Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/CQqgfLgsryQ70v3Y5suHB2WD8xc.roa
File: CQqgfLgsryQ70v3Y5suHB2WD8xc.roa (raw, json)
Hash identifier: SlY4pHrgqO6M4aFt+MW9MUcKs+dXSqaN9qjYhcG4kmo=
Subject key identifier: 09:0A:A0:7C:B8:2C:AF:24:3B:D2:FD:D8:E6:CB:87:07:65:83:F3:17
Certificate issuer: /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial: 0191B2D02A41D70011266FAFD5B21B4FE931
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/CQqgfLgsryQ70v3Y5suHB2WD8xc.roa
Signing time: Mon 02 Sep 2024 12:57:52 +0000
ROA not before: Mon 02 Sep 2024 12:57:52 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49872
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.193.0/24 maxlen: 24
109.122.194.0/24 maxlen: 24
109.122.195.0/24 maxlen: 24
109.122.196.0/24 maxlen: 24
109.122.197.0/24 maxlen: 24
109.122.198.0/24 maxlen: 24
109.122.199.0/24 maxlen: 24
109.122.200.0/24 maxlen: 24
109.122.201.0/24 maxlen: 24
109.122.202.0/24 maxlen: 24
109.122.203.0/24 maxlen: 24
109.122.204.0/24 maxlen: 24
109.122.205.0/24 maxlen: 24
109.122.206.0/24 maxlen: 24
109.122.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:b2:d0:2a:41:d7:00:11:26:6f:af:d5:b2:1b:4f:e9:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Validity
Not Before: Sep 2 12:57:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=090aa07cb82caf243bd2fdd8e6cb87076583f317
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:e5:c4:7e:5f:f2:6b:f7:c7:74:55:c1:5f:28:
89:3f:db:1b:78:80:bc:d4:c8:da:ba:5a:6b:f8:03:
a7:c2:8d:b5:3b:08:e3:79:36:43:bd:f4:a1:52:7b:
cc:4c:80:fd:57:3c:28:28:90:0d:35:b5:d3:ca:e2:
87:30:aa:79:f6:87:e6:2b:ce:5d:15:9d:ab:7f:65:
a1:ab:f1:ce:ee:ab:20:2c:f7:70:23:b7:43:df:60:
a5:7c:3c:0c:f1:c2:48:28:22:cc:29:68:fb:ad:8b:
d4:95:e9:79:79:01:17:fa:8f:05:78:10:92:1b:fb:
7d:d6:db:19:7e:e5:58:bc:69:23:6c:e9:92:33:06:
c7:c6:68:40:84:08:2f:8c:94:a3:fd:91:cd:34:26:
6d:7d:96:5f:ba:b6:83:cb:41:b7:e1:06:64:8d:2b:
72:76:65:c9:67:e1:dd:52:d4:fe:55:67:2d:ab:da:
2c:93:79:cf:74:e5:05:87:fe:3d:df:b3:8b:fa:a9:
18:4f:31:55:1e:3f:9e:9e:03:93:b5:65:6d:b2:b2:
54:5e:73:ba:af:6d:0c:17:f7:7b:ff:dc:58:72:6a:
85:52:4b:8c:bf:0e:05:82:72:0f:cb:93:3b:26:15:
3f:38:45:c8:45:15:89:ea:73:cf:39:67:01:71:96:
10:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:0A:A0:7C:B8:2C:AF:24:3B:D2:FD:D8:E6:CB:87:07:65:83:F3:17
X509v3 Authority Key Identifier:
keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/CQqgfLgsryQ70v3Y5suHB2WD8xc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/20
Signature Algorithm: sha256WithRSAEncryption
75:b1:38:e8:c3:f9:95:61:82:65:c6:d8:06:04:f7:d6:4f:72:
17:2c:47:4e:04:fb:14:72:f7:f8:ee:5c:8f:7f:e1:56:64:91:
09:bb:c4:3c:21:ce:a4:f9:d9:89:45:49:81:84:b1:da:dd:46:
56:d5:85:79:fb:c8:ec:31:98:35:85:56:5f:67:db:d5:3a:c7:
6d:d8:8b:9e:45:e1:23:59:5f:13:cf:1d:bc:4f:da:1b:14:9a:
20:04:0e:e3:a9:4d:ab:42:f7:6d:d5:09:95:c2:c8:6b:e5:7d:
52:56:10:db:42:80:c8:8c:ae:f3:bf:08:85:08:13:72:6a:24:
a2:35:69:24:33:ec:a4:36:ea:41:61:c5:55:79:f4:71:4a:09:
01:53:54:8c:99:5a:e2:0c:d8:11:06:bb:0c:5c:4f:ae:e5:2f:
e3:cb:5a:61:7b:df:cb:5a:83:c2:9d:c9:44:41:69:f2:65:f3:
d7:46:c0:af:41:0b:14:f6:86:87:65:2a:0d:20:47:2e:8a:17:
1c:8a:c2:cc:85:33:5a:b9:1d:f6:04:60:2f:a8:cc:ca:30:d2:
db:ea:f4:d8:2b:b4:eb:d7:0e:68:7a:51:45:c2:8a:a9:77:d2:
3c:75:29:4d:86:0c:d1:2f:69:af:b3:a7:15:78:9a:ed:f7:87:
cd:65:9a:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGy0CpB1wARJm+v1bIbT+kxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjQwOTAyMTI1NzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBhYTA3Y2I4MmNhZjI0M2JkMmZkZDhlNmNiODcwNzY1ODNmMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eXEfl/ya/fHdFXBXyiJP9sbeIC8
1Mjaulpr+AOnwo21OwjjeTZDvfShUnvMTID9VzwoKJANNbXTyuKHMKp59ofmK85d
FZ2rf2Whq/HO7qsgLPdwI7dD32ClfDwM8cJIKCLMKWj7rYvUlel5eQEX+o8FeBCS
G/t91tsZfuVYvGkjbOmSMwbHxmhAhAgvjJSj/ZHNNCZtfZZfuraDy0G34QZkjSty
dmXJZ+HdUtT+VWctq9osk3nPdOUFh/4937OL+qkYTzFVHj+engOTtWVtsrJUXnO6
r20MF/d7/9xYcmqFUkuMvw4FgnIPy5M7JhU/OEXIRRWJ6nPPOWcBcZYQvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkKoHy4LK8kO9L92ObLhwdlg/MXMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvQ1FxZ2ZMZ3NyeVE3MHYzWTVzdUhCMldEOHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGItZWExMmVmOTQyMmVj
LzEvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbXrAMA0G
CSqGSIb3DQEBCwUAA4IBAQB1sTjow/mVYYJlxtgGBPfWT3IXLEdOBPsUcvf47lyP
f+FWZJEJu8Q8Ic6k+dmJRUmBhLHa3UZW1YV5+8jsMZg1hVZfZ9vVOsdt2IueReEj
WV8Tzx28T9obFJogBA7jqU2rQvdt1QmVwshr5X1SVhDbQoDIjK7zvwiFCBNyaiSi
NWkkM+ykNupBYcVVefRxSgkBU1SMmVriDNgRBrsMXE+u5S/jy1phe9/LWoPCnclE
QWnyZfPXRsCvQQsU9oaHZSoNIEcuihccisLMhTNauR32BGAvqMzKMNLb6vTYK7Tr
1w5oelFFwoqpd9I8dSlNhgzRL2mvs6cVeJrt94fNZZps
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:41:22 2025 by rpki-client