Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/aOdCSBcm0vXJBAUPAVQW7X5neyo.roa
File: aOdCSBcm0vXJBAUPAVQW7X5neyo.roa (raw, json)
Hash identifier: T8LhOcIcVhzeQlJyfNwT2yRtrhImV0IGFA1lWgfC4iM=
Subject key identifier: 68:E7:42:48:17:26:D2:F5:C9:04:05:0F:01:54:16:ED:7E:67:7B:2A
Certificate issuer: /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial: 018D7D6741733C540B54B545987461A4347B
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/aOdCSBcm0vXJBAUPAVQW7X5neyo.roa
Signing time: Tue 06 Feb 2024 07:52:15 +0000
ROA not before: Tue 06 Feb 2024 07:52:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197706
IP address blocks: 109.104.133.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:7d:67:41:73:3c:54:0b:54:b5:45:98:74:61:a4:34:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Validity
Not Before: Feb 6 07:52:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=68e742481726d2f5c904050f015416ed7e677b2a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:8f:ba:72:cd:8e:9d:d2:fb:dc:4c:2b:6a:60:
c6:46:59:a5:2f:62:50:fc:29:92:b7:34:2a:e5:78:
0b:e5:7e:3b:2a:25:bf:4d:d7:5f:a7:37:5c:ad:99:
f4:ff:0e:bd:3c:e2:97:0c:78:85:f7:2d:da:17:94:
71:d8:3f:24:dc:bb:e9:d3:2b:bd:e8:27:84:a7:68:
60:a6:e2:5c:dd:ce:18:70:f0:15:c5:0c:ba:c4:7e:
c1:bb:7a:f5:57:ee:5e:ed:9a:e4:a3:7c:24:c8:56:
bf:64:51:05:ed:73:04:43:04:8a:a3:51:fd:fe:14:
c8:25:ae:2d:a5:73:84:63:e3:a0:ba:76:95:94:9a:
20:b9:75:1a:bc:37:20:99:bb:04:b8:6f:4d:1c:4d:
1a:8c:33:ed:84:fb:ae:3d:3b:e3:f1:a7:86:e0:2d:
cb:6a:49:2b:5e:b0:29:56:9b:f4:d1:48:83:bb:73:
b9:99:b7:79:36:fa:3f:f1:1e:b6:6e:f5:ba:b9:1c:
ca:c6:71:43:9b:e2:11:26:0b:b8:fd:ce:f0:6c:12:
63:ac:0d:40:37:17:53:17:20:d6:83:ad:54:35:ab:
c7:df:db:a2:f9:93:dd:19:9a:f9:b0:db:c9:15:67:
de:96:b6:6e:47:66:b0:e9:32:b5:cb:84:c9:82:29:
e1:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:E7:42:48:17:26:D2:F5:C9:04:05:0F:01:54:16:ED:7E:67:7B:2A
X509v3 Authority Key Identifier:
keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/aOdCSBcm0vXJBAUPAVQW7X5neyo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.104.133.0/24
Signature Algorithm: sha256WithRSAEncryption
bc:3b:f8:f2:5b:6c:ae:12:0e:b6:19:de:0e:20:90:b2:1c:bb:
df:15:4a:c4:5e:a3:f0:24:f7:ab:77:fe:70:55:a6:4b:85:4f:
72:cc:70:23:e6:c1:27:7e:72:46:21:84:d9:f6:9e:c6:c7:6a:
86:6d:f5:54:0e:f7:12:c9:2f:d2:83:07:c9:13:fc:ae:d2:9f:
c1:1b:d3:34:d1:b3:35:a1:59:5d:01:b7:cd:13:09:e1:64:d2:
7f:e6:86:49:4d:8a:5b:63:ab:69:e0:83:8b:62:d7:cb:b2:0f:
69:db:f0:b1:06:51:32:93:b6:f7:49:e5:19:82:4d:fa:54:d1:
49:45:65:eb:f6:57:5a:99:5f:21:97:26:17:7a:50:65:7e:4d:
85:3c:0d:ee:09:2c:a5:58:89:26:98:78:2a:59:ab:0e:14:8d:
d1:d5:10:61:60:c5:a5:98:5a:96:52:3f:9c:fd:8f:55:0e:e8:
85:2c:09:41:62:05:62:e6:6a:f5:42:23:9d:6d:a4:e6:54:10:
0d:d6:8a:ef:0d:e4:b2:dc:54:c1:c2:df:dd:69:b2:6d:3c:e8:
78:b4:9d:c8:3f:e7:11:a6:d5:22:e8:a2:8a:11:ba:8e:96:b6:
e3:90:82:2b:89:30:a5:5a:56:0b:04:6d:0f:40:5a:08:94:ab:
37:11:5a:0a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY19Z0FzPFQLVLVFmHRhpDR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjQwMjA2MDc1MjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGU3NDI0ODE3MjZkMmY1YzkwNDA1MGYwMTU0MTZlZDdlNjc3YjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjY+6cs2OndL73EwramDGRlmlL2JQ
/CmStzQq5XgL5X47KiW/TddfpzdcrZn0/w69POKXDHiF9y3aF5Rx2D8k3Lvp0yu9
6CeEp2hgpuJc3c4YcPAVxQy6xH7Bu3r1V+5e7Zrko3wkyFa/ZFEF7XMEQwSKo1H9
/hTIJa4tpXOEY+OgunaVlJoguXUavDcgmbsEuG9NHE0ajDPthPuuPTvj8aeG4C3L
akkrXrApVpv00UiDu3O5mbd5Nvo/8R62bvW6uRzKxnFDm+IRJgu4/c7wbBJjrA1A
NxdTFyDWg61UNavH39ui+ZPdGZr5sNvJFWfelrZuR2aw6TK1y4TJginh3wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGjnQkgXJtL1yQQFDwFUFu1+Z3sqMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL2FPZENTQmNtMHZYSkJBVVBBVlFXN1g1bmV5by5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABtaIUw
DQYJKoZIhvcNAQELBQADggEBALw7+PJbbK4SDrYZ3g4gkLIcu98VSsReo/Ak96t3
/nBVpkuFT3LMcCPmwSd+ckYhhNn2nsbHaoZt9VQO9xLJL9KDB8kT/K7Sn8Eb0zTR
szWhWV0Bt80TCeFk0n/mhklNiltjq2ngg4ti18uyD2nb8LEGUTKTtvdJ5RmCTfpU
0UlFZev2V1qZXyGXJhd6UGV+TYU8De4JLKVYiSaYeCpZqw4UjdHVEGFgxaWYWpZS
P5z9j1UO6IUsCUFiBWLmavVCI51tpOZUEA3Wiu8N5LLcVMHC391psm086Hi0ncg/
5xGm1SLooooRuo6WtuOQgiuJMKVaVgsEbQ9AWgiUqzcRWgo=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:16:25 2025 by rpki-client