Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/VoZmbJp7hrDetjbYxBoCaXJFvqw.roa
File: VoZmbJp7hrDetjbYxBoCaXJFvqw.roa (raw, json)
Hash identifier: iDO4FB5Tzbddm5YB8Rz3qfMahY9f4SU7/pxOptmGL9k=
Subject key identifier: 56:86:66:6C:9A:7B:86:B0:DE:B6:36:D8:C4:1A:02:69:72:45:BE:AC
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B434C2F49868AAB8F5579F1FD5B2FD617
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/VoZmbJp7hrDetjbYxBoCaXJFvqw.roa
Signing time: Wed 18 Oct 2023 14:59:08 +0000
ROA not before: Wed 18 Oct 2023 14:59:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211440
IP address blocks: 109.122.206.0/24 maxlen: 24
109.122.202.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:43:4c:2f:49:86:8a:ab:8f:55:79:f1:fd:5b:2f:d6:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Oct 18 14:59:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5686666c9a7b86b0deb636d8c41a02697245beac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:c4:0f:c5:05:fa:ad:f7:0c:c1:04:dd:bb:a5:
86:2f:24:1c:5a:8f:99:7b:59:d1:79:17:3b:47:30:
33:50:a6:de:b3:e0:0e:c0:5a:59:30:5c:26:15:11:
29:d6:38:91:36:8a:e3:9f:59:1a:95:9a:c1:ff:18:
86:4f:f3:43:cf:b9:16:21:76:b0:00:6e:5b:b8:85:
14:87:8b:99:f9:96:4e:71:6d:94:ce:62:be:21:26:
fc:57:d7:c1:e9:82:d1:ce:fb:a1:2b:09:57:c6:d6:
8a:94:81:87:c6:60:81:05:d8:b0:4c:22:23:38:4a:
34:1d:2e:06:07:3a:8a:6f:39:be:ba:2a:98:f2:cc:
14:8a:92:d2:8b:0d:a7:34:c4:c2:56:93:e2:9a:d9:
29:61:af:57:9c:2f:7c:6d:81:d3:78:a0:03:8c:03:
9c:6a:7b:bc:38:f4:9c:1f:8b:ef:2c:4f:4b:16:ed:
d5:22:44:7a:14:d8:82:f6:72:e4:40:22:54:d9:9b:
a8:66:e8:d3:b8:37:e4:9f:4d:0a:99:60:4c:8b:55:
28:aa:be:9d:2e:80:ab:2e:06:bd:a4:3c:54:27:7a:
31:53:d3:f2:54:31:dc:6b:7c:6d:cc:9a:6f:d8:13:
4c:a4:b0:ea:c9:7e:7a:d0:88:04:63:32:37:ca:98:
c9:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:86:66:6C:9A:7B:86:B0:DE:B6:36:D8:C4:1A:02:69:72:45:BE:AC
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/VoZmbJp7hrDetjbYxBoCaXJFvqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.202.0/24
109.122.206.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:41:75:c0:7b:07:b8:07:78:b2:d1:e3:fe:0c:82:93:5d:52:
e9:fc:ad:01:c8:b7:5c:9c:46:ee:08:f6:ae:e6:b3:5c:8c:a1:
be:13:ec:00:ab:2c:89:68:0d:f2:5c:dc:fd:95:ca:c9:0f:e7:
a8:8d:98:d9:a1:78:d2:c7:8e:cc:e9:0e:ce:63:01:3a:e9:8a:
7d:42:84:9a:a7:0d:3f:91:1c:7c:cb:9b:c1:1c:bf:50:27:02:
e5:d3:8a:b4:4c:9e:b5:c0:18:60:5b:84:cb:d2:b6:13:3e:2a:
38:23:36:1f:9b:3f:13:8a:64:f3:bc:cc:d3:eb:22:e2:e9:1c:
f9:8a:d1:74:29:57:f5:b6:ca:10:f9:ea:9a:70:4b:6f:dd:76:
40:a5:42:6c:e0:41:56:9c:bc:7d:dc:90:92:1b:3d:65:8e:1f:
b9:b4:4c:a0:80:3b:87:1d:0d:03:db:9c:d1:21:8d:27:e5:9e:
06:b0:4a:fc:26:60:b5:ed:ec:bd:75:84:1c:87:66:45:13:c9:
9f:98:ac:86:7b:cc:04:f5:87:31:6f:89:e4:87:ec:c5:59:7b:
31:d0:f8:76:8a:c0:da:fc:0a:79:6d:16:fa:9c:35:72:3a:f7:
f0:c5:a6:43:70:04:ad:3a:17:b6:74:04:b1:1c:4f:5f:fc:b6:
f8:0f:18:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYtDTC9Jhoqrj1V58f1bL9YXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMDE4MTQ1OTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Njg2NjY2YzlhN2I4NmIwZGViNjM2ZDhjNDFhMDI2OTcyNDViZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcQPxQX6rfcMwQTdu6WGLyQcWo+Z
e1nReRc7RzAzUKbes+AOwFpZMFwmFREp1jiRNorjn1kalZrB/xiGT/NDz7kWIXaw
AG5buIUUh4uZ+ZZOcW2UzmK+ISb8V9fB6YLRzvuhKwlXxtaKlIGHxmCBBdiwTCIj
OEo0HS4GBzqKbzm+uiqY8swUipLSiw2nNMTCVpPimtkpYa9XnC98bYHTeKADjAOc
anu8OPScH4vvLE9LFu3VIkR6FNiC9nLkQCJU2ZuoZujTuDfkn00KmWBMi1Uoqr6d
LoCrLga9pDxUJ3oxU9PyVDHca3xtzJpv2BNMpLDqyX560IgEYzI3ypjJFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFaGZmyae4aw3rY22MQaAmlyRb6sMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvVm9abWJKcDdockRldGpiWXhCb0NhWEpGdnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrKAwQA
bXrOMA0GCSqGSIb3DQEBCwUAA4IBAQCMQXXAewe4B3iy0eP+DIKTXVLp/K0ByLdc
nEbuCPau5rNcjKG+E+wAqyyJaA3yXNz9lcrJD+eojZjZoXjSx47M6Q7OYwE66Yp9
QoSapw0/kRx8y5vBHL9QJwLl04q0TJ61wBhgW4TL0rYTPio4IzYfmz8TimTzvMzT
6yLi6Rz5itF0KVf1tsoQ+eqacEtv3XZApUJs4EFWnLx93JCSGz1ljh+5tEyggDuH
HQ0D25zRIY0n5Z4GsEr8JmC17ey9dYQch2ZFE8mfmKyGe8wE9Ycxb4nkh+zFWXsx
0Ph2isDa/Ap5bRb6nDVyOvfwxaZDcAStOhe2dASxHE9f/Lb4Dxh9
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:25:36 2025 by rpki-client