Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/qdBu3gBzFdss-HAETcekRIgSKag.roa
File: qdBu3gBzFdss-HAETcekRIgSKag.roa (raw, json)
Hash identifier: wLnCv7H2QIBYgqAaNu4ofSCOX3kQinphEmPld1s+K/s=
Subject key identifier: A9:D0:6E:DE:00:73:15:DB:2C:F8:70:04:4D:C7:A4:44:88:12:29:A8
Certificate issuer: /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial: 018DF09712E8EAE2C09E8F14E979824582AB
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/qdBu3gBzFdss-HAETcekRIgSKag.roa
Signing time: Wed 28 Feb 2024 16:40:49 +0000
ROA not before: Wed 28 Feb 2024 16:40:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60781
IP address blocks: 109.122.214.0/24 maxlen: 24
109.122.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f0:97:12:e8:ea:e2:c0:9e:8f:14:e9:79:82:45:82:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Validity
Not Before: Feb 28 16:40:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a9d06ede007315db2cf870044dc7a444881229a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:5a:21:f8:75:22:4e:ca:f9:be:df:cc:ad:fe:
46:f5:78:16:92:fa:c8:fd:8d:ce:dc:d1:c2:1c:bf:
c0:84:8e:52:ba:34:dc:4b:6d:0f:45:14:df:8e:60:
5e:31:d6:37:51:fa:e6:fc:9b:09:83:6a:fb:22:06:
03:26:93:1d:e2:fb:68:17:09:a9:38:af:85:a6:48:
d3:a6:78:6a:3a:7a:21:dc:6e:be:7b:52:5d:30:3d:
44:b2:a5:38:43:51:91:63:e8:1e:4b:f1:4c:37:7a:
6b:7a:d7:65:ed:c9:4b:64:6a:7b:0d:c5:5b:36:6e:
40:a4:f0:6b:cb:3e:85:73:b0:c5:cf:5d:1a:0a:72:
e6:ca:2a:bb:27:6e:06:e8:16:83:4d:1b:45:7b:aa:
6b:c7:29:9d:e9:6b:4e:9e:ae:40:f7:c3:4b:11:55:
42:29:c8:ae:04:0c:d8:db:ef:39:da:92:ac:d8:33:
18:81:f7:e6:99:2e:fc:78:98:a3:45:cb:d1:2f:39:
45:53:2d:42:c1:a3:4e:bb:4c:dd:93:6f:bb:ac:8b:
76:39:de:6c:aa:0f:46:3d:77:4b:bd:77:c0:56:da:
e4:75:88:c9:ef:39:36:00:b8:e4:12:f0:42:61:92:
a5:7d:87:04:1d:d1:7a:cd:46:70:3f:25:3a:f1:5d:
e4:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:D0:6E:DE:00:73:15:DB:2C:F8:70:04:4D:C7:A4:44:88:12:29:A8
X509v3 Authority Key Identifier:
keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/qdBu3gBzFdss-HAETcekRIgSKag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.214.0/24
109.122.223.0/24
Signature Algorithm: sha256WithRSAEncryption
54:43:fa:68:ca:62:2b:9c:86:74:83:75:63:90:f2:17:78:c1:
19:52:b5:17:15:98:86:1a:0e:b6:2c:64:43:ef:a1:f8:d9:29:
46:bf:44:5b:4b:a6:10:3c:76:45:3a:a7:3b:7e:94:91:f2:ac:
b4:2c:54:66:47:84:1b:3d:08:57:f0:9f:78:fd:6d:fb:1c:e0:
6c:b1:19:0e:e1:b4:79:8f:0a:97:63:0d:ec:d6:1a:b5:8c:fa:
cd:24:8d:52:49:d3:65:77:07:e2:e1:54:43:bb:b1:5e:66:c6:
7e:f9:8e:28:ef:a5:bc:3e:1f:a5:da:ec:aa:ff:23:cc:6a:d2:
e8:e5:dc:8c:8e:39:1c:42:1e:7e:ba:39:6b:ed:a8:05:e6:2b:
77:a4:56:7d:fb:69:d2:6f:22:84:27:19:8e:05:80:b8:0d:b5:
6a:1d:e2:fd:c3:c8:b1:36:3e:1c:7b:ac:5f:f2:c7:b7:dd:60:
00:c0:52:5e:8a:70:07:ad:0f:a9:96:0c:7f:af:9f:bc:3b:2f:
4f:50:85:81:b5:9d:34:1d:70:10:9e:8f:c0:9f:f9:01:28:c8:
03:cd:af:d5:0d:20:88:c8:ec:9a:f3:dd:55:f4:0d:61:cc:ea:
aa:98:5c:07:6c:9f:c9:ba:0b:c7:eb:c0:f4:c0:ed:da:91:91:
04:5c:82:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3wlxLo6uLAno8U6XmCRYKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjQwMjI4MTY0MDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWQwNmVkZTAwNzMxNWRiMmNmODcwMDQ0ZGM3YTQ0NDg4MTIyOWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhloh+HUiTsr5vt/Mrf5G9XgWkvrI
/Y3O3NHCHL/AhI5SujTcS20PRRTfjmBeMdY3Ufrm/JsJg2r7IgYDJpMd4vtoFwmp
OK+FpkjTpnhqOnoh3G6+e1JdMD1EsqU4Q1GRY+geS/FMN3pretdl7clLZGp7DcVb
Nm5ApPBryz6Fc7DFz10aCnLmyiq7J24G6BaDTRtFe6prxymd6WtOnq5A98NLEVVC
KciuBAzY2+852pKs2DMYgffmmS78eJijRcvRLzlFUy1CwaNOu0zdk2+7rIt2Od5s
qg9GPXdLvXfAVtrkdYjJ7zk2ALjkEvBCYZKlfYcEHdF6zUZwPyU68V3kgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKnQbt4AcxXbLPhwBE3HpESIEimoMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvcWRCdTNnQnpGZHNzLUhBRVRjZWtSSWdTS2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGItZWExMmVmOTQyMmVj
LzEvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXrWAwQA
bXrfMA0GCSqGSIb3DQEBCwUAA4IBAQBUQ/poymIrnIZ0g3VjkPIXeMEZUrUXFZiG
Gg62LGRD76H42SlGv0RbS6YQPHZFOqc7fpSR8qy0LFRmR4QbPQhX8J94/W37HOBs
sRkO4bR5jwqXYw3s1hq1jPrNJI1SSdNldwfi4VRDu7FeZsZ++Y4o76W8Ph+l2uyq
/yPMatLo5dyMjjkcQh5+ujlr7agF5it3pFZ9+2nSbyKEJxmOBYC4DbVqHeL9w8ix
Nj4ce6xf8se33WAAwFJeinAHrQ+plgx/r5+8Oy9PUIWBtZ00HXAQno/An/kBKMgD
za/VDSCIyOya891V9A1hzOqqmFwHbJ/JugvH68D0wO3akZEEXIIE
-----END CERTIFICATE-----
Generated at Wed Mar 6 19:11:47 2024 by rpki-client on console-ams.rpki-client.org