Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
File: 322e35382e38372e302f32342d3234203d3e203633303233.roa (raw, json)
Hash identifier: GskJPRP5+rnvvHOREh4sZ2sSIv4K+a70HYvv48uTIUc=
Subject key identifier: B4:6A:DF:EB:56:34:52:DC:C1:D7:23:2C:37:22:AF:DD:25:C0:39:EB
Certificate issuer: /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial: 5D35F881B2C252DF97FD0D0C903FE8EC43AA84C3
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
Signing time: Thu 22 Feb 2024 17:05:14 +0000
ROA not before: Thu 22 Feb 2024 17:00:14 +0000
ROA not after: Thu 20 Feb 2025 17:05:14 +0000
asID: 63023
IP address blocks: 2.58.87.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:35:f8:81:b2:c2:52:df:97:fd:0d:0c:90:3f:e8:ec:43:aa:84:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Validity
Not Before: Feb 22 17:00:14 2024 GMT
Not After : Feb 20 17:05:14 2025 GMT
Subject: CN=B46ADFEB563452DCC1D7232C3722AFDD25C039EB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:07:85:8d:09:10:4b:72:57:54:44:c3:fa:e2:
65:6e:49:2e:c9:c3:de:2b:ad:6f:af:07:53:3f:de:
8e:0f:20:c8:a2:ac:61:d8:d4:8c:68:52:3f:09:c0:
04:f0:fe:cd:ab:86:f5:3c:c2:e3:b5:d7:5c:7c:29:
df:82:d2:47:27:bf:86:16:f8:cc:25:7d:22:76:81:
58:61:11:35:0c:01:b0:dc:21:13:43:c2:f8:8b:68:
15:f9:91:cf:2a:62:b1:f7:39:1f:bd:cc:75:f9:7a:
15:f8:10:4c:5d:a4:56:1a:4c:de:9a:9a:38:4b:57:
77:a2:85:98:95:2a:57:55:d2:c9:31:ec:b1:56:41:
23:28:ab:44:8c:e7:98:7c:a9:65:c7:55:de:19:d3:
90:bb:1d:7c:f5:e0:92:4d:0f:b7:b1:49:7e:2a:24:
b6:f0:28:f1:05:9c:11:e0:24:f0:b2:ba:ff:54:19:
41:b3:f4:53:38:9a:19:65:f5:ce:d3:0e:2c:07:bf:
ec:9e:1b:9a:38:b0:21:96:b4:05:f8:33:ef:12:f7:
7c:eb:2d:16:7b:65:ac:c1:bc:1b:e6:2b:02:e2:18:
bc:0a:5a:4a:82:b6:35:9d:ae:bb:d7:17:db:73:0d:
8b:f5:04:63:57:2c:56:88:0b:66:78:5a:8d:05:6f:
76:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:6A:DF:EB:56:34:52:DC:C1:D7:23:2C:37:22:AF:DD:25:C0:39:EB
X509v3 Authority Key Identifier:
keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/322e35382e38372e302f32342d3234203d3e203633303233.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.87.0/24
Signature Algorithm: sha256WithRSAEncryption
2f:44:a3:d4:cc:9d:98:c8:f6:45:b3:84:ba:36:78:92:21:4d:
e8:89:2c:00:8e:e7:81:a4:64:18:39:7b:db:03:c7:55:b8:ee:
37:0d:7e:33:eb:07:55:89:84:00:5e:49:b7:74:8b:e7:64:7f:
17:13:60:24:d0:c2:4e:65:fc:67:ea:2f:de:4a:77:bf:43:5c:
0b:ad:23:c5:50:5a:89:4c:78:81:64:40:4e:47:f7:f5:d9:84:
26:3b:d7:79:05:2f:88:49:59:46:00:7e:40:4a:3d:cc:7f:00:
96:d6:2e:3c:83:7e:fd:ca:02:fb:63:97:7b:0b:08:a8:93:09:
21:bc:1d:48:09:06:e1:7e:8b:d4:13:cb:e7:49:5b:e5:d8:a2:
73:ae:5e:8c:2b:2b:d2:7f:54:ef:fc:34:bc:fb:a5:60:f6:12:
53:cc:25:4b:19:72:a5:16:ed:7e:eb:95:be:a3:39:9d:9f:64:
cd:0e:bc:77:68:1c:7b:5a:85:fa:ce:b4:79:01:56:a2:fb:db:
50:dd:69:a3:6b:fb:5f:10:59:45:d2:ba:6a:1c:0f:d7:0d:f6:
a4:49:9e:16:6a:23:79:f5:05:aa:6d:cf:75:0a:de:0c:ca:03:
0e:c3:88:10:3b:52:42:61:a6:94:f2:c5:7d:43:e8:f1:06:33:
aa:0e:2c:5b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUXTX4gbLCUt+X/Q0MkD/o7EOqhMMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTRaFw0yNTAyMjAxNzA1MTRaMDMxMTAvBgNV
BAMTKEI0NkFERkVCNTYzNDUyRENDMUQ3MjMyQzM3MjJBRkREMjVDMDM5RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZB4WNCRBLcldURMP64mVuSS7J
w94rrW+vB1M/3o4PIMiirGHY1IxoUj8JwATw/s2rhvU8wuO111x8Kd+C0kcnv4YW
+MwlfSJ2gVhhETUMAbDcIRNDwviLaBX5kc8qYrH3OR+9zHX5ehX4EExdpFYaTN6a
mjhLV3eihZiVKldV0skx7LFWQSMoq0SM55h8qWXHVd4Z05C7HXz14JJND7exSX4q
JLbwKPEFnBHgJPCyuv9UGUGz9FM4mhll9c7TDiwHv+yeG5o4sCGWtAX4M+8S93zr
LRZ7ZazBvBvmKwLiGLwKWkqCtjWdrrvXF9tzDYv1BGNXLFaIC2Z4Wo0Fb3b7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUtGrf61Y0UtzB1yMsNyKv3SXAOeswHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzIyZTM1MzgyZTM4MzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMzMzAzMjMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpXMA0G
CSqGSIb3DQEBCwUAA4IBAQAvRKPUzJ2YyPZFs4S6NniSIU3oiSwAjueBpGQYOXvb
A8dVuO43DX4z6wdViYQAXkm3dIvnZH8XE2Ak0MJOZfxn6i/eSne/Q1wLrSPFUFqJ
THiBZEBOR/f12YQmO9d5BS+ISVlGAH5ASj3MfwCW1i48g379ygL7Y5d7Cwiokwkh
vB1ICQbhfovUE8vnSVvl2KJzrl6MKyvSf1Tv/DS8+6Vg9hJTzCVLGXKlFu1+65W+
ozmdn2TNDrx3aBx7WoX6zrR5AVai+9tQ3Wmja/tfEFlF0rpqHA/XDfakSZ4WaiN5
9QWqbc91Ct4MygMOw4gQO1JCYaaU8sV9Q+jxBjOqDixb
-----END CERTIFICATE-----
Generated at Thu Jun 6 12:41:07 2024 by rpki-client on console-fra.rpki-client.org