Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Y1p7gdrBCCPSgeQoF8h2IVUAD0s.roa
File: Y1p7gdrBCCPSgeQoF8h2IVUAD0s.roa (raw, json)
Hash identifier: S0aY5eATg5i9nChLbiJXC3SpbnA15UV5NQNHunF2BJ0=
Subject key identifier: 63:5A:7B:81:DA:C1:08:23:D2:81:E4:28:17:C8:76:21:55:00:0F:4B
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B434C2A2A621282FDE41349AFD2785A44
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Y1p7gdrBCCPSgeQoF8h2IVUAD0s.roa
Signing time: Wed 18 Oct 2023 14:59:06 +0000
ROA not before: Wed 18 Oct 2023 14:59:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7354
IP address blocks: 109.122.214.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:43:4c:2a:2a:62:12:82:fd:e4:13:49:af:d2:78:5a:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Oct 18 14:59:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=635a7b81dac10823d281e42817c8762155000f4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:e0:ba:ea:ce:db:b0:f9:7f:43:c0:23:2b:bc:
06:e1:b5:99:24:de:51:1e:c5:67:38:a2:56:8c:79:
53:f6:be:eb:d1:be:5d:5e:ec:b2:50:85:34:7c:09:
83:9a:0e:5b:68:ed:8a:f6:80:db:c3:ab:ce:3f:dd:
19:8c:f9:87:07:c8:45:d8:ea:e3:30:b0:63:91:ae:
8e:be:84:87:d4:b1:7b:37:54:43:4c:21:70:26:01:
fe:04:e9:41:c6:32:81:d5:a4:ba:5e:2b:e9:5d:f6:
01:ae:9b:12:b1:20:90:a3:bc:0a:19:a2:e1:62:81:
47:a7:b4:34:4c:8b:f6:b4:9e:ba:3d:66:2c:eb:ef:
dc:49:03:dc:b7:2d:87:1d:6f:04:ab:a4:21:2e:74:
5a:c5:e7:ad:57:5e:a8:ed:00:b4:61:6e:95:1b:5a:
90:c1:3d:21:f7:23:a4:99:63:25:a7:05:dd:de:75:
6c:39:fc:1c:1e:74:c7:1c:2b:34:04:1b:98:e2:e8:
c6:d4:d3:6f:bb:5e:93:63:3f:95:1e:79:90:c0:25:
24:e2:57:c8:da:e7:d5:67:e6:2e:c1:2f:cb:14:fa:
69:77:7b:a8:80:c2:0b:08:57:aa:16:07:a3:77:40:
9a:bc:c2:0a:98:35:ef:74:2a:90:d8:9a:20:e0:3b:
98:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:5A:7B:81:DA:C1:08:23:D2:81:E4:28:17:C8:76:21:55:00:0F:4B
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/Y1p7gdrBCCPSgeQoF8h2IVUAD0s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.214.0/24
Signature Algorithm: sha256WithRSAEncryption
05:62:cf:ba:3b:2d:57:18:cb:bb:17:0e:9c:55:40:c4:87:be:
91:12:45:83:07:00:a9:49:ce:1e:8e:e8:7d:8d:50:82:e1:d3:
bb:07:86:10:33:88:c8:fe:67:12:4a:74:bf:0f:8b:f9:6d:9f:
af:ba:c1:a9:58:ae:04:c5:76:3b:ca:c9:23:e9:42:e7:63:a6:
e4:1a:5c:d1:d7:fe:45:13:2c:94:74:eb:0f:10:d9:cd:2a:95:
81:ca:d2:b2:de:9f:45:79:69:6a:d8:35:d4:82:23:ed:7c:d7:
c9:4f:fb:66:16:70:08:ff:83:06:54:bb:e8:cc:0f:45:c8:31:
5f:49:20:6f:92:04:99:2b:ea:ad:01:45:29:c8:0b:e1:04:1f:
67:00:47:ff:ed:cd:a2:1f:91:27:c3:de:81:86:7e:79:97:ec:
9d:6d:7e:d0:c1:da:69:2e:f4:e7:86:ce:00:3a:b6:c0:d2:ee:
78:64:f9:83:4b:6f:ea:bb:dd:df:07:70:3e:b7:b9:26:a2:43:
98:50:ce:46:9e:f8:5d:a9:65:65:74:6d:10:2c:70:e5:9a:74:
f7:ac:31:88:86:b2:3e:4c:fc:bd:bb:20:e7:60:fe:92:75:38:
d2:9b:8d:a7:11:43:b9:63:4b:72:c0:e9:6f:98:3d:0b:c8:92:
ec:67:df:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYtDTCoqYhKC/eQTSa/SeFpEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMDE4MTQ1OTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzVhN2I4MWRhYzEwODIzZDI4MWU0MjgxN2M4NzYyMTU1MDAwZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+C66s7bsPl/Q8AjK7wG4bWZJN5R
HsVnOKJWjHlT9r7r0b5dXuyyUIU0fAmDmg5baO2K9oDbw6vOP90ZjPmHB8hF2Orj
MLBjka6OvoSH1LF7N1RDTCFwJgH+BOlBxjKB1aS6XivpXfYBrpsSsSCQo7wKGaLh
YoFHp7Q0TIv2tJ66PWYs6+/cSQPcty2HHW8Eq6QhLnRaxeetV16o7QC0YW6VG1qQ
wT0h9yOkmWMlpwXd3nVsOfwcHnTHHCs0BBuY4ujG1NNvu16TYz+VHnmQwCUk4lfI
2ufVZ+YuwS/LFPppd3uogMILCFeqFgejd0CavMIKmDXvdCqQ2Jog4DuYZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNae4HawQgj0oHkKBfIdiFVAA9LMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvWTFwN2dkckJDQ1BTZ2VRb0Y4aDJJVlVBRDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrWMA0G
CSqGSIb3DQEBCwUAA4IBAQAFYs+6Oy1XGMu7Fw6cVUDEh76REkWDBwCpSc4ejuh9
jVCC4dO7B4YQM4jI/mcSSnS/D4v5bZ+vusGpWK4ExXY7yskj6ULnY6bkGlzR1/5F
EyyUdOsPENnNKpWBytKy3p9FeWlq2DXUgiPtfNfJT/tmFnAI/4MGVLvozA9FyDFf
SSBvkgSZK+qtAUUpyAvhBB9nAEf/7c2iH5Enw96Bhn55l+ydbX7QwdppLvTnhs4A
OrbA0u54ZPmDS2/qu93fB3A+t7kmokOYUM5GnvhdqWVldG0QLHDlmnT3rDGIhrI+
TPy9uyDnYP6SdTjSm42nEUO5Y0tywOlvmD0LyJLsZ99B
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:15:14 2025 by rpki-client