Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/bK2-CzgihHOit9uxAMkCFKL-JN0.roa
File: bK2-CzgihHOit9uxAMkCFKL-JN0.roa (raw, json)
Hash identifier: TvzzrhPAbYwwwXJeWmyOPQmipz9q9P0Yrgz5SrwrFyo=
Subject key identifier: 6C:AD:BE:0B:38:22:84:73:A2:B7:DB:B1:00:C9:02:14:A2:FE:24:DD
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B434C2DC59B60FCAA386F7A6C5B1E82D5
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/bK2-CzgihHOit9uxAMkCFKL-JN0.roa
Signing time: Wed 18 Oct 2023 14:59:07 +0000
ROA not before: Wed 18 Oct 2023 14:59:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200586
IP address blocks: 109.122.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:43:4c:2d:c5:9b:60:fc:aa:38:6f:7a:6c:5b:1e:82:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Oct 18 14:59:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6cadbe0b38228473a2b7dbb100c90214a2fe24dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:bd:b8:47:44:ab:d9:3b:84:72:c0:ff:80:e7:
33:35:3e:d2:3b:6c:9b:84:cc:6b:60:c5:c2:3f:e5:
7e:49:6a:74:c6:09:7c:ed:83:21:2f:a4:18:57:76:
5f:03:78:df:f0:a4:d6:1d:46:74:ec:24:98:7c:09:
c9:5b:a4:36:ff:54:e5:a5:97:73:c9:8a:f5:9d:ec:
85:af:ab:ec:51:a0:72:63:36:cb:ab:f3:98:b0:97:
87:61:5d:fc:a6:f9:a1:20:18:11:c9:2a:fd:6a:d5:
51:40:3a:7e:b5:5f:e4:bc:6c:05:81:0a:e6:1e:11:
d7:bd:06:ac:1e:3c:1d:58:13:78:43:60:fa:4f:39:
dc:11:b8:ad:e9:f7:2e:98:38:e7:82:0d:90:69:df:
d6:12:f0:4e:54:20:a8:f2:f0:91:64:e7:bf:1e:36:
fd:32:52:a3:e6:da:33:02:c1:ef:c8:f5:3b:a7:f3:
a3:db:26:e1:2f:76:a0:ce:b6:d0:17:8b:40:ff:66:
b9:8c:01:fc:06:b8:52:e0:36:f0:31:8a:48:4f:b7:
82:26:f8:2f:33:34:a8:ba:72:e2:3d:4e:b3:7d:99:
80:89:07:ac:de:18:dc:63:6d:ed:a0:92:e1:20:2e:
82:25:b1:fc:8b:69:e9:b9:19:ee:9d:4c:62:f0:a9:
84:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:AD:BE:0B:38:22:84:73:A2:B7:DB:B1:00:C9:02:14:A2:FE:24:DD
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/bK2-CzgihHOit9uxAMkCFKL-JN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.216.0/24
Signature Algorithm: sha256WithRSAEncryption
42:52:2f:07:d5:13:0d:67:41:3f:0f:16:70:95:89:46:34:c0:
1d:26:9a:23:bd:03:e7:ea:10:95:ba:56:d8:d7:69:19:48:0f:
fb:ad:2d:9e:c3:59:ea:5e:4e:84:97:fa:1b:74:6f:ed:1c:0d:
f5:8a:b5:e9:5f:5c:c4:45:f7:ae:28:67:82:e6:37:cb:c4:db:
01:b7:5e:db:19:b1:c4:a8:1f:ba:79:0f:fd:f9:3d:80:ec:07:
45:33:eb:1b:f9:17:5c:aa:e1:46:2d:c7:45:32:3c:12:a8:3f:
9b:8d:de:60:3b:83:7e:91:d0:da:17:93:ed:9b:01:b0:60:13:
a0:fd:1c:74:db:ec:b0:c9:95:86:66:b5:ff:ac:a8:f5:96:27:
97:20:81:3c:c6:a8:c3:8b:5c:80:f0:f6:fb:dc:d5:87:d7:41:
11:73:cf:70:d5:dc:08:e3:da:7a:63:25:be:5b:b5:02:c2:68:
4b:a8:ed:84:f6:3f:ec:20:fc:f2:94:91:25:31:16:aa:b6:c6:
0b:6e:07:94:d5:18:98:6c:4c:40:a8:02:e5:db:31:9a:32:9e:
73:4e:a5:04:14:1f:c9:b2:ca:c7:4f:33:26:a8:d3:fa:5c:30:
8e:0f:55:d2:13:56:c2:e5:6d:7b:04:c6:b9:b1:ab:9a:fe:28:
8c:8d:35:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYtDTC3Fm2D8qjhvemxbHoLVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMDE4MTQ1OTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2FkYmUwYjM4MjI4NDczYTJiN2RiYjEwMGM5MDIxNGEyZmUyNGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjL24R0Sr2TuEcsD/gOczNT7SO2yb
hMxrYMXCP+V+SWp0xgl87YMhL6QYV3ZfA3jf8KTWHUZ07CSYfAnJW6Q2/1TlpZdz
yYr1neyFr6vsUaByYzbLq/OYsJeHYV38pvmhIBgRySr9atVRQDp+tV/kvGwFgQrm
HhHXvQasHjwdWBN4Q2D6TzncEbit6fcumDjngg2Qad/WEvBOVCCo8vCRZOe/Hjb9
MlKj5tozAsHvyPU7p/Oj2ybhL3agzrbQF4tA/2a5jAH8BrhS4DbwMYpIT7eCJvgv
MzSounLiPU6zfZmAiQes3hjcY23toJLhIC6CJbH8i2npuRnunUxi8KmEPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGytvgs4IoRzorfbsQDJAhSi/iTdMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvYksyLUN6Z2loSE9pdDl1eEFNa0NGS0wtSk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrYMA0G
CSqGSIb3DQEBCwUAA4IBAQBCUi8H1RMNZ0E/DxZwlYlGNMAdJpojvQPn6hCVulbY
12kZSA/7rS2ew1nqXk6El/obdG/tHA31irXpX1zERfeuKGeC5jfLxNsBt17bGbHE
qB+6eQ/9+T2A7AdFM+sb+RdcquFGLcdFMjwSqD+bjd5gO4N+kdDaF5PtmwGwYBOg
/Rx02+ywyZWGZrX/rKj1lieXIIE8xqjDi1yA8Pb73NWH10ERc89w1dwI49p6YyW+
W7UCwmhLqO2E9j/sIPzylJElMRaqtsYLbgeU1RiYbExAqALl2zGaMp5zTqUEFB/J
ssrHTzMmqNP6XDCOD1XSE1bC5W17BMa5saua/iiMjTU0
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:17 2025 by rpki-client