Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/PvMrchQHvz0BIhTkRpPYxvZtiBg.roa
File: PvMrchQHvz0BIhTkRpPYxvZtiBg.roa (raw, json)
Hash identifier: 3AxC23PhvyCvKuxsD+fkXcC0uoRDJ+TIEwD76E0tlrk=
Subject key identifier: 3E:F3:2B:72:14:07:BF:3D:01:22:14:E4:46:93:D8:C6:F6:6D:88:18
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187A866CB195512CF600C15A15F0C6DEA05
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/PvMrchQHvz0BIhTkRpPYxvZtiBg.roa
Signing time: Sat 22 Apr 2023 09:58:41 +0000
ROA not before: Sat 22 Apr 2023 09:58:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210030
IP address blocks: 109.122.198.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a8:66:cb:19:55:12:cf:60:0c:15:a1:5f:0c:6d:ea:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 22 09:58:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3ef32b721407bf3d012214e44693d8c6f66d8818
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:86:ec:81:64:7b:83:f4:7a:28:3f:5a:4f:95:
e9:d6:b9:c6:e7:a8:c3:a0:2f:d3:6f:88:47:9e:c1:
f5:57:b1:73:0c:69:ab:7d:6c:ab:27:19:f1:03:b5:
2c:cf:e6:3b:48:34:48:4a:69:70:5c:2b:b9:60:1f:
ac:db:29:6f:7c:b3:dc:a2:d0:8e:7b:04:84:81:44:
43:f4:57:d4:8e:1c:36:04:d6:a7:18:dc:7e:21:0b:
64:d1:55:74:02:b6:80:bf:94:b4:21:78:c3:e8:d2:
a7:f7:37:e8:75:ba:bf:4b:ff:55:5a:3f:10:01:7e:
b7:37:59:78:ee:16:07:ac:e4:22:e9:0c:e8:4b:27:
56:79:a0:94:0a:3f:43:e4:ac:4c:7a:19:6d:78:e1:
cf:a0:d7:15:64:9e:d8:90:d4:3d:7c:d0:f1:9e:72:
d1:71:23:f9:87:ba:1f:1f:ee:56:71:19:5b:63:38:
01:8a:cb:44:27:d2:87:7c:b4:bc:bb:fd:ed:fb:6e:
0b:d2:7f:55:e2:f2:8c:59:49:b5:fc:30:1f:79:e5:
83:61:23:d5:3f:c9:17:34:99:10:60:e5:be:b7:95:
ea:fc:07:2f:89:ef:35:b0:08:36:3d:78:f1:65:db:
bd:2f:58:1d:d7:00:3e:45:5f:17:83:1a:da:ba:20:
48:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:F3:2B:72:14:07:BF:3D:01:22:14:E4:46:93:D8:C6:F6:6D:88:18
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/PvMrchQHvz0BIhTkRpPYxvZtiBg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.198.0/24
Signature Algorithm: sha256WithRSAEncryption
90:31:1c:e6:8f:fb:2d:0c:2b:bf:e6:1a:eb:18:79:86:ee:b4:
56:c7:21:02:03:7a:b0:40:c8:77:de:75:92:d5:26:e5:2d:bf:
1f:9d:cb:3a:e6:a7:aa:cf:d4:ef:e3:8a:99:9b:4f:1d:47:a1:
dd:3c:15:21:13:3f:4d:75:22:e0:cd:74:e6:9e:fe:16:fa:22:
01:c3:da:28:37:fb:d8:8f:a8:7e:0a:e1:51:99:cc:92:96:c6:
9b:c8:80:8b:47:fb:a9:d4:33:71:54:95:48:80:c4:d1:f3:dd:
e0:8d:c3:3e:43:bb:bd:c5:84:8b:40:8e:b1:f6:27:27:74:8e:
7c:e9:75:76:29:2a:11:01:0b:9d:24:0c:6a:13:a7:75:21:26:
eb:d7:bd:41:f0:b6:49:11:56:ab:8d:d5:42:b5:15:3a:08:f6:
29:00:d7:ac:76:4f:58:b3:01:cd:d2:78:d0:52:d9:7f:c2:1a:
2e:0c:d6:ea:78:3f:f6:0d:48:ca:53:da:03:47:08:d8:27:66:
51:5b:f8:74:5a:ce:fe:7c:1f:33:88:71:b5:24:2b:8c:03:ac:
3c:16:75:e6:a9:a0:a3:84:e7:b6:57:a8:21:78:67:8e:19:fe:
a7:19:0f:a2:ea:48:e8:c6:41:a5:f5:15:15:35:aa:3e:65:42:
e0:06:7e:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZssZVRLPYAwVoV8MbeoFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1ODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWYzMmI3MjE0MDdiZjNkMDEyMjE0ZTQ0NjkzZDhjNmY2NmQ4ODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYbsgWR7g/R6KD9aT5Xp1rnG56jD
oC/Tb4hHnsH1V7FzDGmrfWyrJxnxA7Usz+Y7SDRISmlwXCu5YB+s2ylvfLPcotCO
ewSEgURD9FfUjhw2BNanGNx+IQtk0VV0AraAv5S0IXjD6NKn9zfodbq/S/9VWj8Q
AX63N1l47hYHrOQi6QzoSydWeaCUCj9D5KxMehlteOHPoNcVZJ7YkNQ9fNDxnnLR
cSP5h7ofH+5WcRlbYzgBistEJ9KHfLS8u/3t+24L0n9V4vKMWUm1/DAfeeWDYSPV
P8kXNJkQYOW+t5Xq/Acvie81sAg2PXjxZdu9L1gd1wA+RV8XgxrauiBI4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7zK3IUB789ASIU5EaT2Mb2bYgYMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvUHZNcmNoUUh2ejBCSWhUa1JwUFl4dlp0aUJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrGMA0G
CSqGSIb3DQEBCwUAA4IBAQCQMRzmj/stDCu/5hrrGHmG7rRWxyECA3qwQMh33nWS
1SblLb8fncs65qeqz9Tv44qZm08dR6HdPBUhEz9NdSLgzXTmnv4W+iIBw9ooN/vY
j6h+CuFRmcySlsabyICLR/up1DNxVJVIgMTR893gjcM+Q7u9xYSLQI6x9icndI58
6XV2KSoRAQudJAxqE6d1ISbr171B8LZJEVarjdVCtRU6CPYpANesdk9YswHN0njQ
Utl/whouDNbqeD/2DUjKU9oDRwjYJ2ZRW/h0Ws7+fB8ziHG1JCuMA6w8FnXmqaCj
hOe2V6gheGeOGf6nGQ+i6kjoxkGl9RUVNao+ZULgBn4B
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org