Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/6h4kg0EfNogHzd-Zyirz-f-J1zA.roa
File: 6h4kg0EfNogHzd-Zyirz-f-J1zA.roa (raw, json)
Hash identifier: iEhh34nSiIHNCZavLeGPYiuI5yvDYYoVPKY9UgjzA6w=
Subject key identifier: EA:1E:24:83:41:1F:36:88:07:CD:DF:99:CA:2A:F3:F9:FF:89:D7:30
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018D0645982045BB32DD11EEC850C32EFBEC
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/6h4kg0EfNogHzd-Zyirz-f-J1zA.roa
Signing time: Sun 14 Jan 2024 04:40:40 +0000
ROA not before: Sun 14 Jan 2024 04:40:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49872
IP address blocks: 109.122.195.0/24 maxlen: 24
109.122.211.0/24 maxlen: 24
109.122.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:06:45:98:20:45:bb:32:dd:11:ee:c8:50:c3:2e:fb:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 14 04:40:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ea1e2483411f368807cddf99ca2af3f9ff89d730
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:9e:0f:24:11:a4:ef:e6:72:05:a3:ee:26:b9:
21:17:57:b4:d9:f9:41:14:fe:56:8a:af:ea:e2:9a:
73:9e:51:fe:0f:20:cd:da:38:21:5a:61:4a:f3:9d:
5b:37:6b:8b:30:cb:35:c0:6b:9a:9c:34:ef:f9:e2:
1d:42:61:56:d9:29:1f:02:b9:91:7f:18:3b:5e:51:
f0:a1:e5:20:8d:25:bc:8c:57:ea:75:96:29:f5:6f:
22:77:e0:6c:fa:33:bc:85:50:86:35:b1:66:21:aa:
fa:bf:5f:e4:e1:bf:28:1b:df:d7:58:86:f0:26:10:
d5:8c:d3:53:fa:71:cd:6d:15:b9:b3:c5:38:cb:9d:
e3:84:68:cc:0c:d7:21:42:00:2c:af:57:22:64:c0:
74:f0:d7:f1:e6:ce:3d:5b:b6:cd:be:e1:f4:86:18:
f7:8b:71:b1:e8:58:eb:58:71:a2:a9:74:27:ec:fa:
c3:b8:43:fb:33:2e:37:68:9c:44:89:97:fc:2e:7d:
64:ab:b4:f8:29:34:13:ab:f1:5d:40:1d:eb:1c:d7:
6a:e1:81:18:63:3b:ba:de:b8:e5:99:18:0e:89:42:
87:4a:1e:7d:14:6c:bb:b9:68:1c:02:9e:56:6f:98:
22:9d:fd:90:54:dc:af:e7:c5:1b:e9:2f:c0:29:86:
7f:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:1E:24:83:41:1F:36:88:07:CD:DF:99:CA:2A:F3:F9:FF:89:D7:30
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/6h4kg0EfNogHzd-Zyirz-f-J1zA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.195.0/24
109.122.211.0/24
109.122.216.0/24
Signature Algorithm: sha256WithRSAEncryption
42:92:05:76:5d:fc:34:fa:e8:a0:15:bc:70:12:47:6e:b9:2a:
5a:a8:05:7e:5c:d8:a6:18:0d:3d:03:96:8a:d2:98:6a:3a:ca:
36:c8:d4:e8:c3:bf:1e:6b:71:a3:22:32:2b:4f:45:83:df:7a:
ca:18:6a:9e:d2:59:74:15:a3:64:b3:cf:2b:f8:6d:58:70:d4:
e3:c2:ec:50:49:50:38:39:fe:aa:9c:e4:22:fe:e8:21:12:69:
82:95:93:b7:3e:bf:25:0e:cc:f7:23:a8:72:b0:12:55:03:cb:
17:a0:8c:7d:3c:9b:7e:18:67:74:ce:ca:b4:f5:65:da:18:12:
57:c2:23:ea:aa:2d:b9:52:8a:bf:70:5f:90:34:50:d8:42:08:
2b:5e:f6:fb:aa:64:47:1f:8b:6c:76:75:15:b7:7d:48:9e:c3:
29:b7:f4:4a:b6:02:20:c1:d3:bb:f8:1c:02:54:91:cc:b2:ca:
05:03:3a:90:a6:d1:9a:95:36:53:46:47:02:fe:1b:42:01:f8:
1f:2b:84:b2:b2:15:13:1a:0f:37:29:d0:d0:05:aa:04:fa:3d:
c6:92:6c:c0:b0:d8:3f:de:76:2f:58:b3:a7:64:7b:4f:c6:88:
c3:ae:92:f2:62:f2:c6:71:c1:48:f6:0a:ec:c6:2e:9b:33:45:
45:af:35:13
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0GRZggRbsy3RHuyFDDLvvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTE0MDQ0MDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTFlMjQ4MzQxMWYzNjg4MDdjZGRmOTljYTJhZjNmOWZmODlkNzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh54PJBGk7+ZyBaPuJrkhF1e02flB
FP5Wiq/q4ppznlH+DyDN2jghWmFK851bN2uLMMs1wGuanDTv+eIdQmFW2SkfArmR
fxg7XlHwoeUgjSW8jFfqdZYp9W8id+Bs+jO8hVCGNbFmIar6v1/k4b8oG9/XWIbw
JhDVjNNT+nHNbRW5s8U4y53jhGjMDNchQgAsr1ciZMB08Nfx5s49W7bNvuH0hhj3
i3Gx6FjrWHGiqXQn7PrDuEP7My43aJxEiZf8Ln1kq7T4KTQTq/FdQB3rHNdq4YEY
Yzu63rjlmRgOiUKHSh59FGy7uWgcAp5Wb5ginf2QVNyv58Ub6S/AKYZ/hwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOoeJINBHzaIB83fmcoq8/n/idcwMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvNmg0a2cwRWZOb2dIemQtWnlpcnotZi1KMXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbXrDAwQA
bXrTAwQAbXrYMA0GCSqGSIb3DQEBCwUAA4IBAQBCkgV2Xfw0+uigFbxwEkduuSpa
qAV+XNimGA09A5aK0phqOso2yNTow78ea3GjIjIrT0WD33rKGGqe0ll0FaNks88r
+G1YcNTjwuxQSVA4Of6qnOQi/ughEmmClZO3Pr8lDsz3I6hysBJVA8sXoIx9PJt+
GGd0zsq09WXaGBJXwiPqqi25Uoq/cF+QNFDYQggrXvb7qmRHH4tsdnUVt31InsMp
t/RKtgIgwdO7+BwCVJHMssoFAzqQptGalTZTRkcC/htCAfgfK4SyshUTGg83KdDQ
BaoE+j3GkmzAsNg/3nYvWLOnZHtPxojDrpLyYvLGccFI9grsxi6bM0VFrzUT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org