Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/vf08AIginEexmtKZdcVhgJPVrsw.roa
File: vf08AIginEexmtKZdcVhgJPVrsw.roa (raw, json)
Hash identifier: TATz3SJ26E4vRPZqOReK0pbfW0rgZCnS/BV5LBUN98M=
Subject key identifier: BD:FD:3C:00:88:22:9C:47:B1:9A:D2:99:75:C5:61:80:93:D5:AE:CC
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018E1A88905446235EE03C4EAF74351A59C2
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/vf08AIginEexmtKZdcVhgJPVrsw.roa
Signing time: Thu 07 Mar 2024 20:09:01 +0000
ROA not before: Thu 07 Mar 2024 20:09:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9009
IP address blocks: 109.122.204.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:1a:88:90:54:46:23:5e:e0:3c:4e:af:74:35:1a:59:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Mar 7 20:09:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bdfd3c0088229c47b19ad29975c5618093d5aecc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:35:d1:1d:5f:2c:a9:29:ce:c5:17:15:03:c0:
4e:43:25:1b:b8:24:b3:c0:2d:07:f1:8c:61:b3:22:
a2:4f:7f:4a:30:a5:f0:91:a2:af:a7:c7:1c:70:49:
de:54:95:bf:6a:06:4a:dd:d1:65:e5:30:ad:47:05:
26:6f:9e:11:6b:db:88:93:fa:65:87:02:cb:12:8a:
be:67:1e:a9:3d:c0:7e:05:d5:ff:26:e8:0b:c8:1f:
1c:47:1f:49:7b:79:3e:96:d0:5d:81:5b:af:9f:8f:
3f:b2:d3:25:e7:aa:2e:c5:32:27:b7:2e:b2:36:92:
60:e7:d3:18:99:e9:b9:f2:04:c2:30:25:59:7e:f3:
93:63:e9:a6:6c:e1:bf:9b:8b:5d:3b:34:1a:f7:79:
f9:95:11:00:a4:da:7f:9d:35:16:78:33:d8:71:3c:
52:c0:58:d7:0b:f9:2c:d9:99:89:7d:17:f6:a1:7a:
3a:01:9c:72:28:0b:9e:37:bc:68:b6:fa:95:0b:73:
f6:48:1f:46:03:fd:85:7e:c2:78:10:9c:a1:37:b2:
2e:e3:5e:d1:7a:38:1e:e2:e7:7f:c7:30:c3:dc:2c:
da:1e:9f:c6:fe:36:e2:09:4d:35:46:35:ee:0c:13:
1d:bf:e3:7d:83:bc:fd:90:7f:3a:75:40:a4:9c:00:
c0:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:FD:3C:00:88:22:9C:47:B1:9A:D2:99:75:C5:61:80:93:D5:AE:CC
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/vf08AIginEexmtKZdcVhgJPVrsw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.204.0/24
Signature Algorithm: sha256WithRSAEncryption
57:0f:de:24:7e:63:02:1c:a4:ea:ad:65:34:45:44:48:63:0a:
7b:69:88:25:ec:81:2a:fd:08:8e:8f:33:59:b1:48:27:26:85:
14:9b:a8:df:74:07:38:06:e5:2b:ca:c5:e7:65:4d:f0:1c:70:
b9:24:2d:80:6f:de:c9:6a:1e:09:83:76:c9:82:98:02:fd:37:
c4:d1:95:09:58:f4:de:4b:d5:02:58:59:9a:05:13:91:d1:9e:
2d:42:d3:b0:cf:61:52:2d:11:36:55:33:22:59:9d:de:60:60:
c0:10:6a:d1:4f:38:78:a9:65:2c:38:ed:8f:c3:25:f4:d1:db:
55:b6:4b:c5:6f:d1:b4:15:d3:9a:e6:3f:d6:75:88:cb:39:80:
24:c0:d7:35:aa:3a:32:bc:23:41:b4:a9:26:89:12:f0:de:b3:
c0:e5:5a:b5:2b:ac:5e:c1:86:57:40:3d:3a:51:be:35:8c:f4:
99:7c:3e:41:84:c2:59:cb:b9:ea:81:88:6b:eb:ae:43:3c:d1:
98:d7:ce:5c:c2:72:9f:a0:f1:fe:42:20:94:d4:fa:29:73:7e:
87:8e:20:11:07:1e:98:ec:2c:a0:5b:35:35:d0:1c:1b:f7:10:
24:6d:f9:4b:6c:c6:e3:18:3d:7f:83:f4:bb:5c:d9:41:53:69:
3d:32:04:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4aiJBURiNe4DxOr3Q1GlnCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMzA3MjAwOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGZkM2MwMDg4MjI5YzQ3YjE5YWQyOTk3NWM1NjE4MDkzZDVhZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTXRHV8sqSnOxRcVA8BOQyUbuCSz
wC0H8YxhsyKiT39KMKXwkaKvp8cccEneVJW/agZK3dFl5TCtRwUmb54Ra9uIk/pl
hwLLEoq+Zx6pPcB+BdX/JugLyB8cRx9Je3k+ltBdgVuvn48/stMl56ouxTInty6y
NpJg59MYmem58gTCMCVZfvOTY+mmbOG/m4tdOzQa93n5lREApNp/nTUWeDPYcTxS
wFjXC/ks2ZmJfRf2oXo6AZxyKAueN7xotvqVC3P2SB9GA/2FfsJ4EJyhN7Iu417R
ejge4ud/xzDD3CzaHp/G/jbiCU01RjXuDBMdv+N9g7z9kH86dUCknADAYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL39PACIIpxHsZrSmXXFYYCT1a7MMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvdmYwOEFJZ2luRWV4bXRLWmRjVmhnSlBWcnN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrMMA0G
CSqGSIb3DQEBCwUAA4IBAQBXD94kfmMCHKTqrWU0RURIYwp7aYgl7IEq/QiOjzNZ
sUgnJoUUm6jfdAc4BuUrysXnZU3wHHC5JC2Ab97Jah4Jg3bJgpgC/TfE0ZUJWPTe
S9UCWFmaBROR0Z4tQtOwz2FSLRE2VTMiWZ3eYGDAEGrRTzh4qWUsOO2PwyX00dtV
tkvFb9G0FdOa5j/WdYjLOYAkwNc1qjoyvCNBtKkmiRLw3rPA5Vq1K6xewYZXQD06
Ub41jPSZfD5BhMJZy7nqgYhr665DPNGY185cwnKfoPH+QiCU1Popc36HjiARBx6Y
7CygWzU10Bwb9xAkbflLbMbjGD1/g/S7XNlBU2k9MgQv
-----END CERTIFICATE-----
Generated at Tue Apr 2 14:44:00 2024 by rpki-client on console-ams.rpki-client.org