Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/I9niRHqR5RHab-EPnPcynjyxqEY.roa
File: I9niRHqR5RHab-EPnPcynjyxqEY.roa (raw, json)
Hash identifier: yKO82y0gCMzWoMU+9CABjqY1mvogB3NrLfqpWeZQB5o=
Subject key identifier: 23:D9:E2:44:7A:91:E5:11:DA:6F:E1:0F:9C:F7:32:9E:3C:B1:A8:46
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 0256F02E
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/I9niRHqR5RHab-EPnPcynjyxqEY.roa
Signing time: Sat 01 Jan 2022 14:08:30 +0000
ROA not before: Sat 01 Jan 2022 14:08:30 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209235
IP address blocks: 2.56.84.0/24 maxlen: 24
2.56.85.0/24 maxlen: 24
45.141.255.0/24 maxlen: 24
193.38.224.0/24 maxlen: 24
2a09:c0c0::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39252014 (0x256f02e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Jan 1 14:08:30 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=23d9e2447a91e511da6fe10f9cf7329e3cb1a846
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:d9:e7:c9:5f:d7:f6:81:d4:9c:4f:7c:2a:36:
17:d7:e6:d6:bf:62:b2:13:6a:1b:61:62:6b:1b:c6:
7d:5f:f2:ae:e5:d4:52:c0:32:65:4a:95:03:da:7c:
54:ae:3b:7d:95:d0:a4:5f:99:d9:e6:5f:97:eb:97:
7b:64:35:93:79:0f:fb:41:cb:24:fb:44:3a:fd:ef:
af:90:25:1b:8c:a2:a2:2d:df:d9:e6:fa:1c:f1:ce:
e8:e8:6d:59:f2:c7:0b:30:c5:a8:a5:c0:19:68:4d:
72:36:88:8e:3c:ad:ec:43:2e:a0:fa:7e:a1:b8:ba:
bd:5e:49:fd:2f:e4:59:7d:51:34:c9:3e:6a:7a:6f:
47:10:ca:0d:01:2d:8b:ae:2c:1e:8d:97:b1:2c:d2:
08:ce:ed:5e:92:f1:ed:dc:60:a3:5e:0a:f1:5d:90:
77:84:a7:b0:1f:b0:22:6f:cf:5b:e1:e8:b2:6b:74:
20:6c:f0:f4:15:cb:47:f0:08:f1:f0:cd:93:c8:22:
5e:8a:29:df:2f:3d:bd:b4:12:ec:56:d5:5a:fa:ee:
10:59:dc:2d:73:1e:c0:79:20:38:d0:d7:ba:88:65:
a9:c5:cc:a0:3a:13:10:bf:f3:31:c8:78:07:1c:03:
68:be:06:3c:86:46:24:49:be:24:01:36:8d:4e:74:
54:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:D9:E2:44:7A:91:E5:11:DA:6F:E1:0F:9C:F7:32:9E:3C:B1:A8:46
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/I9niRHqR5RHab-EPnPcynjyxqEY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.84.0/23
45.141.255.0/24
193.38.224.0/24
IPv6:
2a09:c0c0::/29
Signature Algorithm: sha256WithRSAEncryption
83:54:54:56:c1:a6:71:09:64:f2:c4:0a:75:54:59:f6:3b:59:
0e:67:be:8f:dd:8d:82:04:c8:3b:08:a9:1f:7d:4d:b6:55:d1:
69:bb:38:70:32:41:9e:80:3e:7a:44:5d:7c:d7:b6:38:f2:a5:
c2:6d:61:c2:ab:31:58:b4:e8:ec:85:ea:9c:8a:3f:8c:8a:cb:
45:16:f5:1a:23:79:51:6e:51:e0:e2:13:6d:b3:23:6c:c0:5e:
6e:33:55:64:2d:a0:15:2d:b9:d3:de:c1:0a:c5:39:86:fa:5b:
71:75:12:dc:19:15:0e:69:94:fe:d5:f7:3d:67:c3:ba:b1:62:
08:3b:cb:0e:03:4b:d2:4d:4d:f4:c6:fb:4a:91:ac:19:e6:91:
d1:7f:98:c4:73:5d:0c:38:47:fb:ff:74:da:eb:72:fc:a0:ce:
17:12:db:03:e5:3c:c8:24:09:61:fb:c5:58:38:ab:73:79:c1:
8c:bc:fd:07:d8:ac:54:82:1f:a4:37:82:da:16:2e:5b:96:34:
21:68:1c:fc:f6:c7:d4:5e:fc:80:c1:09:43:1f:10:75:92:1b:
88:fe:ea:cc:b8:2a:d1:b6:6d:02:6d:3c:16:cf:55:9d:96:d9:
d6:59:38:ae:a0:1c:65:f5:36:3b:2d:6f:12:b7:b3:de:1e:22:
47:6f:c3:7b
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEAlbwLjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MmM3OGVlZWY3YWNiNDUxZmMzNzU3NWZlYjkxMTRkZmNjYzFjZGZiMB4XDTIyMDEw
MTE0MDgzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjNkOWUyNDQ3YTkx
ZTUxMWRhNmZlMTBmOWNmNzMyOWUzY2IxYTg0NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKPZ58lf1/aB1JxPfCo2F9fm1r9ishNqG2FiaxvGfV/yruXU
UsAyZUqVA9p8VK47fZXQpF+Z2eZfl+uXe2Q1k3kP+0HLJPtEOv3vr5AlG4yioi3f
2eb6HPHO6OhtWfLHCzDFqKXAGWhNcjaIjjyt7EMuoPp+obi6vV5J/S/kWX1RNMk+
anpvRxDKDQEti64sHo2XsSzSCM7tXpLx7dxgo14K8V2Qd4SnsB+wIm/PW+Hosmt0
IGzw9BXLR/AI8fDNk8giXoop3y89vbQS7FbVWvruEFncLXMewHkgONDXuohlqcXM
oDoTEL/zMch4BxwDaL4GPIZGJEm+JAE2jU50VKcCAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBQj2eJEepHlEdpv4Q+c9zKePLGoRjAfBgNVHSMEGDAWgBQyx47u96y0Ufw3
V1/rkRTfzMHN+zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01zZU83dmVzdEZIOE4xZGY2NUVVMzh6Qnpmcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjQvMjI1YmNiLTZkM2QtNGMwZS04MjRmLTJmMWM4ZTQwOGI2NC8x
L0k5bmlSSHFSNVJIYWItRVBuUGN5bmp5eHFFWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQv
MjI1YmNiLTZkM2QtNGMwZS04MjRmLTJmMWM4ZTQwOGI2NC8xL01zZU83dmVzdEZI
OE4xZGY2NUVVMzh6Qnpmcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAQI4VAMEAC2N/wMEAMEm4DANBAIA
AjAHAwUDKgnAwDANBgkqhkiG9w0BAQsFAAOCAQEAg1RUVsGmcQlk8sQKdVRZ9jtZ
Dme+j92NggTIOwipH31NtlXRabs4cDJBnoA+ekRdfNe2OPKlwm1hwqsxWLTo7IXq
nIo/jIrLRRb1GiN5UW5R4OITbbMjbMBebjNVZC2gFS25097BCsU5hvpbcXUS3BkV
DmmU/tX3PWfDurFiCDvLDgNL0k1N9Mb7SpGsGeaR0X+YxHNdDDhH+/902uty/KDO
FxLbA+U8yCQJYfvFWDirc3nBjLz9B9isVIIfpDeC2hYuW5Y0IWgc/PbH1F78gMEJ
Qx8QdZIbiP7qzLgq0bZtAm08Fs9VnZbZ1lk4rqAcZfU2Oy1vErez3h4iR2/Dew==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:05 2023 by rpki-client on console.sobornost.net