Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/R38RUooiCVuveRT7vsWQ0q00Ej0.roa
File: R38RUooiCVuveRT7vsWQ0q00Ej0.roa (raw, json)
Hash identifier: 9Yvpu0WD3cWyDjJ6qLG08Zv/O11f/WLZjHqXXQMn1S0=
Subject key identifier: 47:7F:11:52:8A:22:09:5B:AF:79:14:FB:BE:C5:90:D2:AD:34:12:3D
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B434EE89C20CF5913D5B79EAF9D917A2F
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/R38RUooiCVuveRT7vsWQ0q00Ej0.roa
Signing time: Wed 18 Oct 2023 15:02:06 +0000
ROA not before: Wed 18 Oct 2023 15:02:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 109.122.205.0/24 maxlen: 24
109.122.212.0/24 maxlen: 24
109.122.213.0/24 maxlen: 24
109.122.215.0/24 maxlen: 24
109.122.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:43:4e:e8:9c:20:cf:59:13:d5:b7:9e:af:9d:91:7a:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Oct 18 15:02:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=477f11528a22095baf7914fbbec590d2ad34123d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:28:2a:8b:ed:65:68:8c:aa:38:f4:f0:b9:58:
1e:de:2c:e4:c2:6f:36:ad:15:61:fb:d8:b3:84:08:
19:9e:96:d5:5a:e2:b0:1c:1a:b2:d4:11:37:72:5b:
59:54:d8:68:b4:f3:50:1b:c9:06:b3:e4:c6:c1:44:
7e:e3:93:26:85:2d:c1:6c:ea:0b:36:46:14:e2:44:
63:04:05:53:16:78:0c:1f:64:4d:79:e8:48:c6:a5:
97:29:63:2a:5f:b3:8b:10:11:ce:57:76:73:9a:0e:
8a:92:5c:48:55:66:2f:4b:09:dd:70:02:53:0b:58:
51:e6:c7:1d:22:f1:4a:d9:d5:b5:37:03:7e:13:9e:
fa:f2:db:03:b1:f7:ef:cb:ca:e0:61:52:cc:00:e4:
7a:c3:1f:4a:3e:56:32:28:e7:f2:6b:fc:22:68:3d:
24:88:9a:40:fe:61:d8:20:ae:48:99:6a:eb:80:ad:
2e:1e:54:e9:be:19:73:a9:a6:43:0a:a0:6d:ad:54:
f0:bd:ea:5d:b8:8b:6c:b2:02:c3:a7:94:c2:d4:a0:
55:b1:6d:3f:09:4d:d8:ed:7c:82:29:d6:07:61:6f:
ce:68:b3:c5:c4:5e:ac:3a:98:7a:97:17:d4:9e:2c:
da:40:f2:51:fa:22:28:6b:1e:da:f6:b7:d2:b0:72:
49:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:7F:11:52:8A:22:09:5B:AF:79:14:FB:BE:C5:90:D2:AD:34:12:3D
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/R38RUooiCVuveRT7vsWQ0q00Ej0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.205.0/24
109.122.212.0/23
109.122.215.0/24
109.122.220.0/24
Signature Algorithm: sha256WithRSAEncryption
9d:ab:b9:b8:13:9e:ff:20:51:67:63:77:5e:f7:aa:67:ff:ad:
11:65:04:40:dd:fa:71:c9:89:5b:01:0a:ba:4a:c2:c2:f4:3b:
10:46:e7:b5:d1:ef:a6:55:01:17:c2:ce:0c:31:b3:f9:d3:74:
2f:89:28:55:b8:39:bc:2e:b2:85:30:03:12:5e:33:b0:99:fc:
97:3d:16:6a:8b:72:0d:d6:2f:4d:44:e9:24:19:a2:4a:53:ed:
fb:0a:82:a8:a0:03:0f:b9:10:aa:73:82:1c:c6:02:ad:6d:d1:
ea:0e:0f:b9:45:b0:bd:62:20:40:39:2f:b6:90:4d:9b:8f:e6:
75:3a:68:5a:4b:12:61:30:62:d0:c0:2a:da:e5:c1:5c:47:18:
05:4e:1b:1b:ec:2f:c4:ba:f7:e9:3d:b5:1a:c4:b3:7f:12:bb:
84:37:84:ee:60:b0:24:40:95:0c:1c:47:db:67:ef:e6:3d:d8:
76:94:92:9e:c2:fa:d5:e2:b4:ec:c4:93:75:2c:5e:c4:5a:27:
23:53:ff:50:dc:03:97:24:ea:29:e9:d9:71:ec:a6:cb:0e:54:
e1:ef:fb:fe:93:02:cd:9d:df:32:71:7c:35:2e:23:e3:3a:7a:
f7:27:f8:5f:88:9d:da:3a:e4:c7:3f:e2:8a:0d:32:75:22:ae:
66:26:0b:28
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYtDTuicIM9ZE9W3nq+dkXovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMDE4MTUwMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzdmMTE1MjhhMjIwOTViYWY3OTE0ZmJiZWM1OTBkMmFkMzQxMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuigqi+1laIyqOPTwuVge3izkwm82
rRVh+9izhAgZnpbVWuKwHBqy1BE3cltZVNhotPNQG8kGs+TGwUR+45MmhS3BbOoL
NkYU4kRjBAVTFngMH2RNeehIxqWXKWMqX7OLEBHOV3Zzmg6KklxIVWYvSwndcAJT
C1hR5scdIvFK2dW1NwN+E5768tsDsffvy8rgYVLMAOR6wx9KPlYyKOfya/wiaD0k
iJpA/mHYIK5ImWrrgK0uHlTpvhlzqaZDCqBtrVTwvepduItssgLDp5TC1KBVsW0/
CU3Y7XyCKdYHYW/OaLPFxF6sOph6lxfUnizaQPJR+iIoax7a9rfSsHJJQQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEd/EVKKIglbr3kU+77FkNKtNBI9MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvUjM4UlVvb2lDVnV2ZVJUN3ZzV1EwcTAwRWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbXrNAwQB
bXrUAwQAbXrXAwQAbXrcMA0GCSqGSIb3DQEBCwUAA4IBAQCdq7m4E57/IFFnY3de
96pn/60RZQRA3fpxyYlbAQq6SsLC9DsQRue10e+mVQEXws4MMbP503QviShVuDm8
LrKFMAMSXjOwmfyXPRZqi3IN1i9NROkkGaJKU+37CoKooAMPuRCqc4IcxgKtbdHq
Dg+5RbC9YiBAOS+2kE2bj+Z1OmhaSxJhMGLQwCra5cFcRxgFThsb7C/EuvfpPbUa
xLN/EruEN4TuYLAkQJUMHEfbZ+/mPdh2lJKewvrV4rTsxJN1LF7EWicjU/9Q3AOX
JOop6dlx7KbLDlTh7/v+kwLNnd8ycXw1LiPjOnr3J/hfiJ3aOuTHP+KKDTJ1Iq5m
Jgso
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:22:26 2025 by rpki-client