Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/b_FskuNzkLrpOVjy5t4qwXAMoF4.roa
File: b_FskuNzkLrpOVjy5t4qwXAMoF4.roa (raw, json)
Hash identifier: 0jO+sb2AV8zrKS3Ff2OYULHKT24rbubUhMmbi25l4pM=
Subject key identifier: 6F:F1:6C:92:E3:73:90:BA:E9:39:58:F2:E6:DE:2A:C1:70:0C:A0:5E
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018E1A88923B3166110D983768FCB023EE56
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/b_FskuNzkLrpOVjy5t4qwXAMoF4.roa
Signing time: Thu 07 Mar 2024 20:09:01 +0000
ROA not before: Thu 07 Mar 2024 20:09:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49981
IP address blocks: 109.122.208.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:1a:88:92:3b:31:66:11:0d:98:37:68:fc:b0:23:ee:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Mar 7 20:09:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6ff16c92e37390bae93958f2e6de2ac1700ca05e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:7c:70:61:d6:60:40:c4:a9:85:81:a6:1b:bf:
f6:0e:64:f3:2b:4f:02:a5:3e:48:d1:0a:bc:98:35:
9c:7c:c5:eb:c6:ad:98:4c:68:d7:d1:8d:9a:d4:61:
ad:9e:65:c9:99:0a:84:e7:cf:37:fc:71:94:98:7e:
37:00:a5:e9:72:27:ac:81:aa:59:ae:f9:e8:67:01:
80:31:1c:81:fe:f6:7f:e8:93:d4:e2:9b:73:c0:f4:
13:4a:bb:4c:36:1e:ba:03:9f:d0:77:11:ed:83:31:
e5:64:11:86:60:5a:cb:9c:45:cc:f4:d3:12:41:21:
ea:1b:2d:e8:23:e6:0f:ec:11:47:0d:54:a8:26:08:
8e:2f:96:49:35:27:73:fb:0d:f9:fe:1c:6d:7c:c9:
ac:1b:84:86:c8:a3:71:54:d1:fa:a2:63:23:95:25:
fb:01:6f:9a:4c:0a:40:4f:79:07:96:f0:75:ca:02:
98:40:dc:71:38:6d:3b:47:c9:92:9a:a5:26:aa:db:
3a:40:bb:dd:a3:87:d1:b6:1c:06:9d:93:85:97:87:
7a:51:61:04:30:39:44:11:10:13:c5:5a:e7:c0:3e:
c5:a7:49:6d:6e:06:0a:33:4d:3f:24:2c:48:32:e5:
8c:45:fc:a9:26:75:c6:a2:24:26:63:92:29:4a:3d:
6e:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:F1:6C:92:E3:73:90:BA:E9:39:58:F2:E6:DE:2A:C1:70:0C:A0:5E
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/b_FskuNzkLrpOVjy5t4qwXAMoF4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.208.0/24
Signature Algorithm: sha256WithRSAEncryption
24:10:95:bc:31:a1:44:84:08:5e:b9:4d:63:03:d9:66:c7:de:
32:8e:a8:5b:10:bd:51:f1:e9:70:0e:8a:44:bf:e8:74:33:c8:
ad:1e:d7:90:16:15:ae:7d:d1:d5:55:1d:de:90:9f:6d:d4:73:
ba:de:8d:e3:8c:e7:5e:2b:cf:40:3d:1c:2c:72:1c:d4:96:23:
c0:b7:c0:74:69:89:d7:f7:36:c7:26:fd:b3:b8:1a:b6:ec:1f:
86:dd:59:1a:a1:c3:de:82:81:c3:f9:bd:16:66:6a:78:1a:04:
14:7e:83:4e:ec:dd:14:96:05:11:f4:8e:e2:2c:af:d3:12:ea:
eb:d9:2a:d1:2d:7d:c5:f4:05:35:2e:64:0a:ae:47:66:80:37:
95:2d:ed:2c:f0:9e:d5:5c:8b:73:6c:79:7d:5c:46:37:8e:66:
5e:de:f8:9a:99:50:4a:18:27:8b:c5:9a:c4:78:76:9a:c5:2b:
fc:3d:5e:62:cb:04:94:98:84:5e:c2:ed:b4:15:06:bd:98:26:
88:65:89:6d:e6:e6:ea:1d:72:50:84:3c:47:39:c9:ce:9d:cf:
5c:4e:1c:8a:03:da:76:f9:d8:72:b0:6c:fb:f3:83:85:cb:0f:
37:7a:2d:20:92:d3:f4:7b:03:d2:3e:d4:d0:0e:86:cf:14:e6:
e1:61:03:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4aiJI7MWYRDZg3aPywI+5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMzA3MjAwOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYxNmM5MmUzNzM5MGJhZTkzOTU4ZjJlNmRlMmFjMTcwMGNhMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHxwYdZgQMSphYGmG7/2DmTzK08C
pT5I0Qq8mDWcfMXrxq2YTGjX0Y2a1GGtnmXJmQqE5883/HGUmH43AKXpciesgapZ
rvnoZwGAMRyB/vZ/6JPU4ptzwPQTSrtMNh66A5/QdxHtgzHlZBGGYFrLnEXM9NMS
QSHqGy3oI+YP7BFHDVSoJgiOL5ZJNSdz+w35/hxtfMmsG4SGyKNxVNH6omMjlSX7
AW+aTApAT3kHlvB1ygKYQNxxOG07R8mSmqUmqts6QLvdo4fRthwGnZOFl4d6UWEE
MDlEERATxVrnwD7Fp0ltbgYKM00/JCxIMuWMRfypJnXGoiQmY5IpSj1uRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/xbJLjc5C66TlY8ubeKsFwDKBeMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvYl9Gc2t1TnprTHJwT1ZqeTV0NHF3WEFNb0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrQMA0G
CSqGSIb3DQEBCwUAA4IBAQAkEJW8MaFEhAheuU1jA9lmx94yjqhbEL1R8elwDopE
v+h0M8itHteQFhWufdHVVR3ekJ9t1HO63o3jjOdeK89APRwschzUliPAt8B0aYnX
9zbHJv2zuBq27B+G3VkaocPegoHD+b0WZmp4GgQUfoNO7N0UlgUR9I7iLK/TEurr
2SrRLX3F9AU1LmQKrkdmgDeVLe0s8J7VXItzbHl9XEY3jmZe3viamVBKGCeLxZrE
eHaaxSv8PV5iywSUmIRewu20FQa9mCaIZYlt5ubqHXJQhDxHOcnOnc9cThyKA9p2
+dhysGz784OFyw83ei0gktP0ewPSPtTQDobPFObhYQMs
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:55:49 2025 by rpki-client