Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/HLsRfBsPALz3ve4lcMlCZZIqwZo.roa
File: HLsRfBsPALz3ve4lcMlCZZIqwZo.roa (raw, json)
Hash identifier: 0sykoOqTiZ6mEVuapUbZC+O7gqzylYtIdQu5Ia5vVuk=
Subject key identifier: 1C:BB:11:7C:1B:0F:00:BC:F7:BD:EE:25:70:C9:42:65:92:2A:C1:9A
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018CC501447872A840A093AD7989B734EF69
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/HLsRfBsPALz3ve4lcMlCZZIqwZo.roa
Signing time: Mon 01 Jan 2024 12:30:43 +0000
ROA not before: Mon 01 Jan 2024 12:30:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198652
IP address blocks: 109.122.203.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:44:78:72:a8:40:a0:93:ad:79:89:b7:34:ef:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 1 12:30:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1cbb117c1b0f00bcf7bdee2570c94265922ac19a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:44:e2:94:02:03:d5:d2:ad:0f:d2:86:8e:e7:
7a:cb:6c:30:03:1a:b4:1f:e6:b0:80:fb:7f:55:97:
1a:96:54:c2:86:2e:a8:c8:9f:d7:c1:db:74:72:24:
6e:c5:ee:13:88:e6:ff:ea:68:8f:43:74:0b:ab:b8:
8d:28:78:d0:00:2f:d7:33:23:aa:bd:ca:95:33:f7:
ce:e4:88:ef:65:6f:e9:a2:9d:f0:31:04:c2:df:00:
70:71:05:06:ad:a6:81:0e:ed:02:e5:64:96:f6:06:
85:44:db:90:6b:ae:95:ab:99:d1:7f:8b:f2:b8:83:
a0:e1:64:77:a5:08:66:c9:d9:56:30:99:21:31:6f:
f1:94:b8:8e:10:08:9b:f9:a3:1b:1e:8f:14:09:c7:
e2:01:2f:f1:f9:4f:9a:f0:52:2c:09:87:f2:df:45:
a3:a1:62:3a:f8:9a:e9:f0:e1:45:72:b1:d4:23:b3:
47:34:79:7b:49:b0:e2:ac:9d:4d:9b:84:8e:77:da:
22:7b:62:8d:82:7b:f5:01:1f:d3:d5:48:ab:fb:45:
c5:64:7d:a7:c5:37:ca:15:c6:6f:f1:53:20:61:28:
97:4a:0c:c7:5e:74:25:1e:49:c4:5b:f6:43:51:d2:
b8:59:3b:23:ed:d8:e4:81:36:66:d9:90:ec:11:17:
8f:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:BB:11:7C:1B:0F:00:BC:F7:BD:EE:25:70:C9:42:65:92:2A:C1:9A
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/HLsRfBsPALz3ve4lcMlCZZIqwZo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.203.0/24
Signature Algorithm: sha256WithRSAEncryption
98:94:6d:9d:32:93:47:ac:70:28:81:11:1a:d2:bb:89:b9:b9:
78:68:0e:9b:e2:96:34:9d:b1:02:fe:88:77:e8:62:6c:5c:c4:
5c:a7:ba:6f:97:31:f1:a5:eb:91:b6:3a:b8:03:53:d0:6c:ee:
eb:e2:10:04:57:03:2e:1b:05:c0:c6:be:f2:64:b7:69:9e:f8:
ce:b5:db:4d:e0:7d:f6:a1:fd:94:0b:e1:b9:12:23:86:ca:ea:
80:e0:13:35:5e:db:b0:e8:ad:4e:e1:f7:0e:39:d6:03:0c:a2:
ca:95:98:2c:bc:d0:63:d7:ab:18:62:e5:e9:72:9e:49:f3:0d:
8c:51:75:31:05:e4:8e:51:a1:80:35:0b:7f:e0:a8:a4:f3:cf:
30:53:4f:9d:f9:b2:72:e9:d5:ab:21:23:e6:ff:cb:86:8f:ed:
46:26:a2:a6:c9:ef:5e:d1:69:82:0b:3f:ca:e2:c1:54:ac:aa:
2b:a8:cb:48:f2:90:c5:3e:39:25:3f:c1:a4:79:b5:4e:d7:2b:
c3:05:e4:9e:61:35:b3:26:e4:16:99:8a:6a:cd:b1:6d:d1:5b:
9d:7d:38:39:b9:be:24:89:e3:3e:9c:1d:3d:49:ed:19:17:98:
3c:03:8d:3d:ec:03:c7:a3:47:ae:34:99:fb:5d:e7:cd:1c:2a:
00:b1:f8:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUR4cqhAoJOteYm3NO9pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JiMTE3YzFiMGYwMGJjZjdiZGVlMjU3MGM5NDI2NTkyMmFjMTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjETilAID1dKtD9KGjud6y2wwAxq0
H+awgPt/VZcallTChi6oyJ/Xwdt0ciRuxe4TiOb/6miPQ3QLq7iNKHjQAC/XMyOq
vcqVM/fO5IjvZW/pop3wMQTC3wBwcQUGraaBDu0C5WSW9gaFRNuQa66Vq5nRf4vy
uIOg4WR3pQhmydlWMJkhMW/xlLiOEAib+aMbHo8UCcfiAS/x+U+a8FIsCYfy30Wj
oWI6+Jrp8OFFcrHUI7NHNHl7SbDirJ1Nm4SOd9oie2KNgnv1AR/T1Uir+0XFZH2n
xTfKFcZv8VMgYSiXSgzHXnQlHknEW/ZDUdK4WTsj7djkgTZm2ZDsERePvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBy7EXwbDwC8973uJXDJQmWSKsGaMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvSExzUmZCc1BBTHozdmU0bGNNbENaWklxd1pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrLMA0G
CSqGSIb3DQEBCwUAA4IBAQCYlG2dMpNHrHAogREa0ruJubl4aA6b4pY0nbEC/oh3
6GJsXMRcp7pvlzHxpeuRtjq4A1PQbO7r4hAEVwMuGwXAxr7yZLdpnvjOtdtN4H32
of2UC+G5EiOGyuqA4BM1Xtuw6K1O4fcOOdYDDKLKlZgsvNBj16sYYuXpcp5J8w2M
UXUxBeSOUaGANQt/4Kik888wU0+d+bJy6dWrISPm/8uGj+1GJqKmye9e0WmCCz/K
4sFUrKorqMtI8pDFPjklP8GkebVO1yvDBeSeYTWzJuQWmYpqzbFt0VudfTg5ub4k
ieM+nB09Se0ZF5g8A4097APHo0euNJn7XefNHCoAsfgG
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org