Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5Gp8PPMq8vHe0YUntoOwnsGtk8I.roa
File: 5Gp8PPMq8vHe0YUntoOwnsGtk8I.roa (raw, json)
Hash identifier: FAUPkpZwwpR5NADLjQZcEsgjBOs+OjfOK+66EBcTeAg=
Subject key identifier: E4:6A:7C:3C:F3:2A:F2:F1:DE:D1:85:27:B6:83:B0:9E:C1:AD:93:C2
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C91F71A2ED9FD1AE0E552A1784D5DD591
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5Gp8PPMq8vHe0YUntoOwnsGtk8I.roa
Signing time: Fri 22 Dec 2023 14:38:59 +0000
ROA not before: Fri 22 Dec 2023 14:38:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 399045
IP address blocks: 109.122.197.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:91:f7:1a:2e:d9:fd:1a:e0:e5:52:a1:78:4d:5d:d5:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 22 14:38:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e46a7c3cf32af2f1ded18527b683b09ec1ad93c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:a1:53:c8:51:54:c8:31:05:c1:71:31:3d:e8:
9c:1e:90:fb:54:79:de:ee:1d:d4:ef:61:06:9b:99:
b4:85:e6:97:42:1c:2d:05:ec:63:79:72:ce:16:75:
d2:a1:a1:c6:ae:f8:65:6c:f6:49:25:49:69:f6:e2:
53:ab:0c:bc:00:5b:69:bc:02:76:78:c4:b9:bc:cb:
f0:5a:96:f5:aa:41:e9:4d:c0:86:fd:7e:1e:48:f0:
f9:fe:88:20:cd:3b:ac:3b:c2:ed:35:3f:68:56:b5:
47:45:ee:06:8c:48:01:1b:42:93:39:e0:85:2b:57:
63:da:a0:8b:5d:f3:15:0c:88:b1:b7:9d:63:9d:e0:
f7:ec:e4:34:8c:b3:70:5a:4a:ee:95:a9:3b:c4:d3:
0a:5c:05:d2:03:73:1a:b8:e8:0d:db:30:f2:90:bf:
8e:36:9e:7a:e1:6c:b6:c6:c9:25:db:7a:de:fb:45:
50:16:3e:82:24:95:c9:1d:d1:9c:6a:87:50:ce:31:
b9:50:92:8d:e5:13:15:8c:c9:c4:7b:c1:2d:2d:95:
72:6c:91:9f:a7:e0:d2:e6:20:9e:1f:34:a5:f2:fd:
fe:1e:ea:c6:b7:81:a8:db:25:f3:d4:10:76:c1:75:
66:a0:f3:2f:ab:93:15:8c:1f:66:e0:a8:06:57:ae:
ce:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:6A:7C:3C:F3:2A:F2:F1:DE:D1:85:27:B6:83:B0:9E:C1:AD:93:C2
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5Gp8PPMq8vHe0YUntoOwnsGtk8I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.197.0/24
Signature Algorithm: sha256WithRSAEncryption
68:59:6d:47:61:a9:a4:47:dd:33:95:d2:bb:98:95:b0:a5:a3:
d4:60:8d:89:2c:6d:a7:76:c8:94:32:57:f9:ce:45:fc:2a:0b:
df:23:f6:83:e1:71:9d:94:04:e9:47:4b:93:b4:f5:e1:17:b7:
3a:20:81:0b:ac:e5:81:8c:bd:d7:80:3a:b1:62:f1:05:36:c8:
98:84:a0:e7:d1:7f:48:05:c8:98:6f:3f:de:ff:69:e0:15:50:
a3:26:37:f9:8d:e5:a4:9c:8d:05:4b:14:bd:75:05:a7:4a:97:
3d:45:bd:d7:86:a8:7f:61:9a:e1:43:f4:12:89:4f:84:51:b5:
c6:d3:a2:05:ea:75:85:4a:62:0b:a9:c3:57:14:ef:5a:1c:c4:
2d:21:a1:8c:45:64:3e:e8:b5:97:ef:99:0e:dd:31:25:05:98:
36:3a:72:28:a0:6d:37:41:6a:f3:f1:66:bf:4d:9e:03:98:1b:
2a:f5:3d:3a:c6:25:d9:5a:70:2d:88:cd:87:e5:92:a9:fe:d2:
63:ed:47:da:61:5f:28:8e:a1:ef:d4:91:9e:c5:0c:bf:38:1a:
f2:c1:c3:81:a4:ad:64:37:e2:d2:76:1b:1b:26:b0:03:2c:96:
7e:cc:89:57:05:34:78:74:cf:14:d7:df:eb:fa:83:f4:98:84:
42:29:dd:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyR9xou2f0a4OVSoXhNXdWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDZhN2MzY2YzMmFmMmYxZGVkMTg1MjdiNjgzYjA5ZWMxYWQ5M2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaFTyFFUyDEFwXExPeicHpD7VHne
7h3U72EGm5m0heaXQhwtBexjeXLOFnXSoaHGrvhlbPZJJUlp9uJTqwy8AFtpvAJ2
eMS5vMvwWpb1qkHpTcCG/X4eSPD5/oggzTusO8LtNT9oVrVHRe4GjEgBG0KTOeCF
K1dj2qCLXfMVDIixt51jneD37OQ0jLNwWkrulak7xNMKXAXSA3MauOgN2zDykL+O
Np564Wy2xskl23re+0VQFj6CJJXJHdGcaodQzjG5UJKN5RMVjMnEe8EtLZVybJGf
p+DS5iCeHzSl8v3+HurGt4Go2yXz1BB2wXVmoPMvq5MVjB9m4KgGV67OxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORqfDzzKvLx3tGFJ7aDsJ7BrZPCMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvNUdwOFBQTXE4dkhlMFlVbnRvT3duc0d0azhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrFMA0G
CSqGSIb3DQEBCwUAA4IBAQBoWW1HYamkR90zldK7mJWwpaPUYI2JLG2ndsiUMlf5
zkX8KgvfI/aD4XGdlATpR0uTtPXhF7c6IIELrOWBjL3XgDqxYvEFNsiYhKDn0X9I
BciYbz/e/2ngFVCjJjf5jeWknI0FSxS9dQWnSpc9Rb3Xhqh/YZrhQ/QSiU+EUbXG
06IF6nWFSmILqcNXFO9aHMQtIaGMRWQ+6LWX75kO3TElBZg2OnIooG03QWrz8Wa/
TZ4DmBsq9T06xiXZWnAtiM2H5ZKp/tJj7UfaYV8ojqHv1JGexQy/OBrywcOBpK1k
N+LSdhsbJrADLJZ+zIlXBTR4dM8U19/r+oP0mIRCKd2e
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:13 2025 by rpki-client