Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/wkF9o894j_kBgfSJM_b_wv7KMgM.roa
File: wkF9o894j_kBgfSJM_b_wv7KMgM.roa (raw, json)
Hash identifier: HmFWg6xWLglpvbPEOeHM+ijgTTftu16oGkspcn0gG0M=
Subject key identifier: C2:41:7D:A3:CF:78:8F:F9:01:81:F4:89:33:F6:FF:C2:FE:CA:32:03
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018CC0FE44C796915218AAE9EB632008E631
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/wkF9o894j_kBgfSJM_b_wv7KMgM.roa
Signing time: Sun 31 Dec 2023 17:48:58 +0000
ROA not before: Sun 31 Dec 2023 17:48:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48678
IP address blocks: 109.122.196.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c0:fe:44:c7:96:91:52:18:aa:e9:eb:63:20:08:e6:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 31 17:48:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c2417da3cf788ff90181f48933f6ffc2feca3203
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:ab:ba:3a:f8:6c:1e:5f:03:89:ae:91:64:8d:
c0:a6:97:10:f7:34:8b:57:df:5f:c4:ce:61:cb:e8:
e8:b7:05:9c:3e:b5:06:aa:98:7e:2d:72:54:e0:c2:
b4:fa:e6:4c:0b:91:2f:a2:37:db:4b:34:ed:d9:f5:
60:da:2e:f1:eb:78:b5:37:d9:2a:05:83:cd:24:5c:
06:79:27:4a:52:02:bb:c2:d3:e5:77:1b:26:64:f7:
78:38:14:97:ac:9b:9b:b9:d0:e9:73:db:29:4f:02:
69:61:c9:ab:88:00:72:82:b8:b6:0b:1b:c7:df:d7:
a1:34:ac:09:e1:2f:ad:7c:13:ef:c8:5d:cf:7a:f8:
62:51:6d:57:49:cd:be:d1:c0:a0:ee:4b:e0:cb:49:
71:34:8b:fa:ec:09:52:43:86:76:54:0e:5d:8f:89:
78:a6:d4:5f:13:d0:8d:b3:f1:69:57:c6:32:24:0a:
53:6e:1e:75:a3:69:95:e5:91:9f:cb:d2:ea:7f:60:
48:69:cc:b6:d9:36:6d:19:5b:b4:e1:6f:38:24:6d:
a2:57:c3:f0:e7:96:84:16:f3:25:17:a8:48:e7:58:
33:0c:1d:59:11:99:43:2b:31:94:26:b2:e5:40:dd:
b0:d9:26:81:e3:e1:1e:be:4e:26:96:5b:7d:f9:37:
ac:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:41:7D:A3:CF:78:8F:F9:01:81:F4:89:33:F6:FF:C2:FE:CA:32:03
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/wkF9o894j_kBgfSJM_b_wv7KMgM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.196.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:73:15:e8:df:79:e4:8d:2f:48:73:f5:71:14:e9:1b:8a:ac:
32:05:c2:ef:80:b2:a2:aa:0f:69:ca:92:b9:b9:06:27:e4:fe:
e8:0c:19:0f:9e:11:32:74:da:d7:11:db:fd:9e:a9:2e:78:a9:
98:2d:a8:aa:c8:05:f6:99:b5:f7:99:38:a9:d2:c5:31:8c:d2:
a7:e3:29:e2:38:b5:96:15:6b:d4:c0:58:47:a9:2a:61:86:3c:
32:0e:fa:52:b0:35:01:73:29:b2:1b:24:03:c8:26:05:42:4e:
9a:6f:ce:18:73:19:0d:85:0b:8a:9e:1a:7c:cd:ef:ef:a1:87:
1e:93:9c:e1:61:75:a5:f8:c8:3b:45:a7:37:a6:b0:45:f3:89:
ca:13:7b:a6:2e:a2:ba:a2:28:ae:3c:fb:64:8d:9e:b6:d9:66:
2b:fe:8d:02:53:29:ea:a9:ec:c1:49:25:8b:2b:18:0b:a3:e1:
fe:bb:35:ee:23:a2:cd:7f:75:a1:1d:b5:da:16:5f:d4:83:e5:
aa:c2:6e:d5:fc:73:e1:51:aa:8b:7f:f0:34:bc:87:e9:fe:dc:
fb:67:91:2f:52:37:f8:f2:da:cd:f3:3d:f3:13:7a:5c:1b:c7:
66:a3:e8:f0:be:69:3e:c3:89:a7:15:8b:41:f9:bf:be:ea:5c:
09:e8:ce:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzA/kTHlpFSGKrp62MgCOYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjMxMTc0ODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQxN2RhM2NmNzg4ZmY5MDE4MWY0ODkzM2Y2ZmZjMmZlY2EzMjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqu6OvhsHl8Dia6RZI3AppcQ9zSL
V99fxM5hy+jotwWcPrUGqph+LXJU4MK0+uZMC5EvojfbSzTt2fVg2i7x63i1N9kq
BYPNJFwGeSdKUgK7wtPldxsmZPd4OBSXrJubudDpc9spTwJpYcmriABygri2CxvH
39ehNKwJ4S+tfBPvyF3PevhiUW1XSc2+0cCg7kvgy0lxNIv67AlSQ4Z2VA5dj4l4
ptRfE9CNs/FpV8YyJApTbh51o2mV5ZGfy9Lqf2BIacy22TZtGVu04W84JG2iV8Pw
55aEFvMlF6hI51gzDB1ZEZlDKzGUJrLlQN2w2SaB4+Eevk4mllt9+TesgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJBfaPPeI/5AYH0iTP2/8L+yjIDMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvd2tGOW84OTRqX2tCZ2ZTSk1fYl93djdLTWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQBOcxXo33nkjS9Ic/VxFOkbiqwyBcLvgLKiqg9pypK5
uQYn5P7oDBkPnhEydNrXEdv9nqkueKmYLaiqyAX2mbX3mTip0sUxjNKn4yniOLWW
FWvUwFhHqSphhjwyDvpSsDUBcymyGyQDyCYFQk6ab84YcxkNhQuKnhp8ze/voYce
k5zhYXWl+Mg7Rac3prBF84nKE3umLqK6oiiuPPtkjZ622WYr/o0CUynqqezBSSWL
KxgLo+H+uzXuI6LNf3WhHbXaFl/Ug+Wqwm7V/HPhUaqLf/A0vIfp/tz7Z5EvUjf4
8trN8z3zE3pcG8dmo+jwvmk+w4mnFYtB+b++6lwJ6M4I
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org