrZGullVQBf4LR2Bs25NwvWWsYvjdZf5hQbiGIpy
-----END CERTIFICATE-----
Generated at Mon Feb 19 09:51:20 2024 by rpki-client on console-fra.rpki-client.org