Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/w9fzADd1IyJ0SGmq-TLp-cB5MoE.roa
File: w9fzADd1IyJ0SGmq-TLp-cB5MoE.roa (raw, json)
Hash identifier: W+7z6FYybpPND+YQcdgdpVBEqkZ2VaqDxsV+171+u7M=
Subject key identifier: C3:D7:F3:00:37:75:23:22:74:48:69:AA:F9:32:E9:F9:C0:79:32:81
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 0187AD1F4A3AB5C2A57A8122CB1BAE2E7DC2
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/w9fzADd1IyJ0SGmq-TLp-cB5MoE.roa
Signing time: Sun 23 Apr 2023 07:58:41 +0000
ROA not before: Sun 23 Apr 2023 07:58:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 109.122.210.0/24 maxlen: 24
109.122.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ad:1f:4a:3a:b5:c2:a5:7a:81:22:cb:1b:ae:2e:7d:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Apr 23 07:58:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c3d7f30037752322744869aaf932e9f9c0793281
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:7c:35:66:ea:a3:db:30:cd:ed:db:45:34:a7:
e9:52:e3:07:85:53:a6:ae:b8:3d:64:ce:aa:49:70:
08:6a:d0:2d:e5:7f:ee:ef:53:44:27:04:02:cc:a2:
c2:cb:c8:13:37:c5:5c:49:b0:3d:64:12:f3:bc:d8:
ca:bc:24:80:57:bc:8f:96:d7:6f:de:8f:54:43:77:
ff:97:18:2d:43:14:ce:98:52:8c:c2:10:95:4f:c3:
be:07:b0:83:40:d0:95:d0:06:17:20:6f:97:00:3e:
ce:65:44:58:51:90:6f:62:c2:3a:de:e4:b3:85:dd:
64:37:7a:e9:3a:58:3d:02:39:e0:75:ad:ba:0a:9c:
d6:8a:72:9c:00:81:85:7f:8e:d9:6a:42:8e:67:16:
a6:1d:0b:04:06:e3:25:47:b6:39:37:9d:22:96:e5:
18:d5:cf:66:5e:92:d9:66:5a:6f:59:6d:39:ad:68:
d1:ea:1d:38:76:a5:36:8f:01:43:3c:8b:db:d4:4f:
57:95:28:bf:e5:f3:44:86:36:09:0f:2e:c7:3c:99:
08:d2:6c:29:3f:04:49:89:b7:a1:35:34:ea:fa:ea:
01:ee:60:fb:de:68:be:79:9d:ed:ce:42:5d:dd:45:
cc:e2:f0:c7:8a:93:2a:49:bd:aa:8e:cb:d2:16:8e:
d0:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:D7:F3:00:37:75:23:22:74:48:69:AA:F9:32:E9:F9:C0:79:32:81
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/w9fzADd1IyJ0SGmq-TLp-cB5MoE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.210.0/24
109.122.213.0/24
Signature Algorithm: sha256WithRSAEncryption
68:3a:b5:f4:26:90:68:5c:0a:bb:a3:65:40:f7:fc:70:50:f1:
cb:89:96:f4:46:e1:bd:b4:d0:52:09:74:dd:af:65:87:2b:fe:
d5:02:55:d6:5d:2b:73:f2:69:1e:8d:63:a0:32:15:ce:63:cb:
1a:74:43:2f:cd:e0:12:3d:4d:ee:2a:54:60:cc:53:54:bf:92:
83:e5:cd:63:16:cc:ad:f0:8f:d2:c3:46:07:6b:3e:de:db:32:
fe:ac:8e:80:f3:5e:af:a5:4a:95:10:5b:34:f3:70:0c:c9:5e:
5e:38:20:ec:04:0c:db:7c:95:86:a1:9e:9d:08:78:0a:de:35:
1b:ec:1d:48:28:c7:af:1d:2c:6c:7a:24:92:e5:eb:6e:7e:4d:
47:64:a3:62:a9:b9:b5:da:31:7d:3e:a7:ff:a1:73:8a:49:d1:
df:b1:36:ad:ab:06:e4:d4:f7:1e:a8:7f:79:65:2b:dc:3a:d6:
32:0f:65:ae:8e:55:ba:58:10:49:d0:84:04:25:66:0c:63:5b:
6f:a1:17:57:fb:77:ba:71:6f:11:65:46:ec:68:85:d4:98:5c:
18:74:92:fd:07:0d:31:8a:6b:c4:8d:42:88:84:8d:aa:d8:92:
5c:08:e9:6a:16:53:e1:d7:ca:07:09:50:78:c0:65:81:70:57:
de:48:f7:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYetH0o6tcKleoEiyxuuLn3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMwNDIzMDc1ODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q3ZjMwMDM3NzUyMzIyNzQ0ODY5YWFmOTMyZTlmOWMwNzkzMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3w1Zuqj2zDN7dtFNKfpUuMHhVOm
rrg9ZM6qSXAIatAt5X/u71NEJwQCzKLCy8gTN8VcSbA9ZBLzvNjKvCSAV7yPltdv
3o9UQ3f/lxgtQxTOmFKMwhCVT8O+B7CDQNCV0AYXIG+XAD7OZURYUZBvYsI63uSz
hd1kN3rpOlg9Ajngda26CpzWinKcAIGFf47ZakKOZxamHQsEBuMlR7Y5N50iluUY
1c9mXpLZZlpvWW05rWjR6h04dqU2jwFDPIvb1E9XlSi/5fNEhjYJDy7HPJkI0mwp
PwRJibehNTTq+uoB7mD73mi+eZ3tzkJd3UXM4vDHipMqSb2qjsvSFo7Q6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMPX8wA3dSMidEhpqvky6fnAeTKBMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvdzlmekFEZDFJeUowU0dtcS1UTHAtY0I1TW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrSAwQA
bXrVMA0GCSqGSIb3DQEBCwUAA4IBAQBoOrX0JpBoXAq7o2VA9/xwUPHLiZb0RuG9
tNBSCXTdr2WHK/7VAlXWXStz8mkejWOgMhXOY8sadEMvzeASPU3uKlRgzFNUv5KD
5c1jFsyt8I/Sw0YHaz7e2zL+rI6A816vpUqVEFs083AMyV5eOCDsBAzbfJWGoZ6d
CHgK3jUb7B1IKMevHSxseiSS5etufk1HZKNiqbm12jF9Pqf/oXOKSdHfsTatqwbk
1PceqH95ZSvcOtYyD2WujlW6WBBJ0IQEJWYMY1tvoRdX+3e6cW8RZUbsaIXUmFwY
dJL9Bw0ximvEjUKIhI2q2JJcCOlqFlPh18oHCVB4wGWBcFfeSPfK
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:04 2024 by rpki-client on console-ams.rpki-client.org