Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/qtA8jjIltGq3j_UdAk7iAtGT44M.roa
File: qtA8jjIltGq3j_UdAk7iAtGT44M.roa (raw, json)
Hash identifier: tLEb5mXtxFuTDKQ3i9QwbqHauOvspcGvNZEuCv92NDU=
Subject key identifier: AA:D0:3C:8E:32:25:B4:6A:B7:8F:F5:1D:02:4E:E2:02:D1:93:E3:83
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018D37973147A30D96FDA7C25CEBD610035F
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/qtA8jjIltGq3j_UdAk7iAtGT44M.roa
Signing time: Tue 23 Jan 2024 18:31:11 +0000
ROA not before: Tue 23 Jan 2024 18:31:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9009
IP address blocks: 109.122.204.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:37:97:31:47:a3:0d:96:fd:a7:c2:5c:eb:d6:10:03:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Jan 23 18:31:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aad03c8e3225b46ab78ff51d024ee202d193e383
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:d0:79:fe:ad:0f:62:72:c6:0d:6b:7a:86:df:
7b:ef:59:fd:58:e9:af:8b:be:a0:56:7c:a4:db:11:
6a:ac:68:fb:42:54:8d:9a:f8:30:46:cb:56:6e:0b:
37:c4:d8:a1:26:c8:70:c2:40:e0:dd:ce:d8:52:f2:
47:cb:1e:77:60:dc:30:44:47:7d:b2:76:5e:97:5b:
12:5d:f2:74:18:d8:96:0f:bd:61:e2:95:e1:d7:e4:
48:26:22:5b:6e:6a:6e:24:91:16:92:9b:90:34:dc:
d2:b6:b9:c8:4a:61:17:ea:e8:49:09:b7:55:1f:4b:
06:38:f4:67:5f:0d:5b:bb:bc:76:6a:05:75:5b:cf:
29:80:40:f9:0c:00:40:8e:ae:40:1f:be:e1:1a:3f:
2c:cd:31:ac:a0:73:21:62:8a:2d:ba:18:d7:cd:cb:
75:28:50:f8:db:2c:a9:cb:a6:68:f1:ed:09:ab:27:
39:e3:f6:7d:4f:00:a1:05:7b:35:3d:01:f1:89:79:
3b:8c:99:c8:b1:21:e0:f9:51:6f:05:70:e9:a9:be:
40:2e:97:39:90:a7:86:57:43:86:06:0b:20:ab:64:
50:40:12:3f:4f:a2:95:80:29:20:2a:5b:ea:8a:b6:
81:72:bf:7d:ea:39:c5:7a:a8:49:7d:53:2d:d8:13:
1a:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:D0:3C:8E:32:25:B4:6A:B7:8F:F5:1D:02:4E:E2:02:D1:93:E3:83
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/qtA8jjIltGq3j_UdAk7iAtGT44M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.204.0/24
Signature Algorithm: sha256WithRSAEncryption
07:c9:0b:01:ee:3c:1a:58:19:e4:5d:6d:b0:db:71:19:7d:d2:
07:7d:fc:c0:f9:69:18:22:c8:b0:e6:cd:d0:f1:f3:02:9e:6c:
da:52:bc:40:8a:51:4b:65:7a:4b:d3:58:e3:fe:ed:c0:d3:ca:
66:37:a3:9a:12:67:32:6b:25:c0:7d:5c:61:40:64:92:82:23:
01:a0:08:4c:d8:a0:e4:95:4f:79:65:00:34:51:4d:af:7d:40:
ad:48:42:88:f0:88:cb:8c:f0:76:d2:35:86:a3:37:c2:e7:14:
da:79:dd:99:4b:77:70:39:0a:a5:bf:3c:67:9e:75:98:42:74:
48:e8:69:b4:3e:32:ca:1d:35:8b:e0:c7:38:62:53:08:78:01:
80:7e:7f:d1:e9:62:df:24:a2:c2:ba:3c:d2:26:e0:0e:ba:ba:
cd:7e:19:7a:ac:74:e0:64:ea:40:32:6f:7c:de:39:90:65:50:
66:cb:9d:a8:f4:69:aa:a1:54:a2:d0:52:89:f6:5a:a6:7c:ac:
6d:78:45:e2:6d:74:56:a4:2e:3e:33:8f:2e:6e:9e:37:1e:e6:
b6:8f:f2:c4:d0:b2:98:e2:5b:28:d6:2b:0b:46:fb:69:0a:ca:
2a:2c:41:6c:5d:d7:11:19:14:e0:df:1d:9b:39:61:6f:e2:b4:
34:03:a0:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY03lzFHow2W/afCXOvWEANfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMTIzMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWQwM2M4ZTMyMjViNDZhYjc4ZmY1MWQwMjRlZTIwMmQxOTNlMzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdB5/q0PYnLGDWt6ht9771n9WOmv
i76gVnyk2xFqrGj7QlSNmvgwRstWbgs3xNihJshwwkDg3c7YUvJHyx53YNwwREd9
snZel1sSXfJ0GNiWD71h4pXh1+RIJiJbbmpuJJEWkpuQNNzStrnISmEX6uhJCbdV
H0sGOPRnXw1bu7x2agV1W88pgED5DABAjq5AH77hGj8szTGsoHMhYootuhjXzct1
KFD42yypy6Zo8e0Jqyc54/Z9TwChBXs1PQHxiXk7jJnIsSHg+VFvBXDpqb5ALpc5
kKeGV0OGBgsgq2RQQBI/T6KVgCkgKlvqiraBcr996jnFeqhJfVMt2BMaIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrQPI4yJbRqt4/1HQJO4gLRk+ODMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvcXRBOGpqSWx0R3Ezal9VZEFrN2lBdEdUNDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrMMA0G
CSqGSIb3DQEBCwUAA4IBAQAHyQsB7jwaWBnkXW2w23EZfdIHffzA+WkYIsiw5s3Q
8fMCnmzaUrxAilFLZXpL01jj/u3A08pmN6OaEmcyayXAfVxhQGSSgiMBoAhM2KDk
lU95ZQA0UU2vfUCtSEKI8IjLjPB20jWGozfC5xTaed2ZS3dwOQqlvzxnnnWYQnRI
6Gm0PjLKHTWL4Mc4YlMIeAGAfn/R6WLfJKLCujzSJuAOurrNfhl6rHTgZOpAMm98
3jmQZVBmy52o9GmqoVSi0FKJ9lqmfKxteEXibXRWpC4+M48ubp43Hua2j/LE0LKY
4lso1isLRvtpCsoqLEFsXdcRGRTg3x2bOWFv4rQ0A6Ct
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org