Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0dKIlaqMUmo27gXWtes9mXI-epU.roa
File: 0dKIlaqMUmo27gXWtes9mXI-epU.roa (raw, json)
Hash identifier: 0suEoXd2lizV3fp4SZr1tgc91LN2lWUI+3+MPhkjBmQ=
Subject key identifier: D1:D2:88:95:AA:8C:52:6A:36:EE:05:D6:B5:EB:3D:99:72:3E:7A:95
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B88670A751F202A115C7861E1F70F95C7
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0dKIlaqMUmo27gXWtes9mXI-epU.roa
Signing time: Wed 01 Nov 2023 01:02:16 +0000
ROA not before: Wed 01 Nov 2023 01:02:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.195.0/24 maxlen: 24
109.122.197.0/24 maxlen: 24
109.122.222.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:88:67:0a:75:1f:20:2a:11:5c:78:61:e1:f7:0f:95:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Nov 1 01:02:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d1d28895aa8c526a36ee05d6b5eb3d99723e7a95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:9d:a6:65:77:df:a4:09:2b:df:61:cc:3a:8b:
a5:9b:f4:45:e4:0a:61:88:9a:ea:a8:b7:f8:02:4b:
7b:ea:e5:4b:e8:ca:03:4b:49:f3:2f:dc:e1:c8:84:
7b:4b:94:fd:f3:0a:65:e9:3a:79:de:1b:0e:57:78:
f4:7b:d9:c9:6c:91:8b:a4:09:0d:14:84:bf:a2:23:
ca:72:17:d2:fc:4d:44:70:21:e2:84:1e:2d:fb:90:
a4:7e:69:86:d4:4d:58:ee:7f:2a:f2:13:9f:50:95:
8e:d9:68:24:95:a2:cc:00:2c:67:3a:14:54:2f:d0:
5c:9f:87:68:7e:48:73:2c:9a:d0:0b:ca:75:7b:c2:
f0:a7:53:df:4c:38:58:14:78:0a:1e:61:e8:2c:52:
62:2f:34:14:1d:9a:f2:cb:fe:a3:54:8e:a8:f3:b9:
b7:da:f9:91:35:35:43:2b:c5:4c:1c:e3:41:56:43:
f3:10:1c:b9:67:47:c3:89:ee:eb:7a:19:15:81:dc:
1c:6a:14:a8:0e:68:c0:a9:fe:75:50:e2:e0:6a:18:
15:2e:17:1d:8f:59:b5:e3:9a:ce:3b:a5:8f:68:b2:
10:cb:9f:60:67:5e:f8:58:ab:d7:dc:8a:cc:86:23:
34:ae:e3:af:84:c2:93:9a:06:51:92:ed:79:02:7d:
5e:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:D2:88:95:AA:8C:52:6A:36:EE:05:D6:B5:EB:3D:99:72:3E:7A:95
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0dKIlaqMUmo27gXWtes9mXI-epU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/24
109.122.195.0/24
109.122.197.0/24
109.122.222.0/24
Signature Algorithm: sha256WithRSAEncryption
35:ac:5f:6c:26:60:13:12:69:a9:c1:cc:5a:52:2d:e5:c2:c9:
af:96:01:09:02:04:37:13:e9:93:ef:d4:3e:fc:ab:f5:61:94:
b5:8a:c8:d8:05:fd:b5:ae:23:b9:67:f1:e0:1f:b8:6a:7b:4e:
1f:c3:5c:bf:1f:25:c5:b3:48:cc:4a:99:0a:9c:01:e7:6c:8a:
a2:73:cc:e3:88:3e:f4:d3:b5:1b:42:ee:6f:61:78:70:05:39:
09:44:7e:d6:4d:af:b8:2e:24:e9:78:4d:6b:dc:dc:a6:c0:87:
f7:84:07:4d:c7:64:e9:38:de:ee:0f:54:8f:c5:ac:e4:94:38:
f0:64:b9:4d:82:0a:68:2a:52:d8:19:59:2b:de:05:6f:2a:49:
cf:56:4d:08:51:0b:34:36:cd:7d:28:9f:96:56:50:07:4d:57:
fc:c8:57:e4:ed:72:97:25:e3:b9:1e:e0:60:9c:98:6c:21:e3:
08:cd:57:f4:db:fa:58:fb:54:22:45:04:b2:a4:d3:4d:37:e6:
7a:d5:41:13:a3:8b:0b:55:6c:d5:1e:78:ea:ad:f5:c7:16:b5:
b5:5f:8a:80:65:a2:f1:3a:3e:41:55:9d:be:90:57:92:73:c2:
81:dd:96:d1:95:f5:b9:cc:f8:9b:69:f2:84:69:58:b4:4c:05:
45:e4:cc:bb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYuIZwp1HyAqEVx4YeH3D5XHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMTAxMDEwMjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWQyODg5NWFhOGM1MjZhMzZlZTA1ZDZiNWViM2Q5OTcyM2U3YTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJ2mZXffpAkr32HMOoulm/RF5Aph
iJrqqLf4Akt76uVL6MoDS0nzL9zhyIR7S5T98wpl6Tp53hsOV3j0e9nJbJGLpAkN
FIS/oiPKchfS/E1EcCHihB4t+5CkfmmG1E1Y7n8q8hOfUJWO2WgklaLMACxnOhRU
L9Bcn4dofkhzLJrQC8p1e8Lwp1PfTDhYFHgKHmHoLFJiLzQUHZryy/6jVI6o87m3
2vmRNTVDK8VMHONBVkPzEBy5Z0fDie7rehkVgdwcahSoDmjAqf51UOLgahgVLhcd
j1m145rOO6WPaLIQy59gZ174WKvX3IrMhiM0ruOvhMKTmgZRku15An1ebwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNHSiJWqjFJqNu4F1rXrPZlyPnqVMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMGRLSWxhcU1VbW8yN2dYV3RlczltWEktZXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbXrAAwQA
bXrDAwQAbXrFAwQAbXreMA0GCSqGSIb3DQEBCwUAA4IBAQA1rF9sJmATEmmpwcxa
Ui3lwsmvlgEJAgQ3E+mT79Q+/Kv1YZS1isjYBf21riO5Z/HgH7hqe04fw1y/HyXF
s0jMSpkKnAHnbIqic8zjiD7007UbQu5vYXhwBTkJRH7WTa+4LiTpeE1r3NymwIf3
hAdNx2TpON7uD1SPxazklDjwZLlNggpoKlLYGVkr3gVvKknPVk0IUQs0Ns19KJ+W
VlAHTVf8yFfk7XKXJeO5HuBgnJhsIeMIzVf02/pY+1QiRQSypNNNN+Z61UETo4sL
VWzVHnjqrfXHFrW1X4qAZaLxOj5BVZ2+kFeSc8KB3ZbRlfW5zPibafKEaVi0TAVF
5My7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org