Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/96QXZRlVKff-MB3C0CjmEZYcRRg.roa
File: 96QXZRlVKff-MB3C0CjmEZYcRRg.roa (raw, json)
Hash identifier: mnvN02S9OBnwacnNZCtb+ZK5CSb5wuGbU/89Q0E2HhY=
Subject key identifier: F7:A4:17:65:19:55:29:F7:FE:30:1D:C2:D0:28:E6:11:96:1C:45:18
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 018B00B85B83F23EC477307EAF58411499CC
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/96QXZRlVKff-MB3C0CjmEZYcRRg.roa
Signing time: Thu 05 Oct 2023 16:42:43 +0000
ROA not before: Thu 05 Oct 2023 16:42:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213369
IP address blocks: 109.107.162.0/24 maxlen: 24
109.107.162.0/23 maxlen: 23
109.107.163.0/24 maxlen: 24
109.107.183.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:00:b8:5b:83:f2:3e:c4:77:30:7e:af:58:41:14:99:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Oct 5 16:42:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f7a41765195529f7fe301dc2d028e611961c4518
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:b0:77:42:bc:14:1a:9a:c7:a5:c6:2a:42:6d:
09:76:43:3c:0d:17:30:c4:83:76:70:35:2f:3f:50:
a9:49:cb:b6:4f:59:e9:64:6a:93:4f:cc:f9:34:c6:
ba:0b:67:13:38:77:17:4d:0f:e3:2a:3c:32:b8:86:
2e:42:6e:d0:e9:04:8d:8e:7a:5f:16:9f:cf:b1:6d:
16:25:8b:d9:f4:ce:3a:e2:e0:10:13:be:3c:ed:73:
56:77:49:cd:3f:cf:27:8d:15:6d:be:da:63:2a:f6:
87:15:fd:41:f1:0d:80:20:dd:93:81:7b:ad:b9:55:
a3:9d:52:90:7f:ef:95:4e:d6:36:a1:39:29:e6:21:
6f:d8:28:fd:6a:78:c3:a9:ed:97:fd:aa:8c:7f:ef:
ba:4d:34:d3:57:71:1f:e5:97:85:a4:36:16:34:4f:
a7:0d:e6:3f:53:e3:74:30:9b:84:10:d1:ac:1a:64:
8d:2a:53:8f:4a:71:15:52:8c:2b:68:56:14:4a:f0:
08:00:29:12:66:04:ac:fa:7c:f9:57:11:22:cf:6a:
0d:a6:4e:38:1f:94:41:a4:35:c8:88:6c:61:0f:a7:
8c:43:58:58:e5:d6:17:04:c0:24:ec:ca:fe:07:ef:
a1:2c:49:3b:3a:a5:fa:d5:b1:75:fb:61:b5:6f:15:
c0:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:A4:17:65:19:55:29:F7:FE:30:1D:C2:D0:28:E6:11:96:1C:45:18
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/96QXZRlVKff-MB3C0CjmEZYcRRg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.162.0/23
109.107.183.0/24
Signature Algorithm: sha256WithRSAEncryption
76:ee:0e:87:56:55:b5:0e:bc:54:ba:1e:cb:b6:5c:fa:0c:b5:
a9:11:e1:9f:4c:b2:d3:3c:41:6f:60:f3:d3:f7:a9:e8:93:f2:
45:a9:62:0d:74:15:e8:92:a8:c8:3b:68:25:81:9a:29:14:fa:
42:c9:f5:a5:b6:ec:72:83:7b:e3:86:34:6c:93:dc:6c:5c:0f:
ba:5c:f9:86:3c:75:a8:30:0c:10:61:5e:49:52:6c:a9:a3:e8:
8f:42:5d:63:4b:9c:88:4e:66:95:f7:dd:08:c0:36:7d:89:df:
a0:70:28:08:11:01:8d:b9:19:86:6c:cf:b5:b5:c3:b8:42:ca:
64:eb:e0:c3:bc:46:d7:4c:6c:5c:12:5a:fb:82:2c:eb:96:cd:
5b:fd:c9:9a:e5:22:fc:c3:72:0e:da:a2:ed:81:4b:82:63:6c:
39:35:7f:71:43:30:c3:d9:7b:dd:9d:0f:aa:fe:22:2e:43:e0:
60:be:4f:b9:0a:e7:a9:1b:21:d0:4e:c8:c3:0d:40:c8:6b:ad:
8d:93:54:c2:3a:5d:31:07:e1:c8:19:bf:bd:1f:c8:cf:5a:0e:
7f:23:2f:ca:e5:d6:ab:da:97:bb:de:cf:51:d2:87:05:1b:75:
68:b9:4d:06:91:1f:98:33:41:a4:03:65:c5:e5:44:47:b2:4b:
93:01:86:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYsAuFuD8j7EdzB+r1hBFJnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjMxMDA1MTY0MjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2E0MTc2NTE5NTUyOWY3ZmUzMDFkYzJkMDI4ZTYxMTk2MWM0NTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbB3QrwUGprHpcYqQm0JdkM8DRcw
xIN2cDUvP1CpScu2T1npZGqTT8z5NMa6C2cTOHcXTQ/jKjwyuIYuQm7Q6QSNjnpf
Fp/PsW0WJYvZ9M464uAQE7487XNWd0nNP88njRVtvtpjKvaHFf1B8Q2AIN2TgXut
uVWjnVKQf++VTtY2oTkp5iFv2Cj9anjDqe2X/aqMf++6TTTTV3Ef5ZeFpDYWNE+n
DeY/U+N0MJuEENGsGmSNKlOPSnEVUowraFYUSvAIACkSZgSs+nz5VxEiz2oNpk44
H5RBpDXIiGxhD6eMQ1hY5dYXBMAk7Mr+B++hLEk7OqX61bF1+2G1bxXAVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPekF2UZVSn3/jAdwtAo5hGWHEUYMB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEvOTZRWFpSbFZLZmYtTUIzQzBDam1FWlljUlJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbWuiAwQA
bWu3MA0GCSqGSIb3DQEBCwUAA4IBAQB27g6HVlW1DrxUuh7Ltlz6DLWpEeGfTLLT
PEFvYPPT96nok/JFqWINdBXokqjIO2glgZopFPpCyfWltuxyg3vjhjRsk9xsXA+6
XPmGPHWoMAwQYV5JUmypo+iPQl1jS5yITmaV990IwDZ9id+gcCgIEQGNuRmGbM+1
tcO4Qspk6+DDvEbXTGxcElr7gizrls1b/cma5SL8w3IO2qLtgUuCY2w5NX9xQzDD
2XvdnQ+q/iIuQ+Bgvk+5CuepGyHQTsjDDUDIa62Nk1TCOl0xB+HIGb+9H8jPWg5/
Iy/K5dar2pe73s9R0ocFG3VouU0GkR+YM0GkA2XF5URHskuTAYay
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:09 2024 by rpki-client on console-fra.rpki-client.org