Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/usq3ADmFPC6ixppdNEUkNhmLcoQ.roa
File: usq3ADmFPC6ixppdNEUkNhmLcoQ.roa (raw, json)
Hash identifier: p+GuqnGOyL+Plv66pJ3/j0cd4BSCSZ4K6RSOK8/gFPk=
Subject key identifier: BA:CA:B7:00:39:85:3C:2E:A2:C6:9A:5D:34:45:24:36:19:8B:72:84
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018E29668CA54FCAE3F02E4AB8B26D783198
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/usq3ADmFPC6ixppdNEUkNhmLcoQ.roa
Signing time: Sun 10 Mar 2024 17:26:10 +0000
ROA not before: Sun 10 Mar 2024 17:26:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48678
IP address blocks: 109.122.196.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:29:66:8c:a5:4f:ca:e3:f0:2e:4a:b8:b2:6d:78:31:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Mar 10 17:26:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bacab70039853c2ea2c69a5d34452436198b7284
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:cb:80:8b:40:87:79:f6:0f:1f:ef:69:cc:9c:
46:c0:36:ee:25:12:f9:5f:31:ea:25:35:73:5a:f0:
f3:e6:05:eb:84:8c:9e:18:b9:3f:98:2b:be:01:fa:
cd:43:ca:aa:86:2c:32:8a:81:f4:53:8c:1d:72:25:
d8:91:5e:41:14:f6:aa:9f:ab:67:ce:7d:fd:81:b3:
5f:75:5a:97:37:16:79:87:2c:ee:7d:ad:2c:a1:29:
02:13:f7:5a:bc:c4:c8:13:94:3f:43:8d:87:de:49:
8b:8f:a9:44:22:b3:9b:1d:75:98:aa:e0:90:20:3a:
62:01:23:15:25:17:61:3d:0d:5b:2a:48:b2:43:cc:
17:ba:97:cd:08:fb:1a:2a:f8:e5:4a:9d:8c:7f:0f:
c1:9e:a1:80:88:1a:c2:cb:b1:ca:a9:c0:30:e3:91:
71:b5:8b:b6:82:83:1a:35:6d:36:c4:dc:00:ff:8b:
ea:bf:b9:44:ec:72:ba:1f:eb:b5:be:f7:af:54:f1:
54:38:51:9c:42:bc:2a:39:59:1f:03:10:d4:8b:6c:
0f:3c:a6:a0:37:50:da:b4:e0:f4:b2:11:55:98:47:
82:f8:f3:02:3a:74:13:b1:1a:a0:81:84:ef:9f:dd:
f7:39:07:7d:9c:b4:81:c3:a8:92:61:ab:c4:77:02:
ee:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:CA:B7:00:39:85:3C:2E:A2:C6:9A:5D:34:45:24:36:19:8B:72:84
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/usq3ADmFPC6ixppdNEUkNhmLcoQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.196.0/24
Signature Algorithm: sha256WithRSAEncryption
66:99:78:80:30:10:dd:0c:fd:dd:ef:2d:5e:52:59:d8:6d:db:
b2:06:9c:fb:27:b3:b0:1c:e1:bd:25:70:85:70:ae:f6:da:ba:
e6:12:09:62:1e:6f:de:ca:37:9a:c1:8e:57:ec:9d:87:5f:43:
d3:9c:02:83:4a:35:fa:bf:a2:08:e0:a3:8c:a0:b1:0e:73:eb:
50:77:47:23:c2:fa:85:04:ee:7e:46:ed:a7:63:80:b4:e9:16:
20:6a:32:6b:02:b8:08:0c:87:99:3b:dd:3f:8b:c1:5d:f5:35:
10:d8:8e:1a:42:21:2b:c1:fb:b5:ec:d3:39:f5:7b:9a:e9:4e:
f6:59:53:3e:07:af:55:78:7f:6a:0b:6c:f1:de:44:9a:ea:59:
36:57:6b:66:bc:cb:9c:32:70:c2:a9:5d:91:1d:8e:12:de:47:
c0:ec:7b:5b:8e:21:b7:b7:f0:8f:f1:a9:a9:25:d3:2a:f6:4d:
a9:eb:13:1e:94:7e:a6:56:7b:65:fb:c4:46:cf:75:99:d1:8a:
e7:cf:92:38:c8:e1:8a:9c:7e:fb:04:84:a8:b0:92:f9:4d:f0:
90:ae:be:34:9c:66:c6:fb:1e:b2:ca:a3:37:da:b0:f2:b8:ac:
4b:ae:99:90:42:e3:08:78:7c:2c:84:e7:d8:85:00:e1:e8:23:
1c:a7:05:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4pZoylT8rj8C5KuLJteDGYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjQwMzEwMTcyNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWNhYjcwMDM5ODUzYzJlYTJjNjlhNWQzNDQ1MjQzNjE5OGI3Mjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8uAi0CHefYPH+9pzJxGwDbuJRL5
XzHqJTVzWvDz5gXrhIyeGLk/mCu+AfrNQ8qqhiwyioH0U4wdciXYkV5BFPaqn6tn
zn39gbNfdVqXNxZ5hyzufa0soSkCE/davMTIE5Q/Q42H3kmLj6lEIrObHXWYquCQ
IDpiASMVJRdhPQ1bKkiyQ8wXupfNCPsaKvjlSp2Mfw/BnqGAiBrCy7HKqcAw45Fx
tYu2goMaNW02xNwA/4vqv7lE7HK6H+u1vvevVPFUOFGcQrwqOVkfAxDUi2wPPKag
N1DatOD0shFVmEeC+PMCOnQTsRqggYTvn933OQd9nLSBw6iSYavEdwLuAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrKtwA5hTwuosaaXTRFJDYZi3KEMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvdXNxM0FEbUZQQzZpeHBwZE5FVWtOaG1MY29RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQBmmXiAMBDdDP3d7y1eUlnYbduyBpz7J7OwHOG9JXCF
cK722rrmEgliHm/eyjeawY5X7J2HX0PTnAKDSjX6v6II4KOMoLEOc+tQd0cjwvqF
BO5+Ru2nY4C06RYgajJrArgIDIeZO90/i8Fd9TUQ2I4aQiErwfu17NM59Xua6U72
WVM+B69VeH9qC2zx3kSa6lk2V2tmvMucMnDCqV2RHY4S3kfA7HtbjiG3t/CP8amp
JdMq9k2p6xMelH6mVntl+8RGz3WZ0Yrnz5I4yOGKnH77BISosJL5TfCQrr40nGbG
+x6yyqM32rDyuKxLrpmQQuMIeHwshOfYhQDh6CMcpwW6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org