Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0rX2cZJozHsr5t9XDyGvqwwhPHg.roa
File: 0rX2cZJozHsr5t9XDyGvqwwhPHg.roa (raw, json)
Hash identifier: vY7dzGhJx83c9MN4Or6XbOvs8f27XgeAy9wgp97WaLs=
Subject key identifier: D2:B5:F6:71:92:68:CC:7B:2B:E6:DF:57:0F:21:AF:AB:0C:21:3C:78
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018BD60E831761F18C04A80314015652E1AD
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0rX2cZJozHsr5t9XDyGvqwwhPHg.roa
Signing time: Thu 16 Nov 2023 02:55:57 +0000
ROA not before: Thu 16 Nov 2023 02:55:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212815
IP address blocks: 109.122.215.0/24 maxlen: 24
109.122.222.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d6:0e:83:17:61:f1:8c:04:a8:03:14:01:56:52:e1:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Nov 16 02:55:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d2b5f6719268cc7b2be6df570f21afab0c213c78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:42:13:41:6f:cb:2d:40:f8:43:de:5f:19:fb:
f2:f9:45:9b:4c:d6:16:f9:3a:7a:b5:51:bc:c9:6e:
a7:bd:72:ae:c7:fb:53:54:12:26:76:c9:21:4c:68:
21:1f:1a:e6:89:16:02:96:ac:ef:13:43:cf:56:5f:
e5:99:5a:95:d6:05:9e:0f:09:cf:44:8c:f8:5c:63:
3b:c1:bf:56:94:65:61:b4:dd:ea:3a:92:87:70:11:
a7:ba:62:2f:f8:5c:6e:d6:62:62:e7:6f:b6:ee:75:
60:88:b3:eb:46:a7:1d:ba:fb:cc:97:6b:11:ff:5e:
16:fb:e6:7a:ee:86:49:61:db:af:35:e4:66:64:be:
95:41:7d:76:58:23:0b:d1:8f:b2:62:b4:d5:b1:9e:
b6:35:e6:de:fc:6f:eb:06:0c:fd:56:dd:e4:87:3b:
20:4f:b6:53:12:36:b6:9a:e0:9f:51:2f:61:86:3d:
7c:91:b0:89:d6:a3:05:43:c1:a1:e6:f1:94:df:0b:
b4:1a:16:fe:55:a5:12:db:80:b0:54:cb:d3:02:9b:
cc:03:48:5e:bd:d5:9f:5d:a2:cc:df:ed:a5:f0:80:
57:f7:30:ef:c2:db:5a:ef:ef:ad:5a:bc:a1:a6:2b:
d6:c1:19:65:8e:d3:11:40:27:25:5f:90:76:ba:9d:
12:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:B5:F6:71:92:68:CC:7B:2B:E6:DF:57:0F:21:AF:AB:0C:21:3C:78
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0rX2cZJozHsr5t9XDyGvqwwhPHg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.215.0/24
109.122.222.0/24
Signature Algorithm: sha256WithRSAEncryption
61:d6:ba:02:23:f6:05:d5:9b:78:fb:c5:6a:80:28:46:cb:00:
e0:ac:66:96:2d:3f:c7:6e:b9:08:c0:b7:0b:75:00:ed:f5:cf:
ec:40:dc:3a:8e:28:4e:1a:11:b2:84:bc:c1:4f:67:6c:ec:7b:
88:e9:aa:38:2a:a5:dd:75:56:b7:fc:be:67:ec:05:de:75:4f:
49:f6:d4:73:8b:bf:98:6b:81:55:fa:87:4d:47:a9:80:f7:51:
05:a8:4c:4b:01:e6:45:77:18:c4:6f:2a:86:5d:be:7a:49:87:
c2:1e:90:78:ed:95:11:17:73:1f:6b:1f:b5:92:d4:73:da:63:
d8:94:07:7e:68:c3:f3:1a:43:f0:90:2d:ae:cc:c8:94:30:c2:
f5:0e:10:0f:7b:05:c6:47:91:2b:68:3d:03:d5:6e:9b:46:db:
62:ef:38:b8:c7:6d:56:f8:44:06:28:88:41:2e:c7:d1:d3:14:
c3:89:f4:84:ad:0b:e3:90:f0:69:11:14:fc:72:c0:8c:4e:14:
57:74:82:41:ef:a3:88:0e:01:9b:44:cc:6c:b6:01:ed:84:18:
24:9c:9c:cb:2e:5c:4b:f6:bd:1d:f0:56:47:4e:11:28:b5:e7:
73:bd:ed:5f:49:a4:45:dd:cc:b0:b3:1a:c1:5d:0c:8c:b9:53:
0a:fa:81:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYvWDoMXYfGMBKgDFAFWUuGtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMTE2MDI1NTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmI1ZjY3MTkyNjhjYzdiMmJlNmRmNTcwZjIxYWZhYjBjMjEzYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEITQW/LLUD4Q95fGfvy+UWbTNYW
+Tp6tVG8yW6nvXKux/tTVBImdskhTGghHxrmiRYClqzvE0PPVl/lmVqV1gWeDwnP
RIz4XGM7wb9WlGVhtN3qOpKHcBGnumIv+Fxu1mJi52+27nVgiLPrRqcduvvMl2sR
/14W++Z67oZJYduvNeRmZL6VQX12WCML0Y+yYrTVsZ62Nebe/G/rBgz9Vt3khzsg
T7ZTEja2muCfUS9hhj18kbCJ1qMFQ8Gh5vGU3wu0Ghb+VaUS24CwVMvTApvMA0he
vdWfXaLM3+2l8IBX9zDvwtta7++tWryhpivWwRlljtMRQCclX5B2up0SPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNK19nGSaMx7K+bfVw8hr6sMITx4MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMHJYMmNaSm96SHNyNXQ5WER5R3Zxd3doUEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrXAwQA
bXreMA0GCSqGSIb3DQEBCwUAA4IBAQBh1roCI/YF1Zt4+8VqgChGywDgrGaWLT/H
brkIwLcLdQDt9c/sQNw6jihOGhGyhLzBT2ds7HuI6ao4KqXddVa3/L5n7AXedU9J
9tRzi7+Ya4FV+odNR6mA91EFqExLAeZFdxjEbyqGXb56SYfCHpB47ZURF3Mfax+1
ktRz2mPYlAd+aMPzGkPwkC2uzMiUMML1DhAPewXGR5EraD0D1W6bRtti7zi4x21W
+EQGKIhBLsfR0xTDifSErQvjkPBpERT8csCMThRXdIJB76OIDgGbRMxstgHthBgk
nJzLLlxL9r0d8FZHThEotedzve1fSaRF3cywsxrBXQyMuVMK+oFx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org