Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/16Z_V3sxRfMLbCnopGU3C7MTBT0.roa
File: 16Z_V3sxRfMLbCnopGU3C7MTBT0.roa (raw, json)
Hash identifier: e+T/XOP2istaHW98jJLk9pkrW2Mpt46UBBIXbBVEl8I=
Subject key identifier: D7:A6:7F:57:7B:31:45:F3:0B:6C:29:E8:A4:65:37:0B:B3:13:05:3D
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018CC501411CD59DF546AFA7D3142FA1C775
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/16Z_V3sxRfMLbCnopGU3C7MTBT0.roa
Signing time: Mon 01 Jan 2024 12:30:42 +0000
ROA not before: Mon 01 Jan 2024 12:30:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 32613
IP address blocks: 109.122.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:41:1c:d5:9d:f5:46:af:a7:d3:14:2f:a1:c7:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 1 12:30:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d7a67f577b3145f30b6c29e8a465370bb313053d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:cc:ea:0e:10:bc:cb:17:4c:b2:97:9d:4d:40:
f2:ef:a4:81:c4:39:32:bc:12:2e:4a:00:2c:ca:19:
c9:d4:e1:5f:97:ab:a4:d2:32:b9:1c:61:c7:89:5d:
82:6c:8e:42:50:d2:1b:ac:d7:fc:bb:df:cb:94:d0:
2f:70:9d:ac:83:28:e3:da:18:f4:a2:53:c6:fe:0b:
34:03:3f:ee:09:22:be:a5:85:06:02:1c:01:9c:97:
93:95:60:aa:0f:33:a5:ba:7b:79:ec:4e:ad:5f:b9:
45:90:b1:65:16:a7:45:08:af:a1:9b:cb:01:af:8a:
2c:7d:11:05:69:e8:53:64:6d:82:51:45:bd:d7:28:
d1:a5:73:59:2c:3b:61:02:ad:82:19:2c:56:b8:b0:
36:da:c5:f0:c4:0f:cd:a9:cc:b2:c5:89:27:3a:81:
f7:d5:b5:00:d1:fa:32:68:32:83:3d:00:54:10:d5:
a3:9a:3d:5a:f5:aa:00:b2:ac:4b:85:8a:f4:2e:59:
d9:af:2f:2b:89:0f:76:4f:ce:c2:11:10:85:e1:2c:
54:3d:71:bf:72:9d:4b:38:da:ab:80:98:7b:36:a8:
7c:08:72:43:a8:d9:ab:c5:b5:92:28:2a:c8:8f:42:
55:18:c4:7a:12:7f:74:72:67:88:4c:b7:c4:3a:db:
a8:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:A6:7F:57:7B:31:45:F3:0B:6C:29:E8:A4:65:37:0B:B3:13:05:3D
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/16Z_V3sxRfMLbCnopGU3C7MTBT0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.194.0/24
Signature Algorithm: sha256WithRSAEncryption
38:c5:9c:96:20:5e:01:ba:74:3f:17:70:e6:f4:89:1a:73:ab:
b0:92:35:8a:28:31:74:ff:9d:7c:d5:41:2d:92:a0:23:b4:39:
e1:8a:c7:10:40:4f:44:83:19:85:58:52:d8:c8:0f:3b:73:8c:
20:f0:79:f7:ed:c0:41:6c:dc:c3:58:22:1d:50:ce:b4:98:55:
3a:bd:2f:b7:77:14:2c:d7:88:ff:a4:01:c7:d0:5a:4b:ce:07:
5b:7d:87:c1:d6:23:c4:6d:49:ff:b0:f9:c8:4e:2c:9d:70:47:
82:83:22:9b:00:fc:1c:12:b3:7a:6f:7b:22:77:ff:20:77:45:
f8:49:a9:96:d9:a0:ce:a2:c1:d7:d4:e6:49:59:1b:dd:1c:af:
9e:55:c8:80:1b:c2:fe:16:cc:07:d5:0a:c3:87:c8:75:18:c0:
1a:a8:eb:46:16:75:ca:6e:63:75:c8:f0:09:48:b6:cb:9c:39:
fe:b8:c5:3d:1a:69:79:1c:ef:d5:bb:04:56:26:1e:62:e8:fe:
5a:41:b8:6e:ce:42:b9:06:22:94:87:3e:62:9a:56:be:0e:8b:
f7:2e:db:cb:ff:18:de:86:7d:8c:5f:83:af:7b:b7:e3:10:43:
96:6d:cb:a6:6b:7e:fe:de:c3:6e:6b:38:70:50:91:2c:3a:66:
7f:04:7f:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUEc1Z31Rq+n0xQvocd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2E2N2Y1NzdiMzE0NWYzMGI2YzI5ZThhNDY1MzcwYmIzMTMwNTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8zqDhC8yxdMspedTUDy76SBxDky
vBIuSgAsyhnJ1OFfl6uk0jK5HGHHiV2CbI5CUNIbrNf8u9/LlNAvcJ2sgyjj2hj0
olPG/gs0Az/uCSK+pYUGAhwBnJeTlWCqDzOlunt57E6tX7lFkLFlFqdFCK+hm8sB
r4osfREFaehTZG2CUUW91yjRpXNZLDthAq2CGSxWuLA22sXwxA/NqcyyxYknOoH3
1bUA0foyaDKDPQBUENWjmj1a9aoAsqxLhYr0LlnZry8riQ92T87CERCF4SxUPXG/
cp1LONqrgJh7Nqh8CHJDqNmrxbWSKCrIj0JVGMR6En90cmeITLfEOtuoOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNemf1d7MUXzC2wp6KRlNwuzEwU9MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMTZaX1Yzc3hSZk1MYkNub3BHVTNDN01UQlQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrCMA0G
CSqGSIb3DQEBCwUAA4IBAQA4xZyWIF4BunQ/F3Dm9Ikac6uwkjWKKDF0/5181UEt
kqAjtDnhiscQQE9EgxmFWFLYyA87c4wg8Hn37cBBbNzDWCIdUM60mFU6vS+3dxQs
14j/pAHH0FpLzgdbfYfB1iPEbUn/sPnITiydcEeCgyKbAPwcErN6b3sid/8gd0X4
SamW2aDOosHX1OZJWRvdHK+eVciAG8L+FswH1QrDh8h1GMAaqOtGFnXKbmN1yPAJ
SLbLnDn+uMU9Gml5HO/VuwRWJh5i6P5aQbhuzkK5BiKUhz5imla+Dov3LtvL/xje
hn2MX4Ove7fjEEOWbcuma37+3sNuazhwUJEsOmZ/BH+9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org