Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/1m-rMOavHqAQ8YxXJLEF6ocMRxk.roa
File: 1m-rMOavHqAQ8YxXJLEF6ocMRxk.roa (raw, json)
Hash identifier: 4BVvkIfFozxBXWG1f4nqv45XbM5rLLmZvWiDYQDjFVc=
Subject key identifier: D6:6F:AB:30:E6:AF:1E:A0:10:F1:8C:57:24:B1:05:EA:87:0C:47:19
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B434C2D0D9942567F3A8109A355B47AC1
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/1m-rMOavHqAQ8YxXJLEF6ocMRxk.roa
Signing time: Wed 18 Oct 2023 14:59:07 +0000
ROA not before: Wed 18 Oct 2023 14:59:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60781
IP address blocks: 109.122.214.0/24 maxlen: 24
109.122.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:43:4c:2d:0d:99:42:56:7f:3a:81:09:a3:55:b4:7a:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Oct 18 14:59:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d66fab30e6af1ea010f18c5724b105ea870c4719
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:de:b8:2a:ce:c0:3f:6f:dd:d4:50:4f:79:91:
bc:8e:44:50:2c:78:56:e8:76:ae:a1:67:fc:c8:0b:
4e:c7:7b:6f:6b:54:ff:6e:43:f7:f0:d7:a4:ac:fa:
76:0f:8f:d5:43:3c:48:89:9a:29:c0:fa:8d:77:07:
4c:51:e1:7b:26:a8:91:c5:d7:5d:36:2b:30:96:65:
ca:74:b1:fc:f0:ae:8c:5f:71:dd:77:c8:e3:80:1f:
22:be:e7:1b:b9:fa:c7:dd:99:81:ce:2a:28:21:e9:
5c:68:45:11:ae:50:f4:e9:63:2e:d7:d0:63:ed:e3:
91:a7:17:03:03:9f:c1:02:0f:06:6b:cd:a4:46:8f:
f7:44:2d:c4:40:d2:f2:8f:b7:4a:7f:4b:a0:d6:e8:
be:df:89:a9:52:73:2a:75:fc:53:b3:3d:34:67:29:
63:7f:3d:34:fc:37:6c:76:39:6e:3f:ae:5c:b2:de:
c4:5b:74:8f:d0:61:ac:88:e1:73:38:49:4a:03:d4:
46:09:43:a2:fb:24:65:40:be:04:e1:eb:76:0e:1a:
0b:d5:32:2d:9f:ae:c2:77:47:42:80:38:1e:43:7e:
7e:8f:b6:96:db:0f:cc:3c:2b:8d:3b:7a:fd:b4:0d:
9f:59:18:34:a0:1a:b7:f9:88:2f:a2:54:47:f6:24:
48:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:6F:AB:30:E6:AF:1E:A0:10:F1:8C:57:24:B1:05:EA:87:0C:47:19
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/1m-rMOavHqAQ8YxXJLEF6ocMRxk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.214.0/24
109.122.223.0/24
Signature Algorithm: sha256WithRSAEncryption
40:e0:71:84:7d:10:26:83:bc:eb:68:fb:ca:77:03:cc:58:5a:
32:15:90:ae:a0:86:bd:11:da:04:47:95:a3:e0:46:77:48:f7:
81:f7:0b:7b:95:ae:b5:4a:15:57:26:53:38:6f:52:50:94:8d:
a2:0a:bf:ef:4f:a9:f4:66:d1:61:d4:15:43:7b:e8:33:21:58:
8d:3f:fe:27:da:6a:a8:51:f5:68:4e:cf:a7:9a:90:08:fa:e9:
e5:2b:51:98:0b:18:1a:3a:38:1a:fe:79:73:65:a2:64:4c:bb:
99:46:37:49:c5:03:2c:c1:92:49:ab:8b:2f:8f:06:8c:b9:17:
99:b0:96:22:99:9f:63:fb:5e:ff:2c:69:11:b0:95:47:e1:e4:
7f:42:cf:28:a9:2b:d4:f8:07:b5:16:d3:43:93:8b:73:37:2d:
e2:52:c4:ae:8c:a4:55:aa:6e:19:4b:ac:3f:60:33:88:38:49:
94:40:06:82:24:4f:dd:b9:d3:4e:26:6a:02:43:c4:58:d5:46:
0d:fd:89:98:bc:69:b7:58:0d:18:27:8d:40:15:4a:e2:97:cb:
cf:6a:8f:d1:eb:d8:93:92:f8:30:f6:6c:cd:e8:19:d4:db:fb:
3c:ff:19:6b:27:59:61:ea:11:cb:09:6c:f0:80:75:16:30:c5:
b3:5f:fe:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYtDTC0NmUJWfzqBCaNVtHrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMDE4MTQ1OTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjZmYWIzMGU2YWYxZWEwMTBmMThjNTcyNGIxMDVlYTg3MGM0NzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0d64Ks7AP2/d1FBPeZG8jkRQLHhW
6HauoWf8yAtOx3tva1T/bkP38NekrPp2D4/VQzxIiZopwPqNdwdMUeF7JqiRxddd
NiswlmXKdLH88K6MX3Hdd8jjgB8ivucbufrH3ZmBziooIelcaEURrlD06WMu19Bj
7eORpxcDA5/BAg8Ga82kRo/3RC3EQNLyj7dKf0ug1ui+34mpUnMqdfxTsz00Zylj
fz00/DdsdjluP65cst7EW3SP0GGsiOFzOElKA9RGCUOi+yRlQL4E4et2DhoL1TIt
n67Cd0dCgDgeQ35+j7aW2w/MPCuNO3r9tA2fWRg0oBq3+YgvolRH9iRIwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNZvqzDmrx6gEPGMVySxBeqHDEcZMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvMW0tck1PYXZIcUFROFl4WEpMRUY2b2NNUnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrWAwQA
bXrfMA0GCSqGSIb3DQEBCwUAA4IBAQBA4HGEfRAmg7zraPvKdwPMWFoyFZCuoIa9
EdoER5Wj4EZ3SPeB9wt7la61ShVXJlM4b1JQlI2iCr/vT6n0ZtFh1BVDe+gzIViN
P/4n2mqoUfVoTs+nmpAI+unlK1GYCxgaOjga/nlzZaJkTLuZRjdJxQMswZJJq4sv
jwaMuReZsJYimZ9j+17/LGkRsJVH4eR/Qs8oqSvU+Ae1FtNDk4tzNy3iUsSujKRV
qm4ZS6w/YDOIOEmUQAaCJE/dudNOJmoCQ8RY1UYN/YmYvGm3WA0YJ41AFUril8vP
ao/R69iTkvgw9mzN6BnU2/s8/xlrJ1lh6hHLCWzwgHUWMMWzX/6D
-----END CERTIFICATE-----
Generated at Fri Dec 15 07:25:53 2023 by rpki-client on console-fra.rpki-client.org