Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Td2Ynvqf695Cj_7jdUK9qnVbH9I.roa
File: Td2Ynvqf695Cj_7jdUK9qnVbH9I.roa (raw, json)
Hash identifier: nuLZhbpix92r/Zoz1+0QujZURO68IWKwM9zwTcL4EfI=
Subject key identifier: 4D:DD:98:9E:FA:9F:EB:DE:42:8F:FE:E3:75:42:BD:AA:75:5B:1F:D2
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018A774346E9DDCE9478E886378F6A4033A0
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Td2Ynvqf695Cj_7jdUK9qnVbH9I.roa
Signing time: Sat 09 Sep 2023 00:06:52 +0000
ROA not before: Sat 09 Sep 2023 00:06:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.201.0/24 maxlen: 24
109.122.212.0/24 maxlen: 24
109.122.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:77:43:46:e9:dd:ce:94:78:e8:86:37:8f:6a:40:33:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Sep 9 00:06:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4ddd989efa9febde428ffee37542bdaa755b1fd2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:35:c2:be:b8:df:0b:a0:5b:d2:b5:6f:1d:1d:
ca:d7:13:61:a5:a4:52:10:ac:fd:35:89:1e:87:33:
ca:48:fd:56:dc:5f:86:1b:16:ea:b9:51:59:53:4e:
20:60:4d:cf:4f:18:31:c5:61:2b:7f:3d:62:9f:5c:
bd:71:2f:58:97:e6:e4:ec:1d:b9:fc:e1:b1:49:b7:
be:71:e1:73:7c:7d:d3:a5:68:3a:db:0f:aa:ed:f6:
61:cc:95:a7:25:e2:82:08:7d:f9:61:e2:5e:fc:bb:
bb:23:4c:c8:a9:58:b0:3d:97:36:db:f0:6b:28:55:
39:f2:ad:c1:49:9e:1a:b9:a9:ac:e6:2f:45:9c:37:
7d:50:da:e1:10:f9:c9:cd:fb:65:76:1b:68:3a:58:
6d:ae:e9:d7:ce:7d:50:2d:72:83:96:42:ea:33:75:
97:20:f2:78:98:6b:71:23:90:25:d5:21:43:cf:fc:
5d:de:33:a6:1d:28:6b:5c:8a:b9:b0:69:42:f8:9d:
8e:37:b7:21:03:27:03:42:a1:65:d0:74:dc:a8:63:
38:da:c2:7c:d6:16:25:d1:ff:f3:cc:e3:52:37:df:
55:fa:ec:bc:ae:95:9d:01:5f:4e:56:45:1a:16:f2:
14:90:c2:d2:d2:9b:e2:39:1e:67:f2:92:fd:60:3e:
f3:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:DD:98:9E:FA:9F:EB:DE:42:8F:FE:E3:75:42:BD:AA:75:5B:1F:D2
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Td2Ynvqf695Cj_7jdUK9qnVbH9I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/24
109.122.201.0/24
109.122.212.0/24
109.122.215.0/24
Signature Algorithm: sha256WithRSAEncryption
62:1f:ec:f0:39:c3:bb:fc:e5:26:a0:1d:e9:66:cb:41:b6:27:
7e:69:32:aa:fd:0c:83:a6:56:a9:e2:e8:2d:60:4f:f8:9c:82:
b3:e9:a1:cb:90:69:22:20:59:b3:fe:6c:cd:88:22:61:02:ea:
89:65:70:d2:2d:14:2d:64:36:50:1e:65:6d:fd:d9:c4:fd:f7:
c7:ea:34:23:00:3c:81:85:85:52:df:2b:68:31:f2:4f:2e:0f:
48:27:07:22:7e:55:b8:b8:03:18:b3:8e:4c:0a:80:14:f7:31:
69:c4:c3:7e:4e:71:9d:c1:b9:f3:fc:b6:72:28:92:75:86:b6:
df:22:28:23:59:13:84:db:fd:7c:bd:bf:66:2c:d6:2a:fe:8e:
a7:20:20:ff:4b:49:cf:6e:00:61:f5:7e:80:2a:87:1d:96:eb:
ea:67:8d:67:32:76:e1:91:a6:d5:74:a2:3c:c4:56:9c:c5:8b:
c4:43:70:26:f9:ea:d9:9e:c9:ae:b0:77:dd:11:00:24:fd:46:
79:78:fe:c9:67:1d:ca:8f:77:18:70:13:d1:fe:da:e1:60:1a:
d4:d6:c9:fb:84:d0:3c:ce:1d:c8:7f:cc:da:f3:e4:b3:95:a2:
8a:84:bf:17:b2:4d:d3:7e:b0:05:26:5e:ae:e9:8b:84:10:90:
e4:e1:33:b8
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYp3Q0bp3c6UeOiGN49qQDOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwOTA5MDAwNjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGRkOTg5ZWZhOWZlYmRlNDI4ZmZlZTM3NTQyYmRhYTc1NWIxZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjXCvrjfC6Bb0rVvHR3K1xNhpaRS
EKz9NYkehzPKSP1W3F+GGxbquVFZU04gYE3PTxgxxWErfz1in1y9cS9Yl+bk7B25
/OGxSbe+ceFzfH3TpWg62w+q7fZhzJWnJeKCCH35YeJe/Lu7I0zIqViwPZc22/Br
KFU58q3BSZ4auams5i9FnDd9UNrhEPnJzftldhtoOlhtrunXzn1QLXKDlkLqM3WX
IPJ4mGtxI5Al1SFDz/xd3jOmHShrXIq5sGlC+J2ON7chAycDQqFl0HTcqGM42sJ8
1hYl0f/zzONSN99V+uy8rpWdAV9OVkUaFvIUkMLS0pviOR5n8pL9YD7zvQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFE3dmJ76n+veQo/+43VCvap1Wx/SMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvVGQyWW52cWY2OTVDal83amRVSzlxblZiSDlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbXrAAwQA
bXrJAwQAbXrUAwQAbXrXMA0GCSqGSIb3DQEBCwUAA4IBAQBiH+zwOcO7/OUmoB3p
ZstBtid+aTKq/QyDplap4ugtYE/4nIKz6aHLkGkiIFmz/mzNiCJhAuqJZXDSLRQt
ZDZQHmVt/dnE/ffH6jQjADyBhYVS3ytoMfJPLg9IJwciflW4uAMYs45MCoAU9zFp
xMN+TnGdwbnz/LZyKJJ1hrbfIigjWROE2/18vb9mLNYq/o6nICD/S0nPbgBh9X6A
KocdluvqZ41nMnbhkabVdKI8xFacxYvEQ3Am+erZnsmusHfdEQAk/UZ5eP7JZx3K
j3cYcBPR/trhYBrU1sn7hNA8zh3If8za8+SzlaKKhL8Xsk3TfrAFJl6u6YuEEJDk
4TO4
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:06 2025 by rpki-client