Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/M57llRXYgw93zRs5a48joU1yr1c.roa
File: M57llRXYgw93zRs5a48joU1yr1c.roa (raw, json)
Hash identifier: vHaCUk5zcbtEHLS2onKBHQ+j8GcmzNyMtTK7ykStdzM=
Subject key identifier: 33:9E:E5:95:15:D8:83:0F:77:CD:1B:39:6B:8F:23:A1:4D:72:AF:57
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 01881B94B24D7D41F57874D61406770395A2
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/M57llRXYgw93zRs5a48joU1yr1c.roa
Signing time: Sun 14 May 2023 18:45:09 +0000
ROA not before: Sun 14 May 2023 18:45:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 109.122.195.0/24 maxlen: 24
109.122.197.0/24 maxlen: 24
109.122.210.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1b:94:b2:4d:7d:41:f5:78:74:d6:14:06:77:03:95:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: May 14 18:45:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=339ee59515d8830f77cd1b396b8f23a14d72af57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:38:bf:61:a3:89:60:d8:cd:ad:fb:17:cb:a0:
ce:51:21:b7:9f:ce:4c:2e:3f:31:1b:f7:89:69:eb:
70:bf:0d:a1:89:28:38:25:8c:93:af:90:44:df:8f:
3b:56:6f:e0:25:af:2f:72:9b:0f:62:81:99:94:95:
1e:57:37:ec:7c:6f:5c:f4:45:a0:7e:23:7c:1f:72:
d0:c4:4d:2e:bf:a4:af:14:66:da:c6:06:1e:32:12:
2b:42:e5:d9:62:47:f1:de:32:aa:7d:d8:8b:d5:31:
e2:28:59:40:b8:64:fb:7e:24:4a:9c:6a:b5:d2:91:
ae:16:b9:0f:9b:69:f2:ea:ac:b0:51:97:f4:db:63:
d5:9c:7d:e9:dc:3c:6a:2a:9c:a3:bf:0a:fa:93:b9:
9e:44:39:50:c4:25:e4:d8:a7:9a:2e:df:a5:7b:d2:
32:53:23:ba:b6:74:b6:75:cf:64:5d:ac:7d:fe:fe:
3c:57:1e:6a:4c:ee:e9:2e:a0:5f:1b:e0:e7:82:61:
2e:9a:ae:9e:f3:96:62:eb:0c:d6:c2:cb:97:ea:27:
81:cd:0b:c7:78:8c:3f:dd:3c:94:62:81:35:3d:6f:
a9:4e:75:fc:bc:2a:5a:7a:a0:5e:59:78:07:1e:c0:
cb:a4:35:54:1f:b7:de:16:59:3b:3f:f8:19:f5:d7:
31:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:9E:E5:95:15:D8:83:0F:77:CD:1B:39:6B:8F:23:A1:4D:72:AF:57
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/M57llRXYgw93zRs5a48joU1yr1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.195.0/24
109.122.197.0/24
109.122.210.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:e1:d8:c3:2a:67:59:6f:5b:23:23:ad:2b:1e:49:3b:ec:34:
0f:3b:63:c8:43:a6:7e:ba:32:04:09:b0:1a:a2:7c:84:77:97:
92:85:ab:0f:23:2e:34:bd:df:6e:0d:1d:3b:8a:89:ac:82:eb:
a4:aa:e4:e7:2d:9c:d1:42:b8:97:97:76:e8:46:06:f0:7c:36:
5d:51:be:f3:b1:dc:3b:6a:49:e4:ce:51:5d:62:75:88:fb:00:
38:df:de:e5:43:ba:5d:cb:a5:31:9b:df:e3:ed:df:c7:02:77:
e4:04:7b:f3:f4:ba:34:1a:c5:e0:90:c9:7a:93:1d:ae:90:0c:
d4:59:a0:9a:c2:ab:70:71:33:a4:70:f3:8f:f9:cb:d2:f4:63:
f6:5f:4f:e0:3a:b9:ca:1a:c5:4f:b1:e7:0b:69:8e:5a:a0:f4:
4f:60:5a:98:e3:19:3a:98:3b:b3:cc:8f:82:cf:37:ef:aa:2c:
8b:b1:93:a9:46:57:a9:c8:b2:a4:cc:e4:b5:97:79:cc:26:6d:
a6:c9:4c:4c:15:da:ff:76:1b:a3:1d:97:6a:3d:c5:3f:0c:30:
0c:87:78:24:8e:1d:fd:65:0d:65:3d:51:c1:a6:86:67:66:4b:
a9:33:89:51:af:2b:db:86:e8:c7:71:48:10:52:0e:ce:8f:a6:
3b:02:00:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYgblLJNfUH1eHTWFAZ3A5WiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNTE0MTg0NTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzllZTU5NTE1ZDg4MzBmNzdjZDFiMzk2YjhmMjNhMTRkNzJhZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApji/YaOJYNjNrfsXy6DOUSG3n85M
Lj8xG/eJaetwvw2hiSg4JYyTr5BE3487Vm/gJa8vcpsPYoGZlJUeVzfsfG9c9EWg
fiN8H3LQxE0uv6SvFGbaxgYeMhIrQuXZYkfx3jKqfdiL1THiKFlAuGT7fiRKnGq1
0pGuFrkPm2ny6qywUZf022PVnH3p3DxqKpyjvwr6k7meRDlQxCXk2KeaLt+le9Iy
UyO6tnS2dc9kXax9/v48Vx5qTO7pLqBfG+DngmEumq6e85Zi6wzWwsuX6ieBzQvH
eIw/3TyUYoE1PW+pTnX8vCpaeqBeWXgHHsDLpDVUH7feFlk7P/gZ9dcx2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDOe5ZUV2IMPd80bOWuPI6FNcq9XMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvTTU3bGxSWFlndzkzelJzNWE0OGpvVTF5cjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbXrDAwQA
bXrFAwQAbXrSMA0GCSqGSIb3DQEBCwUAA4IBAQA74djDKmdZb1sjI60rHkk77DQP
O2PIQ6Z+ujIECbAaonyEd5eShasPIy40vd9uDR07iomsguukquTnLZzRQriXl3bo
RgbwfDZdUb7zsdw7aknkzlFdYnWI+wA4397lQ7pdy6Uxm9/j7d/HAnfkBHvz9Lo0
GsXgkMl6kx2ukAzUWaCawqtwcTOkcPOP+cvS9GP2X0/gOrnKGsVPsecLaY5aoPRP
YFqY4xk6mDuzzI+CzzfvqiyLsZOpRlepyLKkzOS1l3nMJm2myUxMFdr/dhujHZdq
PcU/DDAMh3gkjh39ZQ1lPVHBpoZnZkupM4lRryvbhujHcUgQUg7Oj6Y7AgDG
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org