Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/mQ_u2-HK4sgwXs_FtV6D-3zNzXI.roa
File: mQ_u2-HK4sgwXs_FtV6D-3zNzXI.roa (raw, json)
Hash identifier: RH9f/jewwMlFg6FnMFoEyiXk9BsGOwAAiGMNnqCD0s8=
Subject key identifier: 99:0F:EE:DB:E1:CA:E2:C8:30:5E:CF:C5:B5:5E:83:FB:7C:CD:CD:72
Certificate issuer: /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial: 018DF097144032F73BA5E409C07D1E2B854B
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/mQ_u2-HK4sgwXs_FtV6D-3zNzXI.roa
Signing time: Wed 28 Feb 2024 16:40:49 +0000
ROA not before: Wed 28 Feb 2024 16:40:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211440
IP address blocks: 109.122.202.0/24 maxlen: 24
109.122.206.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f0:97:14:40:32:f7:3b:a5:e4:09:c0:7d:1e:2b:85:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Validity
Not Before: Feb 28 16:40:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=990feedbe1cae2c8305ecfc5b55e83fb7ccdcd72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e2:10:e6:95:6c:29:d1:32:70:d0:16:f6:20:
77:78:4f:39:17:42:05:83:8c:0a:eb:3f:a9:1d:15:
08:cd:f7:0d:4b:9d:04:5a:db:43:50:d1:10:10:81:
af:ce:8e:7a:21:d5:cf:c8:1c:5d:7e:5c:39:e5:4b:
c3:13:1c:03:cd:ad:a6:c4:1d:38:fa:83:c3:70:7b:
54:e0:f9:97:96:42:a7:aa:fe:36:49:11:f5:0c:1f:
b3:92:19:74:3c:f4:a4:82:d4:7d:13:71:ee:09:4e:
d1:41:03:6b:a8:c4:62:0b:a5:20:69:22:a7:fd:b4:
e1:75:7b:21:34:f5:5c:e6:4d:96:db:ca:85:79:54:
48:0c:92:86:33:f2:4c:ee:ce:b0:a0:9d:dd:05:22:
21:68:c4:6b:83:da:25:33:24:08:10:fe:16:80:cb:
30:02:41:ab:53:9d:f3:0d:b8:0f:25:47:d2:d9:3e:
18:de:99:72:27:d5:56:ba:fb:0c:6b:2b:d9:36:01:
a3:34:49:fc:41:da:51:32:17:2c:bc:c3:23:3b:e8:
cf:d8:6a:a8:d0:1f:8f:80:71:8e:f2:75:a5:5d:63:
93:eb:f6:7c:c0:81:ec:01:89:9e:24:fd:1d:f9:f4:
c0:8e:75:45:5e:61:5a:88:e2:d0:97:04:46:e3:7a:
c6:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:0F:EE:DB:E1:CA:E2:C8:30:5E:CF:C5:B5:5E:83:FB:7C:CD:CD:72
X509v3 Authority Key Identifier:
keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/mQ_u2-HK4sgwXs_FtV6D-3zNzXI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.202.0/24
109.122.206.0/24
Signature Algorithm: sha256WithRSAEncryption
2f:e6:6e:60:94:5b:ab:5d:c9:45:af:b3:04:c5:f6:86:5d:73:
ac:d1:90:89:4e:af:84:6e:05:6e:7a:5e:81:6f:f0:60:b9:dd:
72:5d:15:e4:4f:f6:f0:59:7c:55:01:ef:e5:a3:b3:12:48:13:
b6:d6:4e:10:94:58:14:97:d8:28:14:f0:77:65:58:ff:a7:48:
57:e7:20:36:08:13:47:f5:7d:12:70:9f:6f:da:bc:40:61:4b:
05:7a:53:3a:99:3a:87:24:bc:12:9c:07:12:41:95:5c:c9:d1:
67:9a:6f:b2:6a:d3:27:d6:df:4b:bd:34:00:ba:d0:3e:01:e0:
c3:ab:94:32:97:62:47:d8:97:26:6c:80:44:b1:b1:00:8f:db:
c3:f2:29:51:fd:2a:5f:b3:28:6b:5f:f9:88:9a:80:0f:89:70:
82:ec:e5:51:04:d3:c6:21:db:86:2e:60:34:ac:2c:72:c7:6e:
3c:c7:56:d5:b1:cd:6b:d9:08:04:96:9f:51:40:79:71:15:7c:
06:94:9c:a7:29:f9:d1:11:72:32:b0:bd:60:4c:74:5d:0c:df:
61:de:b4:50:07:03:8e:05:8d:b2:90:40:c3:5a:ab:3c:2c:49:
64:bc:39:00:59:3c:7b:70:2e:88:37:fd:db:85:b2:dc:9f:42:
a9:23:1a:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3wlxRAMvc7peQJwH0eK4VLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjQwMjI4MTY0MDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTBmZWVkYmUxY2FlMmM4MzA1ZWNmYzViNTVlODNmYjdjY2RjZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOIQ5pVsKdEycNAW9iB3eE85F0IF
g4wK6z+pHRUIzfcNS50EWttDUNEQEIGvzo56IdXPyBxdflw55UvDExwDza2mxB04
+oPDcHtU4PmXlkKnqv42SRH1DB+zkhl0PPSkgtR9E3HuCU7RQQNrqMRiC6UgaSKn
/bThdXshNPVc5k2W28qFeVRIDJKGM/JM7s6woJ3dBSIhaMRrg9olMyQIEP4WgMsw
AkGrU53zDbgPJUfS2T4Y3plyJ9VWuvsMayvZNgGjNEn8QdpRMhcsvMMjO+jP2Gqo
0B+PgHGO8nWlXWOT6/Z8wIHsAYmeJP0d+fTAjnVFXmFaiOLQlwRG43rGiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJkP7tvhyuLIMF7PxbVeg/t8zc1yMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvbVFfdTItSEs0c2d3WHNfRnRWNkQtM3pOelhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGItZWExMmVmOTQyMmVj
LzEvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrKAwQA
bXrOMA0GCSqGSIb3DQEBCwUAA4IBAQAv5m5glFurXclFr7MExfaGXXOs0ZCJTq+E
bgVuel6Bb/Bgud1yXRXkT/bwWXxVAe/lo7MSSBO21k4QlFgUl9goFPB3ZVj/p0hX
5yA2CBNH9X0ScJ9v2rxAYUsFelM6mTqHJLwSnAcSQZVcydFnmm+yatMn1t9LvTQA
utA+AeDDq5Qyl2JH2JcmbIBEsbEAj9vD8ilR/SpfsyhrX/mImoAPiXCC7OVRBNPG
IduGLmA0rCxyx248x1bVsc1r2QgElp9RQHlxFXwGlJynKfnREXIysL1gTHRdDN9h
3rRQBwOOBY2ykEDDWqs8LElkvDkAWTx7cC6IN/3bhbLcn0KpIxoQ
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:17 2025 by rpki-client