Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/1-03hyq9Sx7WaWO-K-ldGfKwAuy0.roa
File: 1-03hyq9Sx7WaWO-K-ldGfKwAuy0.roa (raw, json)
Hash identifier: Cfqw5aTYCJxMXrnhu4RRFkp8+hZL9bYEAa/qsD5uHhc=
Subject key identifier: FB:4D:E1:CA:AF:52:C7:B5:9A:58:EF:8A:FA:57:46:7C:AC:00:BB:2D
Certificate issuer: /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial: 018DF097111809974E3AA5EF7F9F24FA2316
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/1-03hyq9Sx7WaWO-K-ldGfKwAuy0.roa
Signing time: Wed 28 Feb 2024 16:40:48 +0000
ROA not before: Wed 28 Feb 2024 16:40:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 32613
IP address blocks: 109.122.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f0:97:11:18:09:97:4e:3a:a5:ef:7f:9f:24:fa:23:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Validity
Not Before: Feb 28 16:40:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fb4de1caaf52c7b59a58ef8afa57467cac00bb2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:c6:3b:a7:f1:e9:dc:8b:a2:98:81:05:0f:ee:
75:22:ce:32:4d:c0:a5:7c:1a:b9:06:d6:68:58:e7:
88:ab:bf:3d:ed:c0:58:b9:26:e0:b2:7a:d5:4a:71:
e7:a0:0e:4c:b6:97:30:13:a5:f0:43:ff:2a:5f:23:
f2:39:dd:fa:f9:8a:76:db:c9:a4:9e:49:19:d5:b1:
3c:30:01:14:22:d3:bc:71:79:f3:c0:7a:cd:08:6e:
bd:3f:19:dd:d9:c6:2b:0b:da:98:e4:6c:0d:42:a6:
24:9f:c8:3e:f5:8d:55:d1:ad:84:f3:fa:df:10:ed:
5c:0c:9a:b5:b6:37:ba:63:8a:ea:c4:53:e9:ca:b7:
a5:19:05:54:d9:53:3b:a4:fd:cc:bb:84:99:88:84:
91:c6:de:a3:d7:c4:e5:e7:95:88:11:02:05:11:10:
48:5e:d9:b1:ce:67:08:f7:9a:00:61:86:75:3d:11:
63:9b:9b:bc:38:bd:30:df:88:d2:01:5c:24:5f:2c:
c7:54:de:99:b6:d6:e4:4a:ff:63:a4:0a:f0:e6:60:
16:8c:b2:05:d4:18:dd:61:25:27:5b:a5:b7:2f:4b:
a8:d6:d4:23:20:d5:b6:7f:ab:09:ed:6b:4b:76:4a:
c4:61:17:4e:3d:b5:3c:7a:88:47:52:60:bb:51:7b:
b5:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:4D:E1:CA:AF:52:C7:B5:9A:58:EF:8A:FA:57:46:7C:AC:00:BB:2D
X509v3 Authority Key Identifier:
keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/1-03hyq9Sx7WaWO-K-ldGfKwAuy0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.194.0/24
Signature Algorithm: sha256WithRSAEncryption
88:e7:3f:ba:d1:68:2e:d0:cc:ab:e8:56:43:62:36:91:ba:13:
21:14:19:9a:25:1b:ca:4c:56:62:ba:2d:e0:f1:fe:b3:f0:56:
fb:f9:ca:50:5f:cc:76:d7:9d:82:02:8b:d5:fe:20:e5:9b:3c:
f9:c2:5d:95:52:6e:23:5c:bd:1e:0d:f2:ed:a3:d7:b0:fc:98:
05:5a:e1:5a:5d:f6:6a:e0:30:a2:a4:a3:f1:7e:8b:02:2b:fa:
2f:6d:f7:f5:40:60:b9:48:8d:21:d1:9a:13:f1:97:5d:82:d5:
c5:9e:b1:07:03:8c:6b:38:7c:dd:39:37:99:1f:59:35:c2:7f:
18:77:d8:a9:72:dc:f3:1e:18:db:b7:13:df:ff:af:e0:91:f6:
49:c2:f0:a8:f9:ec:34:2b:e8:cf:76:b9:5e:38:15:71:26:ca:
10:ab:8a:86:37:18:c4:97:03:75:ae:7b:0d:7e:0e:3d:d4:a9:
2f:96:f2:6a:d5:c8:be:bc:e6:b3:cb:98:4c:5b:5c:06:d6:fa:
1a:d4:95:ca:a5:b5:83:59:8d:0d:9e:d5:ae:2b:a3:0f:2a:f2:
9c:85:1f:7c:89:bc:a3:5b:83:0c:b1:07:83:76:a0:4b:ee:7c:
df:07:ed:62:ad:0d:bb:f9:80:45:47:cb:40:e0:90:8e:ba:52:
46:8a:dd:7c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3wlxEYCZdOOqXvf58k+iMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjQwMjI4MTY0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjRkZTFjYWFmNTJjN2I1OWE1OGVmOGFmYTU3NDY3Y2FjMDBiYjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cY7p/Hp3IuimIEFD+51Is4yTcCl
fBq5BtZoWOeIq7897cBYuSbgsnrVSnHnoA5MtpcwE6XwQ/8qXyPyOd36+Yp228mk
nkkZ1bE8MAEUItO8cXnzwHrNCG69Pxnd2cYrC9qY5GwNQqYkn8g+9Y1V0a2E8/rf
EO1cDJq1tje6Y4rqxFPpyrelGQVU2VM7pP3Mu4SZiISRxt6j18Tl55WIEQIFERBI
XtmxzmcI95oAYYZ1PRFjm5u8OL0w34jSAVwkXyzHVN6ZttbkSv9jpArw5mAWjLIF
1BjdYSUnW6W3L0uo1tQjINW2f6sJ7WtLdkrEYRdOPbU8eohHUmC7UXu1SwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPtN4cqvUse1mljvivpXRnysALstMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvMS0wM2h5cTlTeDdXYVdPLUstbGRHZkt3QXV5MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNmMvMWM2MGFjLWJhM2YtNDQwYi04NjhiLWVhMTJlZjk0MjJl
Yy8xL2NpTEZxMzJ6M1RsbUdTLXFfZ2Z6RVZzTWp1VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG16wjAN
BgkqhkiG9w0BAQsFAAOCAQEAiOc/utFoLtDMq+hWQ2I2kboTIRQZmiUbykxWYrot
4PH+s/BW+/nKUF/MdtedggKL1f4g5Zs8+cJdlVJuI1y9Hg3y7aPXsPyYBVrhWl32
auAwoqSj8X6LAiv6L2339UBguUiNIdGaE/GXXYLVxZ6xBwOMazh83Tk3mR9ZNcJ/
GHfYqXLc8x4Y27cT3/+v4JH2ScLwqPnsNCvoz3a5XjgVcSbKEKuKhjcYxJcDda57
DX4OPdSpL5byatXIvrzms8uYTFtcBtb6GtSVyqW1g1mNDZ7VriujDyrynIUffIm8
o1uDDLEHg3agS+583wftYq0Nu/mARUfLQOCQjrpSRordfA==
-----END CERTIFICATE-----
Generated at Wed Mar 6 19:11:47 2024 by rpki-client on console-ams.rpki-client.org