Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/4iyH57CrA49py-R-mUMk5JWJlj4.roa
File: 4iyH57CrA49py-R-mUMk5JWJlj4.roa (raw, json)
Hash identifier: PWUmXnGu9a8Argv2ISuWAwZWCrR6RRGUW/KQmFgRzrk=
Subject key identifier: E2:2C:87:E7:B0:AB:03:8F:69:CB:E4:7E:99:43:24:E4:95:89:96:3E
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C91F717F17254B693F20EEC2C2D8E10ED
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/4iyH57CrA49py-R-mUMk5JWJlj4.roa
Signing time: Fri 22 Dec 2023 14:38:58 +0000
ROA not before: Fri 22 Dec 2023 14:38:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60117
IP address blocks: 109.122.203.0/24 maxlen: 24
109.122.211.0/24 maxlen: 24
109.122.212.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:91:f7:17:f1:72:54:b6:93:f2:0e:ec:2c:2d:8e:10:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 22 14:38:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e22c87e7b0ab038f69cbe47e994324e49589963e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:4a:38:27:ff:ed:3f:62:b3:d8:cd:fb:e7:51:
4e:4e:54:0a:14:42:cc:5d:e4:55:90:dc:81:b9:67:
30:dc:af:e2:38:d8:e4:c5:21:ba:34:f1:82:88:32:
71:31:68:4a:f0:92:85:73:03:bf:46:e8:88:35:c3:
01:a3:ca:54:52:6d:8b:47:73:8a:ac:e5:7b:94:6a:
4c:32:73:1f:15:f6:3f:c4:e7:6d:0e:ca:65:5e:d9:
ea:88:90:f6:1b:b4:a2:17:bc:6e:3e:ff:05:08:d8:
a6:ab:6b:c7:e5:5d:29:d1:8c:99:42:02:93:9c:1a:
1b:a7:d5:37:f0:a7:c6:fb:bf:1c:78:7d:d4:ff:36:
0e:e1:29:1a:58:bb:8a:85:ae:18:45:0c:12:60:e7:
b4:c1:e9:12:a3:72:17:19:10:55:fe:ad:64:58:9b:
08:8e:f6:fc:49:b9:e4:03:ba:ef:e8:44:67:3f:da:
4e:2d:a4:47:56:80:90:2b:dc:85:53:dc:fd:0d:6b:
02:7a:69:e9:e5:8b:1f:87:d4:77:d9:ea:6b:08:e0:
a8:02:5e:bc:18:ce:63:f4:23:0b:bb:18:c1:96:d3:
da:cb:e7:53:33:3a:22:9e:69:88:fb:63:6a:37:8d:
a9:3a:54:14:ad:f3:44:0f:78:aa:be:51:c7:93:32:
5e:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:2C:87:E7:B0:AB:03:8F:69:CB:E4:7E:99:43:24:E4:95:89:96:3E
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/4iyH57CrA49py-R-mUMk5JWJlj4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.203.0/24
109.122.211.0-109.122.212.255
Signature Algorithm: sha256WithRSAEncryption
83:c7:e8:12:c1:00:38:6b:57:4b:36:ed:e4:56:08:9f:e4:fa:
11:21:87:93:06:b8:3d:9a:69:f0:05:a9:77:56:9b:41:a5:74:
22:3e:cd:39:df:95:54:a2:09:17:27:27:c5:7c:00:89:0d:01:
47:d5:c3:67:39:e3:89:f0:17:39:29:df:72:c0:8a:d8:8f:ae:
3b:85:5f:ec:35:e7:a1:e3:94:2b:ac:e8:30:d0:9e:08:75:9d:
ee:f1:5f:86:04:82:3e:c7:a6:db:6c:2d:6f:c2:16:84:18:51:
2f:3e:8a:0d:35:6b:d0:9b:76:d0:ea:7d:6f:bc:32:7f:ae:64:
c4:7b:74:8e:9d:bc:75:2b:98:e2:34:6a:29:29:3b:77:cd:0e:
aa:0a:d5:41:63:fd:d7:1c:53:2d:86:bf:f5:5a:38:72:cb:c0:
9d:aa:6e:da:9a:79:b2:9e:ac:99:96:72:8d:13:63:1c:18:39:
71:59:79:6a:97:ae:f1:2b:dd:44:02:8f:1c:65:9e:21:67:72:
a4:ef:58:ba:24:22:d6:05:73:88:18:25:2d:e9:14:aa:2c:d3:
40:99:5a:0b:69:62:8b:4d:e7:0c:c1:88:df:d0:eb:04:42:8b:
e2:8d:2c:db:ea:7e:fa:59:41:12:66:d9:d2:9f:55:fa:a1:52:
15:34:50:67
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYyR9xfxclS2k/IO7CwtjhDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJjODdlN2IwYWIwMzhmNjljYmU0N2U5OTQzMjRlNDk1ODk5NjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkko4J//tP2Kz2M3751FOTlQKFELM
XeRVkNyBuWcw3K/iONjkxSG6NPGCiDJxMWhK8JKFcwO/RuiINcMBo8pUUm2LR3OK
rOV7lGpMMnMfFfY/xOdtDsplXtnqiJD2G7SiF7xuPv8FCNimq2vH5V0p0YyZQgKT
nBobp9U38KfG+78ceH3U/zYO4SkaWLuKha4YRQwSYOe0wekSo3IXGRBV/q1kWJsI
jvb8SbnkA7rv6ERnP9pOLaRHVoCQK9yFU9z9DWsCemnp5Ysfh9R32eprCOCoAl68
GM5j9CMLuxjBltPay+dTMzoinmmI+2NqN42pOlQUrfNED3iqvlHHkzJecwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOIsh+ewqwOPacvkfplDJOSViZY+MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvNGl5SDU3Q3JBNDlweS1SLW1VTWs1SldKbGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAbXrLMAwD
BABtetMDBABtetQwDQYJKoZIhvcNAQELBQADggEBAIPH6BLBADhrV0s27eRWCJ/k
+hEhh5MGuD2aafAFqXdWm0GldCI+zTnflVSiCRcnJ8V8AIkNAUfVw2c544nwFzkp
33LAitiPrjuFX+w156HjlCus6DDQngh1ne7xX4YEgj7HpttsLW/CFoQYUS8+ig01
a9CbdtDqfW+8Mn+uZMR7dI6dvHUrmOI0aikpO3fNDqoK1UFj/dccUy2Gv/VaOHLL
wJ2qbtqaebKerJmWco0TYxwYOXFZeWqXrvEr3UQCjxxlniFncqTvWLokItYFc4gY
JS3pFKos00CZWgtpYotN5wzBiN/Q6wRCi+KNLNvqfvpZQRJm2dKfVfqhUhU0UGc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org