Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/pAFKupn6qO48s6KAC1D63crXkj8.roa
File: pAFKupn6qO48s6KAC1D63crXkj8.roa (raw, json)
Hash identifier: OaaIw+WoM9JTdazckGmwSec7/hG8WsvCwFxpdFIhasI=
Subject key identifier: A4:01:4A:BA:99:FA:A8:EE:3C:B3:A2:80:0B:50:FA:DD:CA:D7:92:3F
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C3092E2DDEF1E4856C55AD0211FEC2C16
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/pAFKupn6qO48s6KAC1D63crXkj8.roa
Signing time: Sun 03 Dec 2023 16:46:21 +0000
ROA not before: Sun 03 Dec 2023 16:46:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 399045
IP address blocks: 109.122.197.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:30:92:e2:dd:ef:1e:48:56:c5:5a:d0:21:1f:ec:2c:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 3 16:46:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a4014aba99faa8ee3cb3a2800b50faddcad7923f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:df:5d:3c:35:8b:88:02:f4:de:8b:d2:e0:80:
77:01:bf:19:42:e3:7b:92:03:42:27:64:ab:e1:64:
32:60:2d:70:82:52:3d:99:dd:e1:83:25:54:54:a1:
92:a2:4c:a1:3f:58:dc:b6:96:39:d9:d5:70:a9:fe:
d0:32:8c:78:e3:a4:7f:d9:04:43:a7:1d:4e:68:24:
3e:e7:6e:59:69:03:ab:1f:aa:1c:e1:aa:a2:c7:f9:
6f:25:3f:fb:23:26:71:d4:ad:81:aa:d7:ca:76:41:
f2:18:81:75:b9:cb:91:53:14:59:ca:fe:0d:e0:c8:
34:34:35:f9:34:4c:c1:af:d0:3d:37:37:17:9b:4f:
19:69:b0:80:2b:94:ca:69:3a:bf:32:43:83:be:e1:
c0:5e:82:dc:aa:bd:10:e8:be:65:ce:31:38:e4:ae:
05:c1:cc:49:b9:a5:66:f0:67:f9:6b:aa:c4:41:fa:
18:1a:0c:15:ef:ed:9b:a3:1a:ad:c6:b8:a1:90:57:
4b:49:3a:b4:60:85:d2:8e:cf:ba:95:b1:ad:27:12:
df:11:03:a0:d0:52:f2:41:04:af:2a:35:0c:39:b8:
64:2f:03:09:ff:ee:ca:28:6f:4c:9f:bd:6d:8c:3c:
29:bf:c9:83:42:f3:01:d2:a0:60:56:dd:23:3b:68:
e7:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:01:4A:BA:99:FA:A8:EE:3C:B3:A2:80:0B:50:FA:DD:CA:D7:92:3F
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/pAFKupn6qO48s6KAC1D63crXkj8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.197.0/24
Signature Algorithm: sha256WithRSAEncryption
1e:a6:09:2f:d7:d3:c9:fc:24:e1:5d:28:0f:43:61:c1:7e:96:
9c:1e:6d:4c:24:24:36:26:65:4f:9e:f8:3b:20:fb:cd:e9:5e:
0f:eb:d6:21:b1:88:17:56:31:3e:a2:97:83:00:ac:b4:6e:97:
1b:f0:df:01:4a:54:f9:a9:f8:ef:b7:42:d6:c8:5a:4f:4f:cb:
3d:89:fa:79:a0:be:74:79:39:f9:77:63:1a:75:c8:e8:4f:1c:
ce:7d:e4:a3:1a:ed:7f:d3:89:2f:3d:f1:a0:93:64:c0:bb:77:
7a:37:10:5b:63:a7:7d:ee:28:b9:ac:fe:28:cd:ad:a4:5e:d7:
da:31:f2:9f:c5:30:a9:da:ff:01:14:d8:5e:d9:08:aa:7f:c3:
0f:39:48:a7:95:a3:db:0b:d9:33:7c:7c:93:ae:53:f6:87:27:
0d:26:02:27:fd:f4:4d:0d:3f:1c:9b:47:e5:67:4c:ae:85:67:
31:e8:86:74:c8:90:d8:72:f0:e5:7b:4b:1c:c9:2e:70:9d:4e:
bb:47:e0:61:8a:06:2d:5f:7b:b5:66:ed:0f:0f:77:ef:3c:ab:
a8:6b:9b:bd:d9:c5:81:ac:d8:dc:bd:22:8b:eb:94:95:2c:e1:
7f:de:4d:bf:6b:7f:13:30:72:7d:83:40:d0:9f:97:74:de:df:
eb:d3:58:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYwwkuLd7x5IVsVa0CEf7CwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjAzMTY0NjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDAxNGFiYTk5ZmFhOGVlM2NiM2EyODAwYjUwZmFkZGNhZDc5MjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAod9dPDWLiAL03ovS4IB3Ab8ZQuN7
kgNCJ2Sr4WQyYC1wglI9md3hgyVUVKGSokyhP1jctpY52dVwqf7QMox446R/2QRD
px1OaCQ+525ZaQOrH6oc4aqix/lvJT/7IyZx1K2BqtfKdkHyGIF1ucuRUxRZyv4N
4Mg0NDX5NEzBr9A9NzcXm08ZabCAK5TKaTq/MkODvuHAXoLcqr0Q6L5lzjE45K4F
wcxJuaVm8Gf5a6rEQfoYGgwV7+2boxqtxrihkFdLSTq0YIXSjs+6lbGtJxLfEQOg
0FLyQQSvKjUMObhkLwMJ/+7KKG9Mn71tjDwpv8mDQvMB0qBgVt0jO2jnhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQBSrqZ+qjuPLOigAtQ+t3K15I/MB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvcEFGS3VwbjZxTzQ4czZLQUMxRDYzY3JYa2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrFMA0G
CSqGSIb3DQEBCwUAA4IBAQAepgkv19PJ/CThXSgPQ2HBfpacHm1MJCQ2JmVPnvg7
IPvN6V4P69YhsYgXVjE+opeDAKy0bpcb8N8BSlT5qfjvt0LWyFpPT8s9ifp5oL50
eTn5d2MadcjoTxzOfeSjGu1/04kvPfGgk2TAu3d6NxBbY6d97ii5rP4oza2kXtfa
MfKfxTCp2v8BFNhe2Qiqf8MPOUinlaPbC9kzfHyTrlP2hycNJgIn/fRNDT8cm0fl
Z0yuhWcx6IZ0yJDYcvDle0scyS5wnU67R+BhigYtX3u1Zu0PD3fvPKuoa5u92cWB
rNjcvSKL65SVLOF/3k2/a38TMHJ9g0DQn5d03t/r01gJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org