Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/8y2xMmbJ64RWdk9xr_yH2AalZRM.roa
File: 8y2xMmbJ64RWdk9xr_yH2AalZRM.roa (raw, json)
Hash identifier: FQMn7fGe2Mxs5Igi0YGAWdVHCSPWUS3bC4RMtXD/y7c=
Subject key identifier: F3:2D:B1:32:66:C9:EB:84:56:76:4F:71:AF:FC:87:D8:06:A5:65:13
Certificate issuer: /CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Certificate serial: 0190CA577E1027B7BCF16C2E1BA5653DE5D4
Authority key identifier: 02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/8y2xMmbJ64RWdk9xr_yH2AalZRM.roa
Signing time: Fri 19 Jul 2024 09:34:09 +0000
ROA not before: Fri 19 Jul 2024 09:34:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29676
IP address blocks: 109.224.192.0/20 maxlen: 20
109.224.208.0/21 maxlen: 21
109.224.216.0/22 maxlen: 22
109.224.220.0/23 maxlen: 23
109.224.222.0/24 maxlen: 24
109.224.233.0/24 maxlen: 24
109.224.244.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:ca:57:7e:10:27:b7:bc:f1:6c:2e:1b:a5:65:3d:e5:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Validity
Not Before: Jul 19 09:34:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f32db13266c9eb8456764f71affc87d806a56513
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:ea:9f:38:8a:e1:de:bf:e6:c6:8f:e8:8d:0e:
b0:43:4a:79:d0:e4:05:a9:36:c0:3d:54:28:ca:28:
cb:ef:99:be:ca:08:d1:63:8f:ad:fc:d9:6e:6d:98:
a2:ae:ca:3e:cb:5d:74:0b:7c:05:f8:90:57:87:a6:
60:66:3b:f4:53:80:60:a6:d7:80:59:b9:e3:f0:71:
6b:0c:bf:37:66:4b:58:41:50:9e:cc:22:be:20:fb:
00:49:dc:6a:0b:31:db:3a:a6:bf:4e:9e:91:a0:22:
76:00:23:d5:7d:34:a3:91:a3:c4:06:d8:05:81:25:
52:97:90:c2:e3:bb:19:34:1d:1a:57:3d:c9:04:a3:
18:2b:56:7f:7f:4c:92:2b:2b:46:e2:6f:0a:83:e1:
c1:c7:37:7d:63:5e:0d:18:86:83:45:59:9d:16:8a:
35:94:ec:64:ce:f0:68:ff:67:23:e1:97:95:71:76:
56:41:1d:72:f2:47:de:1e:59:86:a4:2e:1c:c1:ca:
23:c9:d4:2c:04:19:39:1a:86:cd:a5:0a:6f:a9:90:
f9:cf:56:6f:93:53:f3:02:49:d1:96:fa:f3:84:83:
a1:c9:6a:52:06:58:f5:5b:e6:35:5f:cf:b5:c8:d0:
f0:88:df:1e:9b:a1:74:3d:ea:fc:3d:e0:fe:0a:64:
bb:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:2D:B1:32:66:C9:EB:84:56:76:4F:71:AF:FC:87:D8:06:A5:65:13
X509v3 Authority Key Identifier:
keyid:02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/8y2xMmbJ64RWdk9xr_yH2AalZRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/ArmAwQ1xEPkf_54OzrY52edbNeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.192.0-109.224.222.255
109.224.233.0/24
109.224.244.0/22
Signature Algorithm: sha256WithRSAEncryption
77:ae:ea:9a:f0:e0:06:29:fb:61:7a:07:83:df:13:05:e5:23:
f4:1c:e8:4e:6c:fe:39:50:f1:48:b0:14:2e:76:c0:33:2a:1b:
b9:a8:d4:c5:ee:8c:e9:36:d0:12:78:0a:03:6b:e9:d1:e5:b6:
4a:68:ce:29:74:1c:2b:66:7a:75:ce:61:50:b4:40:41:17:57:
8c:14:a4:a0:48:31:e6:f2:cb:23:ea:54:3c:79:c8:24:3f:0d:
cc:b4:1c:dc:82:46:e3:19:f6:8e:38:da:7a:0a:30:b5:5f:80:
04:b3:4e:17:3f:19:6a:7a:ed:d6:ef:0e:b2:4e:e8:57:56:6a:
cb:3e:30:05:7a:11:3e:7d:81:1b:85:e0:20:f8:d1:d5:5d:4e:
61:23:69:22:cb:22:b5:fd:62:0c:44:b1:af:ac:d9:75:b2:09:
00:97:d9:24:7c:33:aa:64:44:d7:92:48:25:f4:e0:f0:79:a8:
38:8d:6d:9a:76:77:4f:90:77:24:6d:0b:31:e7:ed:b6:5f:8b:
0b:46:d7:3b:6c:23:8d:81:ac:17:5e:a4:cc:1d:d7:96:de:55:
6c:a2:0f:eb:71:42:b4:1d:da:2f:9d:b4:cd:da:dd:8f:cb:69:
96:a2:0a:e2:79:9d:dc:0d:ea:2d:ca:51:97:81:c8:21:8e:80:
cc:dd:ee:be
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZDKV34QJ7e88WwuG6VlPeXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjk4MGMxMGQ3MTEwZjkxZmZmOWUwZWNlYjYzOWQ5ZTc1
YjM1ZTIwHhcNMjQwNzE5MDkzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzJkYjEzMjY2YzllYjg0NTY3NjRmNzFhZmZjODdkODA2YTU2NTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOqfOIrh3r/mxo/ojQ6wQ0p50OQF
qTbAPVQoyijL75m+ygjRY4+t/NlubZiirso+y110C3wF+JBXh6ZgZjv0U4BgpteA
Wbnj8HFrDL83ZktYQVCezCK+IPsASdxqCzHbOqa/Tp6RoCJ2ACPVfTSjkaPEBtgF
gSVSl5DC47sZNB0aVz3JBKMYK1Z/f0ySKytG4m8Kg+HBxzd9Y14NGIaDRVmdFoo1
lOxkzvBo/2cj4ZeVcXZWQR1y8kfeHlmGpC4cwcojydQsBBk5GobNpQpvqZD5z1Zv
k1PzAknRlvrzhIOhyWpSBlj1W+Y1X8+1yNDwiN8em6F0Per8PeD+CmS7swIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPMtsTJmyeuEVnZPca/8h9gGpWUTMB8GA1UdIwQY
MBaAFAK5gMENcRD5H/+eDs62OdnnWzXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUt
NzBjMGE1MDZkNzk3LzEvOHkyeE1tYko2NFJXZGs5eHJfeUgyQWFsWlJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUtNzBjMGE1MDZkNzk3
LzEvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAZt4MAD
BABt4N4DBABt4OkDBAJt4PQwDQYJKoZIhvcNAQELBQADggEBAHeu6prw4AYp+2F6
B4PfEwXlI/Qc6E5s/jlQ8UiwFC52wDMqG7mo1MXujOk20BJ4CgNr6dHltkpozil0
HCtmenXOYVC0QEEXV4wUpKBIMebyyyPqVDx5yCQ/Dcy0HNyCRuMZ9o442noKMLVf
gASzThc/GWp67dbvDrJO6FdWass+MAV6ET59gRuF4CD40dVdTmEjaSLLIrX9YgxE
sa+s2XWyCQCX2SR8M6pkRNeSSCX04PB5qDiNbZp2d0+QdyRtCzHn7bZfiwtG1zts
I42BrBdepMwd15beVWyiD+txQrQd2i+dtM3a3Y/LaZaiCuJ5ndwN6i3KUZeByCGO
gMzd7r4=
-----END CERTIFICATE-----
Generated at Wed Sep 18 15:59:08 2024 by rpki-client on console-fra.rpki-client.org