Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/PyXvDg3FiGxi7GVuPp8Wg1s5xUY.roa
File: PyXvDg3FiGxi7GVuPp8Wg1s5xUY.roa (raw, json)
Hash identifier: 0UjYRxxXBTSsgjjCiX7OeT7ezqaibBhw6AJMa4bBTTY=
Subject key identifier: 3F:25:EF:0E:0D:C5:88:6C:62:EC:65:6E:3E:9F:16:83:5B:39:C5:46
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C91F7195E9C3FBC4811BB293A566281B6
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/PyXvDg3FiGxi7GVuPp8Wg1s5xUY.roa
Signing time: Fri 22 Dec 2023 14:38:59 +0000
ROA not before: Fri 22 Dec 2023 14:38:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210030
IP address blocks: 109.122.198.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:91:f7:19:5e:9c:3f:bc:48:11:bb:29:3a:56:62:81:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 22 14:38:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3f25ef0e0dc5886c62ec656e3e9f16835b39c546
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:17:fc:e0:6f:43:17:56:60:a6:61:f2:50:1a:
6a:d4:2b:b9:e2:48:8e:f2:b6:ea:59:d6:6d:fe:35:
73:14:67:60:ec:7a:be:bc:7d:c3:5b:33:00:a8:cc:
8b:e0:eb:a9:9a:21:f8:21:2c:22:e2:4b:ec:44:bd:
00:85:1e:db:0b:ef:b2:31:95:30:6d:5b:90:ab:e0:
83:80:a3:22:ab:28:95:e5:4e:07:86:d4:bc:da:31:
c2:b2:8b:3b:62:61:62:d3:98:8d:a6:a7:ae:73:5f:
c7:e6:2d:51:3f:9a:c4:76:5c:49:89:8b:04:7f:c9:
aa:e3:15:00:74:ca:e5:fb:87:bd:6a:e6:69:6b:62:
fd:70:1c:e1:6b:83:f5:0a:be:56:26:84:17:c9:18:
3a:1e:1a:66:8a:db:bb:a9:ea:a4:f8:56:93:15:8c:
59:eb:30:84:e9:4b:cf:1e:75:10:80:e9:9f:61:82:
e3:2a:fb:2b:3e:05:96:74:0a:f2:fa:56:03:28:8e:
68:7c:4a:44:c5:d6:33:73:ee:3d:66:0e:92:79:eb:
ed:6b:ab:06:9e:e4:d1:a1:bb:c7:f8:b0:06:33:42:
1c:83:73:a8:05:5f:8d:23:93:e7:41:76:e1:2a:97:
ef:fd:52:40:1d:76:45:38:7b:56:d4:d6:b1:21:da:
a2:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:25:EF:0E:0D:C5:88:6C:62:EC:65:6E:3E:9F:16:83:5B:39:C5:46
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/PyXvDg3FiGxi7GVuPp8Wg1s5xUY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.198.0/24
Signature Algorithm: sha256WithRSAEncryption
49:e7:4a:39:88:88:a1:04:74:f1:cb:de:cc:5a:3c:83:b1:6d:
07:0a:4a:b7:bc:76:13:84:e3:2c:c3:c4:63:cd:80:61:8c:6b:
54:b4:44:e1:0c:54:e6:99:b5:4d:e1:e2:52:74:99:08:b1:a2:
45:bc:32:67:14:e6:44:56:84:81:78:55:1a:a7:2f:20:7a:02:
bc:5c:57:a3:64:82:f4:b9:88:d7:bd:44:99:0d:49:90:9b:a9:
52:35:d2:5c:90:ed:16:69:a8:b6:36:7f:93:1f:d7:5b:17:c7:
28:d7:e2:9c:07:8d:32:f7:01:74:b4:ba:6d:af:70:51:22:18:
43:49:f6:54:dd:2a:67:67:51:d8:2a:64:a4:8f:ac:4c:31:c8:
d3:ec:b2:1d:32:9d:13:02:54:60:0a:3d:41:b7:ea:4b:cc:e9:
11:8d:50:a7:69:97:c1:3f:6c:ee:04:f3:87:cd:fc:68:50:ed:
fd:39:c1:03:79:ac:fd:c2:ef:32:a0:84:e8:0f:58:aa:6a:81:
de:5d:a0:37:60:21:f7:15:a0:72:4e:68:46:74:2e:70:9e:c2:
20:bc:2b:6c:2b:a2:8e:ac:65:ed:d5:a2:0e:9c:a4:c7:72:c3:
f5:b0:c0:e1:ca:24:eb:f7:f3:55:65:83:fd:4d:89:9a:cc:86:
00:aa:7e:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyR9xlenD+8SBG7KTpWYoG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjI1ZWYwZTBkYzU4ODZjNjJlYzY1NmUzZTlmMTY4MzViMzljNTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxf84G9DF1ZgpmHyUBpq1Cu54kiO
8rbqWdZt/jVzFGdg7Hq+vH3DWzMAqMyL4OupmiH4ISwi4kvsRL0AhR7bC++yMZUw
bVuQq+CDgKMiqyiV5U4HhtS82jHCsos7YmFi05iNpqeuc1/H5i1RP5rEdlxJiYsE
f8mq4xUAdMrl+4e9auZpa2L9cBzha4P1Cr5WJoQXyRg6Hhpmitu7qeqk+FaTFYxZ
6zCE6UvPHnUQgOmfYYLjKvsrPgWWdAry+lYDKI5ofEpExdYzc+49Zg6Seevta6sG
nuTRobvH+LAGM0Icg3OoBV+NI5PnQXbhKpfv/VJAHXZFOHtW1NaxIdqiYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8l7w4NxYhsYuxlbj6fFoNbOcVGMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvUHlYdkRnM0ZpR3hpN0dWdVBwOFdnMXM1eFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrGMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ50o5iIihBHTxy97MWjyDsW0HCkq3vHYThOMsw8Rj
zYBhjGtUtEThDFTmmbVN4eJSdJkIsaJFvDJnFOZEVoSBeFUapy8gegK8XFejZIL0
uYjXvUSZDUmQm6lSNdJckO0Waai2Nn+TH9dbF8co1+KcB40y9wF0tLptr3BRIhhD
SfZU3SpnZ1HYKmSkj6xMMcjT7LIdMp0TAlRgCj1Bt+pLzOkRjVCnaZfBP2zuBPOH
zfxoUO39OcEDeaz9wu8yoIToD1iqaoHeXaA3YCH3FaByTmhGdC5wnsIgvCtsK6KO
rGXt1aIOnKTHcsP1sMDhyiTr9/NVZYP9TYmazIYAqn5j
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:23:29 2025 by rpki-client