Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/eKSEpTGruNyMYYm5BEiQTfS8TPI.roa
File: eKSEpTGruNyMYYm5BEiQTfS8TPI.roa (raw, json)
Hash identifier: MNW4t1bUMa+ViXLhlA4/cMDztjAVvcUac04N/8LPQcE=
Subject key identifier: 78:A4:84:A5:31:AB:B8:DC:8C:61:89:B9:04:48:90:4D:F4:BC:4C:F2
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018B434C2B893D9BA878EB8CD9BB6A23B363
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/eKSEpTGruNyMYYm5BEiQTfS8TPI.roa
Signing time: Wed 18 Oct 2023 14:59:07 +0000
ROA not before: Wed 18 Oct 2023 14:59:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39368
IP address blocks: 109.122.199.0/24 maxlen: 24
109.122.209.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:43:4c:2b:89:3d:9b:a8:78:eb:8c:d9:bb:6a:23:b3:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Oct 18 14:59:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=78a484a531abb8dc8c6189b90448904df4bc4cf2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:c9:52:0d:d2:49:17:1d:f9:bd:6b:e7:55:2c:
e9:27:cb:5c:1f:10:55:39:2a:3f:ae:b5:7f:42:f0:
72:a5:cd:46:9c:0a:f9:72:1e:30:89:2e:98:f9:c8:
24:1a:b8:e6:bc:02:2c:ae:fa:4b:09:70:19:fe:e2:
6d:7e:e6:54:ed:2f:6f:5f:f9:1a:43:20:5e:6b:1e:
16:fc:c2:33:58:cc:90:91:64:45:61:50:c3:f7:0a:
96:0f:80:2b:0d:9b:56:25:f3:ca:2f:e4:2f:d5:22:
3c:6e:74:54:76:47:b0:75:af:10:d6:cc:92:b7:9b:
dc:3c:f1:8f:b1:3f:cb:68:12:e6:f6:76:be:66:e9:
9b:d0:2c:e9:e4:22:e0:25:b0:8b:57:03:b0:47:a4:
28:bf:03:8e:2d:06:3c:ff:ba:50:d6:ae:a0:b1:2c:
aa:38:be:0e:fb:c7:fd:73:76:8a:ff:f3:9c:42:70:
82:08:03:38:64:01:a3:de:be:2e:c0:aa:cc:4d:50:
d6:e4:e1:5b:aa:68:fe:32:b7:fa:a2:b9:64:6a:24:
6a:89:09:c4:29:81:75:6d:94:30:ed:15:f4:14:ab:
e3:9d:8c:f5:b9:2e:c0:2c:9c:99:38:53:83:74:d9:
1e:18:c7:15:5a:5e:86:cb:3c:b9:84:76:41:00:ad:
42:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:A4:84:A5:31:AB:B8:DC:8C:61:89:B9:04:48:90:4D:F4:BC:4C:F2
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/eKSEpTGruNyMYYm5BEiQTfS8TPI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.199.0/24
109.122.209.0/24
Signature Algorithm: sha256WithRSAEncryption
30:f3:03:c9:ad:8b:b1:31:5c:c1:bd:5f:c0:92:7e:17:e9:7b:
99:04:e3:f6:5c:e8:53:aa:04:7e:c8:fd:8e:33:1c:2d:01:1e:
17:7a:0f:ac:70:7c:aa:e0:42:7b:50:aa:a5:01:ad:1b:07:50:
1e:95:c0:0d:20:d8:dc:2f:a6:66:20:e5:e4:fa:75:2b:63:08:
09:bd:1c:b9:17:77:9d:20:58:26:11:5c:93:0f:a4:64:bb:94:
14:b8:07:a1:1d:bc:10:57:fe:be:c4:38:84:44:39:d3:85:02:
3d:57:fc:ed:4e:e1:29:87:aa:84:9f:f3:f7:38:3d:16:68:2c:
25:cb:25:4f:2d:75:e5:9d:58:5a:b9:6e:a9:15:c2:cb:6c:e4:
87:40:e1:a7:93:7b:e7:05:b4:0a:49:55:38:0e:a8:e9:ef:e3:
a6:d4:43:aa:08:d5:e2:77:89:c8:ac:1c:3a:86:ef:f7:d2:e2:
4f:ff:93:ac:51:d5:9d:00:dc:7d:0d:08:81:d3:e5:2d:54:d9:
41:01:76:fd:78:89:65:da:56:a9:6e:f1:f7:b9:84:f4:1d:8f:
d1:fa:31:68:94:8a:e8:13:75:74:9f:7e:30:16:01:f5:da:b1:
ee:36:e0:3d:12:98:62:e5:94:98:74:d6:02:87:0a:76:23:ed:
66:0f:17:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYtDTCuJPZuoeOuM2btqI7NjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMDE4MTQ1OTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGE0ODRhNTMxYWJiOGRjOGM2MTg5YjkwNDQ4OTA0ZGY0YmM0Y2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMlSDdJJFx35vWvnVSzpJ8tcHxBV
OSo/rrV/QvBypc1GnAr5ch4wiS6Y+cgkGrjmvAIsrvpLCXAZ/uJtfuZU7S9vX/ka
QyBeax4W/MIzWMyQkWRFYVDD9wqWD4ArDZtWJfPKL+Qv1SI8bnRUdkewda8Q1syS
t5vcPPGPsT/LaBLm9na+Zumb0Czp5CLgJbCLVwOwR6QovwOOLQY8/7pQ1q6gsSyq
OL4O+8f9c3aK//OcQnCCCAM4ZAGj3r4uwKrMTVDW5OFbqmj+Mrf6orlkaiRqiQnE
KYF1bZQw7RX0FKvjnYz1uS7ALJyZOFODdNkeGMcVWl6Gyzy5hHZBAK1CzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHikhKUxq7jcjGGJuQRIkE30vEzyMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvZUtTRXBUR3J1TnlNWVltNUJFaVFUZlM4VFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrHAwQA
bXrRMA0GCSqGSIb3DQEBCwUAA4IBAQAw8wPJrYuxMVzBvV/Akn4X6XuZBOP2XOhT
qgR+yP2OMxwtAR4Xeg+scHyq4EJ7UKqlAa0bB1AelcANINjcL6ZmIOXk+nUrYwgJ
vRy5F3edIFgmEVyTD6Rku5QUuAehHbwQV/6+xDiERDnThQI9V/ztTuEph6qEn/P3
OD0WaCwlyyVPLXXlnVhauW6pFcLLbOSHQOGnk3vnBbQKSVU4Dqjp7+Om1EOqCNXi
d4nIrBw6hu/30uJP/5OsUdWdANx9DQiB0+UtVNlBAXb9eIll2lapbvH3uYT0HY/R
+jFolIroE3V0n34wFgH12rHuNuA9Ephi5ZSYdNYChwp2I+1mDxf/
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:21:27 2025 by rpki-client