Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/nOXikwgs9RVTfgXng5BXeYHzfqk.roa
File: nOXikwgs9RVTfgXng5BXeYHzfqk.roa (raw, json)
Hash identifier: uJsbbrsKIGLHimXxeDAT1Xo5wnmV07W3Kzlc5kRnqKs=
Subject key identifier: 9C:E5:E2:93:08:2C:F5:15:53:7E:05:E7:83:90:57:79:81:F3:7E:A9
Certificate issuer: /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial: 018DF09713F1DB0C08353518E25D9477094A
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/nOXikwgs9RVTfgXng5BXeYHzfqk.roa
Signing time: Wed 28 Feb 2024 16:40:49 +0000
ROA not before: Wed 28 Feb 2024 16:40:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210030
IP address blocks: 109.122.198.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f0:97:13:f1:db:0c:08:35:35:18:e2:5d:94:77:09:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Validity
Not Before: Feb 28 16:40:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9ce5e293082cf515537e05e78390577981f37ea9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:3f:6d:10:3f:c6:36:b3:ef:a0:90:48:b6:5f:
6f:b3:7c:70:e7:cf:d4:8f:0c:0e:a0:32:d1:ec:e2:
5a:a3:8d:4e:fb:d0:80:46:55:22:99:e0:d0:03:f4:
f2:c0:04:08:e7:c1:4a:c0:ea:44:77:6d:81:0b:7b:
d1:de:1b:b6:51:de:2f:11:ed:cb:06:b0:dd:8f:59:
9b:eb:c2:61:46:6b:a3:dc:07:e1:e7:7c:27:26:68:
cb:67:a9:ec:72:9c:64:1b:ea:e3:24:42:cd:86:4d:
f2:5e:37:25:9a:27:16:55:b8:3a:76:d1:19:26:53:
24:a4:23:f1:e7:25:ae:38:71:8f:1c:56:86:9c:b3:
cc:64:01:e3:51:41:a9:84:ce:80:c4:af:22:c7:2f:
2c:ee:f8:82:48:56:21:c1:6d:39:e7:e5:f8:a5:57:
bb:22:ed:14:75:1a:51:b3:22:aa:70:9a:96:5a:57:
7c:98:43:36:59:73:10:2c:57:00:4b:ed:6e:a5:38:
37:1d:aa:6a:95:6c:32:98:11:0b:d7:fd:54:bc:48:
ec:31:d6:84:64:42:40:e0:30:73:00:34:53:39:16:
87:27:ac:70:b8:b8:cc:64:55:ae:71:e8:62:a4:81:
1e:c9:26:9a:ff:cc:30:05:54:90:89:51:f8:ef:1e:
d2:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:E5:E2:93:08:2C:F5:15:53:7E:05:E7:83:90:57:79:81:F3:7E:A9
X509v3 Authority Key Identifier:
keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/nOXikwgs9RVTfgXng5BXeYHzfqk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.198.0/24
Signature Algorithm: sha256WithRSAEncryption
b8:9b:ed:11:49:09:45:29:32:7a:d8:81:02:bc:7c:0c:6e:f7:
7b:d0:62:64:0a:ae:c5:bc:19:91:42:4f:cf:34:a9:b0:07:63:
ef:0c:6a:44:d5:f1:fc:c4:59:07:b9:ea:cc:7d:6f:17:4f:a3:
dc:65:90:52:cb:1a:6a:25:10:b8:80:2c:6c:1a:10:2d:b9:3e:
a8:1f:ea:26:c0:d4:76:2e:39:6c:0c:f3:e0:ea:f6:54:5d:7a:
4d:f4:0f:06:e0:d7:b4:54:16:17:9d:3f:09:0e:c6:32:9c:8c:
eb:f1:c8:cc:95:ff:04:8c:11:9d:9d:54:63:6c:18:68:0b:fb:
2a:f7:ff:61:fb:9f:e9:d0:c5:89:88:33:59:52:70:02:f8:66:
91:8e:f4:4f:c9:08:b5:d7:8b:b7:31:f9:47:76:23:e3:84:b9:
5e:3d:95:3b:59:bb:56:7a:57:43:5b:3a:7a:1a:9d:7a:23:f8:
c6:fc:e1:ef:55:9c:e5:f5:ad:f3:2f:84:92:b1:14:92:fe:22:
1f:6a:90:27:c6:8b:a3:d5:4a:7e:6b:33:f6:48:97:c7:51:cc:
42:d8:c4:2a:92:0e:9e:a0:02:e0:59:82:2a:46:33:42:7d:6f:
0f:bd:ad:d3:38:82:e6:6d:28:72:a9:be:6b:68:97:c9:f2:cf:
7a:8d:8b:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3wlxPx2wwINTUY4l2UdwlKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjQwMjI4MTY0MDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2U1ZTI5MzA4MmNmNTE1NTM3ZTA1ZTc4MzkwNTc3OTgxZjM3ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj9tED/GNrPvoJBItl9vs3xw58/U
jwwOoDLR7OJao41O+9CARlUimeDQA/TywAQI58FKwOpEd22BC3vR3hu2Ud4vEe3L
BrDdj1mb68JhRmuj3Afh53wnJmjLZ6nscpxkG+rjJELNhk3yXjclmicWVbg6dtEZ
JlMkpCPx5yWuOHGPHFaGnLPMZAHjUUGphM6AxK8ixy8s7viCSFYhwW055+X4pVe7
Iu0UdRpRsyKqcJqWWld8mEM2WXMQLFcAS+1upTg3HapqlWwymBEL1/1UvEjsMdaE
ZEJA4DBzADRTORaHJ6xwuLjMZFWucehipIEeySaa/8wwBVSQiVH47x7SIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzl4pMILPUVU34F54OQV3mB836pMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvbk9YaWt3Z3M5UlZUZmdYbmc1QlhlWUh6ZnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGItZWExMmVmOTQyMmVj
LzEvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXrGMA0G
CSqGSIb3DQEBCwUAA4IBAQC4m+0RSQlFKTJ62IECvHwMbvd70GJkCq7FvBmRQk/P
NKmwB2PvDGpE1fH8xFkHuerMfW8XT6PcZZBSyxpqJRC4gCxsGhAtuT6oH+omwNR2
LjlsDPPg6vZUXXpN9A8G4Ne0VBYXnT8JDsYynIzr8cjMlf8EjBGdnVRjbBhoC/sq
9/9h+5/p0MWJiDNZUnAC+GaRjvRPyQi114u3MflHdiPjhLlePZU7WbtWeldDWzp6
Gp16I/jG/OHvVZzl9a3zL4SSsRSS/iIfapAnxouj1Up+azP2SJfHUcxC2MQqkg6e
oALgWYIqRjNCfW8Pva3TOILmbShyqb5raJfJ8s96jYsm
-----END CERTIFICATE-----
Generated at Wed Mar 6 19:35:17 2024 by rpki-client on console-fra.rpki-client.org