Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0v6tChbC_xUtQfc6DO5kYQs9010.roa
File: 0v6tChbC_xUtQfc6DO5kYQs9010.roa (raw, json)
Hash identifier: B3mnETzhy/VRvaUOGVMdWDvG5O7fR34yMJPPIvxNhvs=
Subject key identifier: D2:FE:AD:0A:16:C2:FF:15:2D:41:F7:3A:0C:EE:64:61:0B:3D:D3:5D
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187A865E8AF12F7F0273539241D9CE81995
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0v6tChbC_xUtQfc6DO5kYQs9010.roa
Signing time: Sat 22 Apr 2023 09:57:43 +0000
ROA not before: Sat 22 Apr 2023 09:57:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 132335
IP address blocks: 109.122.200.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a8:65:e8:af:12:f7:f0:27:35:39:24:1d:9c:e8:19:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 22 09:57:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d2fead0a16c2ff152d41f73a0cee64610b3dd35d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:bd:41:b9:ae:20:82:e8:8c:c1:bc:39:32:19:
1c:0d:27:96:7c:9e:e8:5f:44:5b:e6:07:43:37:35:
ea:0d:4f:ca:c7:ff:76:00:f2:51:1c:fe:38:7a:cf:
7e:e0:1d:55:d6:ed:5b:84:16:36:dc:fa:ff:4b:ed:
fc:88:fd:48:54:27:c5:66:b2:68:ef:1e:3b:88:92:
c6:d5:d4:ec:8c:78:65:96:40:9f:0c:9e:97:bb:94:
46:b9:be:34:dc:da:72:69:5b:b2:f5:c7:78:d4:83:
be:a4:77:de:d3:ac:fa:32:15:0c:e2:1e:2e:3f:b2:
1b:3f:61:f1:19:49:c5:38:6b:f5:00:60:07:dc:dc:
fc:d0:af:d4:b6:59:6f:e6:62:44:f4:78:b8:b1:9a:
45:aa:ca:0c:8c:15:93:fb:a8:00:0d:be:b8:a8:b5:
0d:5c:f4:20:20:19:92:10:36:3c:59:5e:5b:3f:2c:
90:41:a2:40:f4:9d:2c:18:26:5c:8c:f8:80:d3:05:
7f:4e:36:0c:dd:a3:56:43:6f:45:26:ce:e6:b0:b5:
9e:f4:07:0a:ba:7e:94:fa:20:3b:c0:08:9e:af:90:
d5:ce:c9:bf:2c:db:3e:ff:5b:45:cf:69:93:b7:25:
0a:0c:19:20:7a:ac:c4:3b:bc:5e:e3:35:fe:f4:6d:
80:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:FE:AD:0A:16:C2:FF:15:2D:41:F7:3A:0C:EE:64:61:0B:3D:D3:5D
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/0v6tChbC_xUtQfc6DO5kYQs9010.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.200.0/24
Signature Algorithm: sha256WithRSAEncryption
53:b2:e0:24:0d:bc:b5:58:e4:a5:a5:b1:70:e7:d1:66:92:42:
c2:1a:39:73:23:22:80:c8:af:96:46:f8:90:97:b7:4d:90:d4:
e7:d2:3c:1f:d4:0a:a0:d2:ac:8e:94:b4:23:ac:c3:9a:ba:b1:
cf:cc:54:b4:8a:65:78:96:5e:a6:1a:d8:a7:6a:ae:e9:07:59:
88:47:0d:a0:bb:9f:24:02:06:b0:18:21:63:2c:32:5f:36:5c:
a9:d3:c3:7c:d1:ae:bd:b6:0d:59:15:8c:0b:d8:70:40:86:7b:
2d:15:9b:ed:84:15:5a:42:e9:46:49:8a:ac:ac:7a:cf:f9:24:
6a:7d:86:03:c8:f5:d6:53:fe:a7:b4:ac:95:bc:4c:40:11:fa:
d9:19:0c:74:d8:f3:9a:bc:c2:ed:e2:83:2c:36:53:fd:21:cb:
84:02:87:be:6b:05:6d:d3:aa:79:5b:db:0a:b3:5e:d0:43:c4:
df:a7:06:e9:ca:44:33:ad:cd:e1:42:51:ee:d2:05:f1:75:7b:
a0:91:26:5f:7a:83:cb:8a:71:e9:e1:0f:2b:d9:3f:00:9f:04:
ec:1b:96:20:ab:f1:61:97:61:28:bb:96:a4:53:89:2b:f0:98:
79:f6:8e:41:c9:4d:52:54:ae:b4:f7:20:a3:a9:c7:54:5d:49:
d4:fe:3e:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZeivEvfwJzU5JB2c6BmVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZlYWQwYTE2YzJmZjE1MmQ0MWY3M2EwY2VlNjQ2MTBiM2RkMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvL1Bua4gguiMwbw5MhkcDSeWfJ7o
X0Rb5gdDNzXqDU/Kx/92APJRHP44es9+4B1V1u1bhBY23Pr/S+38iP1IVCfFZrJo
7x47iJLG1dTsjHhllkCfDJ6Xu5RGub403NpyaVuy9cd41IO+pHfe06z6MhUM4h4u
P7IbP2HxGUnFOGv1AGAH3Nz80K/Utllv5mJE9Hi4sZpFqsoMjBWT+6gADb64qLUN
XPQgIBmSEDY8WV5bPyyQQaJA9J0sGCZcjPiA0wV/TjYM3aNWQ29FJs7msLWe9AcK
un6U+iA7wAier5DVzsm/LNs+/1tFz2mTtyUKDBkgeqzEO7xe4zX+9G2A7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNL+rQoWwv8VLUH3OgzuZGELPdNdMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMHY2dENoYkNfeFV0UWZjNkRPNWtZUXM5MDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrIMA0G
CSqGSIb3DQEBCwUAA4IBAQBTsuAkDby1WOSlpbFw59FmkkLCGjlzIyKAyK+WRviQ
l7dNkNTn0jwf1Aqg0qyOlLQjrMOaurHPzFS0imV4ll6mGtinaq7pB1mIRw2gu58k
AgawGCFjLDJfNlyp08N80a69tg1ZFYwL2HBAhnstFZvthBVaQulGSYqsrHrP+SRq
fYYDyPXWU/6ntKyVvExAEfrZGQx02POavMLt4oMsNlP9IcuEAoe+awVt06p5W9sK
s17QQ8TfpwbpykQzrc3hQlHu0gXxdXugkSZfeoPLinHp4Q8r2T8AnwTsG5Ygq/Fh
l2Eou5akU4kr8Jh59o5ByU1SVK609yCjqcdUXUnU/j6E
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org