Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/yAqOrmIumRYqIHPVjvPINYnGPzQ.roa
File: yAqOrmIumRYqIHPVjvPINYnGPzQ.roa (raw, json)
Hash identifier: J9/WyFNmp14VmZOQT8jihQ8TYkbcMNVTHEr0XYVMCNs=
Subject key identifier: C8:0A:8E:AE:62:2E:99:16:2A:20:73:D5:8E:F3:C8:35:89:C6:3F:34
Certificate issuer: /CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Certificate serial: 018B721E29642C19AD1E17D86CFAE00D0443
Authority key identifier: 7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/yAqOrmIumRYqIHPVjvPINYnGPzQ.roa
Signing time: Fri 27 Oct 2023 17:11:01 +0000
ROA not before: Fri 27 Oct 2023 17:11:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210644
IP address blocks: 109.107.181.0/24 maxlen: 24
109.107.189.0/24 maxlen: 24
109.107.190.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:72:1e:29:64:2c:19:ad:1e:17:d8:6c:fa:e0:0d:04:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acfd0797e2d9bd3539d195a031241a56a02a16a
Validity
Not Before: Oct 27 17:11:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c80a8eae622e99162a2073d58ef3c83589c63f34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:fc:62:54:c7:b7:27:90:fa:ca:e1:87:f5:96:
27:04:85:18:2c:8c:73:02:8a:54:4f:04:14:2f:1a:
ef:f1:95:db:08:33:c2:20:dc:c5:b6:64:bf:0d:95:
9b:e4:86:48:3d:9c:3b:3a:91:72:10:20:9e:5b:d0:
f4:6c:a9:01:27:ee:63:73:91:5e:1d:81:dc:37:36:
d9:06:3a:70:cc:1f:9b:3e:48:fc:4c:ce:94:24:3d:
95:ea:60:0c:c0:c6:a8:8d:ab:fc:94:b9:7d:6a:81:
fd:be:69:1a:da:53:de:7f:21:18:16:a2:9b:22:79:
1d:48:be:84:2a:ce:5a:ba:c1:9b:13:9b:0c:bd:31:
8b:ff:ec:dd:57:e7:b0:21:48:ad:6f:0e:bc:4f:1c:
47:f0:09:37:d5:6d:f8:00:c5:e7:a1:5d:11:0c:df:
7d:e3:8e:2c:f0:8b:57:7c:60:99:c6:a3:98:d2:fc:
bc:43:c1:25:ef:60:a9:96:f1:61:52:a9:20:96:40:
0c:59:78:c3:38:0f:0f:dc:86:b7:84:08:28:c5:25:
30:78:40:5b:8e:94:53:54:3d:6e:c7:1c:4a:25:02:
41:f5:fc:65:ad:31:3e:3a:3e:78:3c:fb:ad:88:67:
00:bd:bc:a1:82:52:ca:dd:c2:1f:1c:de:8a:dc:28:
ac:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:0A:8E:AE:62:2E:99:16:2A:20:73:D5:8E:F3:C8:35:89:C6:3F:34
X509v3 Authority Key Identifier:
keyid:7A:CF:D0:79:7E:2D:9B:D3:53:9D:19:5A:03:12:41:A5:6A:02:A1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es_QeX4tm9NTnRlaAxJBpWoCoWo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/yAqOrmIumRYqIHPVjvPINYnGPzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/afbab5-adcf-4e57-92ea-9f4025571cba/1/es_QeX4tm9NTnRlaAxJBpWoCoWo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.107.181.0/24
109.107.189.0-109.107.190.255
Signature Algorithm: sha256WithRSAEncryption
72:be:78:f8:08:bb:09:86:80:a8:ca:23:a6:e6:cc:45:25:a4:
ce:c1:a8:6d:73:04:7c:0a:60:f6:c9:03:8a:20:7b:d2:ea:b5:
f1:3e:4b:6a:f6:e9:fb:2c:86:f9:9c:be:49:c0:86:06:d7:da:
f1:05:48:76:2a:d4:8b:bd:27:b9:d5:c8:c9:af:73:9d:63:e5:
bf:3c:58:f1:88:e6:05:92:a2:64:7b:a9:48:86:20:0a:a0:77:
6b:da:cf:a8:f9:04:66:3f:82:39:4f:ee:84:fd:35:6c:11:4d:
a6:07:5f:9b:c6:00:23:8e:88:31:3e:ec:ee:a7:9c:45:a1:15:
aa:42:82:04:98:b7:48:fc:f7:9a:34:77:37:a5:30:ff:d4:e4:
a5:3d:ee:6b:7a:d3:d8:00:58:a7:70:55:a3:bb:e3:10:2d:b9:
cb:35:4a:42:50:22:82:62:f9:05:99:31:19:b4:06:a7:67:72:
0b:c2:f9:4c:c3:37:89:4c:e1:1e:8d:e7:9d:fb:b9:31:70:34:
19:35:6a:06:d8:37:34:59:eb:7e:61:53:13:e3:d2:95:5c:be:
7c:e3:db:68:2c:b1:c0:ef:ec:80:fa:09:18:6c:b1:18:89:9e:
f0:cb:32:02:88:7a:c5:bd:23:6a:a1:de:2c:60:90:be:96:94:
a5:09:89:fa
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYtyHilkLBmtHhfYbPrgDQRDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2ZkMDc5N2UyZDliZDM1MzlkMTk1YTAzMTI0MWE1NmEw
MmExNmEwHhcNMjMxMDI3MTcxMTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODBhOGVhZTYyMmU5OTE2MmEyMDczZDU4ZWYzYzgzNTg5YzYzZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/xiVMe3J5D6yuGH9ZYnBIUYLIxz
AopUTwQULxrv8ZXbCDPCINzFtmS/DZWb5IZIPZw7OpFyECCeW9D0bKkBJ+5jc5Fe
HYHcNzbZBjpwzB+bPkj8TM6UJD2V6mAMwMaojav8lLl9aoH9vmka2lPefyEYFqKb
InkdSL6EKs5ausGbE5sMvTGL/+zdV+ewIUitbw68TxxH8Ak31W34AMXnoV0RDN99
444s8ItXfGCZxqOY0vy8Q8El72CplvFhUqkglkAMWXjDOA8P3Ia3hAgoxSUweEBb
jpRTVD1uxxxKJQJB9fxlrTE+Oj54PPutiGcAvbyhglLK3cIfHN6K3CisiwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMgKjq5iLpkWKiBz1Y7zyDWJxj80MB8GA1UdIwQY
MBaAFHrP0Hl+LZvTU50ZWgMSQaVqAqFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEt
OWY0MDI1NTcxY2JhLzEveUFxT3JtSXVtUllxSUhQVmp2UElOWW5HUHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hZmJhYjUtYWRjZi00ZTU3LTkyZWEtOWY0MDI1NTcxY2Jh
LzEvZXNfUWVYNHRtOU5UblJsYUF4SkJwV29Db1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAbWu1MAwD
BABta70DBABta74wDQYJKoZIhvcNAQELBQADggEBAHK+ePgIuwmGgKjKI6bmzEUl
pM7BqG1zBHwKYPbJA4oge9LqtfE+S2r26fsshvmcvknAhgbX2vEFSHYq1Iu9J7nV
yMmvc51j5b88WPGI5gWSomR7qUiGIAqgd2vaz6j5BGY/gjlP7oT9NWwRTaYHX5vG
ACOOiDE+7O6nnEWhFapCggSYt0j895o0dzelMP/U5KU97mt609gAWKdwVaO74xAt
ucs1SkJQIoJi+QWZMRm0BqdncgvC+UzDN4lM4R6N5537uTFwNBk1agbYNzRZ635h
UxPj0pVcvnzj22gsscDv7ID6CRhssRiJnvDLMgKIesW9I2qh3ixgkL6WlKUJifo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:06 2024 by rpki-client on console-ams.rpki-client.org