Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Q-t-c7Ca1nfb-voxdWK6UzE-Zvg.roa
File: Q-t-c7Ca1nfb-voxdWK6UzE-Zvg.roa (raw, json)
Hash identifier: O6ZxZpl+zjViw8JnJgNKyCqv4qqUPvEKoPnDeyGJHSA=
Subject key identifier: 43:EB:7E:73:B0:9A:D6:77:DB:FA:FA:31:75:62:BA:53:31:3E:66:F8
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 018A3C609F433A3E1196CA90B438CF9E3A10
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Q-t-c7Ca1nfb-voxdWK6UzE-Zvg.roa
Signing time: Mon 28 Aug 2023 13:41:19 +0000
ROA not before: Mon 28 Aug 2023 13:41:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212441
IP address blocks: 109.107.185.0/24 maxlen: 24
109.107.186.0/24 maxlen: 24
109.107.184.0/24 maxlen: 24
109.107.182.0/24 maxlen: 24
109.107.183.0/24 maxlen: 24
109.107.181.0/24 maxlen: 24
109.107.189.0/24 maxlen: 24
109.107.187.0/24 maxlen: 24
109.107.188.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:3c:60:9f:43:3a:3e:11:96:ca:90:b4:38:cf:9e:3a:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Aug 28 13:41:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=43eb7e73b09ad677dbfafa317562ba53313e66f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:49:39:a2:5f:c0:fe:5a:c7:4f:49:d5:51:71:
da:29:e8:d7:54:ad:e0:dc:a6:d3:7e:a9:ef:ee:2d:
67:9f:0d:e8:21:90:b9:f3:d8:13:cf:f7:6e:e4:39:
17:85:d8:58:f5:fd:7f:e4:aa:aa:a4:8a:6a:1d:cb:
7c:41:a0:49:3d:80:28:bc:f0:76:35:c6:a9:0c:b5:
31:df:a6:37:59:85:6d:b8:47:ee:86:e0:10:93:cc:
e1:3a:a6:6a:e0:c1:54:6c:e3:0d:ae:07:9a:da:44:
21:5a:c4:9a:24:9c:0b:b1:45:ca:84:be:96:16:c6:
5c:8a:76:d4:b6:28:e4:f1:15:26:4e:f2:12:a4:26:
49:32:4e:5b:ed:f3:1d:50:fa:29:7e:85:97:58:c2:
07:12:bc:90:3f:4b:92:4b:92:44:f7:b9:44:4b:2d:
3a:b5:75:7c:b7:18:e7:a7:af:46:f5:aa:59:ce:16:
0c:76:82:0c:5e:13:27:d7:7e:72:6f:34:bf:af:02:
a0:53:89:15:c8:b6:9f:2b:e4:51:fd:d5:8f:7b:a6:
e0:75:47:98:e7:13:bd:67:0b:78:70:bf:8d:ef:c0:
42:c8:28:9d:73:12:e4:0a:18:46:f1:af:3f:cb:93:
33:20:07:d8:e8:ba:04:e0:19:ae:ae:f3:ad:8c:31:
52:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:EB:7E:73:B0:9A:D6:77:DB:FA:FA:31:75:62:BA:53:31:3E:66:F8
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Q-t-c7Ca1nfb-voxdWK6UzE-Zvg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.181.0-109.107.189.255
Signature Algorithm: sha256WithRSAEncryption
70:39:83:53:77:66:c6:1e:e6:83:ed:51:00:e6:42:61:58:37:
53:2c:95:f1:55:0e:25:ca:c6:1f:54:7d:f7:58:d7:f2:58:2e:
ab:33:2f:8b:79:2a:af:b4:3d:41:f4:34:3a:a5:af:14:34:52:
f0:3b:ff:0c:2b:ce:f3:18:12:0a:40:9c:52:56:58:f4:0a:32:
28:fc:38:38:78:5f:d5:89:55:da:ec:8f:d4:26:39:21:08:8c:
4e:ff:5e:bb:3c:18:21:e4:c8:54:ad:03:65:6e:95:1e:0b:4b:
2a:d7:91:5a:37:6f:86:64:cc:a9:96:12:6a:1e:f4:e7:3d:81:
6c:9a:c1:fe:f6:22:de:c1:ab:59:25:58:ca:5e:7d:52:70:de:
53:93:8f:f6:71:9f:24:56:51:bb:13:6f:e4:63:ba:ef:6d:98:
97:67:bd:c5:a1:1d:4e:3c:1f:c0:c3:28:23:9a:31:9d:68:8a:
fe:d6:61:5b:63:a5:bb:35:ab:ce:5f:3c:1e:31:72:65:b1:e4:
b1:0a:d3:d8:bf:f0:ab:77:40:56:08:97:d1:80:c9:2b:60:0f:
0a:f0:00:53:df:2b:d3:9b:0f:b0:be:66:5a:f4:e5:b0:c6:6d:
d5:7f:02:b7:96:a9:60:3d:6c:56:66:8a:d7:43:a3:bf:89:d1:
f0:40:5a:66
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYo8YJ9DOj4RlsqQtDjPnjoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjMwODI4MTM0MTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ViN2U3M2IwOWFkNjc3ZGJmYWZhMzE3NTYyYmE1MzMxM2U2NmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokk5ol/A/lrHT0nVUXHaKejXVK3g
3KbTfqnv7i1nnw3oIZC589gTz/du5DkXhdhY9f1/5KqqpIpqHct8QaBJPYAovPB2
NcapDLUx36Y3WYVtuEfuhuAQk8zhOqZq4MFUbOMNrgea2kQhWsSaJJwLsUXKhL6W
FsZcinbUtijk8RUmTvISpCZJMk5b7fMdUPopfoWXWMIHEryQP0uSS5JE97lESy06
tXV8txjnp69G9apZzhYMdoIMXhMn135ybzS/rwKgU4kVyLafK+RR/dWPe6bgdUeY
5xO9Zwt4cL+N78BCyCidcxLkChhG8a8/y5MzIAfY6LoE4BmurvOtjDFS5QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEPrfnOwmtZ32/r6MXViulMxPmb4MB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEvUS10LWM3Q2ExbmZiLXZveGRXSzZVekUtWnZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABta7UD
BAFta7wwDQYJKoZIhvcNAQELBQADggEBAHA5g1N3ZsYe5oPtUQDmQmFYN1MslfFV
DiXKxh9UffdY1/JYLqszL4t5Kq+0PUH0NDqlrxQ0UvA7/wwrzvMYEgpAnFJWWPQK
Mij8ODh4X9WJVdrsj9QmOSEIjE7/Xrs8GCHkyFStA2VulR4LSyrXkVo3b4ZkzKmW
Emoe9Oc9gWyawf72It7Bq1klWMpefVJw3lOTj/ZxnyRWUbsTb+Rjuu9tmJdnvcWh
HU48H8DDKCOaMZ1oiv7WYVtjpbs1q85fPB4xcmWx5LEK09i/8Kt3QFYIl9GAyStg
DwrwAFPfK9ObD7C+Zlr05bDGbdV/AreWqWA9bFZmitdDo7+J0fBAWmY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:05 2024 by rpki-client on console-ams.rpki-client.org