Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa
File: 322e35382e38352e302f32342d3234203d3e20323031333634.roa (raw, json)
Hash identifier: D1gSVTjM3kaH+QdxcFDy3RNE5cowzusP7CxdRrnSHWw=
Subject key identifier: BD:99:0A:F5:9C:42:94:2B:56:E5:B8:FA:E2:BB:46:A9:1E:81:9B:31
Certificate issuer: /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial: 20969261BEFD0DB3B0DD7D912789B381C066F3C1
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa
Signing time: Thu 22 Feb 2024 17:05:13 +0000
ROA not before: Thu 22 Feb 2024 17:00:13 +0000
ROA not after: Thu 20 Feb 2025 17:05:13 +0000
asID: 201364
IP address blocks: 2.58.85.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:96:92:61:be:fd:0d:b3:b0:dd:7d:91:27:89:b3:81:c0:66:f3:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Validity
Not Before: Feb 22 17:00:13 2024 GMT
Not After : Feb 20 17:05:13 2025 GMT
Subject: CN=BD990AF59C42942B56E5B8FAE2BB46A91E819B31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:49:af:43:f4:ac:da:ec:54:38:1c:55:72:5f:
6d:37:1b:d3:83:ed:28:ef:e9:25:bb:7e:d7:ab:4d:
53:52:61:b2:ee:5f:7b:17:cb:69:45:ac:f0:95:13:
be:32:07:ca:d3:c4:bc:e6:5a:5f:5b:f4:bb:f0:67:
0a:f7:6f:21:40:6e:05:d0:e4:97:b7:3d:80:42:8c:
8a:ed:7e:51:aa:bd:d0:11:85:7a:a5:cd:6b:e8:7a:
4d:50:46:39:33:f9:01:9a:08:ef:98:d9:d6:29:e7:
17:fd:ad:75:67:92:c9:a5:ad:75:57:b4:0c:f8:a3:
aa:42:aa:04:55:2e:aa:9a:78:9c:ef:ec:c5:66:97:
01:a8:53:ed:00:81:d0:cd:54:b3:49:79:c3:9a:3e:
aa:47:2f:f8:e6:3a:33:50:e7:9c:59:a9:71:1a:a3:
40:da:ee:39:5c:1f:a5:24:9b:5c:23:af:bb:8e:2c:
e3:72:23:c2:b2:7b:a6:e1:88:54:e7:0d:d6:35:dc:
7c:84:f4:08:ee:90:71:78:19:18:15:bd:76:6a:45:
7b:51:7f:a4:7d:c3:1b:09:bf:ce:43:25:4c:29:0b:
ff:97:a2:8e:d4:54:47:27:ff:a8:11:6e:bd:73:81:
01:f5:40:0a:a4:f0:83:cc:b6:e3:35:23:1c:c8:e1:
0f:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:99:0A:F5:9C:42:94:2B:56:E5:B8:FA:E2:BB:46:A9:1E:81:9B:31
X509v3 Authority Key Identifier:
keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38352e302f32342d3234203d3e20323031333634.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.85.0/24
Signature Algorithm: sha256WithRSAEncryption
10:2f:f2:09:fd:9d:5d:50:fe:e5:80:70:39:f3:fe:c2:e9:2e:
75:34:9c:fd:4a:5e:dc:69:f6:ba:89:8c:7d:3f:2c:bd:0b:5d:
51:bd:3c:62:f5:eb:89:e7:b7:0b:16:94:30:ab:9f:67:e5:51:
83:66:32:79:9f:a4:9e:40:e4:93:d6:8a:e2:74:8b:c0:2e:be:
bc:d7:04:af:ec:fb:ff:40:1f:13:46:d6:1f:aa:a0:fa:5d:c5:
89:29:e1:f4:c0:8c:1e:10:db:01:8d:00:35:aa:bc:dd:bd:f8:
c7:a1:99:d2:38:1a:0b:bb:2a:05:84:26:b7:7e:0e:ce:bb:d1:
2d:9e:a1:54:6c:db:de:00:07:93:6e:a2:62:b0:81:8d:23:77:
58:bd:76:1a:12:eb:30:09:33:a7:43:7f:0b:fe:8a:ff:45:be:
71:3b:ab:37:31:ba:c3:5b:09:c8:ba:2d:2a:b5:ef:76:d7:68:
71:11:7e:24:f0:a6:ff:26:36:55:ef:d0:2c:f3:0e:5b:35:2c:
44:df:56:a2:13:76:a8:b1:9e:ab:ef:23:3d:be:ca:af:04:e4:
b3:a5:95:0a:30:e0:fd:d2:c1:0e:e7:68:30:a2:85:fb:b7:6c:
a9:58:02:5e:e8:18:19:ea:96:1b:4b:e1:4b:78:b6:26:ff:7e:
1c:2e:69:23
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIJaSYb79DbOw3X2RJ4mzgcBm88EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKEJEOTkwQUY1OUM0Mjk0MkI1NkU1QjhGQUUyQkI0NkE5MUU4MTlCMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiSa9D9Kza7FQ4HFVyX203G9OD
7Sjv6SW7fterTVNSYbLuX3sXy2lFrPCVE74yB8rTxLzmWl9b9LvwZwr3byFAbgXQ
5Je3PYBCjIrtflGqvdARhXqlzWvoek1QRjkz+QGaCO+Y2dYp5xf9rXVnksmlrXVX
tAz4o6pCqgRVLqqaeJzv7MVmlwGoU+0AgdDNVLNJecOaPqpHL/jmOjNQ55xZqXEa
o0Da7jlcH6Ukm1wjr7uOLONyI8Kye6bhiFTnDdY13HyE9AjukHF4GRgVvXZqRXtR
f6R9wxsJv85DJUwpC/+Xoo7UVEcn/6gRbr1zgQH1QAqk8IPMtuM1IxzI4Q9BAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvZkK9ZxClCtW5bj64rtGqR6BmzEwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAACOlUw
DQYJKoZIhvcNAQELBQADggEBABAv8gn9nV1Q/uWAcDnz/sLpLnU0nP1KXtxp9rqJ
jH0/LL0LXVG9PGL164nntwsWlDCrn2flUYNmMnmfpJ5A5JPWiuJ0i8AuvrzXBK/s
+/9AHxNG1h+qoPpdxYkp4fTAjB4Q2wGNADWqvN29+MehmdI4Ggu7KgWEJrd+Ds67
0S2eoVRs294AB5NuomKwgY0jd1i9dhoS6zAJM6dDfwv+iv9FvnE7qzcxusNbCci6
LSq173bXaHERfiTwpv8mNlXv0CzzDls1LETfVqITdqixnqvvIz2+yq8E5LOllQow
4P3SwQ7naDCihfu3bKlYAl7oGBnqlhtL4Ut4tib/fhwuaSM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 12:41:07 2024 by rpki-client on console-fra.rpki-client.org