Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/WL2CmBDEJrqNEne3Xs1adWkNAhc.roa
File: WL2CmBDEJrqNEne3Xs1adWkNAhc.roa (raw, json)
Hash identifier: 5V5HDETng/F3Qbe5I39NUO7rnxKuSpe+fr3G1KTEG6w=
Subject key identifier: 58:BD:82:98:10:C4:26:BA:8D:12:77:B7:5E:CD:5A:75:69:0D:02:17
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B434C2A564FC13CA108237D6B2A74636D
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/WL2CmBDEJrqNEne3Xs1adWkNAhc.roa
Signing time: Wed 18 Oct 2023 14:59:06 +0000
ROA not before: Wed 18 Oct 2023 14:59:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9009
IP address blocks: 109.122.204.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:43:4c:2a:56:4f:c1:3c:a1:08:23:7d:6b:2a:74:63:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Oct 18 14:59:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=58bd829810c426ba8d1277b75ecd5a75690d0217
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:66:b0:72:d6:73:b2:68:35:2e:c7:e0:d1:34:
1a:b4:93:00:1f:2a:ee:ac:a0:d5:34:1b:2a:f7:16:
b3:52:36:4a:96:28:66:a8:80:d1:fc:5e:a3:5a:1d:
6b:2a:ec:6b:36:bf:cf:41:3b:f5:9a:2b:e4:2c:ec:
44:7f:62:ab:68:8f:94:3c:16:93:76:6f:67:de:b6:
47:e1:5c:6e:e2:9e:be:77:9a:2b:28:00:4b:f4:97:
23:4b:02:85:76:3c:27:27:d1:9d:5e:ec:14:37:6b:
fd:19:f7:73:c1:43:3b:4b:7c:af:2e:0f:4e:1e:e9:
9c:a7:88:cf:fc:c9:d9:2c:16:da:52:21:fb:40:b5:
71:d1:a4:e3:6c:aa:a8:67:b2:e5:46:6a:77:de:78:
57:1a:3d:3d:2c:fe:a9:1b:bc:b3:b8:89:1f:89:ce:
a5:a0:6d:46:fb:b1:69:94:98:fc:7f:79:63:4d:18:
41:11:cb:d7:8e:c4:dd:95:2a:fa:aa:7f:86:34:d8:
9c:7c:f9:3b:09:f6:a5:23:c0:d2:5e:c1:64:c6:5a:
c6:d2:0b:69:cc:46:c6:4c:53:52:47:b3:25:f7:4d:
16:e4:ad:b8:8a:03:bd:9e:44:73:a5:31:aa:b0:27:
0d:01:64:78:87:16:60:28:99:31:e5:1e:9c:73:7c:
c0:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:BD:82:98:10:C4:26:BA:8D:12:77:B7:5E:CD:5A:75:69:0D:02:17
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/WL2CmBDEJrqNEne3Xs1adWkNAhc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.204.0/24
Signature Algorithm: sha256WithRSAEncryption
73:c9:1c:02:71:c8:7c:38:a3:49:b1:55:25:f6:2f:2e:0e:71:
f2:cf:82:84:6b:d3:a9:78:7a:81:8f:44:9a:41:59:62:69:66:
47:85:a4:69:91:d7:06:c6:6b:78:7b:71:25:5b:7e:8b:c2:f7:
a8:48:85:e1:d4:64:f0:fb:b6:35:05:ef:3e:7a:3d:aa:ae:c2:
e1:8b:d1:76:8b:a1:b7:46:83:39:c5:9b:df:c0:ba:f6:ff:05:
f6:4f:a5:0b:f8:b6:e2:2c:d3:8a:29:cb:eb:6a:10:e3:e1:9e:
eb:1f:f8:90:28:f0:a7:aa:58:e0:ed:e3:cc:6d:73:b9:ac:2e:
00:d7:f9:65:cb:4d:df:80:21:77:8c:c6:ba:9e:5f:89:17:0e:
8e:61:90:1a:54:95:d5:80:6f:18:30:a6:6d:b4:9a:a9:b4:33:
59:59:9a:d7:b7:07:5a:f0:aa:27:17:46:34:bb:a1:41:a3:81:
d0:4f:10:32:f3:4d:da:f4:db:df:eb:fb:46:ea:c4:5e:15:88:
27:f7:f8:a0:89:b2:26:06:59:d7:78:92:af:ba:78:92:f2:bf:
b2:ca:25:7e:26:ad:ae:09:10:de:6f:b1:fa:f4:4c:42:f8:fc:
18:3f:cf:b4:78:89:d0:06:96:44:db:84:28:2c:36:86:64:04:
b7:57:d7:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYtDTCpWT8E8oQgjfWsqdGNtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMDE4MTQ1OTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGJkODI5ODEwYzQyNmJhOGQxMjc3Yjc1ZWNkNWE3NTY5MGQwMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWawctZzsmg1Lsfg0TQatJMAHyru
rKDVNBsq9xazUjZKlihmqIDR/F6jWh1rKuxrNr/PQTv1mivkLOxEf2KraI+UPBaT
dm9n3rZH4Vxu4p6+d5orKABL9JcjSwKFdjwnJ9GdXuwUN2v9GfdzwUM7S3yvLg9O
Humcp4jP/MnZLBbaUiH7QLVx0aTjbKqoZ7LlRmp33nhXGj09LP6pG7yzuIkfic6l
oG1G+7FplJj8f3ljTRhBEcvXjsTdlSr6qn+GNNicfPk7CfalI8DSXsFkxlrG0gtp
zEbGTFNSR7Ml900W5K24igO9nkRzpTGqsCcNAWR4hxZgKJkx5R6cc3zArQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFi9gpgQxCa6jRJ3t17NWnVpDQIXMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvV0wyQ21CREVKcnFORW5lM1hzMWFkV2tOQWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrMMA0G
CSqGSIb3DQEBCwUAA4IBAQBzyRwCcch8OKNJsVUl9i8uDnHyz4KEa9OpeHqBj0Sa
QVliaWZHhaRpkdcGxmt4e3ElW36LwveoSIXh1GTw+7Y1Be8+ej2qrsLhi9F2i6G3
RoM5xZvfwLr2/wX2T6UL+LbiLNOKKcvrahDj4Z7rH/iQKPCnqljg7ePMbXO5rC4A
1/lly03fgCF3jMa6nl+JFw6OYZAaVJXVgG8YMKZttJqptDNZWZrXtwda8KonF0Y0
u6FBo4HQTxAy803a9Nvf6/tG6sReFYgn9/igibImBlnXeJKvuniS8r+yyiV+Jq2u
CRDeb7H69ExC+PwYP8+0eInQBpZE24QoLDaGZAS3V9eu
-----END CERTIFICATE-----
Generated at Fri Dec 15 07:25:53 2023 by rpki-client on console-fra.rpki-client.org