Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nPCQKmvjAvY1-i-OQig3lYohMwg.roa
File: nPCQKmvjAvY1-i-OQig3lYohMwg.roa (raw, json)
Hash identifier: NecC38jv0IQBDSMPAgHOPD1zmmIbJm71FiVBLAsC3+0=
Subject key identifier: 9C:F0:90:2A:6B:E3:02:F6:35:FA:2F:8E:42:28:37:95:8A:21:33:08
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187BDC9A60D3F4EC650CF39B2E02B3E1A2A
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nPCQKmvjAvY1-i-OQig3lYohMwg.roa
Signing time: Wed 26 Apr 2023 13:38:41 +0000
ROA not before: Wed 26 Apr 2023 13:38:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210732
IP address blocks: 109.122.210.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:bd:c9:a6:0d:3f:4e:c6:50:cf:39:b2:e0:2b:3e:1a:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 26 13:38:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9cf0902a6be302f635fa2f8e422837958a213308
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:e2:56:84:a7:32:bc:17:0b:bf:c6:37:fd:e8:
c6:7e:a4:75:76:45:2f:3b:e2:fc:f5:08:b8:25:eb:
9d:0d:14:5f:d8:5c:6b:10:68:1b:36:ab:99:04:1a:
0e:7e:5f:5a:0a:dd:37:51:1c:26:b5:d1:77:da:3c:
7e:e6:f7:cc:bd:49:fb:f3:8d:47:bb:74:af:80:27:
54:44:c9:b0:d3:83:28:f9:e9:5f:b2:eb:32:54:d1:
c8:12:26:60:e8:ac:c6:e2:43:e4:2a:94:62:07:5a:
20:34:f2:46:b1:87:fa:5e:cd:3b:0a:3e:9f:4b:b5:
59:d4:f5:0d:ac:93:ab:20:33:7f:ff:5c:ef:e5:c2:
26:94:32:09:22:cf:d3:55:66:a7:19:65:30:de:29:
98:11:7e:d9:ed:e0:8e:5d:1b:87:65:a5:70:f7:13:
9d:d0:ee:82:46:d9:5f:4f:39:e4:e2:ee:8b:e5:d5:
0c:17:fc:f7:21:f7:4c:48:00:eb:e5:09:62:86:a1:
64:ce:be:bc:0f:56:24:e8:cc:11:34:e2:17:8b:a8:
1c:50:5c:16:2b:d6:2d:3b:85:77:98:fd:7e:f4:60:
ab:a9:12:51:fe:17:c7:8c:4c:7e:c7:30:b9:08:f9:
5e:8a:66:af:dc:71:11:d1:03:af:01:77:80:b4:12:
5f:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:F0:90:2A:6B:E3:02:F6:35:FA:2F:8E:42:28:37:95:8A:21:33:08
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/nPCQKmvjAvY1-i-OQig3lYohMwg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.210.0/24
Signature Algorithm: sha256WithRSAEncryption
6c:41:1f:d5:b2:4b:a7:b4:cb:d4:f9:e2:f1:ed:83:79:9d:0f:
d7:be:e2:01:93:bf:9a:40:af:fd:b7:8c:f7:b3:29:ad:4c:6c:
5d:d6:10:13:fe:d2:39:09:29:a4:b8:51:42:31:18:df:62:1a:
ce:1d:62:18:60:8c:27:bf:da:b6:3e:60:a1:85:c3:cb:94:02:
50:e4:a4:b1:38:d7:d6:87:90:f3:cd:a4:3c:fa:1d:75:27:70:
29:0f:62:26:98:65:e1:d8:92:9b:cb:f1:07:22:76:c7:6b:34:
5e:68:85:89:c6:17:39:67:3c:6f:91:66:a0:c1:60:90:dd:3d:
75:8d:b6:09:63:19:94:cc:73:29:db:11:e2:8f:38:e3:88:06:
26:90:28:38:b6:1e:a8:a2:59:d6:2f:a7:af:14:b8:80:28:78:
6d:7c:c4:02:39:42:96:b1:72:4e:38:3a:ce:2e:e3:1b:43:27:
2f:bc:98:a0:dd:43:f7:37:dc:48:f7:b1:dc:82:50:85:aa:ca:
c8:d9:e5:0f:d2:08:3a:fb:0e:86:bf:bc:c9:78:c7:77:d6:e1:
a2:86:a5:ce:db:15:e1:35:c2:56:4a:c3:55:f0:5b:27:8d:70:
a0:fe:29:d3:9e:9e:87:b4:75:10:e9:b9:f8:fe:92:f0:9a:08:
24:eb:8c:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYe9yaYNP07GUM85suArPhoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDI2MTMzODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2YwOTAyYTZiZTMwMmY2MzVmYTJmOGU0MjI4Mzc5NThhMjEzMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeJWhKcyvBcLv8Y3/ejGfqR1dkUv
O+L89Qi4JeudDRRf2FxrEGgbNquZBBoOfl9aCt03URwmtdF32jx+5vfMvUn7841H
u3SvgCdURMmw04Mo+elfsusyVNHIEiZg6KzG4kPkKpRiB1ogNPJGsYf6Xs07Cj6f
S7VZ1PUNrJOrIDN//1zv5cImlDIJIs/TVWanGWUw3imYEX7Z7eCOXRuHZaVw9xOd
0O6CRtlfTznk4u6L5dUMF/z3IfdMSADr5QlihqFkzr68D1Yk6MwRNOIXi6gcUFwW
K9YtO4V3mP1+9GCrqRJR/hfHjEx+xzC5CPleimav3HER0QOvAXeAtBJfbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzwkCpr4wL2NfovjkIoN5WKITMIMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvblBDUUttdmpBdlkxLWktT1FpZzNsWW9oTXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrSMA0G
CSqGSIb3DQEBCwUAA4IBAQBsQR/VskuntMvU+eLx7YN5nQ/XvuIBk7+aQK/9t4z3
symtTGxd1hAT/tI5CSmkuFFCMRjfYhrOHWIYYIwnv9q2PmChhcPLlAJQ5KSxONfW
h5DzzaQ8+h11J3ApD2ImmGXh2JKby/EHInbHazReaIWJxhc5ZzxvkWagwWCQ3T11
jbYJYxmUzHMp2xHijzjjiAYmkCg4th6oolnWL6evFLiAKHhtfMQCOUKWsXJOODrO
LuMbQycvvJig3UP3N9xI97HcglCFqsrI2eUP0gg6+w6Gv7zJeMd31uGihqXO2xXh
NcJWSsNV8FsnjXCg/inTnp6HtHUQ6bn4/pLwmggk64w3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org