Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ozbHleesB5B7EEkCQEJT5V4CY_E.roa
File: ozbHleesB5B7EEkCQEJT5V4CY_E.roa (raw, json)
Hash identifier: yl/n4CcY2/1YE3eoiS64OMS9wDG5CJYVCgLJAuxLkoI=
Subject key identifier: A3:36:C7:95:E7:AC:07:90:7B:10:49:02:40:42:53:E5:5E:02:63:F1
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0189FF567A518BD6DB44057D553FE1A9CF93
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ozbHleesB5B7EEkCQEJT5V4CY_E.roa
Signing time: Wed 16 Aug 2023 17:13:24 +0000
ROA not before: Wed 16 Aug 2023 17:13:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.212.0/24 maxlen: 24
109.122.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ff:56:7a:51:8b:d6:db:44:05:7d:55:3f:e1:a9:cf:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Aug 16 17:13:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a336c795e7ac07907b104902404253e55e0263f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:7c:fc:b7:60:f9:43:dd:5f:4f:f6:f4:f9:a1:
95:dc:6f:c8:d8:29:53:ab:01:43:78:47:69:5e:80:
56:f8:da:18:51:50:57:c0:c0:04:6d:fc:26:4c:59:
4c:d2:da:d7:fb:e7:64:73:0a:7f:5f:51:e4:ae:a9:
2a:da:e0:16:70:96:a6:11:f7:9a:95:03:8f:03:e2:
70:cd:fd:e9:16:01:bf:4e:b1:12:48:43:9b:1d:ce:
be:eb:1b:da:a2:0a:61:20:f5:43:98:b5:a6:3e:83:
4b:57:58:bc:dd:b7:32:20:37:5e:5e:51:6f:fa:4d:
0a:c4:5f:5c:78:93:02:83:bd:f1:1f:45:66:ff:c4:
7d:c0:ae:b4:55:93:e0:61:8a:95:c7:93:64:7d:f7:
16:c1:bd:e9:e5:ce:3f:c1:05:58:c2:17:93:73:62:
73:a2:80:0e:29:a2:77:68:f8:0b:27:7b:3c:d7:61:
cd:84:37:4f:50:fd:5d:61:d7:39:c3:0c:ca:17:2c:
43:79:b1:70:c7:35:ea:e4:a0:37:88:82:88:ff:ee:
6c:ae:cd:3a:53:d4:8c:f6:48:b8:58:bd:82:65:0f:
d2:42:c2:b3:2d:78:fc:5a:9c:a8:6b:f4:ea:09:6c:
61:a6:87:7e:4e:be:4c:75:b3:30:17:dc:3e:79:cc:
de:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:36:C7:95:E7:AC:07:90:7B:10:49:02:40:42:53:E5:5E:02:63:F1
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/ozbHleesB5B7EEkCQEJT5V4CY_E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/24
109.122.212.0/24
109.122.215.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:63:d2:11:55:35:54:48:c7:ed:cb:e8:91:74:38:c7:51:92:
57:51:4e:2e:09:d7:0e:c8:fe:e9:89:6f:73:56:7d:ec:ae:99:
84:cd:02:66:da:c6:9d:02:ad:22:a9:ec:1e:b8:ec:38:a4:f0:
5f:72:49:d8:84:ad:d1:88:35:a6:1e:55:8f:bb:cf:0a:84:ba:
0e:40:62:cc:fc:1f:58:5b:65:da:bb:a8:1f:81:29:e0:d5:d6:
ca:a1:95:07:79:54:24:2e:b1:dc:ce:75:a9:18:90:77:c3:45:
8f:c2:33:db:e7:21:9b:84:53:14:cb:40:d3:59:e0:b0:a1:f1:
71:d0:42:cb:db:8d:66:c5:cf:a0:08:3d:30:1d:65:fd:fe:87:
34:ad:be:5d:23:7c:1d:a8:f3:1a:7c:28:d0:3b:f5:f3:cc:fb:
d6:52:0d:82:e1:9a:10:a5:ba:0c:f8:26:60:98:1f:d9:96:3b:
5b:de:75:23:b3:9a:87:86:b6:da:2c:50:cf:8a:37:f0:ed:97:
52:35:c3:a5:46:42:fe:b2:b6:48:13:96:75:75:a8:c8:53:25:
00:65:f2:16:52:8e:e3:b4:f7:82:f9:36:23:da:b1:e1:3c:fa:
fc:eb:ac:e1:0b:5e:e4:63:5c:35:f4:2f:3e:51:bb:05:df:bd:
e5:0a:7f:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYn/VnpRi9bbRAV9VT/hqc+TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwODE2MTcxMzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzM2Yzc5NWU3YWMwNzkwN2IxMDQ5MDI0MDQyNTNlNTVlMDI2M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3z8t2D5Q91fT/b0+aGV3G/I2ClT
qwFDeEdpXoBW+NoYUVBXwMAEbfwmTFlM0trX++dkcwp/X1Hkrqkq2uAWcJamEfea
lQOPA+Jwzf3pFgG/TrESSEObHc6+6xvaogphIPVDmLWmPoNLV1i83bcyIDdeXlFv
+k0KxF9ceJMCg73xH0Vm/8R9wK60VZPgYYqVx5NkffcWwb3p5c4/wQVYwheTc2Jz
ooAOKaJ3aPgLJ3s812HNhDdPUP1dYdc5wwzKFyxDebFwxzXq5KA3iIKI/+5srs06
U9SM9ki4WL2CZQ/SQsKzLXj8Wpyoa/TqCWxhpod+Tr5MdbMwF9w+ecze3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKM2x5XnrAeQexBJAkBCU+VeAmPxMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvb3piSGxlZXNCNUI3RUVrQ1FFSlQ1VjRDWV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbXrAAwQA
bXrUAwQAbXrXMA0GCSqGSIb3DQEBCwUAA4IBAQAbY9IRVTVUSMfty+iRdDjHUZJX
UU4uCdcOyP7piW9zVn3srpmEzQJm2sadAq0iqeweuOw4pPBfcknYhK3RiDWmHlWP
u88KhLoOQGLM/B9YW2Xau6gfgSng1dbKoZUHeVQkLrHcznWpGJB3w0WPwjPb5yGb
hFMUy0DTWeCwofFx0ELL241mxc+gCD0wHWX9/oc0rb5dI3wdqPMafCjQO/XzzPvW
Ug2C4ZoQpboM+CZgmB/Zljtb3nUjs5qHhrbaLFDPijfw7ZdSNcOlRkL+srZIE5Z1
dajIUyUAZfIWUo7jtPeC+TYj2rHhPPr866zhC17kY1w19C8+UbsF373lCn/3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org