Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/wTQ1cB6Wfj6exSWbh_ppFPkrmZM.roa
File: wTQ1cB6Wfj6exSWbh_ppFPkrmZM.roa (raw, json)
Hash identifier: FAIk+qc2WzHBfN2WqvHGYzMvY/XAwPPIh9XGb0IkreI=
Subject key identifier: C1:34:35:70:1E:96:7E:3E:9E:C5:25:9B:87:FA:69:14:F9:2B:99:93
Certificate issuer: /CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Certificate serial: 018DC02A149AE50CA09B10F783288C905B66
Authority key identifier: 02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/wTQ1cB6Wfj6exSWbh_ppFPkrmZM.roa
Signing time: Mon 19 Feb 2024 06:59:59 +0000
ROA not before: Mon 19 Feb 2024 06:59:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29676
IP address blocks: 109.224.192.0/20 maxlen: 20
109.224.208.0/21 maxlen: 21
109.224.216.0/22 maxlen: 22
109.224.220.0/23 maxlen: 23
109.224.222.0/24 maxlen: 24
109.224.224.0/23 maxlen: 23
109.224.228.0/22 maxlen: 22
109.224.233.0/24 maxlen: 24
109.224.236.0/22 maxlen: 22
109.224.244.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:c0:2a:14:9a:e5:0c:a0:9b:10:f7:83:28:8c:90:5b:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Validity
Not Before: Feb 19 06:59:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c13435701e967e3e9ec5259b87fa6914f92b9993
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:4d:b8:05:2f:fe:8c:38:93:cc:5d:1b:6b:43:
28:3f:b4:d7:a7:5c:d5:3c:c9:cd:0a:cf:f2:2b:92:
60:1b:53:08:0e:e0:9f:05:57:6b:14:53:0f:32:27:
eb:6b:ea:97:5d:1d:1d:47:e5:22:79:bb:03:a2:53:
70:6e:42:fe:60:4d:33:20:84:cf:9e:03:52:7a:17:
fb:08:a5:53:57:90:c5:e4:69:51:9e:1f:25:2d:82:
16:43:af:d7:5b:2c:e6:51:8c:16:73:4e:03:17:46:
29:cf:63:b8:ec:65:1c:64:0c:ba:23:33:71:12:4e:
a7:9d:ac:45:27:c5:a4:4d:91:9b:dd:9b:0e:25:40:
a5:67:10:b6:d6:d9:67:32:3d:8c:bb:aa:ed:ca:f2:
ff:97:5b:ba:18:e7:fe:d3:c4:37:cb:3c:21:09:67:
7f:84:87:93:41:0c:20:9b:5a:1c:81:02:fa:2c:32:
5e:4a:92:ec:ea:dd:3b:83:93:77:97:ad:a4:43:ab:
98:57:f5:61:30:b5:08:a1:99:ad:58:5e:48:a5:ba:
4f:b1:81:53:63:ba:33:11:17:2c:04:82:f4:80:a3:
53:af:c7:dc:49:dc:ff:05:8a:55:d9:f9:ef:db:59:
66:9c:14:b2:87:8a:2b:57:b9:af:9d:6c:51:2f:07:
12:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:34:35:70:1E:96:7E:3E:9E:C5:25:9B:87:FA:69:14:F9:2B:99:93
X509v3 Authority Key Identifier:
keyid:02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/wTQ1cB6Wfj6exSWbh_ppFPkrmZM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/ArmAwQ1xEPkf_54OzrY52edbNeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.192.0-109.224.222.255
109.224.224.0/23
109.224.228.0/22
109.224.233.0/24
109.224.236.0/22
109.224.244.0/22
Signature Algorithm: sha256WithRSAEncryption
cd:ba:f4:90:b2:85:bd:a5:fb:35:35:d0:b2:77:94:26:6f:32:
b7:59:92:45:05:c6:9f:45:3d:3e:ad:3a:e5:2a:ef:08:32:a7:
1a:95:7e:60:88:f8:43:17:a5:31:f8:0d:cc:7f:bc:ad:fa:3f:
6e:d9:23:fa:1d:72:7c:7c:f3:19:4f:a3:0b:3e:d8:c5:d2:0e:
47:98:49:9f:f1:66:81:8d:b3:11:12:ae:9d:af:8f:53:93:35:
00:33:f4:26:70:78:de:eb:eb:79:c5:0b:a4:c0:51:a9:51:33:
3a:16:ea:34:ff:4a:22:86:64:b1:65:2b:7f:2e:e9:c0:1b:a2:
cc:22:93:16:71:e5:b6:ce:21:02:0a:05:d8:d7:10:59:91:8b:
c0:c5:0a:4d:cf:2f:b7:11:6f:07:d8:bf:79:b1:90:e0:f2:d3:
79:a9:b6:82:31:e9:0f:e9:6f:20:ff:a2:1b:fb:46:63:f0:99:
10:28:c1:3c:cb:54:54:0d:5e:81:fe:d0:7c:5c:4f:c4:e0:36:
18:40:4a:ff:31:0e:41:8e:8b:4d:2d:08:b0:5a:a9:66:17:bc:
a6:c7:21:1a:60:04:af:26:be:4c:c5:db:15:4c:62:98:97:22:
46:8a:9b:ce:33:85:71:3f:e4:d3:e0:42:fc:93:48:43:fb:5c:
fb:07:a3:46
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY3AKhSa5QygmxD3gyiMkFtmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjk4MGMxMGQ3MTEwZjkxZmZmOWUwZWNlYjYzOWQ5ZTc1
YjM1ZTIwHhcNMjQwMjE5MDY1OTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTM0MzU3MDFlOTY3ZTNlOWVjNTI1OWI4N2ZhNjkxNGY5MmI5OTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk24BS/+jDiTzF0ba0MoP7TXp1zV
PMnNCs/yK5JgG1MIDuCfBVdrFFMPMifra+qXXR0dR+UiebsDolNwbkL+YE0zIITP
ngNSehf7CKVTV5DF5GlRnh8lLYIWQ6/XWyzmUYwWc04DF0Ypz2O47GUcZAy6IzNx
Ek6nnaxFJ8WkTZGb3ZsOJUClZxC21tlnMj2Mu6rtyvL/l1u6GOf+08Q3yzwhCWd/
hIeTQQwgm1ocgQL6LDJeSpLs6t07g5N3l62kQ6uYV/VhMLUIoZmtWF5IpbpPsYFT
Y7ozERcsBIL0gKNTr8fcSdz/BYpV2fnv21lmnBSyh4orV7mvnWxRLwcSDQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFME0NXAeln4+nsUlm4f6aRT5K5mTMB8GA1UdIwQY
MBaAFAK5gMENcRD5H/+eDs62OdnnWzXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUt
NzBjMGE1MDZkNzk3LzEvd1RRMWNCNldmajZleFNXYmhfcHBGUGtybVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUtNzBjMGE1MDZkNzk3
LzEvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBAZt4MAD
BABt4N4DBAFt4OADBAJt4OQDBABt4OkDBAJt4OwDBAJt4PQwDQYJKoZIhvcNAQEL
BQADggEBAM269JCyhb2l+zU10LJ3lCZvMrdZkkUFxp9FPT6tOuUq7wgypxqVfmCI
+EMXpTH4Dcx/vK36P27ZI/odcnx88xlPows+2MXSDkeYSZ/xZoGNsxESrp2vj1OT
NQAz9CZweN7r63nFC6TAUalRMzoW6jT/SiKGZLFlK38u6cAboswikxZx5bbOIQIK
BdjXEFmRi8DFCk3PL7cRbwfYv3mxkODy03mptoIx6Q/pbyD/ohv7RmPwmRAowTzL
VFQNXoH+0HxcT8TgNhhASv8xDkGOi00tCLBaqWYXvKbHIRpgBK8mvkzF2xVMYpiX
IkaKm84zhXE/5NPgQvyTSEP7XPsHo0Y=
-----END CERTIFICATE-----
Generated at Wed Feb 21 13:27:35 2024 by rpki-client on console-ams.rpki-client.org