Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5obCahH23gCoitYt_jVZDl3EPZA.roa
File: 5obCahH23gCoitYt_jVZDl3EPZA.roa (raw, json)
Hash identifier: T3C3FcN5bwq47t+65RyF64mb3Gh3+bphQG+WbIaN3DQ=
Subject key identifier: E6:86:C2:6A:11:F6:DE:00:A8:8A:D6:2D:FE:35:59:0E:5D:C4:3D:90
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187A865EA9053F065001F13EEB61ED1EE93
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5obCahH23gCoitYt_jVZDl3EPZA.roa
Signing time: Sat 22 Apr 2023 09:57:44 +0000
ROA not before: Sat 22 Apr 2023 09:57:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200586
IP address blocks: 109.122.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a8:65:ea:90:53:f0:65:00:1f:13:ee:b6:1e:d1:ee:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 22 09:57:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e686c26a11f6de00a88ad62dfe35590e5dc43d90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:e2:61:ba:40:23:40:5a:2d:36:75:01:cf:fb:
64:9f:50:62:57:9b:50:97:0e:9b:86:6b:b7:d5:3c:
67:51:d8:db:ff:8a:eb:3f:9f:2c:45:ea:0c:3e:c8:
03:ef:20:39:30:56:ee:27:01:40:c0:3b:4c:a0:30:
ab:7f:94:71:ee:7f:9a:60:ef:ea:ff:23:32:86:81:
af:24:4f:8c:fb:c0:cd:5e:1f:42:ea:34:35:dc:54:
bd:72:12:1e:60:71:7a:fb:db:d0:52:55:11:4a:ff:
80:e5:fe:51:59:70:42:c6:be:21:3b:4c:5b:ef:1e:
ab:9d:ed:5d:00:39:31:24:43:b0:bc:8a:c3:7f:5e:
de:1e:63:7f:2a:3e:01:d3:13:3c:f1:cb:78:78:d4:
a5:b0:dc:d1:08:27:dc:28:d9:fc:5d:55:6d:fa:ea:
50:59:32:86:8e:10:df:8c:ad:16:77:40:da:b0:8f:
b8:b0:12:dd:f2:12:cf:2e:d2:4a:54:67:48:4d:5e:
85:b3:44:7d:d6:59:c2:d1:1d:26:24:0c:56:d3:59:
90:e0:7b:1e:83:6c:74:4d:8e:e9:b8:ba:af:1d:c6:
d4:29:92:01:9f:d4:c9:98:07:cd:83:b6:ef:9f:44:
99:b3:b6:63:22:8f:1f:83:d6:36:aa:23:95:3a:bc:
20:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:86:C2:6A:11:F6:DE:00:A8:8A:D6:2D:FE:35:59:0E:5D:C4:3D:90
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/5obCahH23gCoitYt_jVZDl3EPZA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.216.0/24
Signature Algorithm: sha256WithRSAEncryption
29:9a:c9:f0:7e:8e:5e:3f:16:61:c9:70:94:2e:e7:25:b5:86:
82:71:b8:df:9f:52:99:2b:26:46:b2:d5:f4:01:c5:bc:e5:4a:
f3:99:d7:b9:90:14:ce:f7:da:04:9b:73:76:4d:62:80:d1:44:
7d:f2:4d:22:b9:29:25:b6:6a:69:09:75:39:f9:bb:b9:a7:e6:
0b:fe:8b:97:cf:6a:ed:44:e3:f1:b6:3a:cf:1b:5f:f5:d5:36:
22:38:69:35:87:a9:ac:c0:95:87:7b:37:56:56:f9:58:e2:52:
43:b8:31:cd:6a:79:67:6e:99:c9:19:23:3f:de:bb:70:35:25:
b9:e5:fb:a4:2f:5c:e3:51:46:85:67:74:78:83:ae:dc:a1:7f:
0d:65:53:1a:af:1b:7f:72:83:1c:eb:16:9a:a8:c8:9f:77:8a:
a9:a1:58:1c:39:2f:12:93:cf:8e:43:b8:15:df:91:63:33:87:
7b:cc:ef:7a:ae:2d:87:d1:ae:6f:01:f0:43:49:03:1e:fe:ee:
10:8a:b8:f4:69:1a:6b:e6:5c:f9:14:7c:d3:65:35:11:f7:e1:
c1:01:1a:b6:29:2b:cc:5b:6e:bb:4b:d3:40:20:17:08:e4:3b:
26:52:1d:42:da:99:bc:30:26:e9:f9:0a:a7:92:62:60:92:2f:
be:9e:ff:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZeqQU/BlAB8T7rYe0e6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjg2YzI2YTExZjZkZTAwYTg4YWQ2MmRmZTM1NTkwZTVkYzQzZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweJhukAjQFotNnUBz/tkn1BiV5tQ
lw6bhmu31TxnUdjb/4rrP58sReoMPsgD7yA5MFbuJwFAwDtMoDCrf5Rx7n+aYO/q
/yMyhoGvJE+M+8DNXh9C6jQ13FS9chIeYHF6+9vQUlURSv+A5f5RWXBCxr4hO0xb
7x6rne1dADkxJEOwvIrDf17eHmN/Kj4B0xM88ct4eNSlsNzRCCfcKNn8XVVt+upQ
WTKGjhDfjK0Wd0DasI+4sBLd8hLPLtJKVGdITV6Fs0R91lnC0R0mJAxW01mQ4Hse
g2x0TY7puLqvHcbUKZIBn9TJmAfNg7bvn0SZs7ZjIo8fg9Y2qiOVOrwggwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaGwmoR9t4AqIrWLf41WQ5dxD2QMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvNW9iQ2FoSDIzZ0NvaXRZdF9qVlpEbDNFUFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrYMA0G
CSqGSIb3DQEBCwUAA4IBAQApmsnwfo5ePxZhyXCULucltYaCcbjfn1KZKyZGstX0
AcW85Urzmde5kBTO99oEm3N2TWKA0UR98k0iuSkltmppCXU5+bu5p+YL/ouXz2rt
ROPxtjrPG1/11TYiOGk1h6mswJWHezdWVvlY4lJDuDHNanlnbpnJGSM/3rtwNSW5
5fukL1zjUUaFZ3R4g67coX8NZVMarxt/coMc6xaaqMifd4qpoVgcOS8Sk8+OQ7gV
35FjM4d7zO96ri2H0a5vAfBDSQMe/u4Qirj0aRpr5lz5FHzTZTUR9+HBARq2KSvM
W267S9NAIBcI5DsmUh1C2pm8MCbp+QqnkmJgki++nv83
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:33:01 2025 by rpki-client