Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/fV2NxLFzv5pBbBpRfsbvjPDWGGw.roa
File: fV2NxLFzv5pBbBpRfsbvjPDWGGw.roa (raw, json)
Hash identifier: 0bY89c8h2pI2fp2Rc1Cxlgu8nXaBUtldPveLdR1nvk4=
Subject key identifier: 7D:5D:8D:C4:B1:73:BF:9A:41:6C:1A:51:7E:C6:EF:8C:F0:D6:18:6C
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018AB36ECB372B2C07364860FD2B91D0DB28
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/fV2NxLFzv5pBbBpRfsbvjPDWGGw.roa
Signing time: Wed 20 Sep 2023 16:31:37 +0000
ROA not before: Wed 20 Sep 2023 16:31:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.201.0/24 maxlen: 24
109.122.203.0/24 maxlen: 24
109.122.212.0/24 maxlen: 24
109.122.213.0/24 maxlen: 24
109.122.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:b3:6e:cb:37:2b:2c:07:36:48:60:fd:2b:91:d0:db:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Sep 20 16:31:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7d5d8dc4b173bf9a416c1a517ec6ef8cf0d6186c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:50:d4:2e:83:b5:18:20:d7:c5:e6:87:fa:e0:
60:41:e8:cb:0d:e3:89:eb:4e:a3:c6:13:cb:69:9c:
82:c9:a0:c7:c2:33:ec:df:29:77:e1:13:56:ab:01:
35:6f:27:56:31:29:5d:95:0f:14:2b:69:0c:29:79:
78:5f:87:d6:cb:d2:7a:70:ec:9a:76:f0:47:67:0d:
cc:6d:88:fd:b8:32:4e:43:c7:27:de:bf:84:84:89:
fa:6a:cc:02:fa:4a:da:95:b9:ca:69:f7:23:2c:19:
c7:e5:87:d3:eb:c6:7a:e0:fa:fc:0a:18:91:67:3f:
b5:cc:b1:4a:2b:43:47:f6:e8:2a:e9:53:1c:c7:05:
41:4d:92:c1:a5:40:e6:27:89:69:1e:b9:a8:d3:97:
9e:61:60:ae:e6:38:08:6f:e0:24:4e:00:e2:39:47:
35:c1:dd:5b:3a:fb:48:ef:1d:a7:56:8f:27:af:01:
0b:44:ad:b6:6c:49:ff:ed:56:dc:7b:d0:eb:29:be:
dd:c5:00:7d:bb:a0:23:9e:9a:2f:6b:50:2f:84:5b:
d0:c7:4f:7f:ee:c9:62:9e:9f:db:72:17:cb:19:d3:
06:0e:ed:a1:71:b1:7c:0c:4b:59:3b:b4:fb:36:7c:
5b:a2:d8:3f:92:00:da:10:5d:e2:7c:18:58:ca:8b:
dd:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:5D:8D:C4:B1:73:BF:9A:41:6C:1A:51:7E:C6:EF:8C:F0:D6:18:6C
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/fV2NxLFzv5pBbBpRfsbvjPDWGGw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/24
109.122.201.0/24
109.122.203.0/24
109.122.212.0/23
109.122.215.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:3e:b6:7f:33:c7:cd:61:89:52:70:dd:b6:83:59:1a:46:f0:
06:89:87:f8:aa:29:04:aa:38:ae:e7:86:fd:fa:b8:2f:23:b9:
4e:f3:9a:2a:08:a9:84:6a:f2:54:06:7f:32:fb:ec:25:1b:c0:
92:76:08:50:37:bb:77:75:ad:23:00:c2:f2:7b:75:9f:1f:44:
fe:46:e0:e4:ab:cb:be:cb:94:64:20:71:8e:ad:e7:6b:9d:a7:
ef:d5:f0:bb:52:b6:27:c0:60:2b:59:85:66:8e:63:eb:30:14:
07:48:4c:75:e1:99:da:6c:04:39:02:a9:35:95:ff:57:25:b7:
9c:d4:38:0e:c9:cd:3e:ce:a7:4b:29:51:1b:62:7e:05:c8:79:
61:a6:0a:b4:b9:b8:4e:1a:75:55:3b:ce:4f:bf:b7:14:0f:44:
7e:38:2a:e7:2f:21:37:fa:08:c3:6f:34:65:a2:68:06:0f:64:
7e:c4:66:28:aa:99:6e:25:03:e8:2d:65:63:dc:51:8e:89:7b:
3d:07:51:96:ae:d4:d1:64:25:2e:02:9b:f1:74:c5:e8:88:8e:
eb:21:6b:cc:95:85:f0:37:e2:9b:eb:44:09:ba:71:8e:38:5e:
b7:26:86:d2:3a:2b:8f:cb:e6:31:ce:05:d8:d0:ca:bb:32:eb:
66:53:30:9f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYqzbss3KywHNkhg/SuR0NsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwOTIwMTYzMTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDVkOGRjNGIxNzNiZjlhNDE2YzFhNTE3ZWM2ZWY4Y2YwZDYxODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1DULoO1GCDXxeaH+uBgQejLDeOJ
606jxhPLaZyCyaDHwjPs3yl34RNWqwE1bydWMSldlQ8UK2kMKXl4X4fWy9J6cOya
dvBHZw3MbYj9uDJOQ8cn3r+EhIn6aswC+kralbnKafcjLBnH5YfT68Z64Pr8ChiR
Zz+1zLFKK0NH9ugq6VMcxwVBTZLBpUDmJ4lpHrmo05eeYWCu5jgIb+AkTgDiOUc1
wd1bOvtI7x2nVo8nrwELRK22bEn/7Vbce9DrKb7dxQB9u6Ajnpova1AvhFvQx09/
7slinp/bchfLGdMGDu2hcbF8DEtZO7T7Nnxbotg/kgDaEF3ifBhYyovdwwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFH1djcSxc7+aQWwaUX7G74zw1hhsMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvZlYyTnhMRnp2NXBCYkJwUmZzYnZqUERXR0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbXrAAwQA
bXrJAwQAbXrLAwQBbXrUAwQAbXrXMA0GCSqGSIb3DQEBCwUAA4IBAQBfPrZ/M8fN
YYlScN22g1kaRvAGiYf4qikEqjiu54b9+rgvI7lO85oqCKmEavJUBn8y++wlG8CS
dghQN7t3da0jAMLye3WfH0T+RuDkq8u+y5RkIHGOredrnafv1fC7UrYnwGArWYVm
jmPrMBQHSEx14ZnabAQ5Aqk1lf9XJbec1DgOyc0+zqdLKVEbYn4FyHlhpgq0ubhO
GnVVO85Pv7cUD0R+OCrnLyE3+gjDbzRlomgGD2R+xGYoqpluJQPoLWVj3FGOiXs9
B1GWrtTRZCUuApvxdMXoiI7rIWvMlYXwN+Kb60QJunGOOF63JobSOiuPy+YxzgXY
0Mq7MutmUzCf
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org