Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/HGiEvhwS7duk-MBvqVt8w-mZGP0.roa
File: HGiEvhwS7duk-MBvqVt8w-mZGP0.roa (raw, json)
Hash identifier: jFVW8OoqBMJpebypTtV8JgAHZZ+yPwYTtCM1/KrdD8I=
Subject key identifier: 1C:68:84:BE:1C:12:ED:DB:A4:F8:C0:6F:A9:5B:7C:C3:E9:99:18:FD
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018AEF39A2CAEB22A08F3351C75A7D4D1BCD
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/HGiEvhwS7duk-MBvqVt8w-mZGP0.roa
Signing time: Mon 02 Oct 2023 07:10:46 +0000
ROA not before: Mon 02 Oct 2023 07:10:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 109.122.195.0/24 maxlen: 24
109.122.210.0/24 maxlen: 24
109.122.222.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ef:39:a2:ca:eb:22:a0:8f:33:51:c7:5a:7d:4d:1b:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Oct 2 07:10:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1c6884be1c12eddba4f8c06fa95b7cc3e99918fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:f4:1e:5d:5f:d5:75:05:9d:11:51:07:98:14:
5a:0e:9d:0d:ea:f5:3a:b3:83:f9:bb:fa:e5:a9:de:
c8:32:b3:0e:98:3c:eb:fe:51:51:a5:f4:8f:ef:60:
c9:19:28:96:8c:d8:39:e9:f1:ab:9b:51:86:59:49:
4c:f9:76:6e:8c:5e:2c:04:bd:0d:80:79:96:87:f0:
a8:6a:16:2c:27:b8:56:35:32:9d:09:16:e3:2a:52:
98:47:d2:72:4b:56:92:51:ba:1a:6f:3b:de:b4:b6:
df:67:59:74:dc:01:49:2d:53:2f:09:3f:d5:b6:de:
fa:b2:90:3f:94:d0:ec:62:33:b2:ea:85:3b:a8:49:
18:c4:a2:7f:7a:ba:0f:7b:c4:e6:a6:bc:17:c0:1d:
e8:07:1b:07:f0:6f:dc:79:52:ea:b9:90:fa:14:63:
e5:2e:cb:30:50:3a:46:22:b4:af:12:34:3d:c8:30:
11:78:e0:7d:cb:d6:ee:5f:d9:ad:dd:d7:58:43:f8:
4f:68:1e:5a:dc:2b:b4:c9:49:2d:94:5e:08:3b:04:
cb:05:fa:6f:3d:4d:d9:60:73:d0:9f:bf:c3:b9:6e:
0f:bc:4c:b9:92:11:c8:cd:9c:05:65:f6:68:13:53:
99:cb:a9:b2:ce:d9:63:3f:4a:89:23:bc:8e:bb:c6:
a0:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:68:84:BE:1C:12:ED:DB:A4:F8:C0:6F:A9:5B:7C:C3:E9:99:18:FD
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/HGiEvhwS7duk-MBvqVt8w-mZGP0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.195.0/24
109.122.210.0/24
109.122.222.0/24
Signature Algorithm: sha256WithRSAEncryption
95:0b:ba:7d:12:38:8c:b4:26:65:5c:8f:bb:8d:26:7d:5e:e7:
15:c1:9c:a9:20:39:19:10:48:71:81:24:2f:0c:3e:59:48:43:
ca:93:a5:b9:92:7d:0f:d8:fa:2f:93:a3:27:e5:3e:60:f1:79:
06:b8:87:35:eb:8e:42:3d:ba:71:75:60:e4:53:65:bf:53:a7:
73:4d:dc:48:07:4e:e5:5a:b0:a1:76:bb:b8:54:7d:9d:de:ce:
07:d1:93:9b:36:55:91:ba:6a:4d:52:fb:a0:07:f5:b0:12:4a:
a4:01:31:e0:77:7b:c4:17:72:a0:ae:a9:23:5e:c1:96:4d:21:
66:1e:aa:51:f8:4b:28:dc:2b:f4:dd:72:12:81:90:a7:86:06:
dd:77:eb:49:2f:13:5c:7c:6f:a3:80:56:d3:ca:05:cb:93:1a:
12:39:35:08:98:23:b0:db:93:cc:7c:bd:a5:5d:03:a1:99:66:
e2:ed:1f:78:89:49:a1:d0:1c:76:03:95:fd:53:da:45:a1:59:
d0:56:90:04:d4:e3:41:c5:6a:8b:ff:62:6f:92:a3:b3:55:d8:
1d:ed:4a:9b:6d:d6:b5:6b:f0:91:7f:90:f9:53:52:7b:43:6f:
1d:45:38:ed:30:54:97:ae:e6:05:22:89:87:26:a9:94:c8:47:
6e:7e:4a:ea
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYrvOaLK6yKgjzNRx1p9TRvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMDAyMDcxMDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzY4ODRiZTFjMTJlZGRiYTRmOGMwNmZhOTViN2NjM2U5OTkxOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PQeXV/VdQWdEVEHmBRaDp0N6vU6
s4P5u/rlqd7IMrMOmDzr/lFRpfSP72DJGSiWjNg56fGrm1GGWUlM+XZujF4sBL0N
gHmWh/CoahYsJ7hWNTKdCRbjKlKYR9JyS1aSUboabzvetLbfZ1l03AFJLVMvCT/V
tt76spA/lNDsYjOy6oU7qEkYxKJ/eroPe8TmprwXwB3oBxsH8G/ceVLquZD6FGPl
LsswUDpGIrSvEjQ9yDAReOB9y9buX9mt3ddYQ/hPaB5a3Cu0yUktlF4IOwTLBfpv
PU3ZYHPQn7/DuW4PvEy5khHIzZwFZfZoE1OZy6myztljP0qJI7yOu8ag5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBxohL4cEu3bpPjAb6lbfMPpmRj9MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvSEdpRXZod1M3ZHVrLU1CdnFWdDh3LW1aR1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbXrDAwQA
bXrSAwQAbXreMA0GCSqGSIb3DQEBCwUAA4IBAQCVC7p9EjiMtCZlXI+7jSZ9XucV
wZypIDkZEEhxgSQvDD5ZSEPKk6W5kn0P2Povk6Mn5T5g8XkGuIc1645CPbpxdWDk
U2W/U6dzTdxIB07lWrChdru4VH2d3s4H0ZObNlWRumpNUvugB/WwEkqkATHgd3vE
F3KgrqkjXsGWTSFmHqpR+Eso3Cv03XISgZCnhgbdd+tJLxNcfG+jgFbTygXLkxoS
OTUImCOw25PMfL2lXQOhmWbi7R94iUmh0Bx2A5X9U9pFoVnQVpAE1ONBxWqL/2Jv
kqOzVdgd7Uqbbda1a/CRf5D5U1J7Q28dRTjtMFSXruYFIomHJqmUyEdufkrq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org