Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/mFgPCJ8v41MzlrgcExes7l98eQQ.roa
File: mFgPCJ8v41MzlrgcExes7l98eQQ.roa (raw, json)
Hash identifier: jgR5s+vXuqO1RlipV1XgJuwnDOk2W2jvb0tRTG0tTAs=
Subject key identifier: 98:58:0F:08:9F:2F:E3:53:33:96:B8:1C:13:17:AC:EE:5F:7C:79:04
Certificate issuer: /CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Certificate serial: 018B8A265E1A708C7B48EAA48AC6D7CB4DD3
Authority key identifier: 02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/mFgPCJ8v41MzlrgcExes7l98eQQ.roa
Signing time: Wed 01 Nov 2023 09:10:51 +0000
ROA not before: Wed 01 Nov 2023 09:10:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29676
IP address blocks: 109.224.192.0/20 maxlen: 20
109.224.208.0/21 maxlen: 21
109.224.216.0/22 maxlen: 22
109.224.222.0/24 maxlen: 24
109.224.220.0/23 maxlen: 23
109.224.224.0/23 maxlen: 23
109.224.228.0/22 maxlen: 22
109.224.233.0/24 maxlen: 24
109.224.236.0/22 maxlen: 22
109.224.244.0/22 maxlen: 22
109.224.248.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:8a:26:5e:1a:70:8c:7b:48:ea:a4:8a:c6:d7:cb:4d:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Validity
Not Before: Nov 1 09:10:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=98580f089f2fe3533396b81c1317acee5f7c7904
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ee:76:54:65:a5:6a:35:9e:84:4b:01:2a:48:
08:f0:10:62:32:5a:54:54:f0:71:9e:9a:e1:2b:9f:
c2:ac:62:d9:b3:cb:df:c3:fc:b4:71:32:e7:96:8c:
71:e1:e4:39:e6:0d:50:3d:28:da:41:06:15:f4:45:
56:d6:81:df:a0:52:cb:ec:68:6a:ad:6f:b6:51:5b:
58:80:45:a8:93:7e:df:d7:29:1a:94:34:8c:b9:93:
f3:ff:bd:fb:40:42:76:95:20:03:ab:52:39:16:8a:
aa:4a:5b:23:72:54:6a:fc:0d:6f:41:57:44:6a:63:
ec:73:d2:b1:ed:ef:69:90:cb:a5:69:4c:ec:9a:df:
29:82:f4:58:71:26:84:e2:13:15:71:7f:69:1c:2e:
ce:84:0b:7f:af:9b:5b:5a:d6:16:14:e3:f6:29:96:
d7:7e:36:a1:03:24:4e:0d:cc:9d:78:25:1c:e6:3d:
d9:bc:7c:b7:8f:f8:a3:8c:23:e4:ef:8d:d0:e2:f2:
49:a9:9b:31:19:6d:4c:ec:17:70:eb:61:3e:01:fc:
4b:ec:f2:d6:79:91:ff:5e:30:47:da:f2:b8:e4:b0:
f3:9b:d1:db:e5:e5:88:3e:fc:06:ee:2a:a3:21:56:
b7:65:f8:cf:ca:ea:27:64:df:6d:76:e3:01:33:6e:
0d:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:58:0F:08:9F:2F:E3:53:33:96:B8:1C:13:17:AC:EE:5F:7C:79:04
X509v3 Authority Key Identifier:
keyid:02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/mFgPCJ8v41MzlrgcExes7l98eQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/ArmAwQ1xEPkf_54OzrY52edbNeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.192.0-109.224.222.255
109.224.224.0/23
109.224.228.0/22
109.224.233.0/24
109.224.236.0/22
109.224.244.0-109.224.255.255
Signature Algorithm: sha256WithRSAEncryption
d3:92:25:0f:cd:57:ac:6e:1e:87:f6:32:83:89:94:a0:e9:ca:
20:12:b7:9d:a3:72:96:21:ae:db:29:b9:b9:64:60:90:71:33:
f1:da:69:1a:e7:32:9b:d5:96:4d:7b:8e:c1:28:d2:40:cd:9a:
87:e4:1b:1e:aa:bb:88:a8:c0:99:c1:90:93:4b:c8:62:36:cd:
37:96:80:f6:72:f2:2c:96:37:f9:dc:19:ee:81:43:6a:52:85:
8a:d9:d1:6c:1f:02:69:2e:84:41:25:d6:57:9f:f7:11:c9:af:
4e:e0:12:c8:2f:b2:63:d1:d7:fa:2b:4b:ed:9b:4d:28:c2:e1:
50:70:17:60:5b:cb:b1:4e:ac:72:21:ce:39:2e:b7:c7:e2:4d:
51:e3:12:f3:b1:e2:6d:ac:cd:78:d1:f5:f7:75:36:ea:23:c5:
6f:25:10:30:a5:0d:81:da:01:a8:47:52:74:e3:21:b5:a3:9c:
90:4b:6d:1c:86:08:7a:65:90:45:ee:c5:21:24:80:01:a0:5f:
70:2b:7c:8a:4c:f7:3d:f3:37:55:25:9a:3e:cf:8b:43:64:27:
ad:ee:a8:d9:9b:15:1f:f1:dc:0b:54:1d:1e:90:2d:2e:6c:38:
c9:55:82:4a:63:6b:9e:d9:a8:32:56:f4:ad:a6:7b:8c:3f:64:
51:ee:ca:33
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYuKJl4acIx7SOqkisbXy03TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjk4MGMxMGQ3MTEwZjkxZmZmOWUwZWNlYjYzOWQ5ZTc1
YjM1ZTIwHhcNMjMxMTAxMDkxMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODU4MGYwODlmMmZlMzUzMzM5NmI4MWMxMzE3YWNlZTVmN2M3OTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO52VGWlajWehEsBKkgI8BBiMlpU
VPBxnprhK5/CrGLZs8vfw/y0cTLnloxx4eQ55g1QPSjaQQYV9EVW1oHfoFLL7Ghq
rW+2UVtYgEWok37f1ykalDSMuZPz/737QEJ2lSADq1I5FoqqSlsjclRq/A1vQVdE
amPsc9Kx7e9pkMulaUzsmt8pgvRYcSaE4hMVcX9pHC7OhAt/r5tbWtYWFOP2KZbX
fjahAyRODcydeCUc5j3ZvHy3j/ijjCPk743Q4vJJqZsxGW1M7Bdw62E+AfxL7PLW
eZH/XjBH2vK45LDzm9Hb5eWIPvwG7iqjIVa3ZfjPyuonZN9tduMBM24NXQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJhYDwifL+NTM5a4HBMXrO5ffHkEMB8GA1UdIwQY
MBaAFAK5gMENcRD5H/+eDs62OdnnWzXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUt
NzBjMGE1MDZkNzk3LzEvbUZnUENKOHY0MU16bHJnY0V4ZXM3bDk4ZVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUtNzBjMGE1MDZkNzk3
LzEvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzA5BAIAATAzMAwDBAZt4MAD
BABt4N4DBAFt4OADBAJt4OQDBABt4OkDBAJt4OwwCwMEAm3g9AMDAG3gMA0GCSqG
SIb3DQEBCwUAA4IBAQDTkiUPzVesbh6H9jKDiZSg6cogEredo3KWIa7bKbm5ZGCQ
cTPx2mka5zKb1ZZNe47BKNJAzZqH5BseqruIqMCZwZCTS8hiNs03loD2cvIsljf5
3BnugUNqUoWK2dFsHwJpLoRBJdZXn/cRya9O4BLIL7Jj0df6K0vtm00owuFQcBdg
W8uxTqxyIc45LrfH4k1R4xLzseJtrM140fX3dTbqI8VvJRAwpQ2B2gGoR1J04yG1
o5yQS20chgh6ZZBF7sUhJIABoF9wK3yKTPc98zdVJZo+z4tDZCet7qjZmxUf8dwL
VB0ekC0ubDjJVYJKY2ue2agyVvStpnuMP2RR7soz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:32 2024 by rpki-client on console-fra.rpki-client.org