Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/rgUjbWKtDrVllF4EeEeCmKYhfcY.roa
File: rgUjbWKtDrVllF4EeEeCmKYhfcY.roa (raw, json)
Hash identifier: +vNG4dXMlcE+2bvfFtoe5g6q+UIqMJ0CpKi85kwzZ7c=
Subject key identifier: AE:05:23:6D:62:AD:0E:B5:65:94:5E:04:78:47:82:98:A6:21:7D:C6
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187A865E373FF889B0359B20F019ECC146D
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/rgUjbWKtDrVllF4EeEeCmKYhfcY.roa
Signing time: Sat 22 Apr 2023 09:57:42 +0000
ROA not before: Sat 22 Apr 2023 09:57:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39368
IP address blocks: 109.122.199.0/24 maxlen: 24
109.122.209.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a8:65:e3:73:ff:88:9b:03:59:b2:0f:01:9e:cc:14:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 22 09:57:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ae05236d62ad0eb565945e0478478298a6217dc6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:4a:0d:9e:6a:9f:f7:68:3d:42:21:50:c1:15:
b5:e1:04:25:fa:0e:bd:97:be:4c:45:96:da:14:44:
bd:b3:90:7f:dc:41:25:ae:b1:fa:aa:76:58:36:0f:
e5:44:12:ce:61:f0:17:9e:fe:ce:27:ac:2a:14:dc:
a7:0f:fa:08:48:60:59:b5:a0:09:96:b7:c1:0e:7f:
08:96:c2:82:21:3f:c0:c1:43:0a:80:54:6b:8b:45:
8e:9f:01:28:84:c3:53:40:da:84:09:b4:98:d8:77:
f8:a6:3c:72:d2:f6:04:2e:29:2f:71:41:07:6e:83:
24:e9:bd:50:ed:64:75:a9:ff:e0:05:f1:b0:b2:0e:
15:1d:76:a8:33:3f:0d:1b:dc:91:3e:1b:63:07:34:
cb:d1:23:63:fc:8e:b7:80:3e:a7:2e:22:b7:cf:8d:
fc:52:14:a7:ee:97:0c:4c:fc:f8:af:a9:a0:0c:3c:
fe:e7:d9:d2:86:ba:d8:67:9e:7b:55:fe:84:96:b0:
48:ab:8d:74:53:94:e8:c8:8f:58:e5:67:12:94:c9:
5a:30:08:de:4f:79:fe:97:52:89:99:c3:cb:3e:28:
cd:aa:50:0f:d4:b8:a3:91:39:f6:83:68:ff:11:f9:
65:c8:12:b0:61:2c:61:62:ba:f8:fb:bb:72:49:2a:
1a:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:05:23:6D:62:AD:0E:B5:65:94:5E:04:78:47:82:98:A6:21:7D:C6
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/rgUjbWKtDrVllF4EeEeCmKYhfcY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.199.0/24
109.122.209.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:9e:0f:ff:69:9a:ac:45:c3:f6:be:56:40:c3:30:37:de:b1:
a2:db:1f:6b:4e:5f:79:b5:42:42:f9:a2:6c:f4:5b:cd:ce:cf:
de:c2:4d:6c:1a:82:d2:14:ce:b5:f1:5d:1a:c1:a5:1d:b1:d6:
ee:ed:3d:04:f8:fa:6f:7d:31:36:45:0e:11:fa:92:43:34:e9:
7e:0d:c6:6c:e8:e9:db:0d:1b:05:86:74:c7:20:58:8e:07:8e:
56:34:99:4b:0d:de:80:23:2b:37:a1:81:c5:f6:99:7e:a0:72:
90:3b:46:9f:95:44:c1:5e:a5:66:d1:fd:ea:6f:b9:0f:d1:62:
90:c8:f0:c7:79:45:e1:c7:30:43:79:8e:3a:d3:32:67:4a:03:
0f:3a:83:d7:9b:76:ff:4d:0d:ca:ae:fc:83:68:2d:bf:40:cf:
f3:a7:97:62:3d:f4:48:60:18:6d:87:7e:b0:2f:f7:6d:f9:62:
a1:a9:f4:92:83:d8:28:1e:41:cb:3d:08:b4:f6:3a:3b:06:ff:
98:ef:1f:96:ef:ee:07:c2:03:ba:a6:0b:36:8b:80:66:53:42:
96:4a:bb:92:07:aa:e5:95:9e:88:09:f2:94:05:dd:dd:0a:34:
6b:4f:40:1c:ae:70:ea:cb:7a:6a:c7:e6:84:f2:a2:22:bb:f0:
7a:16:b4:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYeoZeNz/4ibA1myDwGezBRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIyMDk1NzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTA1MjM2ZDYyYWQwZWI1NjU5NDVlMDQ3ODQ3ODI5OGE2MjE3ZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEoNnmqf92g9QiFQwRW14QQl+g69
l75MRZbaFES9s5B/3EElrrH6qnZYNg/lRBLOYfAXnv7OJ6wqFNynD/oISGBZtaAJ
lrfBDn8IlsKCIT/AwUMKgFRri0WOnwEohMNTQNqECbSY2Hf4pjxy0vYELikvcUEH
boMk6b1Q7WR1qf/gBfGwsg4VHXaoMz8NG9yRPhtjBzTL0SNj/I63gD6nLiK3z438
UhSn7pcMTPz4r6mgDDz+59nShrrYZ557Vf6ElrBIq410U5ToyI9Y5WcSlMlaMAje
T3n+l1KJmcPLPijNqlAP1LijkTn2g2j/EfllyBKwYSxhYrr4+7tySSoa6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK4FI21irQ61ZZReBHhHgpimIX3GMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvcmdVamJXS3REclZsbEY0RWVFZUNtS1loZmNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrHAwQA
bXrRMA0GCSqGSIb3DQEBCwUAA4IBAQAcng//aZqsRcP2vlZAwzA33rGi2x9rTl95
tUJC+aJs9FvNzs/ewk1sGoLSFM618V0awaUdsdbu7T0E+PpvfTE2RQ4R+pJDNOl+
DcZs6OnbDRsFhnTHIFiOB45WNJlLDd6AIys3oYHF9pl+oHKQO0aflUTBXqVm0f3q
b7kP0WKQyPDHeUXhxzBDeY460zJnSgMPOoPXm3b/TQ3KrvyDaC2/QM/zp5diPfRI
YBhth36wL/dt+WKhqfSSg9goHkHLPQi09jo7Bv+Y7x+W7+4HwgO6pgs2i4BmU0KW
SruSB6rllZ6ICfKUBd3dCjRrT0AcrnDqy3pqx+aE8qIiu/B6FrTc
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:52:04 2025 by rpki-client