Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Ws2O9tkp0XzaNdojgCiiO2oJd5c.roa
File: Ws2O9tkp0XzaNdojgCiiO2oJd5c.roa (raw, json)
Hash identifier: 7at71Wmxd8XzokcqWiUneJ3Kpmt3H3ZhpdtW8+u03FY=
Subject key identifier: 5A:CD:8E:F6:D9:29:D1:7C:DA:35:DA:23:80:28:A2:3B:6A:09:77:97
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 018AF18D14B78637F9FFCE8E7CDB5D1D0A25
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Ws2O9tkp0XzaNdojgCiiO2oJd5c.roa
Signing time: Mon 02 Oct 2023 18:01:09 +0000
ROA not before: Mon 02 Oct 2023 18:01:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212441
IP address blocks: 109.107.185.0/24 maxlen: 24
109.107.186.0/24 maxlen: 24
109.107.184.0/24 maxlen: 24
109.107.187.0/24 maxlen: 24
109.107.188.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:f1:8d:14:b7:86:37:f9:ff:ce:8e:7c:db:5d:1d:0a:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Oct 2 18:01:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5acd8ef6d929d17cda35da238028a23b6a097797
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:90:f8:90:7d:11:28:53:8f:9a:be:2a:05:d0:
f9:3c:40:ed:a0:be:3d:ee:5a:3a:87:05:f7:c4:1b:
a7:ea:84:0b:55:a3:ec:28:b6:2f:6b:d4:5d:e2:11:
34:8a:26:c6:99:00:da:c3:b2:8f:db:28:62:fb:49:
0e:25:1f:80:2d:49:f1:24:56:8c:47:73:51:b0:73:
4d:6a:a2:bd:37:1d:b8:79:c9:ec:1a:c3:68:f0:fb:
f9:09:27:12:c8:ca:69:c9:8e:0b:49:d2:d9:44:cc:
28:0c:ae:96:2d:e2:51:f8:9d:93:00:70:b0:7b:2a:
70:d7:4e:eb:83:ed:7a:92:86:f7:3f:38:44:e4:7c:
5f:7d:aa:b3:a3:7d:55:79:1e:1c:7d:a1:c2:b9:3b:
99:91:64:d3:2c:36:15:60:fe:b5:58:a6:f3:a8:13:
ed:94:30:0c:78:e2:82:b1:89:ec:5f:3e:40:b2:ed:
21:3d:8b:7f:ba:01:40:c3:d8:71:db:88:01:19:9e:
52:f2:cc:df:c2:39:ca:6a:cc:f6:24:86:c7:a4:c2:
80:7c:d2:04:97:e0:8b:a6:9d:b7:07:0b:9a:86:24:
16:8c:ea:9e:56:3f:0c:34:5e:b6:a1:73:58:95:c6:
bc:3e:9b:6b:d6:5d:ef:ad:0a:b2:a3:ba:dc:4e:32:
96:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:CD:8E:F6:D9:29:D1:7C:DA:35:DA:23:80:28:A2:3B:6A:09:77:97
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/Ws2O9tkp0XzaNdojgCiiO2oJd5c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.184.0-109.107.188.255
Signature Algorithm: sha256WithRSAEncryption
67:84:77:fe:f2:5e:bf:4d:6a:05:46:2c:d3:3c:17:92:9d:77:
b6:14:90:d1:c6:f0:aa:94:19:9b:89:f0:9e:c8:f9:9d:8f:7a:
32:1f:4a:f0:ee:89:f6:ae:29:0d:6e:78:33:78:7f:1d:cc:6f:
8c:f3:3d:ab:8b:ed:f2:39:52:0f:03:0f:cf:14:39:40:68:4e:
5f:91:87:ab:d4:2b:51:11:1b:a9:97:b0:58:fd:48:2a:14:86:
a8:27:65:17:21:61:5e:53:ab:4d:04:c5:73:76:b4:9a:5a:31:
5d:f8:dd:18:a0:45:03:33:99:dd:9c:c8:c4:ff:fd:7d:12:24:
1f:00:f4:83:76:a3:e9:be:68:2e:46:3b:fa:de:a2:1f:bb:1b:
a3:65:5e:e7:10:dd:7b:fe:0a:5e:5f:d1:48:4b:40:60:16:f9:
4e:22:42:53:55:6c:62:21:a4:8c:1b:30:44:67:32:9b:d4:00:
d9:76:0a:a4:c3:c2:17:24:7d:1a:c1:05:64:f6:f1:3e:7a:f1:
ca:e7:de:55:a5:87:84:f3:c3:94:87:c6:5b:bb:d6:b6:71:7e:
1f:47:c9:f4:2d:c5:9c:2b:61:14:ef:f0:e9:41:0d:ae:e6:75:
00:4f:3c:cb:d9:e9:bf:6e:56:4d:99:ba:07:28:87:06:37:fa:
a4:b2:30:4d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYrxjRS3hjf5/86OfNtdHQolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjMxMDAyMTgwMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWNkOGVmNmQ5MjlkMTdjZGEzNWRhMjM4MDI4YTIzYjZhMDk3Nzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJD4kH0RKFOPmr4qBdD5PEDtoL49
7lo6hwX3xBun6oQLVaPsKLYva9Rd4hE0iibGmQDaw7KP2yhi+0kOJR+ALUnxJFaM
R3NRsHNNaqK9Nx24ecnsGsNo8Pv5CScSyMppyY4LSdLZRMwoDK6WLeJR+J2TAHCw
eypw107rg+16kob3PzhE5Hxffaqzo31VeR4cfaHCuTuZkWTTLDYVYP61WKbzqBPt
lDAMeOKCsYnsXz5Asu0hPYt/ugFAw9hx24gBGZ5S8szfwjnKasz2JIbHpMKAfNIE
l+CLpp23BwuahiQWjOqeVj8MNF62oXNYlca8Pptr1l3vrQqyo7rcTjKW9wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFrNjvbZKdF82jXaI4AoojtqCXeXMB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEvV3MyTzl0a3AwWHphTmRvamdDaWlPMm9KZDVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANta7gD
BABta7wwDQYJKoZIhvcNAQELBQADggEBAGeEd/7yXr9NagVGLNM8F5Kdd7YUkNHG
8KqUGZuJ8J7I+Z2PejIfSvDuifauKQ1ueDN4fx3Mb4zzPauL7fI5Ug8DD88UOUBo
Tl+Rh6vUK1ERG6mXsFj9SCoUhqgnZRchYV5Tq00ExXN2tJpaMV343RigRQMzmd2c
yMT//X0SJB8A9IN2o+m+aC5GO/reoh+7G6NlXucQ3Xv+Cl5f0UhLQGAW+U4iQlNV
bGIhpIwbMERnMpvUANl2CqTDwhckfRrBBWT28T568crn3lWlh4Tzw5SHxlu71rZx
fh9HyfQtxZwrYRTv8OlBDa7mdQBPPMvZ6b9uVk2ZugcohwY3+qSyME0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:09 2024 by rpki-client on console-fra.rpki-client.org