Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/3JVMkbJecDv_UOkNI4mFk25pnu0.roa
File: 3JVMkbJecDv_UOkNI4mFk25pnu0.roa (raw, json)
Hash identifier: cDOFp+qE72iqpYV7l+VOHgGp3Y9yu42O4vRyybD2fnE=
Subject key identifier: DC:95:4C:91:B2:5E:70:3B:FF:50:E9:0D:23:89:85:93:6E:69:9E:ED
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018D379732D24E15019AFD23B02D95E710FC
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/3JVMkbJecDv_UOkNI4mFk25pnu0.roa
Signing time: Tue 23 Jan 2024 18:31:12 +0000
ROA not before: Tue 23 Jan 2024 18:31:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48678
IP address blocks: 109.122.196.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:37:97:32:d2:4e:15:01:9a:fd:23:b0:2d:95:e7:10:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 23 18:31:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dc954c91b25e703bff50e90d238985936e699eed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:6f:3f:7b:a1:44:a2:66:9a:bc:c4:fc:b5:c7:
dc:01:3c:9b:f6:af:c5:c5:67:be:ff:c4:c6:2e:9e:
49:f6:0c:cc:f6:db:bc:1e:78:5f:c7:64:c4:a0:44:
2d:d2:dc:78:41:a9:84:25:af:88:8d:30:ac:a3:ac:
8d:83:f5:01:26:06:2e:67:7f:ba:8c:18:1c:9c:2e:
ea:db:f4:72:c0:34:3b:d4:8e:9f:a3:bc:c2:0f:65:
57:4d:1d:cf:76:b2:62:6c:d2:ed:8b:c8:d5:ae:e0:
af:f7:91:70:0c:d9:c4:df:f1:50:a1:3c:dc:21:a2:
8b:d2:1a:91:55:6d:d6:29:07:50:55:a5:b6:1c:40:
82:e5:58:64:71:00:92:4f:ee:eb:1a:a0:3f:bc:4d:
3f:65:c5:6b:f3:83:cd:18:0f:02:ee:6c:8d:c0:f3:
89:62:fc:92:d1:b9:b5:06:c4:77:3e:49:1c:f8:cd:
15:80:d0:c4:9f:b8:c7:fb:12:6f:33:e3:49:e8:51:
41:ce:53:7d:f4:10:1b:28:a4:c6:7e:84:a2:09:33:
3e:b0:cf:62:a7:e8:59:f3:10:41:e0:45:63:d2:c9:
d4:7d:cb:59:b8:3a:a0:0f:cb:42:6c:37:48:42:a3:
63:87:11:e3:e6:89:33:be:79:dc:c4:1a:35:83:04:
b3:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:95:4C:91:B2:5E:70:3B:FF:50:E9:0D:23:89:85:93:6E:69:9E:ED
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/3JVMkbJecDv_UOkNI4mFk25pnu0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.196.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:eb:7f:0e:f7:4b:75:01:7f:62:f4:69:1a:4b:90:c7:6d:2e:
69:b9:bf:0a:76:14:e8:1e:b3:5e:29:4b:af:f8:7e:fc:ef:c1:
75:9c:2c:05:4e:d4:a1:90:99:9c:58:4d:5b:a7:97:89:bb:9f:
d5:7c:fc:31:5e:58:24:12:45:d7:45:bb:3d:2c:cd:c0:d9:1c:
63:16:71:0a:ff:ef:7b:a1:ee:0e:60:3c:05:2d:c1:cb:ae:ed:
8a:62:3b:7c:80:3f:4a:f9:49:4c:d7:fb:e5:c8:39:1c:09:42:
4a:58:0d:f0:76:38:5b:6d:12:57:20:f3:92:fd:d1:bc:f7:9c:
57:f7:43:cc:e3:cc:f1:95:d0:3c:35:a9:11:e3:c4:51:8d:f1:
d9:0a:0c:b4:da:12:4b:5f:26:a8:65:88:ec:12:19:31:03:22:
38:8e:cc:40:c0:69:7a:33:c3:79:cb:69:7b:be:85:a7:64:0e:
3c:7d:2d:b7:66:df:b8:c5:3f:ec:83:a6:b5:73:cb:4d:2e:2f:
bb:59:a1:4e:36:0f:00:fe:10:d3:62:94:d1:d7:e2:9e:65:bf:
05:a0:c1:33:bf:90:42:76:12:68:4a:4b:00:9e:89:24:71:22:
f4:0b:5f:7a:3f:ce:a8:78:07:13:d5:d0:8b:7d:43:78:6e:3c:
d2:93:fc:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY03lzLSThUBmv0jsC2V5xD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTIzMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzk1NGM5MWIyNWU3MDNiZmY1MGU5MGQyMzg5ODU5MzZlNjk5ZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjG8/e6FEomaavMT8tcfcATyb9q/F
xWe+/8TGLp5J9gzM9tu8Hnhfx2TEoEQt0tx4QamEJa+IjTCso6yNg/UBJgYuZ3+6
jBgcnC7q2/RywDQ71I6fo7zCD2VXTR3PdrJibNLti8jVruCv95FwDNnE3/FQoTzc
IaKL0hqRVW3WKQdQVaW2HECC5VhkcQCST+7rGqA/vE0/ZcVr84PNGA8C7myNwPOJ
YvyS0bm1BsR3Pkkc+M0VgNDEn7jH+xJvM+NJ6FFBzlN99BAbKKTGfoSiCTM+sM9i
p+hZ8xBB4EVj0snUfctZuDqgD8tCbDdIQqNjhxHj5okzvnncxBo1gwSz6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyVTJGyXnA7/1DpDSOJhZNuaZ7tMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvM0pWTWtiSmVjRHZfVU9rTkk0bUZrMjVwbnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQAb638O90t1AX9i9GkaS5DHbS5pub8KdhToHrNeKUuv
+H7878F1nCwFTtShkJmcWE1bp5eJu5/VfPwxXlgkEkXXRbs9LM3A2RxjFnEK/+97
oe4OYDwFLcHLru2KYjt8gD9K+UlM1/vlyDkcCUJKWA3wdjhbbRJXIPOS/dG895xX
90PM48zxldA8NakR48RRjfHZCgy02hJLXyaoZYjsEhkxAyI4jsxAwGl6M8N5y2l7
voWnZA48fS23Zt+4xT/sg6a1c8tNLi+7WaFONg8A/hDTYpTR1+KeZb8FoMEzv5BC
dhJoSksAnokkcSL0C196P86oeAcT1dCLfUN4bjzSk/xt
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:08:47 2025 by rpki-client