Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/QyGZMCcdic5ez0YxRCsG3QWaHCs.roa
File: QyGZMCcdic5ez0YxRCsG3QWaHCs.roa (raw, json)
Hash identifier: OrCoGPhUORL5PdctT+lDJ5QdGlGYv2PPXocefLsSeHw=
Subject key identifier: 43:21:99:30:27:1D:89:CE:5E:CF:46:31:44:2B:06:DD:05:9A:1C:2B
Certificate issuer: /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial: 018E28B31A39686DC912EFA3111526201C5A
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/QyGZMCcdic5ez0YxRCsG3QWaHCs.roa
Signing time: Sun 10 Mar 2024 14:10:10 +0000
ROA not before: Sun 10 Mar 2024 14:10:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206065
IP address blocks: 109.122.240.0/24 maxlen: 24
109.122.241.0/24 maxlen: 24
109.122.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:28:b3:1a:39:68:6d:c9:12:ef:a3:11:15:26:20:1c:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Validity
Not Before: Mar 10 14:10:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=43219930271d89ce5ecf4631442b06dd059a1c2b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:9a:4a:ec:8b:8b:60:46:8f:cb:05:be:c1:e1:
f5:01:41:e3:b7:d1:7b:61:94:13:ac:56:04:e9:20:
10:91:62:0e:8b:eb:03:24:44:18:4b:7a:70:c1:69:
bd:36:56:aa:fb:7c:b1:0a:dd:44:c8:08:4f:be:26:
dd:be:56:02:99:b7:c4:7d:bc:4c:f4:73:5a:5e:49:
53:9e:7e:dc:db:ae:1b:29:f3:e5:9b:15:c9:49:00:
b4:ba:3e:cf:23:77:94:ff:ba:f0:a5:87:12:62:cd:
b0:4c:c7:2e:4e:a6:26:27:21:06:a5:6b:46:d4:44:
f1:db:23:35:52:bd:73:10:42:27:ea:ea:7a:d1:4d:
21:40:64:24:b4:cd:b3:43:e6:a9:dd:8d:a7:4e:99:
33:d8:e9:7b:8e:3a:ea:5f:4b:a7:13:d2:04:b6:28:
57:7f:bd:05:3b:81:b8:27:5c:ca:a5:43:13:ae:af:
ed:c2:2a:94:48:a5:a0:24:1b:10:cb:27:69:35:c3:
25:8c:5b:7d:d7:54:f5:e2:a7:e8:ee:b8:ab:dc:0b:
c2:07:72:7d:8b:0c:0c:e4:71:70:56:8f:1e:7c:3f:
b8:8c:9b:35:05:f9:59:e7:26:42:3f:e2:7f:3b:81:
de:03:e2:48:56:14:e4:ec:68:a5:60:44:7f:a6:8d:
2b:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:21:99:30:27:1D:89:CE:5E:CF:46:31:44:2B:06:DD:05:9A:1C:2B
X509v3 Authority Key Identifier:
keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/QyGZMCcdic5ez0YxRCsG3QWaHCs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.240.0-109.122.242.255
Signature Algorithm: sha256WithRSAEncryption
27:df:36:1d:11:a4:75:49:fa:03:e2:f7:98:5b:f4:c7:9a:f8:
84:23:ce:e1:e4:59:7a:37:d1:e2:6a:21:df:b8:4d:c4:1d:42:
45:b0:ff:6e:59:e5:65:21:df:80:b8:ec:6c:cc:ec:d2:c3:96:
cd:68:fc:cb:67:8e:52:33:37:80:87:96:80:28:c0:10:a7:cc:
89:bd:c3:1f:bb:ac:01:73:5e:e9:23:a4:67:c2:5f:d3:9f:bc:
6a:cb:39:51:df:4f:51:85:c4:54:33:4d:5b:df:ec:cc:37:35:
b0:d7:60:6d:3a:94:4b:9d:06:f5:46:7c:1b:96:b0:15:3c:2d:
76:85:00:55:da:37:06:62:79:7a:3b:4f:be:1e:7e:75:ef:a7:
36:1a:c5:b7:4e:a6:7a:50:10:1a:d5:48:8e:84:9a:ed:0c:1e:
87:96:2c:5f:ff:81:03:11:e4:55:00:12:5e:4f:3a:b4:37:dd:
51:7c:bb:10:8d:88:d5:ea:82:10:ce:e8:fb:7f:8b:3c:51:1f:
f6:4a:82:4f:5e:28:23:33:5e:97:ce:6b:42:22:20:6f:81:9d:
9e:dd:56:17:9c:fd:d6:cb:91:dc:3e:74:fa:f9:72:28:9f:ec:
50:47:81:00:2d:ea:59:eb:1a:f1:7e:31:d3:84:dc:76:bc:a5:
60:8b:63:8d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY4osxo5aG3JEu+jERUmIBxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjQwMzEwMTQxMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzIxOTkzMDI3MWQ4OWNlNWVjZjQ2MzE0NDJiMDZkZDA1OWExYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJpK7IuLYEaPywW+weH1AUHjt9F7
YZQTrFYE6SAQkWIOi+sDJEQYS3pwwWm9Nlaq+3yxCt1EyAhPvibdvlYCmbfEfbxM
9HNaXklTnn7c264bKfPlmxXJSQC0uj7PI3eU/7rwpYcSYs2wTMcuTqYmJyEGpWtG
1ETx2yM1Ur1zEEIn6up60U0hQGQktM2zQ+ap3Y2nTpkz2Ol7jjrqX0unE9IEtihX
f70FO4G4J1zKpUMTrq/twiqUSKWgJBsQyydpNcMljFt911T14qfo7rir3AvCB3J9
iwwM5HFwVo8efD+4jJs1BflZ5yZCP+J/O4HeA+JIVhTk7GilYER/po0rpQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEMhmTAnHYnOXs9GMUQrBt0FmhwrMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvUXlHWk1DY2RpYzVlejBZeFJDc0czUVdhSENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARtevAD
BABtevIwDQYJKoZIhvcNAQELBQADggEBACffNh0RpHVJ+gPi95hb9Mea+IQjzuHk
WXo30eJqId+4TcQdQkWw/25Z5WUh34C47GzM7NLDls1o/MtnjlIzN4CHloAowBCn
zIm9wx+7rAFzXukjpGfCX9OfvGrLOVHfT1GFxFQzTVvf7Mw3NbDXYG06lEudBvVG
fBuWsBU8LXaFAFXaNwZieXo7T74efnXvpzYaxbdOpnpQEBrVSI6Emu0MHoeWLF//
gQMR5FUAEl5POrQ33VF8uxCNiNXqghDO6Pt/izxRH/ZKgk9eKCMzXpfOa0IiIG+B
nZ7dVhec/dbLkdw+dPr5ciif7FBHgQAt6lnrGvF+MdOE3Ha8pWCLY40=
-----END CERTIFICATE-----
Generated at Tue Sep 24 16:53:35 2024 by rpki-client on console-fra.rpki-client.org