Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/poh5i8MQocrhuIL1dCp0sZIGhKM.roa
File: poh5i8MQocrhuIL1dCp0sZIGhKM.roa (raw, json)
Hash identifier: +1cTqztGd05J+QPXKqc+pH6hIKVoRRgZcm1EUGOYvXQ=
Subject key identifier: A6:88:79:8B:C3:10:A1:CA:E1:B8:82:F5:74:2A:74:B1:92:06:84:A3
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018CC50144EC875AB062C8A5245D8AC85DE5
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/poh5i8MQocrhuIL1dCp0sZIGhKM.roa
Signing time: Mon 01 Jan 2024 12:30:43 +0000
ROA not before: Mon 01 Jan 2024 12:30:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209181
IP address blocks: 109.122.219.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:44:ec:87:5a:b0:62:c8:a5:24:5d:8a:c8:5d:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 1 12:30:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a688798bc310a1cae1b882f5742a74b1920684a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:11:83:1d:28:0d:02:8d:2b:9d:1d:d7:47:3b:
77:53:c9:10:d0:b6:36:a5:09:92:64:dd:fc:1d:8a:
3b:86:96:de:ba:4c:57:fd:f6:f5:5c:75:1b:5d:8a:
b2:98:13:30:8c:be:76:93:1b:03:a6:5a:bd:59:63:
a1:e8:2f:35:35:02:6e:d4:86:c2:77:9e:19:ff:86:
3a:9e:91:59:98:99:bc:01:34:a1:fa:ab:50:a3:fc:
00:55:ea:60:95:8c:ba:c3:f6:87:4d:dc:cf:ce:9e:
80:b4:4a:9d:7a:5a:91:b4:3e:08:6c:de:6f:eb:ee:
dd:d0:27:03:07:54:18:f9:39:f7:96:2b:c3:0e:c9:
89:26:13:68:89:78:f9:87:d2:36:fe:57:89:ee:ca:
00:d8:5e:53:10:0d:bc:ae:e2:8d:9a:d6:71:24:52:
f8:b5:25:7d:62:a6:92:66:44:1f:c6:f8:13:e4:f9:
70:19:cf:46:83:85:01:20:bb:84:09:ca:b1:a0:78:
1f:ed:44:17:b1:78:99:54:a2:c7:34:a5:d0:15:a8:
5e:c1:5e:97:2f:91:4a:63:ef:4b:9c:63:5c:59:68:
8b:23:1d:35:38:bf:ad:8a:f3:7c:db:9e:d4:f8:4e:
90:15:52:00:0c:16:ea:60:24:61:50:62:6b:49:e0:
1c:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:88:79:8B:C3:10:A1:CA:E1:B8:82:F5:74:2A:74:B1:92:06:84:A3
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/poh5i8MQocrhuIL1dCp0sZIGhKM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.219.0/24
Signature Algorithm: sha256WithRSAEncryption
76:06:4e:12:31:22:07:84:0b:38:b8:7a:85:01:e0:cc:0c:8f:
2b:b7:58:16:4a:b3:09:eb:58:3f:7b:a3:f7:b6:e9:03:3b:f3:
be:a4:3a:fe:2d:30:49:ce:c2:7a:df:0a:ff:35:37:ea:60:85:
ed:9d:3a:45:c9:a5:b2:ff:af:9d:9d:56:eb:dd:25:96:6f:a9:
b5:51:39:c0:6e:56:60:d1:75:f4:8a:57:98:4c:48:1d:5a:04:
8b:b9:ec:b9:ea:13:aa:7b:09:28:5a:3f:41:c9:bb:80:54:e2:
da:b9:af:70:ff:ff:d6:07:63:b4:b2:a0:14:41:ad:08:2c:87:
c9:a4:06:f6:12:ea:01:b7:65:d1:87:9d:f6:64:63:d4:92:6f:
42:01:0a:66:f5:ab:b1:88:e9:93:e2:9c:bd:4e:83:b3:5f:ed:
73:d8:17:8e:72:4e:c0:fa:c9:ea:63:aa:bd:56:cb:0c:3e:d8:
5e:b4:1c:b1:2f:76:bd:64:86:c2:f5:61:00:c6:14:d7:bf:c6:
92:2f:42:08:4b:78:d9:1d:9d:43:10:b5:4b:38:41:4d:94:70:
27:58:b7:61:bb:09:59:e2:b3:ac:ed:d0:ba:5f:b3:cc:ad:7a:
f0:e8:12:b9:83:79:ab:8d:1d:74:f9:d5:46:64:9c:16:8c:e8:
f9:34:f7:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUTsh1qwYsilJF2KyF3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjg4Nzk4YmMzMTBhMWNhZTFiODgyZjU3NDJhNzRiMTkyMDY4NGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhGDHSgNAo0rnR3XRzt3U8kQ0LY2
pQmSZN38HYo7hpbeukxX/fb1XHUbXYqymBMwjL52kxsDplq9WWOh6C81NQJu1IbC
d54Z/4Y6npFZmJm8ATSh+qtQo/wAVepglYy6w/aHTdzPzp6AtEqdelqRtD4IbN5v
6+7d0CcDB1QY+Tn3livDDsmJJhNoiXj5h9I2/leJ7soA2F5TEA28ruKNmtZxJFL4
tSV9YqaSZkQfxvgT5PlwGc9Gg4UBILuECcqxoHgf7UQXsXiZVKLHNKXQFahewV6X
L5FKY+9LnGNcWWiLIx01OL+tivN8257U+E6QFVIADBbqYCRhUGJrSeAcowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaIeYvDEKHK4biC9XQqdLGSBoSjMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvcG9oNWk4TVFvY3JodUlMMWRDcDBzWklHaEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrbMA0G
CSqGSIb3DQEBCwUAA4IBAQB2Bk4SMSIHhAs4uHqFAeDMDI8rt1gWSrMJ61g/e6P3
tukDO/O+pDr+LTBJzsJ63wr/NTfqYIXtnTpFyaWy/6+dnVbr3SWWb6m1UTnAblZg
0XX0ileYTEgdWgSLuey56hOqewkoWj9BybuAVOLaua9w///WB2O0sqAUQa0ILIfJ
pAb2EuoBt2XRh532ZGPUkm9CAQpm9auxiOmT4py9ToOzX+1z2BeOck7A+snqY6q9
VssMPthetByxL3a9ZIbC9WEAxhTXv8aSL0IIS3jZHZ1DELVLOEFNlHAnWLdhuwlZ
4rOs7dC6X7PMrXrw6BK5g3mrjR10+dVGZJwWjOj5NPeQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org