Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/zLMOGL6vmNip03TUxeVka1PYxc0.roa
File: zLMOGL6vmNip03TUxeVka1PYxc0.roa (raw, json)
Hash identifier: CgbE2QaE/BL7IhNMKwzt1g3uJX/5WCNGuYKHOTk6Zv8=
Subject key identifier: CC:B3:0E:18:BE:AF:98:D8:A9:D3:74:D4:C5:E5:64:6B:53:D8:C5:CD
Certificate issuer: /CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Certificate serial: 018C91F7175E1FE1280C67B6CFB1608EEAF0
Authority key identifier: FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/zLMOGL6vmNip03TUxeVka1PYxc0.roa
Signing time: Fri 22 Dec 2023 14:38:58 +0000
ROA not before: Fri 22 Dec 2023 14:38:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48678
IP address blocks: 109.122.196.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:91:f7:17:5e:1f:e1:28:0c:67:b6:cf:b1:60:8e:ea:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff87e0ab032b0c05eb5e74cc2c08698dd324d963
Validity
Not Before: Dec 22 14:38:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ccb30e18beaf98d8a9d374d4c5e5646b53d8c5cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:dc:4d:69:39:16:7b:cf:cd:81:16:dc:fa:0d:
6d:54:a4:6f:41:a6:61:23:14:95:14:77:08:d4:35:
08:58:34:17:73:63:27:c6:87:af:02:77:a8:ac:b0:
e2:ed:1a:64:0f:e7:4e:f1:d6:0c:c3:c3:3d:9d:6c:
a1:30:48:c6:58:d9:11:95:e2:d8:db:61:07:80:bf:
3b:a8:73:88:45:87:34:4f:c7:c2:6e:2e:44:48:76:
d4:a3:08:c1:cc:d8:44:57:72:11:6f:60:eb:2c:87:
aa:d9:ef:ec:17:40:7a:40:d2:c0:91:9c:29:f4:15:
f7:a2:87:53:b1:81:ce:bb:ba:93:c1:14:24:62:af:
8e:ab:ed:2f:d7:ad:77:b1:6f:3e:02:b1:fa:65:65:
ad:7e:bd:f2:a4:67:c9:2a:1c:53:cc:98:18:b2:58:
05:71:7d:c0:02:80:06:11:75:4f:05:98:87:c8:bc:
ae:eb:1a:3d:83:d4:26:ea:4c:d1:86:0c:e1:f0:f0:
06:d0:21:57:6c:33:90:17:31:9a:2c:96:da:b6:1e:
c7:3f:dd:15:03:c3:6c:eb:f9:ad:07:ca:6f:de:b6:
1f:4b:96:7f:3b:05:df:91:cc:63:01:db:b0:fe:6b:
3a:ee:13:ae:0f:76:10:6a:2b:e5:30:fd:8b:8a:9a:
02:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:B3:0E:18:BE:AF:98:D8:A9:D3:74:D4:C5:E5:64:6B:53:D8:C5:CD
X509v3 Authority Key Identifier:
keyid:FF:87:E0:AB:03:2B:0C:05:EB:5E:74:CC:2C:08:69:8D:D3:24:D9:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4fgqwMrDAXrXnTMLAhpjdMk2WM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/zLMOGL6vmNip03TUxeVka1PYxc0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/1df18e-6c4d-434b-8e31-71eb95f50e5b/1/_4fgqwMrDAXrXnTMLAhpjdMk2WM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.196.0/24
Signature Algorithm: sha256WithRSAEncryption
44:d6:04:53:01:64:70:48:83:42:20:11:38:cc:56:91:3f:ab:
2d:7d:4e:db:47:2a:1f:14:d9:f9:98:88:1d:6f:1d:05:cd:bc:
90:0f:5a:fd:7b:66:1c:89:a2:7b:76:f5:20:27:c4:6b:98:5f:
4e:4c:c0:75:56:20:7d:89:50:8f:66:0a:d7:02:9c:68:3a:1c:
d2:71:65:b6:0d:1c:eb:20:5a:36:93:90:c6:91:4f:04:f2:36:
08:60:32:0e:64:ff:59:42:89:60:db:9b:96:58:91:6f:0b:78:
30:e6:aa:6b:e7:33:2f:66:9b:81:da:a0:d1:4a:6c:8a:a6:ab:
17:65:a7:e9:4c:c0:16:ea:d4:84:05:af:0e:91:2e:a1:f0:87:
27:b0:55:68:f4:da:81:49:d4:69:d0:d9:b1:28:9a:0d:19:99:
bb:70:05:8c:94:18:2a:37:ab:fa:5f:2a:b1:a5:9f:09:a5:d7:
04:79:b8:be:01:89:55:31:3f:f2:85:be:1c:07:79:c2:c7:06:
66:3f:cb:e1:21:dd:b8:8b:21:7f:64:e3:61:6c:b9:e1:85:5a:
45:44:83:6d:a8:80:b3:30:b1:7b:50:9e:a1:77:f5:0e:9a:8f:
66:73:ff:22:f4:58:70:1c:c6:5d:6d:21:01:0f:e6:a6:de:0a:
e5:22:55:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyR9xdeH+EoDGe2z7FgjurwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODdlMGFiMDMyYjBjMDVlYjVlNzRjYzJjMDg2OThkZDMy
NGQ5NjMwHhcNMjMxMjIyMTQzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2IzMGUxOGJlYWY5OGQ4YTlkMzc0ZDRjNWU1NjQ2YjUzZDhjNWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytxNaTkWe8/NgRbc+g1tVKRvQaZh
IxSVFHcI1DUIWDQXc2MnxoevAneorLDi7RpkD+dO8dYMw8M9nWyhMEjGWNkRleLY
22EHgL87qHOIRYc0T8fCbi5ESHbUowjBzNhEV3IRb2DrLIeq2e/sF0B6QNLAkZwp
9BX3oodTsYHOu7qTwRQkYq+Oq+0v1613sW8+ArH6ZWWtfr3ypGfJKhxTzJgYslgF
cX3AAoAGEXVPBZiHyLyu6xo9g9Qm6kzRhgzh8PAG0CFXbDOQFzGaLJbath7HP90V
A8Ns6/mtB8pv3rYfS5Z/OwXfkcxjAduw/ms67hOuD3YQaivlMP2LipoCfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyzDhi+r5jYqdN01MXlZGtT2MXNMB8GA1UdIwQY
MBaAFP+H4KsDKwwF6150zCwIaY3TJNljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEt
NzFlYjk1ZjUwZTViLzEvekxNT0dMNnZtTmlwMDNUVXhlVmthMVBZeGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xZGYxOGUtNmM0ZC00MzRiLThlMzEtNzFlYjk1ZjUwZTVi
LzEvXzRmZ3F3TXJEQVhyWG5UTUxBaHBqZE1rMldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrEMA0G
CSqGSIb3DQEBCwUAA4IBAQBE1gRTAWRwSINCIBE4zFaRP6stfU7bRyofFNn5mIgd
bx0FzbyQD1r9e2YciaJ7dvUgJ8RrmF9OTMB1ViB9iVCPZgrXApxoOhzScWW2DRzr
IFo2k5DGkU8E8jYIYDIOZP9ZQolg25uWWJFvC3gw5qpr5zMvZpuB2qDRSmyKpqsX
ZafpTMAW6tSEBa8OkS6h8IcnsFVo9NqBSdRp0NmxKJoNGZm7cAWMlBgqN6v6Xyqx
pZ8JpdcEebi+AYlVMT/yhb4cB3nCxwZmP8vhId24iyF/ZONhbLnhhVpFRINtqICz
MLF7UJ6hd/UOmo9mc/8i9FhwHMZdbSEBD+am3grlIlXz
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:58:30 2025 by rpki-client