Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/GsS86nhJMkb1ucWU2MVg-gRPoMQ.roa
File: GsS86nhJMkb1ucWU2MVg-gRPoMQ.roa (raw, json)
Hash identifier: mwNH9x6JQ8+51LmaCqCUCdmdgw8x3qz5y88atO4m9FM=
Subject key identifier: 1A:C4:BC:EA:78:49:32:46:F5:B9:C5:94:D8:C5:60:FA:04:4F:A0:C4
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187A865E70C42A21E0A355CAA4954ECCE90
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/GsS86nhJMkb1ucWU2MVg-gRPoMQ.roa
Signing time: Sat 22 Apr 2023 09:57:43 +0000
ROA not before: Sat 22 Apr 2023 09:57:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60781
IP address blocks: 109.122.214.0/24 maxlen: 24
109.122.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a8:65:e7:0c:42:a2:1e:0a:35:5c:aa:49:54:ec:ce:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 22 09:57:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1ac4bcea78493246f5b9c594d8c560fa044fa0c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:7b:0e:f2:2b:56:2a:ed:5f:0e:d4:20:04:20:
64:77:2a:f2:4e:a1:82:04:16:c6:02:90:43:49:f9:
b0:b2:7a:51:90:6a:3d:26:3a:60:84:b5:66:05:0c:
28:f0:a4:e8:5b:4c:d7:9b:d2:b6:db:72:46:39:00:
0a:fa:14:92:40:25:18:a9:38:d1:fe:5c:8a:c9:ce:
44:e8:d7:2c:92:69:c2:d0:ae:c9:85:ab:2c:58:7c:
5d:7c:29:db:01:b9:3d:ee:57:b0:0e:a2:18:ca:35:
6f:4a:7a:c2:d1:5c:86:7f:1d:33:a9:b6:c5:59:38:
85:95:34:30:32:9f:f4:39:e9:3c:12:54:d3:ac:b6:
79:3c:3b:70:c4:09:e5:bc:d6:00:ce:f8:cb:ad:08:
78:c0:7e:8b:a1:f5:96:5d:27:2c:69:ce:d9:d7:3c:
6e:8d:94:0a:2f:46:2c:b9:e4:60:27:e1:ff:6c:ff:
5f:10:c4:77:fc:45:4d:fd:bf:7a:af:d2:2e:11:17:
ce:85:20:9c:5b:ff:27:24:f4:64:77:e8:6b:14:0a:
9d:11:cf:41:be:f8:4f:79:04:dc:d0:3e:99:bb:e3:
4a:1d:e3:0e:de:6c:6a:e3:28:11:ad:05:cf:64:74:
e5:46:a3:d3:13:2a:03:c9:31:c9:cd:5c:a4:c6:58:
c5:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:C4:BC:EA:78:49:32:46:F5:B9:C5:94:D8:C5:60:FA:04:4F:A0:C4
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/GsS86nhJMkb1ucWU2MVg-gRPoMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.214.0/24
109.122.223.0/24
Signature Algorithm: sha256WithRSAEncryption
85:00:1e:44:ed:cb:f0:b5:5a:4b:f0:25:a4:e8:64:fd:b9:2c:
31:69:04:7d:d3:de:36:a7:0d:dd:17:ed:d0:3b:7e:d7:f2:12:
01:c9:d3:0e:45:a2:46:10:d9:c9:3d:c7:45:e3:b7:b4:3f:29:
e6:ed:1c:63:f1:7e:6c:9d:36:b6:8d:9d:9f:f0:69:ef:25:04:
8f:24:a9:9f:63:63:73:bc:a1:8f:c3:74:a9:8c:3b:17:45:89:
96:a0:2a:3e:48:5b:f7:d3:8d:a3:5c:7a:f9:4d:6d:00:e9:53:
0b:6e:25:16:ca:58:ae:aa:97:fb:c5:76:63:90:35:ea:ef:80:
0f:0f:fb:a3:b3:d9:f2:61:d3:be:37:9a:8d:bd:39:c5:dd:f5:
39:bd:82:2d:82:c6:f4:10:c7:b3:fa:d6:9a:d7:65:0d:a5:79:
62:59:64:91:8a:d5:09:9a:08:1c:84:40:d7:a5:4f:4e:e2:86:
dd:93:09:65:e1:8c:10:1f:5c:42:37:a7:1e:db:d3:ef:0c:7f:
c8:25:ac:cf:5c:a9:16:3d:be:e6:d2:43:05:48:21:ea:23:da:
ae:f7:9f:b3:5f:17:15:46:5a:8d:5b:54:44:4c:ca:c3:d8:ce:
60:6a:e9:21:f0:d6:12:e8:6d:8c:f5:5a:52:5a:78:fa:9e:f8:
ab:ad:8d:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYeoZecMQqIeCjVcqklU7M6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWM0YmNlYTc4NDkzMjQ2ZjViOWM1OTRkOGM1NjBmYTA0NGZhMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXsO8itWKu1fDtQgBCBkdyryTqGC
BBbGApBDSfmwsnpRkGo9JjpghLVmBQwo8KToW0zXm9K223JGOQAK+hSSQCUYqTjR
/lyKyc5E6NcskmnC0K7JhassWHxdfCnbAbk97lewDqIYyjVvSnrC0VyGfx0zqbbF
WTiFlTQwMp/0Oek8ElTTrLZ5PDtwxAnlvNYAzvjLrQh4wH6LofWWXScsac7Z1zxu
jZQKL0YsueRgJ+H/bP9fEMR3/EVN/b96r9IuERfOhSCcW/8nJPRkd+hrFAqdEc9B
vvhPeQTc0D6Zu+NKHeMO3mxq4ygRrQXPZHTlRqPTEyoDyTHJzVykxljFLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBrEvOp4STJG9bnFlNjFYPoET6DEMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvR3NTODZuaEpNa2IxdWNXVTJNVmctZ1JQb01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrWAwQA
bXrfMA0GCSqGSIb3DQEBCwUAA4IBAQCFAB5E7cvwtVpL8CWk6GT9uSwxaQR90942
pw3dF+3QO37X8hIBydMORaJGENnJPcdF47e0Pynm7Rxj8X5snTa2jZ2f8GnvJQSP
JKmfY2NzvKGPw3SpjDsXRYmWoCo+SFv3042jXHr5TW0A6VMLbiUWyliuqpf7xXZj
kDXq74APD/ujs9nyYdO+N5qNvTnF3fU5vYItgsb0EMez+taa12UNpXliWWSRitUJ
mggchEDXpU9O4obdkwll4YwQH1xCN6ce29PvDH/IJazPXKkWPb7m0kMFSCHqI9qu
95+zXxcVRlqNW1RETMrD2M5gaukh8NYS6G2M9VpSWnj6nvirrY3T
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org