Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/P_sT7uKlUYmqf9D-YVjdlr6zJLY.roa
File: P_sT7uKlUYmqf9D-YVjdlr6zJLY.roa (raw, json)
Hash identifier: Z9luj+hkkOjZADHJwUbQmVMV2MdbONXp2EY7qhGsfps=
Subject key identifier: 3F:FB:13:EE:E2:A5:51:89:AA:7F:D0:FE:61:58:DD:96:BE:B3:24:B6
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018AB36ECBA5FF99CCD39EB74BD440AB47E4
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/P_sT7uKlUYmqf9D-YVjdlr6zJLY.roa
Signing time: Wed 20 Sep 2023 16:31:37 +0000
ROA not before: Wed 20 Sep 2023 16:31:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9050
IP address blocks: 109.122.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:b3:6e:cb:a5:ff:99:cc:d3:9e:b7:4b:d4:40:ab:47:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Sep 20 16:31:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3ffb13eee2a55189aa7fd0fe6158dd96beb324b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:30:2e:7a:96:88:76:04:78:45:17:2f:38:68:
09:48:85:80:82:c9:13:55:b0:b9:ce:a8:13:f8:4f:
17:5b:4d:cb:ef:89:cc:69:55:9d:a9:07:e7:95:1b:
e0:a6:37:b3:ff:59:75:7e:20:09:b7:b7:e2:47:0b:
e1:53:5e:de:12:1f:fc:68:de:e7:63:62:00:17:2d:
05:ee:b4:27:99:0a:14:01:ad:b4:3f:eb:a1:b7:17:
83:d2:5e:6c:7a:7f:7f:5e:f5:a0:2d:ff:76:27:67:
cd:c6:75:36:1e:74:ff:6a:7f:a2:0e:7b:88:71:ec:
6d:2f:8b:d5:db:13:2c:c6:d3:75:fb:48:39:c4:8d:
77:75:be:9c:de:7f:6f:8b:a9:2c:3e:a9:16:ab:fe:
30:68:ed:24:10:62:9f:3d:fe:09:2c:29:b8:0d:24:
71:45:b4:cb:21:9e:89:f2:63:cc:b5:2a:4c:09:a8:
34:d1:e5:1c:86:54:93:eb:30:95:ab:9e:5c:7a:1a:
4f:a5:c4:9a:56:ec:9b:a6:19:86:96:a9:d1:55:f1:
2d:06:04:87:a5:ad:5b:8b:5b:9f:96:4b:d0:ff:2b:
14:ca:b3:3c:f4:41:ce:4b:d8:df:8c:73:9c:89:57:
da:2b:29:c0:9f:0b:02:b7:1f:1c:0a:a4:61:09:a6:
e6:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:FB:13:EE:E2:A5:51:89:AA:7F:D0:FE:61:58:DD:96:BE:B3:24:B6
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/P_sT7uKlUYmqf9D-YVjdlr6zJLY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.221.0/24
Signature Algorithm: sha256WithRSAEncryption
74:a8:68:46:46:7c:75:a6:9c:82:ed:27:88:5a:0c:11:47:a0:
05:2a:cf:fa:7c:40:ef:3c:5d:6c:54:63:99:68:e6:ae:54:14:
7b:ab:56:5a:fd:bd:2f:3f:ce:21:80:3f:71:87:5a:45:9c:28:
05:ab:b8:6b:d3:69:3e:95:3b:7f:ad:ca:50:6a:b0:da:bd:3b:
75:f9:5d:0d:4f:97:a0:57:43:26:1a:41:26:3a:11:9d:80:35:
58:2e:89:87:30:83:f1:33:82:30:59:c9:49:53:f5:9a:09:75:
56:45:0c:a0:72:11:71:3a:73:a6:84:c0:1c:96:b6:56:8f:cd:
fb:e5:a9:4a:ae:9a:45:2b:4c:d2:f3:18:93:2c:a9:e7:92:05:
58:fb:7b:40:fe:e2:31:9b:71:cc:91:3e:e4:70:73:e2:79:24:
89:b0:ce:1b:d8:16:df:ac:17:13:44:64:98:82:46:34:dd:44:
5f:90:b9:a4:d0:09:d0:29:63:f8:ff:a2:4d:9a:d4:b5:51:c8:
39:85:d5:51:54:84:37:6e:7b:06:ff:27:ef:a2:1f:44:42:e0:
b5:5c:6b:29:da:ad:04:f6:ce:67:c6:b5:2a:74:76:86:e3:7b:
43:12:32:67:73:dd:c3:39:1e:da:8f:db:8e:b0:74:dd:4c:7a:
60:1e:a9:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYqzbsul/5nM0563S9RAq0fkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwOTIwMTYzMTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmZiMTNlZWUyYTU1MTg5YWE3ZmQwZmU2MTU4ZGQ5NmJlYjMyNGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTAuepaIdgR4RRcvOGgJSIWAgskT
VbC5zqgT+E8XW03L74nMaVWdqQfnlRvgpjez/1l1fiAJt7fiRwvhU17eEh/8aN7n
Y2IAFy0F7rQnmQoUAa20P+uhtxeD0l5sen9/XvWgLf92J2fNxnU2HnT/an+iDnuI
cextL4vV2xMsxtN1+0g5xI13db6c3n9vi6ksPqkWq/4waO0kEGKfPf4JLCm4DSRx
RbTLIZ6J8mPMtSpMCag00eUchlST6zCVq55cehpPpcSaVuybphmGlqnRVfEtBgSH
pa1bi1uflkvQ/ysUyrM89EHOS9jfjHOciVfaKynAnwsCtx8cCqRhCabmewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/7E+7ipVGJqn/Q/mFY3Za+syS2MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvUF9zVDd1S2xVWW1xZjlELVlWamRscjZ6SkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrdMA0G
CSqGSIb3DQEBCwUAA4IBAQB0qGhGRnx1ppyC7SeIWgwRR6AFKs/6fEDvPF1sVGOZ
aOauVBR7q1Za/b0vP84hgD9xh1pFnCgFq7hr02k+lTt/rcpQarDavTt1+V0NT5eg
V0MmGkEmOhGdgDVYLomHMIPxM4IwWclJU/WaCXVWRQygchFxOnOmhMAclrZWj837
5alKrppFK0zS8xiTLKnnkgVY+3tA/uIxm3HMkT7kcHPieSSJsM4b2BbfrBcTRGSY
gkY03URfkLmk0AnQKWP4/6JNmtS1Ucg5hdVRVIQ3bnsG/yfvoh9EQuC1XGsp2q0E
9s5nxrUqdHaG43tDEjJnc93DOR7aj9uOsHTdTHpgHqn9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org