Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/CYt_ZB6glVa8lKK_J7tzOnBYXDE.roa
File: CYt_ZB6glVa8lKK_J7tzOnBYXDE.roa (raw, json)
Hash identifier: 9H9nunRayZWvJRXDjqbn4m6Ifq22hkaKgKLPUBEogTI=
Subject key identifier: 09:8B:7F:64:1E:A0:95:56:BC:94:A2:BF:27:BB:73:3A:70:58:5C:31
Certificate issuer: /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial: 018434379B91BC0D45D2C831887689B3FA3B
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/CYt_ZB6glVa8lKK_J7tzOnBYXDE.roa
Signing time: Tue 01 Nov 2022 17:22:50 +0000
ROA not before: Tue 01 Nov 2022 17:22:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43561
IP address blocks: 83.222.184.0/21 maxlen: 21
109.160.116.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:34:37:9b:91:bc:0d:45:d2:c8:31:88:76:89:b3:fa:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
Validity
Not Before: Nov 1 17:22:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=098b7f641ea09556bc94a2bf27bb733a70585c31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:39:4b:ed:8a:2e:be:13:bb:01:80:32:64:70:
0f:3f:6c:83:04:31:2c:fe:10:b6:95:a9:01:29:50:
71:57:91:aa:99:d5:02:bf:5a:22:b9:4f:8c:33:ea:
0d:1c:bb:54:d3:13:5d:3f:a3:7b:bd:02:f3:6c:47:
08:ba:26:a5:df:de:ba:dc:f4:5c:2f:4c:7a:7e:b5:
d0:f9:ec:52:91:51:ca:40:f9:3d:53:01:9a:d1:1e:
aa:4b:7b:ba:7a:41:c4:e4:b3:44:40:fa:f9:47:cc:
7d:6c:d4:c7:8f:5b:70:b1:64:27:2c:20:41:9d:aa:
53:f6:17:a4:21:95:27:55:94:73:61:0d:48:d6:8a:
1d:49:40:a2:15:03:9c:39:f3:a1:18:66:e3:7a:24:
6f:8b:71:0e:85:41:ec:44:f2:60:d1:3a:20:f8:8d:
52:70:ea:d0:45:be:81:a9:10:ca:35:e0:1f:fc:5d:
57:1a:32:5b:43:c0:a0:9d:bf:9c:d9:75:e2:ce:3e:
06:23:4a:e3:74:f6:bb:36:0f:a7:3f:81:04:ec:35:
f0:db:30:40:f5:8c:2a:83:fb:97:d3:bd:ae:86:bb:
f5:dc:e6:81:04:9a:30:01:c5:95:ea:b4:82:2d:72:
9c:7c:a8:65:d8:37:51:40:8a:d3:4a:bc:24:9a:75:
bc:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:8B:7F:64:1E:A0:95:56:BC:94:A2:BF:27:BB:73:3A:70:58:5C:31
X509v3 Authority Key Identifier:
keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/CYt_ZB6glVa8lKK_J7tzOnBYXDE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.222.184.0/21
109.160.116.0/23
Signature Algorithm: sha256WithRSAEncryption
3c:02:39:00:a0:ba:3b:a2:e2:c9:d3:57:83:49:11:2d:83:84:
76:9e:f9:c8:fd:ac:c1:23:53:fe:f9:f9:bb:74:d3:c1:09:28:
25:4a:50:a4:33:8f:3c:d7:33:41:73:d3:ed:11:da:ba:2c:64:
3b:14:66:15:0c:79:b3:17:fc:94:bb:b6:23:e5:a3:d8:7c:af:
19:75:44:d3:cf:14:15:c9:b4:cb:78:de:16:34:1b:59:1e:91:
c1:1d:d2:1f:a2:69:04:7f:15:73:10:96:18:86:dc:ef:69:08:
8d:1d:ab:68:6c:a3:b7:27:32:a8:5d:ef:bf:e4:a3:57:28:ef:
ca:b5:9c:26:1c:9f:7b:c3:7f:df:1e:e1:1b:68:73:60:3a:27:
c9:da:01:5a:e3:07:d5:d5:0c:64:ba:6a:3f:52:c5:88:52:9d:
94:27:34:ed:df:57:ff:b5:0b:6a:62:a9:0b:fe:6f:12:50:7c:
4b:c8:03:7f:c8:74:67:0a:c9:f9:55:69:cb:15:ed:7e:4b:d2:
e4:99:40:28:44:aa:20:e1:86:0d:89:49:cb:d9:6e:1a:99:15:
c6:39:c7:5f:4f:86:ca:18:3c:4d:cd:84:f3:f1:ff:1a:28:c2:
db:df:fc:ff:59:68:d2:69:f1:2d:d8:3d:b9:45:1b:94:bd:e5:
f9:27:21:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYQ0N5uRvA1F0sgxiHaJs/o7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjIxMTAxMTcyMjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOThiN2Y2NDFlYTA5NTU2YmM5NGEyYmYyN2JiNzMzYTcwNTg1YzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTlL7YouvhO7AYAyZHAPP2yDBDEs
/hC2lakBKVBxV5GqmdUCv1oiuU+MM+oNHLtU0xNdP6N7vQLzbEcIuial39663PRc
L0x6frXQ+exSkVHKQPk9UwGa0R6qS3u6ekHE5LNEQPr5R8x9bNTHj1twsWQnLCBB
napT9hekIZUnVZRzYQ1I1oodSUCiFQOcOfOhGGbjeiRvi3EOhUHsRPJg0Tog+I1S
cOrQRb6BqRDKNeAf/F1XGjJbQ8Cgnb+c2XXizj4GI0rjdPa7Ng+nP4EE7DXw2zBA
9Ywqg/uX072uhrv13OaBBJowAcWV6rSCLXKcfKhl2DdRQIrTSrwkmnW88wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAmLf2QeoJVWvJSivye7czpwWFwxMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvQ1l0X1pCNmdsVmE4bEtLX0o3dHpPbkJZWERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDU964AwQB
baB0MA0GCSqGSIb3DQEBCwUAA4IBAQA8AjkAoLo7ouLJ01eDSREtg4R2nvnI/azB
I1P++fm7dNPBCSglSlCkM4881zNBc9PtEdq6LGQ7FGYVDHmzF/yUu7Yj5aPYfK8Z
dUTTzxQVybTLeN4WNBtZHpHBHdIfomkEfxVzEJYYhtzvaQiNHatobKO3JzKoXe+/
5KNXKO/KtZwmHJ97w3/fHuEbaHNgOifJ2gFa4wfV1Qxkumo/UsWIUp2UJzTt31f/
tQtqYqkL/m8SUHxLyAN/yHRnCsn5VWnLFe1+S9LkmUAoRKog4YYNiUnL2W4amRXG
OcdfT4bKGDxNzYTz8f8aKMLb3/z/WWjSafEt2D25RRuUveX5JyGe
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:04:46 2025 by rpki-client