Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0K5AcYlKpoYXfFAq3tcw9wXYzbo.roa
File: 0K5AcYlKpoYXfFAq3tcw9wXYzbo.roa (raw, json)
Hash identifier: MNdd0bWOM6AzwWDMH/pz0tbN+WMAqagv7b+Ix7tBXWQ=
Subject key identifier: D0:AE:40:71:89:4A:A6:86:17:7C:50:2A:DE:D7:30:F7:05:D8:CD:BA
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B9BDB82B475081DDFF3ECBF331729DA84
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0K5AcYlKpoYXfFAq3tcw9wXYzbo.roa
Signing time: Sat 04 Nov 2023 19:42:16 +0000
ROA not before: Sat 04 Nov 2023 19:42:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.197.0/24 maxlen: 24
109.122.201.0/24 maxlen: 24
109.122.205.0/24 maxlen: 24
109.122.203.0/24 maxlen: 24
109.122.212.0/24 maxlen: 24
109.122.213.0/24 maxlen: 24
109.122.210.0/24 maxlen: 24
109.122.215.0/24 maxlen: 24
109.122.220.0/24 maxlen: 24
109.122.222.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:9b:db:82:b4:75:08:1d:df:f3:ec:bf:33:17:29:da:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Nov 4 19:42:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d0ae4071894aa686177c502aded730f705d8cdba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:5a:45:cf:68:24:3b:1a:5f:fe:66:97:67:b9:
ea:c7:77:73:e9:3b:43:9b:3d:94:8e:b3:17:26:ee:
b5:23:9c:cb:81:b2:1b:59:65:84:eb:54:a8:0a:fc:
3b:d4:0e:ea:aa:e7:57:c1:3f:a0:b2:b5:88:5e:74:
74:ab:b9:81:98:0d:39:80:c7:99:3b:2f:71:a1:9b:
0a:fe:ef:af:8f:d0:39:3c:f9:ad:d3:ee:37:df:63:
9f:a9:4d:86:3b:a6:2a:c5:0d:74:c9:eb:ac:96:b5:
23:44:65:8b:32:61:2c:87:80:37:5c:e5:25:7a:b5:
9e:5d:dc:c0:43:f1:d2:1d:28:c1:f1:1c:96:41:57:
57:08:83:43:2e:87:0f:05:6c:c2:62:c0:21:db:c0:
0a:ef:0f:13:1d:f9:f8:e0:0a:f3:a5:a1:68:63:6b:
8c:ca:ef:15:a3:10:a6:53:8c:ab:08:9a:fb:4a:b0:
8d:7a:42:3b:74:db:14:a9:ab:11:f9:6e:e4:6a:19:
07:89:63:a4:94:a1:1a:53:b5:ae:43:94:32:30:57:
1b:68:9b:68:33:78:10:92:95:b5:89:95:97:af:8b:
19:b0:b3:e3:04:75:d2:c1:90:ee:23:c7:fe:6c:92:
76:e6:98:fd:13:3a:4c:bf:6d:0a:79:a6:cd:52:c4:
9c:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:AE:40:71:89:4A:A6:86:17:7C:50:2A:DE:D7:30:F7:05:D8:CD:BA
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0K5AcYlKpoYXfFAq3tcw9wXYzbo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/24
109.122.197.0/24
109.122.201.0/24
109.122.203.0/24
109.122.205.0/24
109.122.210.0/24
109.122.212.0/23
109.122.215.0/24
109.122.220.0/24
109.122.222.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:e7:b5:ff:ea:75:e0:ef:bb:a6:13:50:eb:96:77:b4:9a:76:
b9:31:01:1b:56:cd:4d:3f:b0:3e:ae:fe:21:ab:e1:85:3c:35:
fa:0c:73:1a:68:66:ca:43:0b:9c:ef:2f:82:40:ee:3b:5f:0f:
da:dc:8b:e2:f9:27:cd:2c:6a:67:a0:41:a3:c6:ce:2e:13:56:
80:78:f2:78:0f:69:3d:cd:81:ac:bc:11:b4:da:28:78:d4:bb:
17:37:9c:2d:03:83:91:b5:44:a4:d0:59:c5:5d:37:22:46:68:
b8:9c:5f:65:be:dd:46:88:9a:b1:e4:cd:08:33:58:a1:be:19:
c3:80:67:ad:e9:a5:81:c6:49:2c:38:7f:7b:b9:07:e6:be:68:
25:66:b9:20:44:2b:35:48:78:49:31:c4:81:e5:72:b9:f7:ec:
eb:15:1d:05:da:7d:89:9c:32:65:d4:74:8d:fe:f7:32:1b:b7:
26:fa:24:4a:ef:32:ae:16:1e:40:ce:fb:c3:95:67:2e:48:d7:
b0:e9:cc:30:c5:95:32:9d:ca:27:ea:39:35:a3:95:f2:3e:db:
9c:97:e8:da:f0:0a:f7:e0:8a:c7:d0:a4:35:22:d9:4a:5d:ae:
26:a1:37:ad:5c:f7:8b:81:26:ee:b8:47:8e:e0:a5:92:e8:0d:
aa:21:1f:b4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYub24K0dQgd3/PsvzMXKdqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMTA0MTk0MjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGFlNDA3MTg5NGFhNjg2MTc3YzUwMmFkZWQ3MzBmNzA1ZDhjZGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlpFz2gkOxpf/maXZ7nqx3dz6TtD
mz2UjrMXJu61I5zLgbIbWWWE61SoCvw71A7qqudXwT+gsrWIXnR0q7mBmA05gMeZ
Oy9xoZsK/u+vj9A5PPmt0+4332OfqU2GO6YqxQ10yeuslrUjRGWLMmEsh4A3XOUl
erWeXdzAQ/HSHSjB8RyWQVdXCINDLocPBWzCYsAh28AK7w8THfn44ArzpaFoY2uM
yu8VoxCmU4yrCJr7SrCNekI7dNsUqasR+W7kahkHiWOklKEaU7WuQ5QyMFcbaJto
M3gQkpW1iZWXr4sZsLPjBHXSwZDuI8f+bJJ25pj9EzpMv20KeabNUsScEQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNCuQHGJSqaGF3xQKt7XMPcF2M26MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMEs1QWNZbEtwb1lYZkZBcTN0Y3c5d1hZemJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAbXrAAwQA
bXrFAwQAbXrJAwQAbXrLAwQAbXrNAwQAbXrSAwQBbXrUAwQAbXrXAwQAbXrcAwQA
bXreMA0GCSqGSIb3DQEBCwUAA4IBAQCK57X/6nXg77umE1Drlne0mna5MQEbVs1N
P7A+rv4hq+GFPDX6DHMaaGbKQwuc7y+CQO47Xw/a3Ivi+SfNLGpnoEGjxs4uE1aA
ePJ4D2k9zYGsvBG02ih41LsXN5wtA4ORtUSk0FnFXTciRmi4nF9lvt1GiJqx5M0I
M1ihvhnDgGet6aWBxkksOH97uQfmvmglZrkgRCs1SHhJMcSB5XK59+zrFR0F2n2J
nDJl1HSN/vcyG7cm+iRK7zKuFh5AzvvDlWcuSNew6cwwxZUyncon6jk1o5XyPtuc
l+ja8Ar34IrH0KQ1ItlKXa4moTetXPeLgSbuuEeO4KWS6A2qIR+0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org