Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/dTpAFo7g2v0qjeEb67Zv8-QdKUI.roa
File: dTpAFo7g2v0qjeEb67Zv8-QdKUI.roa (raw, json)
Hash identifier: 6xjPpJ3kxILtE3VaTQ2TsUoMH/W74QtFJfbqDS+KhBM=
Subject key identifier: 75:3A:40:16:8E:E0:DA:FD:2A:8D:E1:1B:EB:B6:6F:F3:E4:1D:29:42
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C91F719A805AE3454510944C1409EFC5E
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/dTpAFo7g2v0qjeEb67Zv8-QdKUI.roa
Signing time: Fri 22 Dec 2023 14:38:59 +0000
ROA not before: Fri 22 Dec 2023 14:38:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211440
IP address blocks: 109.122.206.0/24 maxlen: 24
109.122.202.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:91:f7:19:a8:05:ae:34:54:51:09:44:c1:40:9e:fc:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 22 14:38:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=753a40168ee0dafd2a8de11bebb66ff3e41d2942
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:df:72:03:6c:40:42:8c:d0:19:83:ed:43:e8:
3e:de:da:a5:53:d5:46:a0:9d:d3:79:c7:31:2b:19:
d5:0d:b8:b6:73:88:44:cc:22:27:e4:83:7b:2d:74:
e8:7a:49:7d:d3:1f:32:2b:cf:be:c9:6f:24:ee:0c:
e5:60:6e:19:52:3e:e4:9d:a6:16:31:5a:06:c1:04:
d3:89:a5:e5:5c:a7:48:31:ae:a1:6f:f5:41:9a:8d:
c9:f3:0a:8e:d6:0b:21:65:df:92:97:4b:bc:b1:8f:
4d:a1:b6:b6:6e:1d:ef:03:75:c9:d6:80:12:53:0f:
7e:5f:22:77:4b:91:a9:25:5e:06:a5:e7:a5:17:4c:
49:bb:0a:a7:35:9b:94:48:2c:b1:65:1e:30:53:af:
94:fa:28:42:f4:a4:51:12:23:02:78:20:18:0b:5d:
46:22:d2:13:0d:47:28:c3:c2:3e:9c:55:8f:ba:97:
fa:d4:24:8e:5a:f6:e9:12:98:e2:e8:bf:c0:85:9a:
95:0a:b2:e8:98:15:61:bd:e1:7b:ba:3d:9d:50:78:
5c:be:35:63:9c:73:dc:d4:f6:af:35:6c:1e:18:fb:
72:f7:f2:dc:59:c5:65:a0:ea:23:9f:88:c7:74:5e:
7b:0b:40:d9:70:b2:32:33:ba:9f:9f:15:4e:7f:6e:
d2:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:3A:40:16:8E:E0:DA:FD:2A:8D:E1:1B:EB:B6:6F:F3:E4:1D:29:42
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/dTpAFo7g2v0qjeEb67Zv8-QdKUI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.202.0/24
109.122.206.0/24
Signature Algorithm: sha256WithRSAEncryption
44:09:b1:3a:db:90:4d:6c:25:50:01:b0:54:29:c1:2f:08:8c:
25:d3:31:5c:bf:23:de:76:64:e7:ff:c0:d4:3d:06:97:67:a2:
9c:ac:e0:e5:76:a8:81:7d:07:4c:28:2a:18:10:c9:eb:a8:a4:
66:01:31:ee:1b:3d:b1:ba:5b:85:e5:6a:07:5e:09:f0:cc:6a:
56:f6:95:ba:fe:cb:53:11:35:c5:53:0e:8c:e1:8f:f5:80:84:
9f:1d:14:10:42:00:51:92:70:d2:74:18:6a:3e:54:1f:94:84:
b4:a5:77:65:1b:a5:c8:ee:4a:99:f0:10:1d:d2:ce:77:08:c5:
9f:f4:fe:18:01:65:f0:20:4f:76:c6:04:3c:fe:7b:93:06:08:
e7:55:a5:7f:32:fc:9e:47:61:46:28:b7:13:93:0b:90:c8:6e:
c2:6f:e7:f9:c0:8a:0f:3f:12:2f:b8:e0:87:8a:3b:1b:cd:54:
7c:e5:bf:fd:cc:67:8a:fa:d0:31:d0:97:68:76:16:15:3a:82:
c6:82:92:c6:d8:36:4f:e3:dd:9b:fa:f4:9c:c3:81:27:88:1f:
50:ed:7e:66:fd:7b:00:57:96:9d:94:39:ef:ac:29:b8:3a:39:
04:cc:21:9d:aa:fe:e8:c1:dd:20:8d:30:cf:c4:cf:29:db:a0:
2a:b1:5c:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyR9xmoBa40VFEJRMFAnvxeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTNhNDAxNjhlZTBkYWZkMmE4ZGUxMWJlYmI2NmZmM2U0MWQyOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1t9yA2xAQozQGYPtQ+g+3tqlU9VG
oJ3TeccxKxnVDbi2c4hEzCIn5IN7LXToekl90x8yK8++yW8k7gzlYG4ZUj7knaYW
MVoGwQTTiaXlXKdIMa6hb/VBmo3J8wqO1gshZd+Sl0u8sY9Noba2bh3vA3XJ1oAS
Uw9+XyJ3S5GpJV4GpeelF0xJuwqnNZuUSCyxZR4wU6+U+ihC9KRREiMCeCAYC11G
ItITDUcow8I+nFWPupf61CSOWvbpEpji6L/AhZqVCrLomBVhveF7uj2dUHhcvjVj
nHPc1PavNWweGPty9/LcWcVloOojn4jHdF57C0DZcLIyM7qfnxVOf27SXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHU6QBaO4Nr9Ko3hG+u2b/PkHSlCMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvZFRwQUZvN2cydjBxamVFYjY3WnY4LVFkS1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrKAwQA
bXrOMA0GCSqGSIb3DQEBCwUAA4IBAQBECbE625BNbCVQAbBUKcEvCIwl0zFcvyPe
dmTn/8DUPQaXZ6KcrODldqiBfQdMKCoYEMnrqKRmATHuGz2xuluF5WoHXgnwzGpW
9pW6/stTETXFUw6M4Y/1gISfHRQQQgBRknDSdBhqPlQflIS0pXdlG6XI7kqZ8BAd
0s53CMWf9P4YAWXwIE92xgQ8/nuTBgjnVaV/MvyeR2FGKLcTkwuQyG7Cb+f5wIoP
PxIvuOCHijsbzVR85b/9zGeK+tAx0JdodhYVOoLGgpLG2DZP492b+vScw4EniB9Q
7X5m/XsAV5adlDnvrCm4OjkEzCGdqv7owd0gjTDPxM8p26AqsVyY
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org