Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/O47VsR1HSs9T0xWysSLkhuYjRZo.roa
File: O47VsR1HSs9T0xWysSLkhuYjRZo.roa (raw, json)
Hash identifier: uv00OqXMossLMLWzQX588h7rsywnm5LxbXLlkiYSoKc=
Subject key identifier: 3B:8E:D5:B1:1D:47:4A:CF:53:D3:15:B2:B1:22:E4:86:E6:23:45:9A
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018BE929A118BAAAD83953877843147881FE
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/O47VsR1HSs9T0xWysSLkhuYjRZo.roa
Signing time: Sun 19 Nov 2023 19:58:21 +0000
ROA not before: Sun 19 Nov 2023 19:58:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.197.0/24 maxlen: 24
109.122.201.0/24 maxlen: 24
109.122.205.0/24 maxlen: 24
109.122.213.0/24 maxlen: 24
109.122.210.0/24 maxlen: 24
109.122.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:e9:29:a1:18:ba:aa:d8:39:53:87:78:43:14:78:81:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Nov 19 19:58:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3b8ed5b11d474acf53d315b2b122e486e623459a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:a6:54:49:90:0d:8c:3d:d1:ef:6e:d0:26:33:
d3:52:bf:fa:98:d2:53:06:52:b5:42:a8:6f:26:19:
9d:92:8c:25:40:67:af:8c:3a:02:58:dd:49:f9:81:
e8:ca:96:d2:83:a3:5e:34:34:60:b7:54:d4:d6:3f:
9a:82:0e:8f:6c:e4:49:25:aa:a1:57:8d:6f:ac:19:
2d:a2:b3:ef:65:24:fa:e6:b9:bd:43:10:00:be:52:
6f:95:bf:83:1c:da:4a:e9:cc:ed:1e:f6:fd:7c:32:
ce:7d:19:ed:0e:89:93:6b:90:cf:40:29:f2:c1:7d:
17:34:da:ae:12:22:29:3b:47:ce:c3:30:ad:93:56:
4e:12:db:1b:b4:dd:db:62:b8:83:2e:a2:6b:94:d1:
2a:ec:ff:1c:8c:6a:40:5d:89:cb:38:13:16:30:71:
61:68:43:14:ca:79:cb:1f:aa:43:4a:15:44:6c:9f:
ef:7b:5f:d9:e2:02:a7:04:4f:44:64:bf:c8:1b:30:
80:d8:42:5d:60:6c:88:45:d5:72:14:c7:1e:26:50:
2d:f1:76:08:b5:05:18:ed:45:08:b7:7d:36:28:28:
c4:55:c5:bf:4a:cc:fd:5b:7f:26:e3:b0:66:7a:2e:
53:f3:26:c0:85:6c:1e:d8:01:3d:9d:df:70:94:ad:
64:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:8E:D5:B1:1D:47:4A:CF:53:D3:15:B2:B1:22:E4:86:E6:23:45:9A
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/O47VsR1HSs9T0xWysSLkhuYjRZo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/24
109.122.197.0/24
109.122.201.0/24
109.122.205.0/24
109.122.210.0/24
109.122.213.0/24
109.122.220.0/24
Signature Algorithm: sha256WithRSAEncryption
14:9e:d8:de:70:da:32:b1:d8:6b:09:97:f2:45:23:aa:42:3d:
d9:08:72:c0:01:50:b5:b6:ba:ce:2a:40:86:67:7c:89:2b:24:
18:c8:60:9d:fd:03:40:21:85:66:75:40:23:2f:13:bf:cc:e6:
99:53:b2:31:6e:b5:7c:2b:36:a6:1c:2b:17:f4:88:3c:06:f6:
dc:c7:ad:b5:1b:32:e3:f3:92:5b:e6:41:25:a5:47:0c:ae:ff:
6b:ad:fa:45:0d:da:c0:b7:6d:9f:ea:a2:60:e5:c3:af:2d:07:
a2:c6:72:5e:46:33:58:8c:67:77:d7:08:2e:c8:2b:12:82:76:
07:10:ab:5d:14:da:41:c8:99:97:6c:57:0d:ef:d8:03:75:b2:
9d:5c:6a:9b:ed:69:a5:07:b5:76:c6:d8:48:e1:d7:52:89:82:
3e:68:b8:12:5a:3f:d4:55:7b:a7:2e:72:35:31:0a:13:8c:fd:
5c:3b:32:b5:66:7b:76:1f:34:10:a9:9e:e1:88:34:17:36:01:
33:d9:8e:57:d5:a9:36:42:ab:2a:6f:e9:96:9b:6d:5a:ba:a9:
46:e5:42:ba:5b:22:a8:e2:1b:a9:b1:25:d8:29:a4:5f:f2:6a:
6b:bf:d5:b8:3f:21:0f:76:64:d7:ac:fd:72:0f:8d:b8:92:30:
83:41:a0:3c
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYvpKaEYuqrYOVOHeEMUeIH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMTE5MTk1ODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhlZDViMTFkNDc0YWNmNTNkMzE1YjJiMTIyZTQ4NmU2MjM0NTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaZUSZANjD3R727QJjPTUr/6mNJT
BlK1QqhvJhmdkowlQGevjDoCWN1J+YHoypbSg6NeNDRgt1TU1j+agg6PbORJJaqh
V41vrBktorPvZST65rm9QxAAvlJvlb+DHNpK6cztHvb9fDLOfRntDomTa5DPQCny
wX0XNNquEiIpO0fOwzCtk1ZOEtsbtN3bYriDLqJrlNEq7P8cjGpAXYnLOBMWMHFh
aEMUynnLH6pDShVEbJ/ve1/Z4gKnBE9EZL/IGzCA2EJdYGyIRdVyFMceJlAt8XYI
tQUY7UUIt302KCjEVcW/Ssz9W38m47Bmei5T8ybAhWwe2AE9nd9wlK1kYwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDuO1bEdR0rPU9MVsrEi5IbmI0WaMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvTzQ3VnNSMUhTczlUMHhXeXNTTGtodVlqUlpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAbXrAAwQA
bXrFAwQAbXrJAwQAbXrNAwQAbXrSAwQAbXrVAwQAbXrcMA0GCSqGSIb3DQEBCwUA
A4IBAQAUntjecNoysdhrCZfyRSOqQj3ZCHLAAVC1trrOKkCGZ3yJKyQYyGCd/QNA
IYVmdUAjLxO/zOaZU7IxbrV8KzamHCsX9Ig8Bvbcx621GzLj85Jb5kElpUcMrv9r
rfpFDdrAt22f6qJg5cOvLQeixnJeRjNYjGd31wguyCsSgnYHEKtdFNpByJmXbFcN
79gDdbKdXGqb7WmlB7V2xthI4ddSiYI+aLgSWj/UVXunLnI1MQoTjP1cOzK1Znt2
HzQQqZ7hiDQXNgEz2Y5X1ak2Qqsqb+mWm21auqlG5UK6WyKo4hupsSXYKaRf8mpr
v9W4PyEPdmTXrP1yD424kjCDQaA8
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org