Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Pxthfa05m6bNHKcHcZYMs4bLqGY.roa
File: Pxthfa05m6bNHKcHcZYMs4bLqGY.roa (raw, json)
Hash identifier: NsjvdvQCJUtuZUPMqM6ul0aWpEwfMIooqFAd5ZJxz98=
Subject key identifier: 3F:1B:61:7D:AD:39:9B:A6:CD:1C:A7:07:71:96:0C:B3:86:CB:A8:66
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C91F7191B0CBC3D75AFADBEF4D6C70A4E
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Pxthfa05m6bNHKcHcZYMs4bLqGY.roa
Signing time: Fri 22 Dec 2023 14:38:59 +0000
ROA not before: Fri 22 Dec 2023 14:38:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209181
IP address blocks: 109.122.219.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:91:f7:19:1b:0c:bc:3d:75:af:ad:be:f4:d6:c7:0a:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 22 14:38:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3f1b617dad399ba6cd1ca70771960cb386cba866
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:48:7f:44:ab:99:51:87:09:3d:d1:62:3f:b7:
52:c9:27:4f:8c:8b:08:f8:95:7e:3b:54:14:75:50:
61:e7:92:0c:b0:33:9b:7c:74:c4:01:10:a8:59:c1:
fe:23:16:5d:b0:1a:1f:f8:17:6e:e0:aa:25:8e:70:
85:84:ec:2d:6c:e7:68:20:ac:22:9d:26:dc:fe:9a:
21:df:d0:7b:4a:c1:77:6b:61:a4:c6:4d:fa:32:06:
03:07:0c:33:0a:56:af:38:5d:12:37:bd:cc:2c:b3:
10:67:fa:5f:d4:ac:09:aa:30:f0:a8:18:e4:7c:2c:
77:75:44:1a:4d:2b:a4:52:96:da:09:3f:a1:07:a6:
1a:d1:b3:fd:10:ec:53:8e:7e:d4:3d:f1:1e:98:2a:
64:7a:2c:6a:e4:8c:d1:1d:d9:19:14:eb:fc:6e:3f:
da:4d:41:f7:ae:2c:f4:c0:8b:92:a7:6b:46:a3:30:
c4:7e:b8:44:e4:58:f1:af:32:fc:13:d7:dc:48:71:
16:9a:eb:3d:1b:9b:cd:9a:73:bb:45:3f:a0:83:c0:
ef:18:07:65:a7:72:c1:71:58:a9:9d:ec:4d:b6:5c:
bf:db:ec:24:a4:08:e9:59:81:93:31:df:6a:c3:a9:
b9:35:b5:49:85:f4:e7:df:d2:86:d5:6a:f2:32:a7:
26:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:1B:61:7D:AD:39:9B:A6:CD:1C:A7:07:71:96:0C:B3:86:CB:A8:66
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Pxthfa05m6bNHKcHcZYMs4bLqGY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.219.0/24
Signature Algorithm: sha256WithRSAEncryption
98:1d:b8:3d:37:28:57:85:66:eb:9f:9c:f8:ce:ab:89:d7:81:
b2:f8:61:0c:7e:b4:33:f0:99:2a:de:4a:65:04:97:ab:ea:2c:
7b:49:5d:aa:7e:e7:b3:22:6f:88:f4:48:a0:23:dc:ca:77:9d:
82:71:f7:67:dc:54:17:ad:c9:2e:66:07:ac:ae:ea:89:07:6a:
42:dd:4d:0e:46:07:a4:c0:b2:9b:78:dc:b1:ab:fe:65:0c:a3:
4f:a9:9e:80:2c:5d:83:d0:46:43:bf:4d:25:08:4b:71:61:19:
de:30:2d:68:24:b0:fb:dd:97:09:e6:2c:f5:6a:75:18:c3:be:
67:d1:0f:1d:93:19:64:59:e9:11:06:9d:38:51:97:fe:fe:20:
27:84:ea:ce:7a:2b:6d:c2:cd:79:ab:da:8d:e0:dc:31:72:09:
70:6c:4d:af:e9:42:5c:28:24:57:25:b0:ad:0f:c3:d7:c6:8c:
3b:6f:71:3e:3e:1c:7d:fe:3d:19:7f:54:04:51:f1:5a:1b:21:
3c:ff:c2:dc:b7:37:73:a0:f1:79:20:54:f8:e1:6c:fc:fc:e7:
cd:2b:e6:79:b3:55:9b:4c:1c:b6:8c:9e:f5:94:20:e6:5e:a1:
06:fe:18:ed:1f:37:13:e7:96:aa:c7:1e:68:cc:d4:06:97:90:
63:81:a3:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyR9xkbDLw9da+tvvTWxwpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjFiNjE3ZGFkMzk5YmE2Y2QxY2E3MDc3MTk2MGNiMzg2Y2JhODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkh/RKuZUYcJPdFiP7dSySdPjIsI
+JV+O1QUdVBh55IMsDObfHTEARCoWcH+IxZdsBof+Bdu4KoljnCFhOwtbOdoIKwi
nSbc/poh39B7SsF3a2Gkxk36MgYDBwwzClavOF0SN73MLLMQZ/pf1KwJqjDwqBjk
fCx3dUQaTSukUpbaCT+hB6Ya0bP9EOxTjn7UPfEemCpkeixq5IzRHdkZFOv8bj/a
TUH3riz0wIuSp2tGozDEfrhE5FjxrzL8E9fcSHEWmus9G5vNmnO7RT+gg8DvGAdl
p3LBcVipnexNtly/2+wkpAjpWYGTMd9qw6m5NbVJhfTn39KG1WryMqcmnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8bYX2tOZumzRynB3GWDLOGy6hmMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvUHh0aGZhMDVtNmJOSEtjSGNaWU1zNGJMcUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrbMA0G
CSqGSIb3DQEBCwUAA4IBAQCYHbg9NyhXhWbrn5z4zquJ14Gy+GEMfrQz8Jkq3kpl
BJer6ix7SV2qfuezIm+I9EigI9zKd52Ccfdn3FQXrckuZgesruqJB2pC3U0ORgek
wLKbeNyxq/5lDKNPqZ6ALF2D0EZDv00lCEtxYRneMC1oJLD73ZcJ5iz1anUYw75n
0Q8dkxlkWekRBp04UZf+/iAnhOrOeittws15q9qN4NwxcglwbE2v6UJcKCRXJbCt
D8PXxow7b3E+Phx9/j0Zf1QEUfFaGyE8/8LctzdzoPF5IFT44Wz8/OfNK+Z5s1Wb
TBy2jJ71lCDmXqEG/hjtHzcT55aqxx5ozNQGl5BjgaPc
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:11 2025 by rpki-client