Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/utfkgPpv9aSYZ5S2v4DXkPqqvc4.roa
File: utfkgPpv9aSYZ5S2v4DXkPqqvc4.roa (raw, json)
Hash identifier: 2KE62ttpFqd5mOvWOL9DJ+Tl0r5w/6LM15EmoQhCUAU=
Subject key identifier: BA:D7:E4:80:FA:6F:F5:A4:98:67:94:B6:BF:80:D7:90:FA:AA:BD:CE
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 01856E38B05BC9817F6ACC1DFC566F6882D4
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/utfkgPpv9aSYZ5S2v4DXkPqqvc4.roa
Signing time: Sun 01 Jan 2023 16:44:46 +0000
ROA not before: Sun 01 Jan 2023 16:44:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202984
IP address blocks: 109.107.164.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:38:b0:5b:c9:81:7f:6a:cc:1d:fc:56:6f:68:82:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Jan 1 16:44:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bad7e480fa6ff5a4986794b6bf80d790faaabdce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:c1:f1:5f:43:2c:aa:9b:fa:5e:ad:2d:17:d2:
d0:b1:45:89:bc:00:9d:07:2e:1d:eb:40:79:fd:af:
e3:6f:90:9b:54:9a:9c:c6:10:80:34:ab:33:4f:ca:
2e:bb:9c:c9:5c:5f:f4:3c:16:d3:e4:7f:47:b9:25:
19:b1:42:75:c4:77:38:cf:7c:61:ff:49:1d:58:fd:
eb:10:50:6b:fb:ac:99:44:96:3e:b8:2f:eb:c1:53:
73:9c:ba:77:5d:46:80:1f:ed:b5:f8:b7:95:16:32:
28:0c:2d:ad:51:14:61:4c:0e:18:3d:ba:4e:25:5c:
3e:85:a7:15:de:d9:b5:4d:11:c3:be:23:3b:49:4d:
e6:51:0a:d4:53:ba:93:e9:67:1f:c4:53:fe:17:d3:
eb:5e:8a:c0:bf:d5:7f:6c:3f:60:f4:1e:6d:2f:ae:
0b:0f:39:9c:10:b7:57:9b:fa:0a:56:c8:08:e7:3c:
b8:fe:bf:c6:5e:6d:d8:8f:28:df:14:b5:ba:2e:42:
aa:7b:59:9c:c4:cb:1f:6d:c8:97:87:3e:d6:c8:bb:
c8:8a:98:8c:ff:6a:bb:9f:df:b0:26:98:71:5c:4b:
ca:43:4c:f6:02:e3:a1:c6:8e:d4:3a:86:c5:4f:09:
69:c3:9e:30:8c:07:a8:8c:cc:52:c5:5e:ea:f5:9e:
4f:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:D7:E4:80:FA:6F:F5:A4:98:67:94:B6:BF:80:D7:90:FA:AA:BD:CE
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/utfkgPpv9aSYZ5S2v4DXkPqqvc4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.164.0/23
Signature Algorithm: sha256WithRSAEncryption
4c:c8:65:5f:f4:12:7c:65:db:23:6b:6d:cf:b7:14:66:fb:73:
a7:5b:f6:9f:b5:8b:c9:41:e5:9f:0b:03:ae:e2:66:fa:35:ac:
99:54:ef:76:0c:72:54:61:fb:57:6f:ae:a3:f9:ad:c0:25:3c:
4a:b4:e4:be:67:94:2f:10:86:92:79:5d:c9:07:3c:03:bc:fb:
c6:f6:65:78:9b:f0:1d:ce:c9:40:40:56:87:61:49:6c:a7:63:
70:32:1c:25:10:bc:39:f6:7b:73:1b:34:cd:0a:0e:ea:07:d7:
d2:b8:65:14:30:c5:6b:aa:1e:40:0a:34:66:12:ab:90:8e:8a:
a6:d1:3f:d9:22:4d:39:b6:5d:2a:c6:eb:5b:e6:3e:8b:22:45:
bd:27:ea:d8:15:d0:e1:b2:da:37:29:6d:e0:91:aa:0b:d5:50:
2f:b4:82:94:97:8b:7a:9c:24:43:b1:0d:c0:5a:fd:aa:2e:81:
76:42:b1:9e:08:aa:b1:b1:91:97:4c:a4:8f:4b:0d:c0:cd:45:
99:ac:8d:ce:3a:5d:48:58:f4:b6:83:37:f7:58:48:6e:5c:a7:
55:3d:1c:c8:79:94:1a:7a:0f:8e:2f:91:9f:6a:93:e0:e9:25:
99:69:bc:3f:2f:03:60:25:7b:86:a9:0b:82:c5:fe:ea:20:63:
89:78:06:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuOLBbyYF/aswd/FZvaILUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjMwMTAxMTY0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWQ3ZTQ4MGZhNmZmNWE0OTg2Nzk0YjZiZjgwZDc5MGZhYWFiZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMHxX0Msqpv6Xq0tF9LQsUWJvACd
By4d60B5/a/jb5CbVJqcxhCANKszT8ouu5zJXF/0PBbT5H9HuSUZsUJ1xHc4z3xh
/0kdWP3rEFBr+6yZRJY+uC/rwVNznLp3XUaAH+21+LeVFjIoDC2tURRhTA4YPbpO
JVw+hacV3tm1TRHDviM7SU3mUQrUU7qT6WcfxFP+F9PrXorAv9V/bD9g9B5tL64L
DzmcELdXm/oKVsgI5zy4/r/GXm3YjyjfFLW6LkKqe1mcxMsfbciXhz7WyLvIipiM
/2q7n9+wJphxXEvKQ0z2AuOhxo7UOobFTwlpw54wjAeojMxSxV7q9Z5PKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrX5ID6b/WkmGeUtr+A15D6qr3OMB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEvdXRma2dQcHY5YVNZWjVTMnY0RFhrUHFxdmM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbWukMA0G
CSqGSIb3DQEBCwUAA4IBAQBMyGVf9BJ8Zdsja23PtxRm+3OnW/aftYvJQeWfCwOu
4mb6NayZVO92DHJUYftXb66j+a3AJTxKtOS+Z5QvEIaSeV3JBzwDvPvG9mV4m/Ad
zslAQFaHYUlsp2NwMhwlELw59ntzGzTNCg7qB9fSuGUUMMVrqh5ACjRmEquQjoqm
0T/ZIk05tl0qxutb5j6LIkW9J+rYFdDhsto3KW3gkaoL1VAvtIKUl4t6nCRDsQ3A
Wv2qLoF2QrGeCKqxsZGXTKSPSw3AzUWZrI3OOl1IWPS2gzf3WEhuXKdVPRzIeZQa
eg+OL5GfapPg6SWZabw/LwNgJXuGqQuCxf7qIGOJeAY5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:09 2024 by rpki-client on console-fra.rpki-client.org