Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Sf45_mHLcC0a8cfjf-RV9FauSlU.roa
File: Sf45_mHLcC0a8cfjf-RV9FauSlU.roa (raw, json)
Hash identifier: H9G0Ap/YB3VYuohrBH6aD6iDrZxBNj2VwXDO+5GBC7w=
Subject key identifier: 49:FE:39:FE:61:CB:70:2D:1A:F1:C7:E3:7F:E4:55:F4:56:AE:4A:55
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 01856E38AD74073D346B0653D78F47411AC0
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Sf45_mHLcC0a8cfjf-RV9FauSlU.roa
Signing time: Sun 01 Jan 2023 16:44:46 +0000
ROA not before: Sun 01 Jan 2023 16:44:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52000
IP address blocks: 109.107.160.0/22 maxlen: 22
109.107.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:38:ad:74:07:3d:34:6b:06:53:d7:8f:47:41:1a:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Jan 1 16:44:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=49fe39fe61cb702d1af1c7e37fe455f456ae4a55
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:29:64:43:5b:a3:5a:2b:29:a1:47:77:ce:85:
78:d1:bb:5f:07:5b:d0:e1:b5:74:48:68:e3:7f:9a:
4a:c5:d9:57:86:21:97:38:a4:21:94:5f:38:e8:a0:
ed:b3:96:a1:81:ea:05:c0:4f:1e:5e:88:35:5c:64:
6b:d9:dc:fc:c2:55:86:fb:c1:ff:3b:65:50:f6:97:
9f:4e:69:3f:c7:37:1b:c5:8f:95:88:51:57:e8:c1:
43:3b:0a:e8:5f:9e:61:48:5c:4d:22:a9:7d:54:76:
30:c5:7f:8c:1c:d0:ce:fc:e5:93:38:d3:b8:f4:3c:
8f:3f:51:c8:00:15:e0:36:60:6b:8d:47:cd:79:23:
d9:15:26:b0:94:3f:fc:1f:03:75:c0:ea:49:06:f4:
68:86:d4:65:59:05:4f:a4:ca:2b:21:2a:ef:38:cb:
c3:0b:11:7e:35:12:19:46:0b:06:f0:d4:0e:98:79:
44:29:79:97:8b:0b:57:16:1f:56:6c:fe:d1:2e:c9:
78:96:be:b0:19:4b:0b:0c:92:ea:fc:86:b3:f8:66:
2c:66:11:16:6e:45:56:51:27:10:d1:cc:2f:d7:7e:
21:87:ba:ae:11:e8:1e:04:53:a7:ad:a9:f3:c3:e0:
18:1c:93:e1:19:fd:66:96:a4:47:7e:5e:7f:7b:44:
6f:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:FE:39:FE:61:CB:70:2D:1A:F1:C7:E3:7F:E4:55:F4:56:AE:4A:55
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Sf45_mHLcC0a8cfjf-RV9FauSlU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.160.0/22
109.107.170.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:d6:b6:b3:00:42:b3:38:d8:e6:c7:60:a7:f8:b3:8d:05:87:
c6:fd:bd:b5:19:a0:0d:d8:48:a3:3c:f4:81:ed:fd:37:8c:de:
b1:9d:41:a0:05:5c:5f:96:92:ff:6c:19:1e:1a:c5:f8:fd:31:
c3:9e:d6:40:1a:36:dc:a6:8b:2b:17:54:68:40:38:d2:eb:d0:
c8:09:a5:2c:45:ab:59:56:5e:8f:aa:49:eb:8b:f0:0f:e7:0e:
ab:70:a7:07:fd:a9:ee:c8:0a:fc:47:e0:dd:9c:98:1b:a9:46:
19:7e:87:2f:54:72:4b:ab:18:ec:5c:41:58:da:6f:ac:94:ca:
12:cd:a7:a4:a5:95:08:cf:05:18:40:95:bf:a7:1c:c1:84:93:
91:c1:3b:37:8c:45:29:8a:7a:5a:ae:6d:92:ef:51:ab:01:13:
a2:9f:d4:bd:c0:b8:d1:14:0c:3f:62:2b:44:a8:f9:ea:28:d8:
bb:72:9e:e6:ad:c3:72:f9:a5:d0:3e:b5:dd:80:02:d0:07:e1:
36:a8:07:21:c6:10:f8:02:94:1b:bb:79:0b:16:c6:dd:97:93:
b4:bf:bc:f2:b0:81:2f:ab:90:dc:46:89:10:64:27:3e:38:5a:
28:b7:09:61:03:5e:39:e9:ab:f3:5c:1a:8f:82:a8:3a:2b:0a:
f8:f5:a4:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVuOK10Bz00awZT149HQRrAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjMwMTAxMTY0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWZlMzlmZTYxY2I3MDJkMWFmMWM3ZTM3ZmU0NTVmNDU2YWU0YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzylkQ1ujWispoUd3zoV40btfB1vQ
4bV0SGjjf5pKxdlXhiGXOKQhlF846KDts5ahgeoFwE8eXog1XGRr2dz8wlWG+8H/
O2VQ9pefTmk/xzcbxY+ViFFX6MFDOwroX55hSFxNIql9VHYwxX+MHNDO/OWTONO4
9DyPP1HIABXgNmBrjUfNeSPZFSawlD/8HwN1wOpJBvRohtRlWQVPpMorISrvOMvD
CxF+NRIZRgsG8NQOmHlEKXmXiwtXFh9WbP7RLsl4lr6wGUsLDJLq/Iaz+GYsZhEW
bkVWUScQ0cwv134hh7quEegeBFOnranzw+AYHJPhGf1mlqRHfl5/e0RveQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEn+Of5hy3AtGvHH43/kVfRWrkpVMB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEvU2Y0NV9tSExjQzBhOGNmamYtUlY5RmF1U2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbWugAwQA
bWuqMA0GCSqGSIb3DQEBCwUAA4IBAQCP1razAEKzONjmx2Cn+LONBYfG/b21GaAN
2EijPPSB7f03jN6xnUGgBVxflpL/bBkeGsX4/THDntZAGjbcposrF1RoQDjS69DI
CaUsRatZVl6Pqknri/AP5w6rcKcH/anuyAr8R+DdnJgbqUYZfocvVHJLqxjsXEFY
2m+slMoSzaekpZUIzwUYQJW/pxzBhJORwTs3jEUpinparm2S71GrAROin9S9wLjR
FAw/YitEqPnqKNi7cp7mrcNy+aXQPrXdgALQB+E2qAchxhD4ApQbu3kLFsbdl5O0
v7zysIEvq5DcRokQZCc+OFootwlhA1456avzXBqPgqg6Kwr49aQs
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:05 2024 by rpki-client on console-ams.rpki-client.org