Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/sfItcA_WVZr507v2Kll0sfitJuY.roa
File: sfItcA_WVZr507v2Kll0sfitJuY.roa (raw, json)
Hash identifier: /wVheem2tib3iX3AHzWsZFchLM7qbDuLjUgZOwzJqtk=
Subject key identifier: B1:F2:2D:70:0F:D6:55:9A:F9:D3:BB:F6:2A:59:74:B1:F8:AD:26:E6
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018BD60C0F8D50BEBE1536443FB0D04917B3
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/sfItcA_WVZr507v2Kll0sfitJuY.roa
Signing time: Thu 16 Nov 2023 02:53:16 +0000
ROA not before: Thu 16 Nov 2023 02:53:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 109.122.212.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d6:0c:0f:8d:50:be:be:15:36:44:3f:b0:d0:49:17:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Nov 16 02:53:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b1f22d700fd6559af9d3bbf62a5974b1f8ad26e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:e3:8c:18:61:ee:de:47:18:ea:c8:80:5c:d2:
4b:10:01:75:bc:cd:f1:07:f3:38:a9:4b:c9:16:c1:
23:d6:8c:4b:1d:4e:c4:c3:4c:d0:4a:5e:b3:01:a6:
e8:64:25:a7:c2:d1:1c:91:c1:58:b1:03:cd:b7:c9:
b4:ae:75:ce:44:47:50:cc:e5:d9:ca:d6:90:e6:c3:
e2:ca:fb:74:23:14:df:8b:94:45:d4:97:0a:71:d2:
48:bc:fb:76:3f:11:5d:98:16:71:b1:82:2d:d4:a0:
e5:8b:85:a5:3c:a5:3a:5d:38:4c:43:64:6c:0d:05:
f8:f3:75:a4:c4:94:6b:c4:62:17:fa:91:0d:a4:b8:
34:f0:ce:af:41:97:54:df:3a:68:d0:9c:6d:eb:f8:
11:8b:60:dc:34:b2:33:3f:14:ad:50:d6:61:3e:0f:
cc:65:3b:f3:48:23:0d:a1:65:f9:0d:53:07:64:61:
a6:cf:06:06:e5:28:ed:74:98:60:05:8b:66:6d:77:
b9:dc:69:27:97:4d:4d:b3:62:d9:7b:b2:e0:6b:67:
03:99:a6:8f:ab:9c:51:1d:7e:97:eb:37:21:31:01:
d0:91:b6:5f:c8:68:ed:81:ef:bb:4e:20:64:a8:5a:
00:8e:62:eb:4b:01:7c:5f:bc:48:78:1a:a0:ab:7b:
76:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:F2:2D:70:0F:D6:55:9A:F9:D3:BB:F6:2A:59:74:B1:F8:AD:26:E6
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/sfItcA_WVZr507v2Kll0sfitJuY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.212.0/24
Signature Algorithm: sha256WithRSAEncryption
91:8b:39:39:92:99:bb:80:99:0a:5b:e4:89:49:a0:ee:fa:4d:
4b:d1:87:bc:62:0b:bc:56:e1:f9:2f:33:18:09:ee:55:f2:22:
cf:f8:be:d1:bf:fd:bd:ed:9c:b6:b0:fb:5e:51:b3:35:3b:32:
88:19:3d:12:bd:66:f0:02:dc:33:37:72:0d:49:85:34:d5:5c:
12:f2:f8:bc:46:cd:30:1c:1e:9b:a9:75:ff:cc:27:94:14:6d:
50:89:87:1b:2d:2c:7b:d4:96:78:06:42:63:de:fb:57:f6:fb:
d1:cb:dd:e5:74:26:18:4e:e1:91:cb:e3:23:c6:2e:0a:ae:bc:
91:23:d1:a3:a5:92:cf:5f:b6:3c:26:fe:74:b9:9c:b4:1f:d3:
9d:02:dc:dd:ae:06:ca:47:f8:2a:ef:5e:21:be:18:5f:98:f3:
ba:c9:f6:7d:4c:e7:f3:6e:7f:6b:40:c7:c5:af:59:aa:32:1f:
4b:a5:25:58:14:aa:2a:21:66:f7:67:ae:5f:c9:e1:33:2a:41:
fa:52:ac:39:4f:0e:3f:9f:cf:5e:7c:1b:e7:61:1e:54:81:7c:
97:eb:32:b5:c7:eb:c3:b3:b4:69:28:85:65:1a:c8:30:22:ca:
ef:5e:64:97:f8:19:a7:85:fc:a2:53:da:45:b6:05:df:c9:12:
7c:86:3f:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYvWDA+NUL6+FTZEP7DQSRezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMTE2MDI1MzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYyMmQ3MDBmZDY1NTlhZjlkM2JiZjYyYTU5NzRiMWY4YWQyNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+OMGGHu3kcY6siAXNJLEAF1vM3x
B/M4qUvJFsEj1oxLHU7Ew0zQSl6zAaboZCWnwtEckcFYsQPNt8m0rnXOREdQzOXZ
ytaQ5sPiyvt0IxTfi5RF1JcKcdJIvPt2PxFdmBZxsYIt1KDli4WlPKU6XThMQ2Rs
DQX483WkxJRrxGIX+pENpLg08M6vQZdU3zpo0Jxt6/gRi2DcNLIzPxStUNZhPg/M
ZTvzSCMNoWX5DVMHZGGmzwYG5SjtdJhgBYtmbXe53Gknl01Ns2LZe7Lga2cDmaaP
q5xRHX6X6zchMQHQkbZfyGjtge+7TiBkqFoAjmLrSwF8X7xIeBqgq3t2XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHyLXAP1lWa+dO79ipZdLH4rSbmMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvc2ZJdGNBX1dWWnI1MDd2MktsbDBzZml0SnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrUMA0G
CSqGSIb3DQEBCwUAA4IBAQCRizk5kpm7gJkKW+SJSaDu+k1L0Ye8Ygu8VuH5LzMY
Ce5V8iLP+L7Rv/297Zy2sPteUbM1OzKIGT0SvWbwAtwzN3INSYU01VwS8vi8Rs0w
HB6bqXX/zCeUFG1QiYcbLSx71JZ4BkJj3vtX9vvRy93ldCYYTuGRy+Mjxi4KrryR
I9GjpZLPX7Y8Jv50uZy0H9OdAtzdrgbKR/gq714hvhhfmPO6yfZ9TOfzbn9rQMfF
r1mqMh9LpSVYFKoqIWb3Z65fyeEzKkH6Uqw5Tw4/n89efBvnYR5UgXyX6zK1x+vD
s7RpKIVlGsgwIsrvXmSX+BmnhfyiU9pFtgXfyRJ8hj/p
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:07:57 2025 by rpki-client