Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/lUVWkXLwuuN3INstChx_yb4jhE4.roa
File: lUVWkXLwuuN3INstChx_yb4jhE4.roa (raw, json)
Hash identifier: mfS5cI1fPqZa5xpXc2XgJlUpjoams6j4L7eb6e3rWbU=
Subject key identifier: 95:45:56:91:72:F0:BA:E3:77:20:DB:2D:0A:1C:7F:C9:BE:23:84:4E
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 01852A0A5433AC264E0129C2A528F38F68F5
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/lUVWkXLwuuN3INstChx_yb4jhE4.roa
Signing time: Mon 19 Dec 2022 10:59:58 +0000
ROA not before: Mon 19 Dec 2022 10:59:58 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 52000
IP address blocks: 109.107.160.0/22 maxlen: 22
109.107.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2a:0a:54:33:ac:26:4e:01:29:c2:a5:28:f3:8f:68:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Dec 19 10:59:58 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9545569172f0bae37720db2d0a1c7fc9be23844e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:f8:65:10:f9:61:e6:65:db:15:05:ac:f3:e0:
cf:57:ec:72:36:7b:5a:51:3e:76:88:35:ac:fd:34:
b5:1f:f0:20:bc:94:ed:bd:52:dd:6e:94:f0:27:a6:
64:0c:25:ff:bc:4e:b9:c3:21:06:3f:81:ea:ee:b6:
6c:d7:ba:cc:8f:95:ba:41:b0:b3:44:68:d4:ba:c9:
38:e4:e6:b8:ba:50:e8:e7:8d:7c:1f:39:95:5c:c8:
b5:05:b7:78:40:b2:a2:01:c8:7d:cf:fb:35:3b:25:
9e:1e:c7:3c:81:30:fc:ac:29:26:d8:d9:70:e8:05:
c6:49:22:26:37:0a:ce:21:9c:69:5d:e5:a2:8e:aa:
88:f0:ae:54:a3:a2:ec:bf:65:05:8a:11:3a:87:00:
1a:65:15:b4:13:90:a4:1b:76:ec:db:e4:99:82:8c:
73:80:1f:4b:a2:0e:3a:85:9e:33:8e:c4:2d:55:c7:
77:f1:8b:05:c0:2c:0a:c3:b3:92:9e:c3:c0:d0:38:
13:b9:79:8d:d2:2e:b0:02:6e:d1:2b:30:5d:f7:53:
32:16:30:5e:58:a5:c6:24:78:5a:24:b9:0f:c2:81:
0b:72:9f:d8:2b:ff:ce:2d:58:24:b2:b9:da:77:89:
f7:0d:7a:9d:fc:a8:5c:71:a1:32:92:1d:de:df:50:
7b:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:45:56:91:72:F0:BA:E3:77:20:DB:2D:0A:1C:7F:C9:BE:23:84:4E
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/lUVWkXLwuuN3INstChx_yb4jhE4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.160.0/22
109.107.170.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:c3:a2:e8:f8:b6:61:80:56:e3:e7:a9:32:a4:92:52:7d:6c:
ac:8f:b9:f4:7b:7a:7f:ad:02:ff:15:5e:26:72:77:13:da:57:
48:e6:1d:39:9f:02:3a:3e:eb:49:6b:9d:74:5a:4c:92:74:ae:
45:a1:e7:58:d7:cc:de:62:a3:b9:d1:eb:82:b2:7c:83:30:0e:
83:1e:7c:dc:47:67:5a:8c:26:87:71:1f:e2:b4:32:76:fa:89:
8a:7e:91:58:59:88:97:06:af:72:5a:ea:aa:10:a8:28:82:00:
5f:e5:fc:05:e2:9d:48:62:68:a6:cf:38:bf:22:85:bb:d0:f9:
64:36:2c:db:57:a0:99:60:2a:39:4a:5c:27:1d:65:89:ec:bd:
73:f6:93:5b:19:ae:21:3c:aa:ab:1e:4b:0b:2d:ae:90:c0:a5:
f3:db:79:37:df:b8:02:0c:51:6c:87:c9:7f:d8:06:8e:b3:34:
de:92:7f:2e:58:04:a9:e6:05:4a:4a:eb:32:83:6c:fb:be:6b:
c3:51:ea:64:58:8b:bf:e8:ee:ff:fc:e0:9a:d7:c4:d2:05:aa:
93:d0:7c:5d:7b:20:e1:05:98:77:a4:c8:35:38:f3:4a:97:94:
b0:31:41:2c:ba:70:93:27:f0:ec:23:56:68:1b:e4:fd:96:1b:
f8:7b:1d:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYUqClQzrCZOASnCpSjzj2j1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjIxMjE5MTA1OTU4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTQ1NTY5MTcyZjBiYWUzNzcyMGRiMmQwYTFjN2ZjOWJlMjM4NDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPhlEPlh5mXbFQWs8+DPV+xyNnta
UT52iDWs/TS1H/AgvJTtvVLdbpTwJ6ZkDCX/vE65wyEGP4Hq7rZs17rMj5W6QbCz
RGjUusk45Oa4ulDo5418HzmVXMi1Bbd4QLKiAch9z/s1OyWeHsc8gTD8rCkm2Nlw
6AXGSSImNwrOIZxpXeWijqqI8K5Uo6Lsv2UFihE6hwAaZRW0E5CkG3bs2+SZgoxz
gB9Log46hZ4zjsQtVcd38YsFwCwKw7OSnsPA0DgTuXmN0i6wAm7RKzBd91MyFjBe
WKXGJHhaJLkPwoELcp/YK//OLVgksrnad4n3DXqd/KhccaEykh3e31B7wwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJVFVpFy8LrjdyDbLQocf8m+I4ROMB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEvbFVWV2tYTHd1dU4zSU5zdENoeF95YjRqaEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbWugAwQA
bWuqMA0GCSqGSIb3DQEBCwUAA4IBAQAbw6Lo+LZhgFbj56kypJJSfWysj7n0e3p/
rQL/FV4mcncT2ldI5h05nwI6PutJa510WkySdK5FoedY18zeYqO50euCsnyDMA6D
HnzcR2dajCaHcR/itDJ2+omKfpFYWYiXBq9yWuqqEKgoggBf5fwF4p1IYmimzzi/
IoW70PlkNizbV6CZYCo5SlwnHWWJ7L1z9pNbGa4hPKqrHksLLa6QwKXz23k337gC
DFFsh8l/2AaOszTekn8uWASp5gVKSusyg2z7vmvDUepkWIu/6O7//OCa18TSBaqT
0HxdeyDhBZh3pMg1OPNKl5SwMUEsunCTJ/DsI1ZoG+T9lhv4ex3x
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:05 2024 by rpki-client on console-ams.rpki-client.org