Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/FOAMzgP7NEgyX-4IlPdTadXTrwY.roa
File: FOAMzgP7NEgyX-4IlPdTadXTrwY.roa (raw, json)
Hash identifier: qYgS0bmRg2/PAzmsSxvhi0cjyWeF8y3CYknViSpbOD0=
Subject key identifier: 14:E0:0C:CE:03:FB:34:48:32:5F:EE:08:94:F7:53:69:D5:D3:AF:06
Certificate issuer: /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial: 018C6C85A22D0748A6978FABBA14F3DD31E6
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/FOAMzgP7NEgyX-4IlPdTadXTrwY.roa
Signing time: Fri 15 Dec 2023 08:09:06 +0000
ROA not before: Fri 15 Dec 2023 08:09:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49872
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.193.0/24 maxlen: 24
109.122.205.0/24 maxlen: 24
109.122.201.0/24 maxlen: 24
109.122.207.0/24 maxlen: 24
109.122.210.0/24 maxlen: 24
109.122.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:6c:85:a2:2d:07:48:a6:97:8f:ab:ba:14:f3:dd:31:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Validity
Not Before: Dec 15 08:09:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=14e00cce03fb3448325fee0894f75369d5d3af06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:7d:b4:3f:7f:f4:36:5e:7c:7c:35:aa:aa:9d:
88:16:9f:a7:ae:f9:29:98:61:25:f4:f1:db:9e:4e:
f3:08:0e:e0:ab:21:df:60:50:12:32:1d:fa:9d:ca:
a7:a3:ac:5b:0f:cb:19:76:34:5f:57:8a:9d:f7:1f:
c0:bf:5f:df:d1:eb:67:f6:fb:27:b2:2d:33:c2:ff:
45:cf:26:a6:3a:a3:39:a1:6d:9b:d0:a9:27:fe:5e:
cf:16:5b:96:d0:17:39:e0:e6:75:d2:a3:59:a0:d3:
e7:e0:96:9d:b5:40:7f:8f:00:d5:01:3f:7d:c6:64:
ac:ad:ed:c1:8e:b4:09:fa:aa:cd:13:6d:73:34:bd:
22:d3:20:00:ef:b7:11:42:91:1c:c8:59:63:1d:54:
03:ac:a7:08:4d:c0:0c:89:b4:20:8a:a1:1c:2d:e3:
80:f7:f2:b9:ac:04:e9:e0:35:1d:a1:2a:bd:96:25:
53:0d:4a:a5:c1:7d:cc:fa:49:fb:88:2c:11:6b:9e:
4e:92:17:4d:c9:d1:c8:5a:92:4a:be:05:bd:0a:8e:
49:bf:04:07:4a:46:c7:e3:a7:24:c8:dd:60:39:2b:
d9:fe:00:61:43:b5:eb:c0:2d:94:af:31:9d:03:b3:
21:45:07:4b:31:f9:28:09:82:71:c7:c5:7b:75:c3:
bf:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:E0:0C:CE:03:FB:34:48:32:5F:EE:08:94:F7:53:69:D5:D3:AF:06
X509v3 Authority Key Identifier:
keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/FOAMzgP7NEgyX-4IlPdTadXTrwY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/23
109.122.201.0/24
109.122.205.0/24
109.122.207.0/24
109.122.210.0/24
109.122.217.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:7c:f8:95:58:ec:e8:6f:63:c9:11:19:c3:5f:44:4e:57:64:
00:88:ba:b5:71:9a:c8:93:03:6e:7c:e3:a2:6d:74:7a:b0:42:
5d:80:83:da:31:d5:15:41:9b:fd:e8:3f:27:f3:3f:03:39:c0:
cb:aa:7e:43:35:37:35:80:e1:c7:3a:0b:7f:37:e8:7c:46:9b:
97:00:2b:bb:e3:2b:81:7d:24:88:f1:cf:8d:c8:78:e5:e7:c0:
90:02:30:8a:37:b6:0a:6d:7f:59:cf:b6:fb:1d:eb:b4:e5:37:
76:bb:6a:58:0c:34:2e:5e:e1:cb:fa:64:71:75:4e:8a:0e:83:
d5:9e:92:bd:c0:ff:42:e8:2a:1f:a2:65:f9:f1:02:30:1d:50:
53:62:0b:21:22:05:58:ec:6d:5a:ad:50:cb:f4:63:a4:8d:10:
43:b7:8e:61:d0:93:31:08:6d:a3:b7:08:1d:65:3f:6e:ef:9b:
c8:4a:25:e2:49:db:7e:8e:b4:4b:34:6c:ed:bc:3b:f7:66:24:
a2:5e:6a:9b:42:9b:b8:c0:e5:59:38:55:af:10:ae:5b:16:e4:
6f:8a:6d:35:cb:59:a9:e0:94:92:04:fa:b4:bc:e9:c3:7e:3b:
93:0f:c0:1c:a4:5c:2d:9d:4b:51:0a:14:42:f8:a9:f6:70:e0:
3e:cc:c2:f0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYxshaItB0iml4+ruhTz3THmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjMxMjE1MDgwOTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGUwMGNjZTAzZmIzNDQ4MzI1ZmVlMDg5NGY3NTM2OWQ1ZDNhZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnX20P3/0Nl58fDWqqp2IFp+nrvkp
mGEl9PHbnk7zCA7gqyHfYFASMh36ncqno6xbD8sZdjRfV4qd9x/Av1/f0etn9vsn
si0zwv9FzyamOqM5oW2b0Kkn/l7PFluW0Bc54OZ10qNZoNPn4JadtUB/jwDVAT99
xmSsre3BjrQJ+qrNE21zNL0i0yAA77cRQpEcyFljHVQDrKcITcAMibQgiqEcLeOA
9/K5rATp4DUdoSq9liVTDUqlwX3M+kn7iCwRa55OkhdNydHIWpJKvgW9Co5JvwQH
SkbH46ckyN1gOSvZ/gBhQ7XrwC2UrzGdA7MhRQdLMfkoCYJxx8V7dcO/LQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFBTgDM4D+zRIMl/uCJT3U2nV068GMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvRk9BTXpnUDdORWd5WC00SWxQZFRhZFhUcndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGItZWExMmVmOTQyMmVj
LzEvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBbXrAAwQA
bXrJAwQAbXrNAwQAbXrPAwQAbXrSAwQAbXrZMA0GCSqGSIb3DQEBCwUAA4IBAQAd
fPiVWOzob2PJERnDX0ROV2QAiLq1cZrIkwNufOOibXR6sEJdgIPaMdUVQZv96D8n
8z8DOcDLqn5DNTc1gOHHOgt/N+h8RpuXACu74yuBfSSI8c+NyHjl58CQAjCKN7YK
bX9Zz7b7Heu05Td2u2pYDDQuXuHL+mRxdU6KDoPVnpK9wP9C6CofomX58QIwHVBT
YgshIgVY7G1arVDL9GOkjRBDt45h0JMxCG2jtwgdZT9u75vISiXiSdt+jrRLNGzt
vDv3ZiSiXmqbQpu4wOVZOFWvEK5bFuRvim01y1mp4JSSBPq0vOnDfjuTD8AcpFwt
nUtRChRC+Kn2cOA+zMLw
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:33:10 2025 by rpki-client