Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/rrbHEGfTHPLBiqLUF3xvv8Zqx0U.roa
File: rrbHEGfTHPLBiqLUF3xvv8Zqx0U.roa (raw, json)
Hash identifier: AwTVAaThUzErnu/OKpwJhddiKjTksBwMbpUS0Oxg/lo=
Subject key identifier: AE:B6:C7:10:67:D3:1C:F2:C1:8A:A2:D4:17:7C:6F:BF:C6:6A:C7:45
Certificate issuer: /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial: 018F2D885D80BFF4F4B0AB810926AE1CD7A9
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/rrbHEGfTHPLBiqLUF3xvv8Zqx0U.roa
Signing time: Tue 30 Apr 2024 05:44:22 +0000
ROA not before: Tue 30 Apr 2024 05:44:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49872
IP address blocks: 109.122.192.0/24 maxlen: 24
109.122.193.0/24 maxlen: 24
109.122.195.0/24 maxlen: 24
109.122.196.0/24 maxlen: 24
109.122.197.0/24 maxlen: 24
109.122.201.0/24 maxlen: 24
109.122.203.0/24 maxlen: 24
109.122.205.0/24 maxlen: 24
109.122.207.0/24 maxlen: 24
109.122.208.0/24 maxlen: 24
109.122.210.0/24 maxlen: 24
109.122.211.0/24 maxlen: 24
109.122.212.0/24 maxlen: 24
109.122.213.0/24 maxlen: 24
109.122.214.0/24 maxlen: 24
109.122.215.0/24 maxlen: 24
109.122.216.0/24 maxlen: 24
109.122.217.0/24 maxlen: 24
109.122.218.0/24 maxlen: 24
109.122.219.0/24 maxlen: 24
109.122.220.0/24 maxlen: 24
109.122.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:2d:88:5d:80:bf:f4:f4:b0:ab:81:09:26:ae:1c:d7:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Validity
Not Before: Apr 30 05:44:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aeb6c71067d31cf2c18aa2d4177c6fbfc66ac745
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:17:46:5c:f5:77:4b:c0:89:d9:76:d6:14:41:
1a:3d:fa:f0:9c:38:7b:91:15:f2:b3:92:c6:18:84:
62:ba:80:b7:0c:10:04:a3:3b:ab:8d:8c:2e:bb:df:
98:24:7e:60:84:cf:37:e3:63:5a:19:79:78:e6:50:
8d:c8:20:f3:c1:cb:4d:dd:35:70:74:84:c6:70:1c:
d3:6c:d1:6b:b7:fd:ec:af:70:f3:e5:c5:48:d7:f1:
fa:8c:86:7c:c8:7d:50:64:d4:4a:25:d0:4b:90:2d:
33:aa:46:8a:75:1f:00:3e:f7:f0:03:58:90:62:9a:
48:76:ed:11:47:b8:3a:25:6e:1c:7e:1b:ab:38:73:
c4:59:03:f6:fe:f4:bc:bf:a5:28:e6:be:77:42:ac:
b6:0c:ff:6f:98:e2:96:23:38:01:0a:09:af:88:db:
fc:58:77:c6:6f:28:8d:49:64:f5:77:3f:cf:4e:49:
85:c5:03:2a:97:c1:60:e2:3f:ce:b6:85:d4:61:ad:
80:ad:08:5a:52:a8:72:77:f3:33:fc:2f:fb:c5:6d:
8d:68:79:12:4f:0c:29:47:94:ab:eb:a8:ba:5e:99:
e9:61:80:a9:50:38:b4:a0:3a:7d:a1:04:4e:fe:fd:
a5:fa:91:89:9c:9e:e3:c7:65:9a:0d:e4:7e:61:1d:
ad:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:B6:C7:10:67:D3:1C:F2:C1:8A:A2:D4:17:7C:6F:BF:C6:6A:C7:45
X509v3 Authority Key Identifier:
keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/rrbHEGfTHPLBiqLUF3xvv8Zqx0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.192.0/23
109.122.195.0-109.122.197.255
109.122.201.0/24
109.122.203.0/24
109.122.205.0/24
109.122.207.0-109.122.208.255
109.122.210.0-109.122.221.255
Signature Algorithm: sha256WithRSAEncryption
89:e4:a0:52:6e:95:57:63:51:95:88:61:10:de:72:90:a8:47:
9b:cd:57:2a:be:91:c5:a5:a8:12:93:b0:83:2a:d1:b7:5e:fd:
16:0f:a4:c4:78:92:85:20:1f:ec:1f:7e:a4:58:d8:6d:93:2b:
7d:d2:41:fa:51:68:c8:14:29:9f:00:ea:88:ba:3a:b3:b7:ce:
9f:03:85:51:0e:30:db:c5:8f:e3:f9:12:7d:75:0a:f8:56:2f:
0f:63:25:9a:b6:e1:d3:60:5d:19:07:4f:5c:3f:97:25:14:41:
0b:83:9f:78:5e:86:ce:a1:dd:37:35:97:96:70:38:22:cd:db:
5d:56:0c:bf:6a:fa:8f:c6:ac:dd:37:1a:f4:bf:8a:5e:f8:a5:
7a:45:2d:10:52:4d:62:5b:56:5d:ee:3e:ee:4e:e1:9e:43:bb:
ca:07:e7:ea:2a:1c:dc:73:b6:c7:a3:4a:0f:6a:d7:25:27:67:
39:aa:78:9f:e2:dd:5e:71:03:aa:7f:b7:2e:69:cc:84:36:51:
73:94:14:cf:8d:d3:d5:49:87:4d:71:1f:be:b1:64:c4:64:a0:
0f:6c:3d:96:2f:d8:43:a7:f0:08:56:d6:30:b2:51:02:da:6b:
42:99:fa:cf:ee:7d:dd:8e:c1:00:da:9d:93:17:05:9f:75:8d:
f7:e5:07:36
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY8tiF2Av/T0sKuBCSauHNepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjQwNDMwMDU0NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI2YzcxMDY3ZDMxY2YyYzE4YWEyZDQxNzdjNmZiZmM2NmFjNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RdGXPV3S8CJ2XbWFEEaPfrwnDh7
kRXys5LGGIRiuoC3DBAEozurjYwuu9+YJH5ghM8342NaGXl45lCNyCDzwctN3TVw
dITGcBzTbNFrt/3sr3Dz5cVI1/H6jIZ8yH1QZNRKJdBLkC0zqkaKdR8APvfwA1iQ
YppIdu0RR7g6JW4cfhurOHPEWQP2/vS8v6Uo5r53Qqy2DP9vmOKWIzgBCgmviNv8
WHfGbyiNSWT1dz/PTkmFxQMql8Fg4j/OtoXUYa2ArQhaUqhyd/Mz/C/7xW2NaHkS
TwwpR5Sr66i6XpnpYYCpUDi0oDp9oQRO/v2l+pGJnJ7jx2WaDeR+YR2tEwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFK62xxBn0xzywYqi1Bd8b7/GasdFMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvcnJiSEVHZlRIUExCaXFMVUYzeHZ2OFpxeDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGItZWExMmVmOTQyMmVj
LzEvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBbXrAMAwD
BABtesMDBAFtesQDBABteskDBABtessDBABtes0wDAMEAG16zwMEAG160DAMAwQB
bXrSAwQBbXrcMA0GCSqGSIb3DQEBCwUAA4IBAQCJ5KBSbpVXY1GViGEQ3nKQqEeb
zVcqvpHFpagSk7CDKtG3Xv0WD6TEeJKFIB/sH36kWNhtkyt90kH6UWjIFCmfAOqI
ujqzt86fA4VRDjDbxY/j+RJ9dQr4Vi8PYyWatuHTYF0ZB09cP5clFEELg594XobO
od03NZeWcDgizdtdVgy/avqPxqzdNxr0v4pe+KV6RS0QUk1iW1Zd7j7uTuGeQ7vK
B+fqKhzcc7bHo0oPatclJ2c5qnif4t1ecQOqf7cuacyENlFzlBTPjdPVSYdNcR++
sWTEZKAPbD2WL9hDp/AIVtYwslEC2mtCmfrP7n3djsEA2p2TFwWfdY335Qc2
-----END CERTIFICATE-----
Generated at Tue Apr 22 00:57:14 2025 by rpki-client