Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/FinpFDREl-8jhmuN4Hrp3HfYpDA.roa
File: FinpFDREl-8jhmuN4Hrp3HfYpDA.roa (raw, json)
Hash identifier: VlDBoXmDQYrF8CO9R71XOeGyvFTfulLiNXJZOVZo3ic=
Subject key identifier: 16:29:E9:14:34:44:97:EF:23:86:6B:8D:E0:7A:E9:DC:77:D8:A4:30
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 0189DA41E38265C1B3CE8CC998609B0380A0
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/FinpFDREl-8jhmuN4Hrp3HfYpDA.roa
Signing time: Wed 09 Aug 2023 12:24:58 +0000
ROA not before: Wed 09 Aug 2023 12:24:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48030
IP address blocks: 109.107.160.0/24 maxlen: 24
109.107.180.0/24 maxlen: 24
109.107.191.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:da:41:e3:82:65:c1:b3:ce:8c:c9:98:60:9b:03:80:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Aug 9 12:24:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1629e914344497ef23866b8de07ae9dc77d8a430
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:02:33:8b:f9:02:41:75:b5:c7:f3:32:6c:8d:
8b:e8:2a:2f:82:67:14:3f:3b:5c:c4:22:7a:b7:79:
41:7d:a8:8b:70:20:6b:6a:b7:08:db:42:82:ec:cb:
1f:be:30:9f:2a:eb:dc:59:ff:1e:ff:b0:6c:8a:fe:
71:a9:ac:69:ee:9e:94:c0:eb:12:d1:50:8e:16:c8:
cd:ae:f9:b6:8c:f4:7e:fd:ad:2b:fe:1b:6e:cf:a2:
c8:7a:23:14:3b:0c:21:0b:50:e6:d5:71:93:6e:e2:
75:a6:41:02:74:a0:2b:91:39:89:7a:4f:7f:a8:be:
98:6f:58:ef:b0:47:79:15:48:1e:01:d6:0e:9c:c9:
21:89:a7:84:4f:a6:f5:e0:08:44:55:b4:96:fd:a3:
53:c1:45:f6:29:25:12:14:62:75:83:93:92:53:54:
6d:6c:2b:1e:b4:fa:4d:35:44:58:db:67:c4:84:15:
72:41:fd:95:57:06:fc:97:69:a2:f7:d1:25:71:c5:
92:a9:26:4e:5b:99:e7:2d:bc:58:c2:34:6d:58:1c:
ae:b5:e9:09:73:cc:f1:60:37:0c:56:18:f0:0d:40:
6e:a1:a1:10:66:de:54:36:4e:76:c7:93:a5:dc:21:
cb:23:b1:13:3c:25:3d:ba:8f:1d:a3:6a:7a:aa:47:
1e:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:29:E9:14:34:44:97:EF:23:86:6B:8D:E0:7A:E9:DC:77:D8:A4:30
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/FinpFDREl-8jhmuN4Hrp3HfYpDA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.160.0/24
109.107.180.0/24
109.107.191.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:c4:3a:f0:06:95:8b:27:71:cf:2d:dc:27:54:cf:fe:3c:09:
d0:e8:c9:2a:98:a1:53:77:0f:0d:e2:9d:34:68:1e:6d:a7:33:
ab:4f:4c:79:d1:c6:94:a4:31:44:70:d4:20:44:13:8c:b9:72:
2e:c5:a5:19:f6:e3:19:8f:62:cd:1c:6b:c4:cc:51:0d:b6:a9:
7e:e9:46:83:f0:47:94:0d:42:d4:6e:b4:cf:e3:08:fe:60:50:
c0:40:60:89:1f:5e:49:44:cc:0c:1a:76:ec:1f:66:51:f1:23:
ef:bf:f1:b3:9f:03:0c:65:45:6f:e9:7b:ae:73:cc:b5:e2:22:
4f:f9:e0:0e:17:af:21:d5:0b:18:3e:0f:c0:70:ea:84:16:30:
4d:1a:1d:e5:09:ae:ee:f3:3c:4f:c6:a3:19:1f:b2:6d:dc:a5:
21:a8:44:92:b0:74:a5:60:36:61:cd:85:6d:bf:bc:3a:06:d5:
d1:3a:d5:dc:57:ec:d7:85:13:c7:2d:65:5e:d4:90:93:f0:0d:
95:69:24:26:43:7c:61:a1:61:8c:24:51:67:25:16:ce:42:fd:
f9:10:1a:0b:10:3a:d3:ce:8c:86:f7:83:a2:88:b6:18:5b:16:
e6:f8:ef:9c:d8:2f:61:5c:9f:cc:b3:e2:b7:6e:ea:3f:c5:fb:
44:48:ca:b0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYnaQeOCZcGzzozJmGCbA4CgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjMwODA5MTIyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjI5ZTkxNDM0NDQ5N2VmMjM4NjZiOGRlMDdhZTlkYzc3ZDhhNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwIzi/kCQXW1x/MybI2L6CovgmcU
PztcxCJ6t3lBfaiLcCBrarcI20KC7MsfvjCfKuvcWf8e/7Bsiv5xqaxp7p6UwOsS
0VCOFsjNrvm2jPR+/a0r/htuz6LIeiMUOwwhC1Dm1XGTbuJ1pkECdKArkTmJek9/
qL6Yb1jvsEd5FUgeAdYOnMkhiaeET6b14AhEVbSW/aNTwUX2KSUSFGJ1g5OSU1Rt
bCsetPpNNURY22fEhBVyQf2VVwb8l2mi99ElccWSqSZOW5nnLbxYwjRtWByutekJ
c8zxYDcMVhjwDUBuoaEQZt5UNk52x5Ol3CHLI7ETPCU9uo8do2p6qkcetQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBYp6RQ0RJfvI4ZrjeB66dx32KQwMB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEvRmlucEZEUkVsLThqaG11TjRIcnAzSGZZcERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbWugAwQA
bWu0AwQAbWu/MA0GCSqGSIb3DQEBCwUAA4IBAQAcxDrwBpWLJ3HPLdwnVM/+PAnQ
6MkqmKFTdw8N4p00aB5tpzOrT0x50caUpDFEcNQgRBOMuXIuxaUZ9uMZj2LNHGvE
zFENtql+6UaD8EeUDULUbrTP4wj+YFDAQGCJH15JRMwMGnbsH2ZR8SPvv/GznwMM
ZUVv6Xuuc8y14iJP+eAOF68h1QsYPg/AcOqEFjBNGh3lCa7u8zxPxqMZH7Jt3KUh
qESSsHSlYDZhzYVtv7w6BtXROtXcV+zXhRPHLWVe1JCT8A2VaSQmQ3xhoWGMJFFn
JRbOQv35EBoLEDrTzoyG94OiiLYYWxbm+O+c2C9hXJ/Ms+K3buo/xftESMqw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:05 2024 by rpki-client on console-ams.rpki-client.org