Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/edFtX7hSS2bORCT2pxwDXn_nNGY.roa
File: edFtX7hSS2bORCT2pxwDXn_nNGY.roa (raw, json)
Hash identifier: V2zemCSlLMhLeXP3poi1BJARqBVyr+5YSm7xcfWFp94=
Subject key identifier: 79:D1:6D:5F:B8:52:4B:66:CE:44:24:F6:A7:1C:03:5E:7F:E7:34:66
Certificate issuer: /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial: 018CC6B7818081390E28D0860C7151C251E4
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/edFtX7hSS2bORCT2pxwDXn_nNGY.roa
Signing time: Mon 01 Jan 2024 20:29:24 +0000
ROA not before: Mon 01 Jan 2024 20:29:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43395
IP address blocks: 109.122.240.0/23 maxlen: 23
109.122.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:81:80:81:39:0e:28:d0:86:0c:71:51:c2:51:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Validity
Not Before: Jan 1 20:29:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=79d16d5fb8524b66ce4424f6a71c035e7fe73466
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:00:3c:3e:79:68:cf:7a:f9:7e:71:48:8e:5f:
0f:b7:82:fd:b6:ae:10:c0:25:95:30:00:50:72:bb:
ec:3b:93:54:a0:0b:c9:68:8c:96:75:b6:3b:32:58:
30:3c:d9:85:06:e1:63:94:05:1b:ef:f7:fa:86:65:
1b:54:9f:d9:d5:2d:26:19:a2:26:43:75:84:c4:a0:
0d:18:cf:ba:f3:8e:c8:40:dc:06:22:90:88:00:86:
3d:4b:1f:16:68:f4:bb:0c:cc:5b:b9:6c:fe:85:02:
34:ff:de:85:c9:8f:16:34:e2:5d:1e:3e:f0:c9:b8:
f9:11:07:d7:dc:d7:ad:60:ee:45:44:81:99:3c:f3:
cb:70:49:dc:cf:49:5b:86:4f:21:1a:60:df:04:c9:
1b:af:04:46:c2:db:77:78:35:69:21:48:6c:c7:25:
17:12:b4:95:58:e3:8e:b6:fa:07:46:20:52:f5:c5:
19:7d:21:d7:ef:e0:50:af:af:73:e9:72:96:40:c9:
22:73:c7:ba:52:9e:55:08:49:5a:44:5e:c2:c7:bb:
9e:60:ad:ec:50:d3:3d:82:73:9a:98:51:d6:f2:5c:
1f:3d:4b:da:e9:51:74:3d:35:f1:55:69:2b:0e:f8:
24:1f:a2:51:7a:3c:bf:ab:d4:d5:d8:4e:2b:02:1b:
6c:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:D1:6D:5F:B8:52:4B:66:CE:44:24:F6:A7:1C:03:5E:7F:E7:34:66
X509v3 Authority Key Identifier:
keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/edFtX7hSS2bORCT2pxwDXn_nNGY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.122.240.0-109.122.242.255
Signature Algorithm: sha256WithRSAEncryption
4d:7d:cf:6a:06:14:83:37:de:75:7f:e8:ea:5c:e4:c4:34:85:
bf:3f:cb:28:6a:93:5d:1d:9e:87:1f:6f:6a:8e:c6:ab:a1:81:
4f:05:cd:71:1e:5c:2d:76:f1:81:d4:9d:67:f0:40:3b:9f:ed:
d8:49:43:38:5d:35:4f:c3:55:18:78:12:cc:27:1a:ac:ca:9b:
7a:42:3d:99:5c:9b:39:b7:db:2e:d9:7d:ad:fb:e9:5d:da:cd:
a1:79:d0:22:38:17:c4:c7:e8:b0:83:68:20:14:d2:0e:e5:ee:
0b:07:b9:d1:e0:a7:69:fb:0e:1e:54:4c:91:74:86:66:dc:bc:
b7:5e:09:cf:ba:af:21:2c:00:8c:ff:06:39:a1:a0:30:15:cb:
3e:3f:43:a0:23:1b:ed:35:ee:93:77:f9:7d:62:b8:44:17:26:
21:d8:2e:6a:55:2a:0f:c3:52:7d:ea:b9:f1:0f:57:d1:03:5e:
20:35:dc:22:18:7b:94:eb:42:ab:37:a4:e8:d0:51:33:c8:52:
2b:f6:b3:e2:9c:c9:00:08:36:18:2a:13:cd:d8:68:9e:99:81:
81:06:c3:67:e1:76:52:f5:ce:8e:61:a0:69:1e:d7:49:83:83:
b9:85:cb:c2:e6:85:34:c8:c8:a0:5a:c7:50:1a:89:74:7c:3b:
41:89:14:6c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGt4GAgTkOKNCGDHFRwlHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWQxNmQ1ZmI4NTI0YjY2Y2U0NDI0ZjZhNzFjMDM1ZTdmZTczNDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQA8Pnloz3r5fnFIjl8Pt4L9tq4Q
wCWVMABQcrvsO5NUoAvJaIyWdbY7MlgwPNmFBuFjlAUb7/f6hmUbVJ/Z1S0mGaIm
Q3WExKANGM+6847IQNwGIpCIAIY9Sx8WaPS7DMxbuWz+hQI0/96FyY8WNOJdHj7w
ybj5EQfX3NetYO5FRIGZPPPLcEncz0lbhk8hGmDfBMkbrwRGwtt3eDVpIUhsxyUX
ErSVWOOOtvoHRiBS9cUZfSHX7+BQr69z6XKWQMkic8e6Up5VCElaRF7Cx7ueYK3s
UNM9gnOamFHW8lwfPUva6VF0PTXxVWkrDvgkH6JRejy/q9TV2E4rAhtsqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHnRbV+4UktmzkQk9qccA15/5zRmMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvZWRGdFg3aFNTMmJPUkNUMnB4d0RYbl9uTkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARtevAD
BABtevIwDQYJKoZIhvcNAQELBQADggEBAE19z2oGFIM33nV/6Opc5MQ0hb8/yyhq
k10dnocfb2qOxquhgU8FzXEeXC128YHUnWfwQDuf7dhJQzhdNU/DVRh4EswnGqzK
m3pCPZlcmzm32y7Zfa376V3azaF50CI4F8TH6LCDaCAU0g7l7gsHudHgp2n7Dh5U
TJF0hmbcvLdeCc+6ryEsAIz/BjmhoDAVyz4/Q6AjG+017pN3+X1iuEQXJiHYLmpV
Kg/DUn3qufEPV9EDXiA13CIYe5TrQqs3pOjQUTPIUiv2s+KcyQAINhgqE83YaJ6Z
gYEGw2fhdlL1zo5hoGke10mDg7mFy8LmhTTIyKBax1AaiXR8O0GJFGw=
-----END CERTIFICATE-----
Generated at Tue Sep 24 16:53:35 2024 by rpki-client on console-fra.rpki-client.org