Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_tuWhLNwLbti8wQ6OHijjL-DinU.roa
File: _tuWhLNwLbti8wQ6OHijjL-DinU.roa (raw, json)
Hash identifier: znFtRRkJZUq33LAKeFK5H5TEBF8qRidUtqOMtdq8JIY=
Subject key identifier: FE:DB:96:84:B3:70:2D:BB:62:F3:04:3A:38:78:A3:8C:BF:83:8A:75
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018D3797347D9C2FAD40B1BBF4CF3E4669A9
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_tuWhLNwLbti8wQ6OHijjL-DinU.roa
Signing time: Tue 23 Jan 2024 18:31:12 +0000
ROA not before: Tue 23 Jan 2024 18:31:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 149457
IP address blocks: 109.122.222.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:37:97:34:7d:9c:2f:ad:40:b1:bb:f4:cf:3e:46:69:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 23 18:31:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fedb9684b3702dbb62f3043a3878a38cbf838a75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:85:bc:ae:34:18:e9:5e:26:de:2e:d0:a8:95:
1b:2b:0f:a8:b6:63:f7:61:c1:9f:a3:5f:8c:4c:64:
e7:94:72:70:4d:36:0f:ca:36:05:36:6e:07:a2:0c:
ec:d4:ec:a7:13:39:ed:98:77:a0:b4:ba:7a:e6:4c:
8a:88:18:aa:d0:80:aa:e5:37:a1:ac:98:3b:97:d3:
7d:ef:35:5e:bc:2e:16:09:21:81:b6:6c:88:08:0f:
56:59:00:73:62:af:a3:82:9a:38:d6:f4:ce:4e:df:
7a:05:21:db:a4:a2:ba:a5:b9:18:b5:16:ac:f5:cf:
44:42:3d:07:b9:24:5f:83:27:1a:0b:cb:bf:63:1a:
1a:80:1c:1a:33:84:78:8d:17:27:f7:35:77:c4:e1:
90:57:a0:eb:34:89:74:1f:2f:c4:84:2b:86:1b:d3:
30:92:90:c8:c0:15:12:55:c6:f6:94:c6:9a:ea:72:
ca:9d:dd:fd:e2:fa:af:a5:6e:31:a7:7b:83:9b:b5:
0f:fa:e2:b7:63:d9:22:e9:c0:ef:76:c5:a2:2c:6b:
2c:0d:f7:8b:5e:da:0d:0e:0d:91:ac:dc:50:f8:eb:
a7:ff:78:96:7a:d2:ea:bd:eb:4d:86:af:34:c0:c1:
22:86:00:90:d5:fe:b6:86:46:ce:23:a4:b2:5a:54:
0c:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:DB:96:84:B3:70:2D:BB:62:F3:04:3A:38:78:A3:8C:BF:83:8A:75
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_tuWhLNwLbti8wQ6OHijjL-DinU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.222.0/24
Signature Algorithm: sha256WithRSAEncryption
08:3b:ae:f8:b1:ac:40:46:80:3b:2c:fc:0c:21:6b:77:5c:23:
99:d1:a3:94:a2:ed:c8:53:fb:8e:e9:aa:4a:cb:b0:db:bc:7f:
15:db:36:ec:b2:00:c5:f6:85:c6:23:e5:fa:20:56:7e:c2:93:
b4:9f:ad:19:df:5b:54:75:12:3a:f4:50:bb:de:68:40:81:56:
4a:94:5b:f8:b4:f6:bd:9a:d8:b7:c1:3a:a4:b2:2a:71:c5:eb:
45:7a:a9:6f:45:5f:3e:2a:43:32:ad:4e:73:dc:a2:23:af:a2:
98:de:d7:14:1c:1d:73:4c:f0:63:62:c5:90:26:c1:b7:67:7c:
38:0d:91:a1:5c:32:14:84:e0:e2:69:80:66:d7:15:0d:03:64:
f8:56:de:a8:c2:13:d9:fd:da:4c:a5:c2:aa:06:44:02:96:78:
4a:2f:68:28:2a:1a:52:02:cb:67:1b:08:af:f6:fe:51:a2:23:
ff:aa:b1:e0:e4:43:ff:45:98:05:dc:e3:3c:36:a5:af:05:e9:
af:65:b0:73:1a:29:f0:8a:e9:74:aa:8b:7c:20:d4:f1:1e:5f:
88:f6:5c:32:80:2f:11:1a:66:cd:8d:63:37:52:7a:ab:c4:0d:
ba:8b:1b:2b:ca:12:51:6e:c4:0a:5b:f4:10:80:e2:5f:70:34:
71:87:0d:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY03lzR9nC+tQLG79M8+RmmpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTIzMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWRiOTY4NGIzNzAyZGJiNjJmMzA0M2EzODc4YTM4Y2JmODM4YTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIW8rjQY6V4m3i7QqJUbKw+otmP3
YcGfo1+MTGTnlHJwTTYPyjYFNm4Hogzs1OynEzntmHegtLp65kyKiBiq0ICq5Teh
rJg7l9N97zVevC4WCSGBtmyICA9WWQBzYq+jgpo41vTOTt96BSHbpKK6pbkYtRas
9c9EQj0HuSRfgycaC8u/YxoagBwaM4R4jRcn9zV3xOGQV6DrNIl0Hy/EhCuGG9Mw
kpDIwBUSVcb2lMaa6nLKnd394vqvpW4xp3uDm7UP+uK3Y9ki6cDvdsWiLGssDfeL
XtoNDg2RrNxQ+Oun/3iWetLqvetNhq80wMEihgCQ1f62hkbOI6SyWlQMrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7bloSzcC27YvMEOjh4o4y/g4p1MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvX3R1V2hMTndMYnRpOHdRNk9IaWpqTC1EaW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXreMA0G
CSqGSIb3DQEBCwUAA4IBAQAIO674saxARoA7LPwMIWt3XCOZ0aOUou3IU/uO6apK
y7DbvH8V2zbssgDF9oXGI+X6IFZ+wpO0n60Z31tUdRI69FC73mhAgVZKlFv4tPa9
mti3wTqksipxxetFeqlvRV8+KkMyrU5z3KIjr6KY3tcUHB1zTPBjYsWQJsG3Z3w4
DZGhXDIUhODiaYBm1xUNA2T4Vt6owhPZ/dpMpcKqBkQClnhKL2goKhpSAstnGwiv
9v5RoiP/qrHg5EP/RZgF3OM8NqWvBemvZbBzGinwiul0qot8INTxHl+I9lwygC8R
GmbNjWM3UnqrxA26ixsryhJRbsQKW/QQgOJfcDRxhw0S
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:27:47 2025 by rpki-client