Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/3xuXrekZT6BurC5iQ-YmNJZoEeU.roa
File: 3xuXrekZT6BurC5iQ-YmNJZoEeU.roa (raw, json)
Hash identifier: l79PTuKsePgpl3EIcmvH1y4LaJqvXKzfO2qTfEHtjoo=
Subject key identifier: DF:1B:97:AD:E9:19:4F:A0:6E:AC:2E:62:43:E6:26:34:96:68:11:E5
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018CC50141B96EFC5FF12E8CC99526FE28E6
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/3xuXrekZT6BurC5iQ-YmNJZoEeU.roa
Signing time: Mon 01 Jan 2024 12:30:42 +0000
ROA not before: Mon 01 Jan 2024 12:30:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39368
IP address blocks: 109.122.199.0/24 maxlen: 24
109.122.209.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:41:b9:6e:fc:5f:f1:2e:8c:c9:95:26:fe:28:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 1 12:30:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=df1b97ade9194fa06eac2e6243e62634966811e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:59:ed:01:eb:8b:73:f2:ad:15:b4:3b:e1:5a:
89:7f:d6:04:1d:5f:6b:0c:22:1f:cc:bd:a6:93:2e:
27:98:1a:52:83:04:1a:c6:1f:95:58:df:88:fb:22:
c5:30:52:76:76:ac:03:91:75:cf:db:20:1c:61:14:
40:47:d1:4e:f1:25:05:7c:e8:29:19:40:1a:b3:a8:
63:38:4a:d1:33:96:af:3a:ac:f1:a7:90:1d:c3:5b:
4e:8d:2d:57:bf:33:02:a9:e8:e3:6a:4f:a6:a2:3c:
74:ba:ad:89:e7:8b:20:8c:99:c3:28:8a:f3:7c:7a:
a7:48:67:b5:ee:74:9e:04:27:72:68:38:73:ad:e2:
34:5a:ac:30:72:1c:ef:ae:fb:ce:db:fb:50:75:d2:
5b:6d:b1:c3:3a:0e:09:a2:a3:7e:c4:90:7d:b4:c6:
6c:95:80:0e:da:5c:1e:72:61:2e:2f:8b:e7:2c:cb:
35:49:7b:ea:be:fa:af:9f:5d:24:1a:53:c4:db:a6:
10:0f:a3:db:0e:c6:ac:8e:3f:70:a7:e9:5a:3e:d9:
d0:b5:c6:64:69:f1:84:3c:0a:b1:7a:4c:a4:f3:11:
a6:fb:b9:7e:d6:c9:35:10:d6:d8:11:9d:a0:3a:1c:
59:02:5f:c4:fc:2a:bc:5b:b1:62:d1:0f:8b:50:27:
6c:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:1B:97:AD:E9:19:4F:A0:6E:AC:2E:62:43:E6:26:34:96:68:11:E5
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/3xuXrekZT6BurC5iQ-YmNJZoEeU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.199.0/24
109.122.209.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:16:06:b3:8b:50:49:64:df:e6:91:1e:a3:12:ad:ee:0a:33:
95:1a:da:13:8e:af:c0:c0:eb:f5:fa:7a:ec:c3:17:a3:03:a0:
b1:62:59:85:94:6d:a8:33:86:22:d3:57:da:c2:ff:25:b7:bb:
bf:a4:55:8e:e2:6f:ae:5e:a7:a2:a1:65:76:ac:70:bd:b8:08:
22:6e:6d:5b:ef:99:3f:8e:61:e9:b8:8d:22:65:94:57:82:f5:
e9:5f:61:19:c4:0e:5e:12:a9:42:a2:0c:20:b9:e3:10:f9:68:
b9:2c:f8:de:bd:12:3a:1f:99:4a:4d:49:af:3b:77:97:b1:12:
da:6a:1a:1d:f0:71:10:c4:b8:d5:17:92:da:87:d6:8b:09:3d:
6d:4e:95:3e:66:a6:7a:30:24:1a:c3:22:c2:1d:27:1e:d6:77:
e5:88:71:bc:18:0c:2a:2c:1c:39:45:d3:a3:d2:e2:bc:36:5d:
31:74:1a:54:a0:59:0d:fa:0e:81:dc:47:b4:a6:e3:f3:cb:73:
66:81:f9:1d:49:6e:dc:e0:66:7e:7e:b7:b7:8a:ab:e9:ff:ce:
06:f6:13:33:7d:53:0d:1a:f7:62:9a:70:47:85:b9:10:52:23:
9f:12:b1:25:65:92:5a:62:3b:a9:98:38:8c:f5:6c:88:47:b8:
04:9e:fa:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAUG5bvxf8S6MyZUm/ijmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjFiOTdhZGU5MTk0ZmEwNmVhYzJlNjI0M2U2MjYzNDk2NjgxMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1ntAeuLc/KtFbQ74VqJf9YEHV9r
DCIfzL2mky4nmBpSgwQaxh+VWN+I+yLFMFJ2dqwDkXXP2yAcYRRAR9FO8SUFfOgp
GUAas6hjOErRM5avOqzxp5Adw1tOjS1XvzMCqejjak+mojx0uq2J54sgjJnDKIrz
fHqnSGe17nSeBCdyaDhzreI0WqwwchzvrvvO2/tQddJbbbHDOg4JoqN+xJB9tMZs
lYAO2lwecmEuL4vnLMs1SXvqvvqvn10kGlPE26YQD6PbDsasjj9wp+laPtnQtcZk
afGEPAqxekyk8xGm+7l+1sk1ENbYEZ2gOhxZAl/E/Cq8W7Fi0Q+LUCdsSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN8bl63pGU+gbqwuYkPmJjSWaBHlMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvM3h1WHJla1pUNkJ1ckM1aVEtWW1OSlpvRWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrHAwQA
bXrRMA0GCSqGSIb3DQEBCwUAA4IBAQAtFgazi1BJZN/mkR6jEq3uCjOVGtoTjq/A
wOv1+nrswxejA6CxYlmFlG2oM4Yi01fawv8lt7u/pFWO4m+uXqeioWV2rHC9uAgi
bm1b75k/jmHpuI0iZZRXgvXpX2EZxA5eEqlCogwgueMQ+Wi5LPjevRI6H5lKTUmv
O3eXsRLaahod8HEQxLjVF5Lah9aLCT1tTpU+ZqZ6MCQawyLCHSce1nfliHG8GAwq
LBw5RdOj0uK8Nl0xdBpUoFkN+g6B3Ee0puPzy3NmgfkdSW7c4GZ+fre3iqvp/84G
9hMzfVMNGvdimnBHhbkQUiOfErElZZJaYjupmDiM9WyIR7gEnvro
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org