Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/rUL8kjJAGoejPMdDlNB2yS7pDYw.roa
File: rUL8kjJAGoejPMdDlNB2yS7pDYw.roa (raw, json)
Hash identifier: h71koGnO1fW2CseMMTwcNl6QLplrrahfUxEEn7fae0A=
Subject key identifier: AD:42:FC:92:32:40:1A:87:A3:3C:C7:43:94:D0:76:C9:2E:E9:0D:8C
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187A865E69271EFF23B5DC259CD2FB16C3D
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/rUL8kjJAGoejPMdDlNB2yS7pDYw.roa
Signing time: Sat 22 Apr 2023 09:57:43 +0000
ROA not before: Sat 22 Apr 2023 09:57:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 54252
IP address blocks: 109.122.222.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a8:65:e6:92:71:ef:f2:3b:5d:c2:59:cd:2f:b1:6c:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 22 09:57:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ad42fc9232401a87a33cc74394d076c92ee90d8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:6d:b6:0d:39:e2:4b:ab:51:f4:ef:15:ef:75:
68:02:91:0e:bc:47:1b:9f:a7:08:df:75:3d:8f:3f:
98:0d:b0:e1:2b:69:1a:43:c8:cd:d9:a7:db:fb:de:
f5:82:e6:97:42:1e:9c:f7:09:88:a3:84:bf:7e:3f:
84:24:46:cb:00:2e:64:79:22:5b:7d:fb:f2:2a:31:
1f:c0:86:69:b1:4d:e5:cc:3c:67:2e:68:ce:66:0a:
b7:f2:f8:92:f2:6a:51:5b:50:28:41:f8:02:66:77:
26:39:af:d4:4a:66:24:61:f3:77:47:07:11:ff:0e:
cb:fe:96:a2:86:f4:24:04:1c:9f:c9:1b:35:8f:84:
39:73:92:87:8a:91:60:36:e4:37:c8:75:67:b9:26:
5f:bb:20:79:18:b2:40:3a:e5:c4:27:8f:12:c0:32:
d8:13:b3:f3:4d:6d:c9:6e:d2:c8:57:f3:a0:88:84:
61:4e:47:90:1c:6d:a4:58:c3:e2:10:60:85:c0:2c:
07:bc:87:24:0f:84:84:0a:c5:61:53:7b:2f:37:9c:
bb:b4:fb:b6:b7:c4:78:39:23:4d:c1:1b:1c:3c:b4:
32:38:20:ce:b3:f8:ae:e9:4a:ad:8d:26:87:8e:45:
85:51:e1:56:a6:f5:52:5e:e0:8d:e9:6e:de:5d:dd:
c1:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:42:FC:92:32:40:1A:87:A3:3C:C7:43:94:D0:76:C9:2E:E9:0D:8C
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/rUL8kjJAGoejPMdDlNB2yS7pDYw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.222.0/24
Signature Algorithm: sha256WithRSAEncryption
79:f2:c7:0b:49:41:12:d0:d6:b1:9c:bb:ec:1d:76:5d:c6:63:
46:e5:b7:e7:06:74:b2:77:fe:87:4d:4d:21:16:43:a6:b0:0a:
35:10:07:97:f8:77:31:d9:7e:b3:8f:36:4d:cb:56:56:10:63:
cc:2e:2c:24:de:d8:51:87:2b:8b:54:e4:a4:31:ac:5f:da:84:
ec:99:28:58:ad:8c:6c:88:a1:3f:06:6c:88:1d:bd:df:be:de:
35:d4:fa:66:ac:49:ef:9c:64:6d:9e:a3:ec:94:52:1f:3b:5d:
24:78:bf:0c:61:e1:46:36:0d:4d:1d:13:aa:f0:16:c0:b4:a7:
50:89:2b:56:d1:fd:9a:be:49:9b:d2:0e:cc:b6:26:ff:e5:d6:
d9:ac:14:e1:60:20:5c:9f:a3:8e:aa:15:72:c9:61:51:45:67:
ed:9c:37:f9:b2:f7:9f:31:54:d0:c9:81:01:3a:87:c8:c9:ec:
69:cf:3b:2c:40:36:80:a2:0f:bd:13:50:91:43:06:38:e2:c9:
85:20:0c:61:77:23:0e:c6:54:52:a8:79:50:94:fb:da:34:73:
ff:d7:3a:8c:84:30:30:e5:27:7d:69:8c:ac:52:c4:a3:4f:68:
49:78:8c:91:46:15:9c:a0:e8:f3:7f:ad:74:d1:e1:91:9c:d6:
6e:42:f9:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYeoZeaSce/yO13CWc0vsWw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDQyZmM5MjMyNDAxYTg3YTMzY2M3NDM5NGQwNzZjOTJlZTkwZDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgG22DTniS6tR9O8V73VoApEOvEcb
n6cI33U9jz+YDbDhK2kaQ8jN2afb+971guaXQh6c9wmIo4S/fj+EJEbLAC5keSJb
ffvyKjEfwIZpsU3lzDxnLmjOZgq38viS8mpRW1AoQfgCZncmOa/USmYkYfN3RwcR
/w7L/paihvQkBByfyRs1j4Q5c5KHipFgNuQ3yHVnuSZfuyB5GLJAOuXEJ48SwDLY
E7PzTW3JbtLIV/OgiIRhTkeQHG2kWMPiEGCFwCwHvIckD4SECsVhU3svN5y7tPu2
t8R4OSNNwRscPLQyOCDOs/iu6UqtjSaHjkWFUeFWpvVSXuCN6W7eXd3BiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1C/JIyQBqHozzHQ5TQdsku6Q2MMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvclVMOGtqSkFHb2VqUE1kRGxOQjJ5UzdwRFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXreMA0G
CSqGSIb3DQEBCwUAA4IBAQB58scLSUES0NaxnLvsHXZdxmNG5bfnBnSyd/6HTU0h
FkOmsAo1EAeX+Hcx2X6zjzZNy1ZWEGPMLiwk3thRhyuLVOSkMaxf2oTsmShYrYxs
iKE/BmyIHb3fvt411PpmrEnvnGRtnqPslFIfO10keL8MYeFGNg1NHROq8BbAtKdQ
iStW0f2avkmb0g7Mtib/5dbZrBThYCBcn6OOqhVyyWFRRWftnDf5svefMVTQyYEB
OofIyexpzzssQDaAog+9E1CRQwY44smFIAxhdyMOxlRSqHlQlPvaNHP/1zqMhDAw
5Sd9aYysUsSjT2hJeIyRRhWcoOjzf6100eGRnNZuQvmm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org