Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/PcV3fjmRS3k2kFPQhsb9M-_xJAw.roa
File: PcV3fjmRS3k2kFPQhsb9M-_xJAw.roa (raw, json)
Hash identifier: oZGraVr49qH9NjimN9/w/mSlTtrBwRLGZYeXV8DtGHY=
Subject key identifier: 3D:C5:77:7E:39:91:4B:79:36:90:53:D0:86:C6:FD:33:EF:F1:24:0C
Certificate issuer: /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial: 06197DB0
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/PcV3fjmRS3k2kFPQhsb9M-_xJAw.roa
Signing time: Sat 01 Jan 2022 06:56:41 +0000
ROA not before: Sat 01 Jan 2022 06:56:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 56340
IP address blocks: 109.248.0.0/24 maxlen: 24
46.8.0.0/22 maxlen: 22
109.248.1.0/24 maxlen: 24
109.248.2.0/24 maxlen: 24
109.248.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 102333872 (0x6197db0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Validity
Not Before: Jan 1 06:56:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3dc5777e39914b79369053d086c6fd33eff1240c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:d8:24:a9:b3:c7:ac:97:47:60:08:ec:7b:6f:
6f:8f:e1:70:a7:62:a2:21:e9:05:34:86:6d:ab:a1:
3e:92:08:09:ef:de:d5:72:93:b5:be:40:ec:34:70:
8b:cf:0e:b0:cc:b1:08:ca:e9:a6:49:91:cf:77:f2:
b5:03:73:65:81:cf:3e:f8:23:48:6c:ca:1e:11:9b:
af:c6:ca:36:72:b3:1d:43:3e:34:33:91:46:2c:66:
3a:33:c5:f6:28:13:47:61:e2:e6:26:bc:1a:01:b2:
ff:21:46:e8:19:a7:40:92:42:c0:ae:95:c4:5d:76:
c7:45:85:4f:65:f6:5e:6a:10:97:d6:4a:83:a6:52:
4f:e0:ac:15:12:c7:15:94:4b:aa:d3:36:54:da:31:
89:8b:b4:1c:24:18:af:b9:4c:d2:d2:fd:14:9c:21:
d0:dc:6f:10:74:20:0c:bb:06:a3:7f:c3:9b:30:77:
c1:a4:bc:2a:05:f4:59:c3:38:af:ae:6a:5a:5a:67:
b8:22:01:d3:9c:93:fc:89:89:a3:3e:61:5c:cf:8f:
bf:37:c7:4c:16:30:a6:0a:ec:c2:b9:8e:65:56:51:
54:c8:bf:59:35:6b:a1:d9:9e:5a:cd:0f:ff:6d:a4:
9b:6c:03:a2:b7:03:de:9e:f8:73:9b:9c:b1:bc:ef:
59:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:C5:77:7E:39:91:4B:79:36:90:53:D0:86:C6:FD:33:EF:F1:24:0C
X509v3 Authority Key Identifier:
keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/PcV3fjmRS3k2kFPQhsb9M-_xJAw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.0.0/22
109.248.0.0-109.248.2.255
109.248.217.0/24
Signature Algorithm: sha256WithRSAEncryption
cd:25:8f:71:bb:ab:1b:5f:8f:65:d3:eb:af:24:02:6b:67:0a:
90:ee:bf:af:02:e5:3c:0f:69:6e:d0:10:5d:4d:23:d0:71:db:
71:b7:d8:49:5a:ec:69:20:f2:1f:a4:19:9b:75:53:5d:84:47:
b2:a0:03:ce:66:92:87:6a:86:4f:d7:c3:01:76:b2:60:3c:de:
c5:49:d4:9f:65:f4:27:fa:f4:54:4e:c3:b0:c5:69:d6:19:62:
0a:d1:5b:b5:6d:d8:09:ad:cc:f2:8f:b5:31:17:08:70:67:f5:
5f:9b:dd:6b:0d:f1:b1:ce:34:4e:7b:db:73:e2:22:c7:32:49:
c9:57:02:ef:ee:53:bc:ee:42:77:36:24:84:d8:d7:c7:bd:e0:
01:50:7f:c3:e0:c8:1a:ef:20:77:91:48:96:af:94:c6:cb:df:
47:fa:c4:bd:b3:6f:f9:fa:54:2b:c5:f3:e0:c5:f4:2a:74:c4:
a3:64:19:ab:af:b5:6c:76:f3:92:fc:de:2f:87:14:f1:99:e1:
dc:c0:f5:7a:c7:a4:5b:3a:a1:28:d8:91:02:f5:de:12:76:fc:
e7:d9:bf:30:09:d9:35:79:4b:6c:c3:18:2c:e4:28:c8:16:8a:
bd:41:28:a3:bd:4b:69:3d:75:f1:09:40:d5:ad:73:75:83:e7:
f2:71:70:5b
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIEBhl9sDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZmNkNzNmODJjMjYwZGE4NzM4NmRjZjdiZTI2ZDVjNTQ0NTUyNmZhMB4XDTIyMDEw
MTA2NTY0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2RjNTc3N2UzOTkx
NGI3OTM2OTA1M2QwODZjNmZkMzNlZmYxMjQwYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKrYJKmzx6yXR2AI7Htvb4/hcKdioiHpBTSGbauhPpIICe/e
1XKTtb5A7DRwi88OsMyxCMrppkmRz3fytQNzZYHPPvgjSGzKHhGbr8bKNnKzHUM+
NDORRixmOjPF9igTR2Hi5ia8GgGy/yFG6BmnQJJCwK6VxF12x0WFT2X2XmoQl9ZK
g6ZST+CsFRLHFZRLqtM2VNoxiYu0HCQYr7lM0tL9FJwh0NxvEHQgDLsGo3/DmzB3
waS8KgX0WcM4r65qWlpnuCIB05yT/ImJoz5hXM+PvzfHTBYwpgrswrmOZVZRVMi/
WTVrodmeWs0P/22km2wDorcD3p74c5ucsbzvWfMCAwEAAaOCAhwwggIYMB0GA1Ud
DgQWBBQ9xXd+OZFLeTaQU9CGxv0z7/EkDDAfBgNVHSMEGDAWgBTPzXP4LCYNqHOG
3Pe+JtXFRFUm+jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3o4MXotQ3dtRGFoemh0ejN2aWJWeFVSVkp2by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGMvNDBhZGUwLTk4ZGEtNGFhNS1iODE3LTZlZGMxYjIyNTYyNS8x
L1BjVjNmam1SUzNrMmtGUFFoc2I5TS1feEpBdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGMv
NDBhZGUwLTk4ZGEtNGFhNS1iODE3LTZlZGMxYjIyNTYyNS8xL3o4MXotQ3dtRGFo
emh0ejN2aWJWeFVSVkp2by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAy
BggrBgEFBQcBBwEB/wQjMCEwHwQCAAEwGQMEAi4IADALAwMDbfgDBABt+AIDBABt
+NkwDQYJKoZIhvcNAQELBQADggEBAM0lj3G7qxtfj2XT668kAmtnCpDuv68C5TwP
aW7QEF1NI9Bx23G32Ela7Gkg8h+kGZt1U12ER7KgA85mkodqhk/XwwF2smA83sVJ
1J9l9Cf69FROw7DFadYZYgrRW7Vt2AmtzPKPtTEXCHBn9V+b3WsN8bHONE5723Pi
IscySclXAu/uU7zuQnc2JITY18e94AFQf8PgyBrvIHeRSJavlMbL30f6xL2zb/n6
VCvF8+DF9Cp0xKNkGauvtWx285L83i+HFPGZ4dzA9XrHpFs6oSjYkQL13hJ2/OfZ
vzAJ2TV5S2zDGCzkKMgWir1BKKO9S2k9dfEJQNWtc3WD5/JxcFs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:34 2024 by rpki-client on console-ams.rpki-client.org