Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/GiHpY2ovWLmRFrnG77Xzga6YZj4.roa
File: GiHpY2ovWLmRFrnG77Xzga6YZj4.roa (raw, json)
Hash identifier: 0xv5XjiC19EVnj7oMmqq9g6OhmLQkBKgv1FR0x5rvp8=
Subject key identifier: 1A:21:E9:63:6A:2F:58:B9:91:16:B9:C6:EF:B5:F3:81:AE:98:66:3E
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C91F7161F5C4F3237E2C1E3B6AA7D6967
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/GiHpY2ovWLmRFrnG77Xzga6YZj4.roa
Signing time: Fri 22 Dec 2023 14:38:58 +0000
ROA not before: Fri 22 Dec 2023 14:38:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9050
IP address blocks: 109.122.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:91:f7:16:1f:5c:4f:32:37:e2:c1:e3:b6:aa:7d:69:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 22 14:38:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1a21e9636a2f58b99116b9c6efb5f381ae98663e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:13:51:d8:d1:04:fd:8b:5f:2a:f8:b2:e5:68:
40:4e:ad:01:15:4d:c5:25:9a:a0:a1:a1:5b:06:96:
b9:02:70:27:9c:e6:4d:e4:e6:80:d7:ca:c2:13:95:
5f:7a:92:28:8b:c9:d1:8b:6a:a3:5b:fb:67:c1:86:
c6:34:a2:2e:11:15:07:ba:27:e7:0f:8f:9c:a1:ec:
b6:d3:8c:4a:d4:17:0f:be:77:10:35:df:b5:3b:43:
48:16:b8:e1:5a:38:61:55:11:42:d9:91:f9:3d:ae:
b1:6c:6b:1a:0b:78:a1:61:7a:cc:17:dc:b9:f2:73:
f1:d9:b2:23:a6:29:62:09:09:7b:0d:8b:00:91:f5:
b7:6b:e8:58:b3:3a:e7:8e:a7:2a:89:9d:5c:45:27:
5a:05:6b:8c:00:73:3b:f6:04:c0:59:b8:e2:1c:8f:
11:83:bc:e9:6a:6f:9e:07:ec:0c:4c:0e:2e:2d:f0:
56:97:2e:08:eb:c4:c7:10:ae:da:19:ae:f6:a9:41:
3c:dd:9c:93:d7:f6:6e:df:fe:c5:e0:92:8d:91:ac:
80:51:f7:9d:d5:98:56:3a:a9:6b:59:ff:d4:1e:8f:
08:5a:dc:60:8b:31:6e:1a:8a:7c:5d:c3:b2:c4:27:
46:71:53:02:e0:66:62:31:82:56:34:f3:01:fd:29:
ec:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:21:E9:63:6A:2F:58:B9:91:16:B9:C6:EF:B5:F3:81:AE:98:66:3E
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/GiHpY2ovWLmRFrnG77Xzga6YZj4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.221.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:aa:f9:6b:43:be:98:a7:f2:18:56:e0:ad:97:59:ec:1f:c7:
d5:71:0b:1f:81:7c:32:d7:a5:45:01:cb:2d:c3:3f:37:1b:48:
1a:47:92:92:a8:ed:e6:08:50:0f:80:ab:7b:0e:5e:ab:93:b5:
aa:05:d4:60:70:43:34:be:bd:4a:fd:41:3d:e9:cd:0b:1f:2c:
8e:a9:d2:98:b1:0a:c7:22:aa:50:90:1f:19:0c:67:cd:fb:09:
c3:23:2d:f8:c7:bf:bc:9b:c6:0b:c1:21:6e:35:a5:44:ab:a6:
18:2f:71:3f:94:ac:a7:35:3c:7c:b4:98:73:1d:c9:01:6e:64:
0d:2e:6c:25:6d:fd:0d:fe:c4:0f:d8:2f:41:ee:f4:95:44:90:
4a:4e:67:93:ed:71:4a:96:12:0b:db:e2:57:20:35:01:e9:a2:
f5:5d:03:ed:8c:eb:26:f2:b7:f3:03:03:cf:d5:ae:eb:62:c7:
22:fa:a8:ea:0c:3d:d9:4c:12:84:ab:b1:f7:72:91:19:8f:c2:
0c:5a:4b:b9:09:cf:26:f7:40:53:22:21:b0:be:e1:b5:3d:3f:
e1:d1:87:f9:5c:30:2b:bc:e1:1a:ad:c7:38:3c:04:91:46:f3:
b1:6a:dc:95:18:73:ab:df:a2:51:38:6b:2e:e2:93:10:d3:3f:
f4:48:1f:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyR9xYfXE8yN+LB47aqfWlnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTIxZTk2MzZhMmY1OGI5OTExNmI5YzZlZmI1ZjM4MWFlOTg2NjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhNR2NEE/YtfKviy5WhATq0BFU3F
JZqgoaFbBpa5AnAnnOZN5OaA18rCE5VfepIoi8nRi2qjW/tnwYbGNKIuERUHuifn
D4+coey204xK1BcPvncQNd+1O0NIFrjhWjhhVRFC2ZH5Pa6xbGsaC3ihYXrMF9y5
8nPx2bIjpiliCQl7DYsAkfW3a+hYszrnjqcqiZ1cRSdaBWuMAHM79gTAWbjiHI8R
g7zpam+eB+wMTA4uLfBWly4I68THEK7aGa72qUE83ZyT1/Zu3/7F4JKNkayAUfed
1ZhWOqlrWf/UHo8IWtxgizFuGop8XcOyxCdGcVMC4GZiMYJWNPMB/SnspwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoh6WNqL1i5kRa5xu+184GumGY+MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvR2lIcFkyb3ZXTG1SRnJuRzc3WHpnYTZZWmo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrdMA0G
CSqGSIb3DQEBCwUAA4IBAQAbqvlrQ76Yp/IYVuCtl1nsH8fVcQsfgXwy16VFAcst
wz83G0gaR5KSqO3mCFAPgKt7Dl6rk7WqBdRgcEM0vr1K/UE96c0LHyyOqdKYsQrH
IqpQkB8ZDGfN+wnDIy34x7+8m8YLwSFuNaVEq6YYL3E/lKynNTx8tJhzHckBbmQN
Lmwlbf0N/sQP2C9B7vSVRJBKTmeT7XFKlhIL2+JXIDUB6aL1XQPtjOsm8rfzAwPP
1a7rYsci+qjqDD3ZTBKEq7H3cpEZj8IMWku5Cc8m90BTIiGwvuG1PT/h0Yf5XDAr
vOEarcc4PASRRvOxatyVGHOr36JROGsu4pMQ0z/0SB/a
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org