Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/m3D5ZA8yL1dJyKjmCa2Q8H5S0kg.roa
File: m3D5ZA8yL1dJyKjmCa2Q8H5S0kg.roa (raw, json)
Hash identifier: /B8q9+3scKfV/UteoSK2sYDcA0Uokujmd2W4ntYB1cM=
Subject key identifier: 9B:70:F9:64:0F:32:2F:57:49:C8:A8:E6:09:AD:90:F0:7E:52:D2:48
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018D379736792E6105D7C73209430FB5A71C
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/m3D5ZA8yL1dJyKjmCa2Q8H5S0kg.roa
Signing time: Tue 23 Jan 2024 18:31:13 +0000
ROA not before: Tue 23 Jan 2024 18:31:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211440
IP address blocks: 109.122.202.0/24 maxlen: 24
109.122.206.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:37:97:36:79:2e:61:05:d7:c7:32:09:43:0f:b5:a7:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 23 18:31:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9b70f9640f322f5749c8a8e609ad90f07e52d248
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:43:02:07:fd:f6:6f:01:ea:20:aa:f7:3f:7a:
19:aa:de:bc:54:65:e1:d7:73:f9:7e:e7:30:0b:0b:
cb:47:55:65:65:98:f3:28:df:c7:55:f5:b2:17:ca:
5b:4d:fd:d3:b7:02:8f:ee:ff:99:aa:07:47:54:f6:
cb:0d:af:ad:03:69:9d:2f:72:f7:28:4d:b9:4c:ed:
8d:a4:15:04:f0:6c:e4:a3:2a:8f:f2:0f:7b:7d:c2:
d5:c6:f9:86:af:c6:69:0c:98:51:c5:e7:e3:e2:5f:
47:83:5b:85:9d:73:6f:b8:05:fd:6f:03:51:48:e0:
f9:b8:86:6a:73:c8:b9:d2:96:68:04:0d:53:45:63:
bc:ee:e8:26:bb:3b:e7:14:64:63:23:66:65:4e:98:
43:42:e4:e1:2e:22:c8:03:61:eb:92:33:ee:f2:5e:
be:28:0c:3d:9d:cc:a5:bf:d8:66:f5:27:64:dd:5f:
44:26:5b:8d:8d:21:22:80:91:54:60:3e:04:ff:23:
b1:48:73:e7:5b:bc:a4:6e:c1:ae:57:d9:20:aa:26:
fd:61:35:d8:6d:2f:72:8d:db:e4:4d:b6:a4:68:7b:
93:b1:08:c4:6e:e9:38:71:0a:5c:b0:cf:f6:45:6c:
d9:63:1a:62:fa:53:fe:cc:48:9c:93:bc:9c:c6:14:
a6:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:70:F9:64:0F:32:2F:57:49:C8:A8:E6:09:AD:90:F0:7E:52:D2:48
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/m3D5ZA8yL1dJyKjmCa2Q8H5S0kg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.202.0/24
109.122.206.0/24
Signature Algorithm: sha256WithRSAEncryption
84:e5:98:aa:2f:44:06:88:eb:54:4b:3c:6f:ee:2d:dd:77:7b:
6b:97:f6:12:55:1b:48:d7:8e:5e:0f:b6:1e:52:f6:c2:20:68:
69:b3:d3:bb:0a:7c:7e:89:c6:60:9c:30:db:9c:c5:c9:e0:2e:
bd:f7:de:3b:4d:be:2c:61:4f:74:c5:f9:30:bf:89:2c:8a:07:
e0:0e:ed:96:f2:28:c6:62:ea:f3:1d:2e:eb:68:38:9d:5b:e5:
d8:ae:83:16:9a:03:a6:ef:e5:b1:68:de:52:61:ed:82:63:7e:
46:0c:9d:c2:c7:eb:27:c4:e3:fe:f0:9d:22:2d:4d:79:02:9f:
8c:66:72:43:86:d1:a2:9e:bb:a1:9f:db:68:9d:a7:fb:aa:a3:
24:92:75:60:c5:a4:e5:05:65:f8:f3:89:13:c4:8f:55:3a:05:
6d:fc:9a:71:4f:ca:8d:7e:d4:cb:47:cc:ea:0b:0b:f5:cb:bf:
f4:d4:79:d2:96:96:47:20:8f:24:54:92:24:46:22:44:b2:a0:
ee:70:3d:d0:e6:e2:7c:9e:83:6a:4f:a8:12:bb:0b:8a:70:a5:
cf:0c:7b:88:5e:5e:55:29:a8:84:f4:74:3d:7b:dc:c5:2d:50:
a8:73:5b:3f:19:5b:ef:61:5b:00:87:c2:00:95:48:26:e6:a8:
b1:ac:3d:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY03lzZ5LmEF18cyCUMPtaccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTIzMTgzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjcwZjk2NDBmMzIyZjU3NDljOGE4ZTYwOWFkOTBmMDdlNTJkMjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkMCB/32bwHqIKr3P3oZqt68VGXh
13P5fucwCwvLR1VlZZjzKN/HVfWyF8pbTf3TtwKP7v+ZqgdHVPbLDa+tA2mdL3L3
KE25TO2NpBUE8GzkoyqP8g97fcLVxvmGr8ZpDJhRxefj4l9Hg1uFnXNvuAX9bwNR
SOD5uIZqc8i50pZoBA1TRWO87ugmuzvnFGRjI2ZlTphDQuThLiLIA2HrkjPu8l6+
KAw9ncylv9hm9Sdk3V9EJluNjSEigJFUYD4E/yOxSHPnW7ykbsGuV9kgqib9YTXY
bS9yjdvkTbakaHuTsQjEbuk4cQpcsM/2RWzZYxpi+lP+zEick7ycxhSm6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJtw+WQPMi9XScio5gmtkPB+UtJIMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvbTNENVpBOHlMMWRKeUtqbUNhMlE4SDVTMGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrKAwQA
bXrOMA0GCSqGSIb3DQEBCwUAA4IBAQCE5ZiqL0QGiOtUSzxv7i3dd3trl/YSVRtI
145eD7YeUvbCIGhps9O7Cnx+icZgnDDbnMXJ4C699947Tb4sYU90xfkwv4ksigfg
Du2W8ijGYurzHS7raDidW+XYroMWmgOm7+WxaN5SYe2CY35GDJ3Cx+snxOP+8J0i
LU15Ap+MZnJDhtGinruhn9tonaf7qqMkknVgxaTlBWX484kTxI9VOgVt/JpxT8qN
ftTLR8zqCwv1y7/01HnSlpZHII8kVJIkRiJEsqDucD3Q5uJ8noNqT6gSuwuKcKXP
DHuIXl5VKaiE9HQ9e9zFLVCoc1s/GVvvYVsAh8IAlUgm5qixrD1Z
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:59 2025 by rpki-client