Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/CBmcsO05PECu4npGKLb4PSkbXrI.roa
File: CBmcsO05PECu4npGKLb4PSkbXrI.roa (raw, json)
Hash identifier: r+oa1vzZJqJiqzAfmP3qBYzzP4MJD7zmvaQk63mIDpM=
Subject key identifier: 08:19:9C:B0:ED:39:3C:40:AE:E2:7A:46:28:B6:F8:3D:29:1B:5E:B2
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0188ED8687E85D978C475CE390B11BA0950C
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/CBmcsO05PECu4npGKLb4PSkbXrI.roa
Signing time: Sat 24 Jun 2023 13:09:56 +0000
ROA not before: Sat 24 Jun 2023 13:09:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211440
IP address blocks: 109.122.206.0/24 maxlen: 24
109.122.202.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:ed:86:87:e8:5d:97:8c:47:5c:e3:90:b1:1b:a0:95:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jun 24 13:09:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=08199cb0ed393c40aee27a4628b6f83d291b5eb2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:5c:af:a4:61:26:d2:08:c1:9f:2d:1e:82:1d:
0e:07:69:83:35:d1:35:db:ea:8c:1c:f2:d2:5e:33:
0c:ce:8e:84:0b:b3:5d:94:81:e6:1a:71:67:b4:fc:
21:13:a8:fb:70:6f:3b:e3:a3:15:1a:20:45:1a:54:
d6:e5:aa:6a:6f:b3:3a:15:bc:63:bb:f8:d4:cd:18:
9b:32:99:9b:14:82:d5:17:d9:e1:1d:1b:42:8a:23:
fd:4c:79:54:42:24:21:f0:a3:0e:ee:e8:98:1e:5a:
32:5e:05:f1:a7:48:63:a4:27:f1:c6:93:b1:18:e2:
44:21:07:be:7e:ec:41:45:b0:8a:4c:70:6a:db:c5:
2e:29:a2:2c:c5:fe:d9:92:03:c8:56:e1:06:20:b8:
f7:78:63:52:39:dc:f5:43:c4:1c:1b:43:de:b3:bd:
18:c2:b9:9f:d2:ab:e0:05:82:de:31:27:86:1b:79:
58:e4:80:38:40:0a:0f:46:01:f2:86:42:5a:72:2b:
08:d7:03:2b:3f:e9:93:bb:7a:f4:f3:6e:ad:da:2c:
86:c6:32:77:b6:09:b3:42:d4:9e:4d:f3:28:d9:bc:
86:c5:1b:bf:3d:4a:76:9d:f8:00:6e:9e:0c:cd:4f:
88:ac:0e:46:cc:55:c7:61:68:78:ce:9d:7b:a1:8e:
45:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:19:9C:B0:ED:39:3C:40:AE:E2:7A:46:28:B6:F8:3D:29:1B:5E:B2
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/CBmcsO05PECu4npGKLb4PSkbXrI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.202.0/24
109.122.206.0/24
Signature Algorithm: sha256WithRSAEncryption
58:96:c2:4b:86:d6:52:17:35:61:07:10:91:4c:f4:1e:de:6d:
6b:55:81:35:da:a2:cd:da:8d:03:36:d0:3b:bf:68:e0:ac:b4:
18:05:0c:b0:83:55:fc:27:20:eb:65:5e:c3:84:cc:ff:32:06:
55:50:a4:5b:68:86:e9:22:bf:57:59:a8:86:9d:d5:9b:33:b5:
0b:05:04:a9:22:a2:f3:f5:a6:3e:19:b2:1f:08:05:cd:fa:e1:
d0:25:81:97:fb:1f:31:62:a8:64:de:ca:ce:52:b5:f1:b1:6c:
3d:5e:cb:6a:ab:df:ec:9b:0b:5e:12:6c:37:b8:9e:cb:25:96:
9a:43:a2:da:23:bd:d6:d0:99:b1:cf:4b:c5:16:5b:3e:d7:91:
f4:2a:46:4b:7a:2e:19:b0:a7:aa:cd:3a:e2:0a:71:2b:13:6a:
c3:9c:94:bf:59:0d:ac:66:3c:9b:66:e5:9a:16:6e:d5:f2:be:
f2:1b:fe:14:c2:33:4d:cf:a9:b9:03:74:65:bf:bd:ce:61:2b:
15:f8:a2:00:fc:9f:1a:fc:a2:da:cb:be:e6:82:9b:57:ec:ea:
95:2d:f0:e3:2b:65:6e:d0:af:bc:8c:b6:be:9e:26:b1:4c:19:
a9:4d:b2:2d:2d:ca:94:db:56:c8:ac:12:eb:ff:8b:2b:75:45:
1d:7f:a8:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYjthofoXZeMR1zjkLEboJUMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNjI0MTMwOTU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODE5OWNiMGVkMzkzYzQwYWVlMjdhNDYyOGI2ZjgzZDI5MWI1ZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlyvpGEm0gjBny0egh0OB2mDNdE1
2+qMHPLSXjMMzo6EC7NdlIHmGnFntPwhE6j7cG8746MVGiBFGlTW5apqb7M6Fbxj
u/jUzRibMpmbFILVF9nhHRtCiiP9THlUQiQh8KMO7uiYHloyXgXxp0hjpCfxxpOx
GOJEIQe+fuxBRbCKTHBq28UuKaIsxf7ZkgPIVuEGILj3eGNSOdz1Q8QcG0Pes70Y
wrmf0qvgBYLeMSeGG3lY5IA4QAoPRgHyhkJacisI1wMrP+mTu3r0826t2iyGxjJ3
tgmzQtSeTfMo2byGxRu/PUp2nfgAbp4MzU+IrA5GzFXHYWh4zp17oY5FYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAgZnLDtOTxAruJ6Rii2+D0pG16yMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvQ0JtY3NPMDVQRUN1NG5wR0tMYjRQU2tiWHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrKAwQA
bXrOMA0GCSqGSIb3DQEBCwUAA4IBAQBYlsJLhtZSFzVhBxCRTPQe3m1rVYE12qLN
2o0DNtA7v2jgrLQYBQywg1X8JyDrZV7DhMz/MgZVUKRbaIbpIr9XWaiGndWbM7UL
BQSpIqLz9aY+GbIfCAXN+uHQJYGX+x8xYqhk3srOUrXxsWw9Xstqq9/smwteEmw3
uJ7LJZaaQ6LaI73W0Jmxz0vFFls+15H0KkZLei4ZsKeqzTriCnErE2rDnJS/WQ2s
ZjybZuWaFm7V8r7yG/4UwjNNz6m5A3Rlv73OYSsV+KIA/J8a/KLay77mgptX7OqV
LfDjK2Vu0K+8jLa+niaxTBmpTbItLcqU21bIrBLr/4srdUUdf6i7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org