Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/bMXpLQnU-yp8L-4qL1i-BTnSDSQ.roa
File: bMXpLQnU-yp8L-4qL1i-BTnSDSQ.roa (raw, json)
Hash identifier: ILpKjmTih7Wq5LDGm4ek/1VXF54YDR1bvf+eGijZ4R4=
Subject key identifier: 6C:C5:E9:2D:09:D4:FB:2A:7C:2F:EE:2A:2F:58:BE:05:39:D2:0D:24
Certificate issuer: /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial: 018434379A80E454D4E1911BDF684C103A1C
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/bMXpLQnU-yp8L-4qL1i-BTnSDSQ.roa
Signing time: Tue 01 Nov 2022 17:22:49 +0000
ROA not before: Tue 01 Nov 2022 17:22:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8866
IP address blocks: 83.222.184.0/21 maxlen: 21
109.160.116.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:34:37:9a:80:e4:54:d4:e1:91:1b:df:68:4c:10:3a:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
Validity
Not Before: Nov 1 17:22:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6cc5e92d09d4fb2a7c2fee2a2f58be0539d20d24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:9b:fe:9d:1f:b6:33:b4:a9:31:cd:4f:74:7f:
a0:3c:58:a3:20:9e:80:52:3d:fc:b2:53:d6:11:79:
7e:a5:5e:76:4c:29:17:f1:4f:47:07:98:78:99:f7:
ac:f0:dc:84:d4:b7:cf:20:43:74:9e:e8:b6:bb:42:
de:a2:cd:90:b4:79:1f:6f:fa:4e:ce:44:b1:84:99:
b7:ec:12:33:a0:17:32:82:10:dc:7e:c3:8f:0e:14:
32:6d:b6:cc:fa:9a:64:62:6b:f1:d3:01:74:00:d4:
75:e4:92:45:39:24:7b:f1:82:75:25:3e:43:48:b6:
8a:78:c7:f9:9b:eb:27:b3:2e:32:5b:83:8b:43:83:
65:a0:eb:65:05:2c:d0:75:29:47:1e:78:c0:ef:5e:
fc:05:3f:c3:6f:2c:ea:ba:b2:a9:e6:47:f3:d6:fa:
19:a5:aa:4c:eb:ae:5b:cb:11:5b:53:ba:b6:1c:c4:
d1:23:99:88:4e:7c:22:f0:ea:55:cd:4a:2c:d7:38:
98:5a:2e:bd:fe:9e:50:94:11:75:25:cb:41:66:03:
3e:b3:54:1d:21:12:1a:91:5e:a1:3d:97:0f:16:39:
e7:f2:a4:84:79:e9:56:64:14:ea:95:c1:99:15:00:
fa:5d:c5:80:6a:19:87:87:bb:34:63:ff:ce:3a:2e:
42:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:C5:E9:2D:09:D4:FB:2A:7C:2F:EE:2A:2F:58:BE:05:39:D2:0D:24
X509v3 Authority Key Identifier:
keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/bMXpLQnU-yp8L-4qL1i-BTnSDSQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.222.184.0/21
109.160.116.0/23
Signature Algorithm: sha256WithRSAEncryption
96:6c:8b:ed:2d:8a:b3:9e:ad:96:66:c5:8c:ff:9c:ee:9a:d6:
99:6b:6e:b0:71:a1:45:e8:8d:47:58:9f:53:08:e9:59:f8:54:
27:19:76:e4:07:8b:3f:4f:d0:11:47:ee:ec:53:6d:c0:86:ef:
4c:46:01:85:0c:24:ff:2e:e8:2d:84:c8:4a:06:cb:b4:1a:b4:
99:67:05:1a:f3:d0:50:39:fa:94:0a:00:04:36:df:be:db:c7:
5b:5f:10:56:6c:7b:b4:3f:60:86:b3:ce:6b:1c:07:ad:f8:13:
49:49:d6:15:8d:ab:fe:d1:0c:98:83:a0:b7:23:e7:e4:25:41:
9b:01:65:a7:e9:dc:a6:78:59:fe:73:8c:be:f1:e4:ad:fb:9f:
49:77:b4:06:60:9f:fe:81:98:49:a7:2b:b8:f1:e3:a6:97:0b:
62:98:2b:44:6d:ca:4c:44:42:f5:b6:1d:88:72:10:ab:e1:d7:
98:65:ce:ee:38:d3:93:a9:0f:d5:01:21:83:af:ec:d9:e1:da:
7e:59:c0:9a:7e:91:fe:d6:1a:8c:b2:d3:f3:7e:10:8b:a5:3b:
bd:18:1f:e3:ce:e4:d6:4d:9a:6f:4d:3b:97:0b:1e:56:b5:40:
14:40:b3:21:57:12:c7:0b:65:4a:7d:eb:ae:b7:1e:18:16:1f:
27:79:1a:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYQ0N5qA5FTU4ZEb32hMEDocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjIxMTAxMTcyMjQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2M1ZTkyZDA5ZDRmYjJhN2MyZmVlMmEyZjU4YmUwNTM5ZDIwZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpv+nR+2M7SpMc1PdH+gPFijIJ6A
Uj38slPWEXl+pV52TCkX8U9HB5h4mfes8NyE1LfPIEN0nui2u0Leos2QtHkfb/pO
zkSxhJm37BIzoBcyghDcfsOPDhQybbbM+ppkYmvx0wF0ANR15JJFOSR78YJ1JT5D
SLaKeMf5m+snsy4yW4OLQ4NloOtlBSzQdSlHHnjA7178BT/DbyzqurKp5kfz1voZ
papM665byxFbU7q2HMTRI5mITnwi8OpVzUos1ziYWi69/p5QlBF1JctBZgM+s1Qd
IRIakV6hPZcPFjnn8qSEeelWZBTqlcGZFQD6XcWAahmHh7s0Y//OOi5CIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGzF6S0J1PsqfC/uKi9YvgU50g0kMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvYk1YcExRblUteXA4TC00cUwxaS1CVG5TRFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDU964AwQB
baB0MA0GCSqGSIb3DQEBCwUAA4IBAQCWbIvtLYqznq2WZsWM/5zumtaZa26wcaFF
6I1HWJ9TCOlZ+FQnGXbkB4s/T9ARR+7sU23Ahu9MRgGFDCT/LugthMhKBsu0GrSZ
ZwUa89BQOfqUCgAENt++28dbXxBWbHu0P2CGs85rHAet+BNJSdYVjav+0QyYg6C3
I+fkJUGbAWWn6dymeFn+c4y+8eSt+59Jd7QGYJ/+gZhJpyu48eOmlwtimCtEbcpM
REL1th2IchCr4deYZc7uONOTqQ/VASGDr+zZ4dp+WcCafpH+1hqMstPzfhCLpTu9
GB/jzuTWTZpvTTuXCx5WtUAUQLMhVxLHC2VKfeuutx4YFh8neRoa
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:14 2024 by rpki-client on console-fra.rpki-client.org