Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/AtWXXtsTbMozWtMWPO2qbVjOnZc.roa
File: AtWXXtsTbMozWtMWPO2qbVjOnZc.roa (raw, json)
Hash identifier: mq68xpA+JF9z6oDRzJK8h4+O1wAiYwJhVdUylrOramY=
Subject key identifier: 02:D5:97:5E:DB:13:6C:CA:33:5A:D3:16:3C:ED:AA:6D:58:CE:9D:97
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187A865EA339D23A1019A71C0C15F4EBF27
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/AtWXXtsTbMozWtMWPO2qbVjOnZc.roa
Signing time: Sat 22 Apr 2023 09:57:43 +0000
ROA not before: Sat 22 Apr 2023 09:57:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199297
IP address blocks: 109.122.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a8:65:ea:33:9d:23:a1:01:9a:71:c0:c1:5f:4e:bf:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 22 09:57:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=02d5975edb136cca335ad3163cedaa6d58ce9d97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:60:eb:91:9e:3f:af:8d:7c:d8:28:05:99:24:
b0:18:41:2b:8b:a2:6c:00:a3:f3:d0:05:b2:8c:97:
16:2d:7e:df:21:c2:bf:2a:a2:85:42:22:47:b2:4f:
3e:9f:08:1b:c8:c0:31:89:f6:90:eb:95:2a:c7:5c:
3f:ee:04:41:7c:d4:b3:b9:29:64:1c:92:78:52:52:
7a:93:66:72:af:6e:71:51:98:38:6e:53:db:60:ca:
81:50:37:9f:63:18:63:f8:79:fa:84:7b:be:fe:0e:
ab:e5:59:38:5d:f1:69:69:56:b6:a8:13:ce:5b:27:
84:66:db:b4:99:ed:2c:65:92:e2:4b:ec:fe:e5:65:
db:d0:52:d5:77:87:69:c2:98:ce:24:e6:02:1e:c9:
af:d6:2c:c5:dc:f1:27:a5:cd:e4:21:98:dc:0f:4e:
f2:9e:a8:e2:76:c3:44:36:a5:54:70:7c:47:1e:bb:
17:20:46:fb:7f:e2:c2:4f:b1:36:94:34:af:4d:77:
64:fd:68:ba:86:ec:a8:5e:56:ca:53:46:18:a0:a5:
bb:04:75:d0:0b:4e:79:c5:57:ef:b8:b5:44:e3:3d:
03:af:be:9a:44:a1:6b:0b:61:ae:2e:65:15:6a:27:
c6:1a:dd:8d:c2:22:da:b1:d6:08:f8:82:48:fe:d2:
d8:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:D5:97:5E:DB:13:6C:CA:33:5A:D3:16:3C:ED:AA:6D:58:CE:9D:97
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/AtWXXtsTbMozWtMWPO2qbVjOnZc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.220.0/24
Signature Algorithm: sha256WithRSAEncryption
7c:1c:5b:8e:ee:a5:d2:5c:d3:66:64:ff:ca:cd:e2:d0:fe:1e:
89:0f:f8:33:fe:52:be:9a:b9:c0:5b:97:2b:52:94:c0:9f:5d:
46:0d:2c:8b:d8:ed:fc:35:3e:5d:ac:d2:25:d6:da:94:27:d3:
23:68:3c:dd:b8:18:ef:a7:fd:c4:bb:4f:71:29:7f:f9:76:37:
8e:40:ff:15:57:a4:b6:a3:f9:4b:da:40:50:26:a7:d0:62:2b:
f9:0e:7d:83:29:02:9a:31:ec:14:2e:18:4c:94:12:24:fe:3e:
29:f9:33:80:05:54:bc:7c:12:5a:69:08:9b:43:77:95:54:43:
7a:86:cf:5b:fe:af:5f:ef:55:14:c1:e6:0d:51:54:0f:61:e4:
31:db:13:16:65:b2:5f:69:75:5e:04:94:82:24:9d:ad:32:85:
22:1d:8c:61:c0:f1:f8:69:50:59:2a:0b:15:a8:ec:5d:2e:14:
db:74:5a:e0:76:38:a1:4b:d0:60:6f:e4:35:de:14:2b:63:2e:
0b:46:2b:ca:dc:a1:ac:6c:33:0d:15:e6:01:a0:39:5a:4a:dc:
ab:a3:f2:d7:0b:b6:fc:25:0c:4f:94:c2:0f:08:9b:e3:73:af:
8a:f7:d5:61:b7:d9:9b:71:e0:cd:db:f4:fa:95:9a:a5:15:7b:
58:3c:a4:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZeoznSOhAZpxwMFfTr8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQ1OTc1ZWRiMTM2Y2NhMzM1YWQzMTYzY2VkYWE2ZDU4Y2U5ZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGDrkZ4/r4182CgFmSSwGEEri6Js
AKPz0AWyjJcWLX7fIcK/KqKFQiJHsk8+nwgbyMAxifaQ65Uqx1w/7gRBfNSzuSlk
HJJ4UlJ6k2Zyr25xUZg4blPbYMqBUDefYxhj+Hn6hHu+/g6r5Vk4XfFpaVa2qBPO
WyeEZtu0me0sZZLiS+z+5WXb0FLVd4dpwpjOJOYCHsmv1izF3PEnpc3kIZjcD07y
nqjidsNENqVUcHxHHrsXIEb7f+LCT7E2lDSvTXdk/Wi6huyoXlbKU0YYoKW7BHXQ
C055xVfvuLVE4z0Dr76aRKFrC2GuLmUVaifGGt2NwiLasdYI+IJI/tLY6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALVl17bE2zKM1rTFjztqm1Yzp2XMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvQXRXWFh0c1RiTW96V3RNV1BPMnFiVmpPblpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrcMA0G
CSqGSIb3DQEBCwUAA4IBAQB8HFuO7qXSXNNmZP/KzeLQ/h6JD/gz/lK+mrnAW5cr
UpTAn11GDSyL2O38NT5drNIl1tqUJ9MjaDzduBjvp/3Eu09xKX/5djeOQP8VV6S2
o/lL2kBQJqfQYiv5Dn2DKQKaMewULhhMlBIk/j4p+TOABVS8fBJaaQibQ3eVVEN6
hs9b/q9f71UUweYNUVQPYeQx2xMWZbJfaXVeBJSCJJ2tMoUiHYxhwPH4aVBZKgsV
qOxdLhTbdFrgdjihS9Bgb+Q13hQrYy4LRivK3KGsbDMNFeYBoDlaStyro/LXC7b8
JQxPlMIPCJvjc6+K99Vht9mbceDN2/T6lZqlFXtYPKTU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org