Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_akt3rCV9WIUiSbJVxx-9seHBro.roa
File: _akt3rCV9WIUiSbJVxx-9seHBro.roa (raw, json)
Hash identifier: 2nlYrQNye8wED5GSZgvmjU0FwAxcObtPcxqs7qoLCGY=
Subject key identifier: FD:A9:2D:DE:B0:95:F5:62:14:89:26:C9:57:1C:7E:F6:C7:87:06:BA
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018D37973320D56DFD27DD6DEAC03181DB3E
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_akt3rCV9WIUiSbJVxx-9seHBro.roa
Signing time: Tue 23 Jan 2024 18:31:12 +0000
ROA not before: Tue 23 Jan 2024 18:31:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49981
IP address blocks: 109.122.208.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:37:97:33:20:d5:6d:fd:27:dd:6d:ea:c0:31:81:db:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 23 18:31:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fda92ddeb095f562148926c9571c7ef6c78706ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:f9:18:4d:b1:d6:ad:bb:09:e8:17:e7:96:b2:
cc:74:c1:91:07:c5:12:96:75:ea:f3:4e:7b:bf:4e:
86:37:25:d3:d8:72:e3:56:c6:b1:ab:b1:4e:84:4f:
8e:c4:ce:1f:c6:d8:d6:7b:aa:67:32:5c:f6:00:4a:
5c:0f:aa:a7:7f:dc:ee:ca:31:0f:a3:6a:9e:53:8d:
06:a0:6a:12:50:a1:0e:78:a0:c2:af:a4:87:38:93:
03:c2:8b:57:27:3d:2d:53:20:c5:c9:9f:63:6a:37:
18:e1:bd:ef:9a:f5:58:82:a3:10:8a:f1:15:7a:d5:
d8:d3:77:31:29:56:39:af:9b:c2:30:a0:43:2a:ee:
90:4f:09:39:f6:fd:6a:bb:2f:00:40:fe:64:77:b1:
c4:67:81:b0:ae:58:8e:a8:3f:72:34:40:ea:fb:fb:
49:14:5a:31:91:38:62:79:0e:fb:77:73:0c:d3:e5:
b4:e7:b2:df:bc:a4:ef:c1:21:b9:fb:80:4d:9b:dd:
21:03:a6:c2:31:c2:61:9e:77:0b:0b:45:e0:fa:95:
50:d1:ab:a5:0a:16:87:ea:2a:b4:72:43:2c:e3:15:
5d:19:c3:43:04:62:b1:ff:91:f6:a9:39:b8:72:aa:
e3:81:12:47:83:d5:b2:b2:28:50:b5:98:44:dc:83:
a4:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:A9:2D:DE:B0:95:F5:62:14:89:26:C9:57:1C:7E:F6:C7:87:06:BA
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_akt3rCV9WIUiSbJVxx-9seHBro.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.208.0/24
Signature Algorithm: sha256WithRSAEncryption
24:0d:30:a5:a4:a9:04:59:be:4b:8a:38:da:cc:cf:1d:56:f5:
9e:35:89:96:c6:12:4c:25:32:9c:ad:15:9f:3c:54:f9:88:47:
9f:24:fc:13:3b:f3:60:a2:0f:c1:e7:5a:43:fc:4b:2e:f6:93:
f8:a6:c1:e3:66:b9:ea:49:34:ca:1e:34:02:7e:24:5e:34:db:
f4:aa:79:9a:37:18:22:6e:69:d3:b2:d4:9d:fe:15:5e:c9:99:
9d:8f:62:c3:bc:45:fd:37:8a:ee:eb:2b:55:cf:af:fe:c7:ba:
f6:f6:98:bb:73:4e:7d:eb:23:58:a3:38:ee:32:bc:31:eb:60:
7e:50:1a:6a:4b:2f:d7:b7:1d:f2:f0:19:4e:a9:14:89:87:1b:
7e:48:d3:81:7c:3c:41:70:0c:3e:66:52:e4:89:85:ef:3a:6e:
78:70:fa:74:a3:30:b9:e4:98:f1:90:b2:8d:d6:e6:b1:19:cc:
dd:64:66:72:1e:b9:7b:05:f7:83:f5:98:e8:eb:02:3d:4e:c7:
44:e2:4a:a9:63:16:99:32:ba:75:50:ea:a8:2d:e4:a7:4f:79:
37:3f:77:ae:6a:ae:ef:c1:e3:97:96:fc:b2:4a:97:66:ab:62:
7e:9d:33:fb:8f:3f:ad:cc:e7:31:c9:71:9b:24:70:68:59:3b:
fc:91:60:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY03lzMg1W39J91t6sAxgds+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTIzMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGE5MmRkZWIwOTVmNTYyMTQ4OTI2Yzk1NzFjN2VmNmM3ODcwNmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfkYTbHWrbsJ6BfnlrLMdMGRB8US
lnXq8057v06GNyXT2HLjVsaxq7FOhE+OxM4fxtjWe6pnMlz2AEpcD6qnf9zuyjEP
o2qeU40GoGoSUKEOeKDCr6SHOJMDwotXJz0tUyDFyZ9jajcY4b3vmvVYgqMQivEV
etXY03cxKVY5r5vCMKBDKu6QTwk59v1quy8AQP5kd7HEZ4GwrliOqD9yNEDq+/tJ
FFoxkThieQ77d3MM0+W057LfvKTvwSG5+4BNm90hA6bCMcJhnncLC0Xg+pVQ0aul
ChaH6iq0ckMs4xVdGcNDBGKx/5H2qTm4cqrjgRJHg9WysihQtZhE3IOkrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2pLd6wlfViFIkmyVccfvbHhwa6MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvX2FrdDNyQ1Y5V0lVaVNiSlZ4eC05c2VIQnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrQMA0G
CSqGSIb3DQEBCwUAA4IBAQAkDTClpKkEWb5LijjazM8dVvWeNYmWxhJMJTKcrRWf
PFT5iEefJPwTO/Ngog/B51pD/Esu9pP4psHjZrnqSTTKHjQCfiReNNv0qnmaNxgi
bmnTstSd/hVeyZmdj2LDvEX9N4ru6ytVz6/+x7r29pi7c0596yNYozjuMrwx62B+
UBpqSy/Xtx3y8BlOqRSJhxt+SNOBfDxBcAw+ZlLkiYXvOm54cPp0ozC55JjxkLKN
1uaxGczdZGZyHrl7BfeD9Zjo6wI9TsdE4kqpYxaZMrp1UOqoLeSnT3k3P3euaq7v
weOXlvyySpdmq2J+nTP7jz+tzOcxyXGbJHBoWTv8kWA6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org