Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5KBIzd4qzGJjjfecASKRS0fx0ik.roa
File: 5KBIzd4qzGJjjfecASKRS0fx0ik.roa (raw, json)
Hash identifier: H0l5wyei8ATXXsSxMsHb00lMc39az5MQoutF8y1xtHU=
Subject key identifier: E4:A0:48:CD:DE:2A:CC:62:63:8D:F7:9C:01:22:91:4B:47:F1:D2:29
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018D0A11E22CF937F755E84C5D82D4157F19
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5KBIzd4qzGJjjfecASKRS0fx0ik.roa
Signing time: Sun 14 Jan 2024 22:22:40 +0000
ROA not before: Sun 14 Jan 2024 22:22:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49872
IP address blocks: 109.122.195.0/24 maxlen: 24
109.122.212.0/24 maxlen: 24
109.122.211.0/24 maxlen: 24
109.122.216.0/24 maxlen: 24
109.122.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:0a:11:e2:2c:f9:37:f7:55:e8:4c:5d:82:d4:15:7f:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 14 22:22:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e4a048cdde2acc62638df79c0122914b47f1d229
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:1c:53:8f:e2:96:17:9b:e0:14:5e:fa:c9:bf:
eb:12:50:da:54:b9:69:7b:ec:8f:bc:2d:99:79:db:
e1:e0:99:ea:ba:1c:c9:10:9f:0a:5c:a2:19:a5:68:
b6:20:ed:30:8c:c4:79:d8:21:06:4e:ef:5d:eb:92:
6a:3c:80:21:17:94:90:a7:9a:14:6e:b9:2a:db:d9:
94:f8:af:74:ee:2c:47:24:40:4c:e5:56:e0:9b:3e:
ac:0e:41:e8:e5:53:05:76:30:41:19:76:0b:aa:d6:
9e:e8:d9:53:44:8c:de:3c:54:59:f0:54:d6:71:85:
9c:25:fb:bd:22:11:c3:6a:6b:4b:5d:f5:62:bb:7f:
04:6c:cc:a5:48:a8:22:7b:fd:f4:1f:59:87:97:22:
e4:df:ac:ed:4a:ca:4d:8c:77:16:5d:60:4c:63:1f:
db:31:77:7f:60:65:3d:83:47:ec:9b:ad:51:16:d7:
06:30:ca:18:40:65:2d:02:a9:28:bb:c5:9f:93:b0:
59:9b:bb:65:da:db:0f:c9:8d:90:9d:2b:8e:31:ac:
a3:6b:d7:0e:06:6e:3f:c5:7a:8a:ce:93:3c:af:5f:
01:ad:b8:72:44:be:a9:35:4b:53:8a:86:02:63:5c:
53:45:ac:22:f0:30:0e:c2:ca:89:63:fe:2d:f6:b4:
13:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:A0:48:CD:DE:2A:CC:62:63:8D:F7:9C:01:22:91:4B:47:F1:D2:29
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5KBIzd4qzGJjjfecASKRS0fx0ik.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.195.0/24
109.122.211.0-109.122.212.255
109.122.216.0/24
109.122.221.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:78:39:69:74:ce:4b:ec:2a:c5:5f:d2:01:33:81:02:8e:7b:
a5:a4:27:13:7e:40:f5:82:6d:4f:b3:5f:88:62:f3:f6:2d:03:
e0:75:9b:fa:17:b7:4e:0e:f9:39:79:e9:ff:00:3d:90:08:ec:
50:9f:a9:c1:71:73:13:80:4d:06:aa:92:17:f5:35:e9:77:28:
a6:ac:6a:f1:5c:d2:13:17:15:23:7d:c2:c3:b1:d2:da:45:ce:
fd:60:bf:b1:9f:12:0c:32:38:25:9d:16:eb:75:f1:87:df:58:
e7:76:8a:e2:84:79:98:87:fe:4b:40:6c:00:0d:5a:d8:a8:20:
48:98:86:4d:54:b7:a4:c9:eb:87:c3:2b:d4:ec:da:42:62:96:
91:8e:00:da:6c:21:1f:77:e4:3f:da:f2:e9:7e:83:03:64:d0:
f5:8b:13:b1:5d:1d:82:c6:22:fe:49:cc:4b:ca:36:c3:18:ab:
1f:7d:f1:8c:32:c9:61:a3:e2:44:10:43:87:44:ac:43:50:53:
e5:8e:fc:83:d8:d4:8a:99:ea:d8:0c:d0:78:3c:f7:d0:bd:63:
49:95:a3:fa:c3:86:ab:4a:af:99:7d:09:26:96:e0:7b:2b:67:
2c:c4:b4:48:07:6e:8b:e1:cc:00:c7:00:4e:45:23:6b:1c:28:
61:74:a0:d1
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY0KEeIs+Tf3VehMXYLUFX8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTE0MjIyMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGEwNDhjZGRlMmFjYzYyNjM4ZGY3OWMwMTIyOTE0YjQ3ZjFkMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBxTj+KWF5vgFF76yb/rElDaVLlp
e+yPvC2Zedvh4JnquhzJEJ8KXKIZpWi2IO0wjMR52CEGTu9d65JqPIAhF5SQp5oU
brkq29mU+K907ixHJEBM5Vbgmz6sDkHo5VMFdjBBGXYLqtae6NlTRIzePFRZ8FTW
cYWcJfu9IhHDamtLXfViu38EbMylSKgie/30H1mHlyLk36ztSspNjHcWXWBMYx/b
MXd/YGU9g0fsm61RFtcGMMoYQGUtAqkou8Wfk7BZm7tl2tsPyY2QnSuOMayja9cO
Bm4/xXqKzpM8r18BrbhyRL6pNUtTioYCY1xTRawi8DAOwsqJY/4t9rQTqwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOSgSM3eKsxiY433nAEikUtH8dIpMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvNUtCSXpkNHF6R0pqamZlY0FTS1JTMGZ4MGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAbXrDMAwD
BABtetMDBABtetQDBABtetgDBABtet0wDQYJKoZIhvcNAQELBQADggEBAI94OWl0
zkvsKsVf0gEzgQKOe6WkJxN+QPWCbU+zX4hi8/YtA+B1m/oXt04O+Tl56f8APZAI
7FCfqcFxcxOATQaqkhf1Nel3KKasavFc0hMXFSN9wsOx0tpFzv1gv7GfEgwyOCWd
Fut18YffWOd2iuKEeZiH/ktAbAANWtioIEiYhk1Ut6TJ64fDK9Ts2kJilpGOANps
IR935D/a8ul+gwNk0PWLE7FdHYLGIv5JzEvKNsMYqx998YwyyWGj4kQQQ4dErENQ
U+WO/IPY1IqZ6tgM0Hg899C9Y0mVo/rDhqtKr5l9CSaW4HsrZyzEtEgHbovhzADH
AE5FI2scKGF0oNE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org