Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/stOH_jzxgRIgPC2v4-3Da9eCLR8.roa
File: stOH_jzxgRIgPC2v4-3Da9eCLR8.roa (raw, json)
Hash identifier: YBKp0FfLObrLx38OMA/SWZmafQU+uOei4QRy0a/fngk=
Subject key identifier: B2:D3:87:FE:3C:F1:81:12:20:3C:2D:AF:E3:ED:C3:6B:D7:82:2D:1F
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 01856E38AFC9C110AE422DB38DC977B66A2C
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/stOH_jzxgRIgPC2v4-3Da9eCLR8.roa
Signing time: Sun 01 Jan 2023 16:44:46 +0000
ROA not before: Sun 01 Jan 2023 16:44:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 137263
IP address blocks: 109.107.168.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:38:af:c9:c1:10:ae:42:2d:b3:8d:c9:77:b6:6a:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Jan 1 16:44:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b2d387fe3cf18112203c2dafe3edc36bd7822d1f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:7a:f2:fd:9b:49:4a:8c:f3:2b:00:f9:6f:54:
06:4c:5f:59:8b:13:6b:a3:be:c9:d9:9b:a4:f3:d6:
30:79:bf:56:f7:7b:c3:a6:1b:2a:2a:95:89:a2:8b:
34:26:29:ed:2a:97:32:01:6e:e4:0e:f3:20:8d:19:
93:d1:93:6d:d7:8f:05:c7:ca:0c:5d:3b:a4:59:7e:
cc:94:99:6f:3a:38:45:6c:0e:72:86:8d:31:0d:f1:
53:82:05:3d:18:a3:d1:da:73:73:1c:5a:a8:92:9a:
f6:c6:0c:10:42:b6:c5:4a:59:71:36:11:4a:ef:61:
1e:64:89:0d:5c:e4:04:b1:6b:e8:33:9a:3f:1e:14:
a1:49:64:73:7f:a0:f3:a7:1f:2a:7a:f2:18:30:c2:
97:f8:6a:c4:0a:85:b1:91:d8:a4:f8:45:11:75:84:
21:d2:3f:f3:77:38:d1:34:0c:d5:97:a8:0c:fe:b7:
7b:be:d5:79:b6:f9:d0:c0:1d:ed:34:4a:60:cf:a1:
c5:d6:d0:b5:dd:e7:f6:a3:a1:82:58:7c:d4:d4:c1:
eb:85:05:15:8a:cd:b0:d5:d5:c4:6b:1a:b9:4c:38:
e0:ee:80:63:cd:20:5b:e5:83:38:dc:9c:83:ca:43:
12:09:48:aa:ae:7b:0a:53:7d:51:a6:a0:43:33:ba:
58:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:D3:87:FE:3C:F1:81:12:20:3C:2D:AF:E3:ED:C3:6B:D7:82:2D:1F
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/stOH_jzxgRIgPC2v4-3Da9eCLR8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.168.0/23
Signature Algorithm: sha256WithRSAEncryption
2b:13:5d:e8:fb:92:fe:58:bb:61:43:78:9e:4d:53:27:fb:c3:
38:00:c4:11:d7:62:da:c9:a8:00:d1:49:2f:c6:d4:8c:bb:dd:
ce:11:50:28:d3:f7:34:ab:91:bc:9f:9b:ed:81:0c:60:7d:92:
24:32:a2:85:66:01:b2:ae:31:cb:cd:3f:33:95:f3:c7:2a:05:
2f:4c:93:c5:91:a2:f2:07:c8:c8:43:ac:28:4f:b6:1e:b6:c9:
a6:87:7f:40:5d:d9:75:a2:aa:fa:97:2e:ec:88:2f:79:65:db:
21:39:c5:3a:73:87:03:e2:ec:32:14:f1:59:61:f2:7c:3d:26:
8c:1e:2d:93:80:76:51:90:25:f2:7b:00:dc:0b:f0:06:3d:48:
85:e1:3b:d4:ee:5e:bb:ae:c1:94:04:80:96:df:8f:c7:36:c0:
d7:20:35:1f:60:28:d9:9a:7e:65:18:a9:e1:45:62:4e:63:b1:
97:8c:ca:4c:e5:92:1c:89:f7:75:5f:9f:11:38:0b:a7:07:c4:
cd:dd:37:81:9e:a0:84:e7:c1:e5:d6:08:40:86:b6:cd:28:a8:
aa:c4:02:6f:ba:13:10:d1:fe:99:0e:e1:ff:64:44:92:e3:00:
ef:7f:66:c3:9b:5d:6a:b6:28:07:41:bb:0c:4d:f7:e2:7b:52:
ad:bf:e7:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuOK/JwRCuQi2zjcl3tmosMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjMwMTAxMTY0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmQzODdmZTNjZjE4MTEyMjAzYzJkYWZlM2VkYzM2YmQ3ODIyZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXry/ZtJSozzKwD5b1QGTF9ZixNr
o77J2Zuk89Yweb9W93vDphsqKpWJoos0JintKpcyAW7kDvMgjRmT0ZNt148Fx8oM
XTukWX7MlJlvOjhFbA5yho0xDfFTggU9GKPR2nNzHFqokpr2xgwQQrbFSllxNhFK
72EeZIkNXOQEsWvoM5o/HhShSWRzf6Dzpx8qevIYMMKX+GrECoWxkdik+EURdYQh
0j/zdzjRNAzVl6gM/rd7vtV5tvnQwB3tNEpgz6HF1tC13ef2o6GCWHzU1MHrhQUV
is2w1dXEaxq5TDjg7oBjzSBb5YM43JyDykMSCUiqrnsKU31RpqBDM7pYPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLTh/488YESIDwtr+Ptw2vXgi0fMB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEvc3RPSF9qenhnUklnUEMydjQtM0RhOWVDTFI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbWuoMA0G
CSqGSIb3DQEBCwUAA4IBAQArE13o+5L+WLthQ3ieTVMn+8M4AMQR12LayagA0Ukv
xtSMu93OEVAo0/c0q5G8n5vtgQxgfZIkMqKFZgGyrjHLzT8zlfPHKgUvTJPFkaLy
B8jIQ6woT7Yetsmmh39AXdl1oqr6ly7siC95ZdshOcU6c4cD4uwyFPFZYfJ8PSaM
Hi2TgHZRkCXyewDcC/AGPUiF4TvU7l67rsGUBICW34/HNsDXIDUfYCjZmn5lGKnh
RWJOY7GXjMpM5ZIcifd1X58ROAunB8TN3TeBnqCE58Hl1ghAhrbNKKiqxAJvuhMQ
0f6ZDuH/ZESS4wDvf2bDm11qtigHQbsMTffie1Ktv+fK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:09 2024 by rpki-client on console-fra.rpki-client.org