Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/58bac7-0f52-4e70-9d9f-6a0ad6bc8240/1/vlQd0sB6GP2jw0lqwZmo4VJMeKk.roa
File: vlQd0sB6GP2jw0lqwZmo4VJMeKk.roa (raw, json)
Hash identifier: 69b6Q82r0fnGvEFgzxoCrI+jZCCm+gL/BZ5u+uT2SNA=
Subject key identifier: BE:54:1D:D2:C0:7A:18:FD:A3:C3:49:6A:C1:99:A8:E1:52:4C:78:A9
Certificate issuer: /CN=57b02b5f682c0955f4cf47a35f8bb0c2b57f3a75
Certificate serial: 01856D0A7F75E331054D2944009A21D3C784
Authority key identifier: 57:B0:2B:5F:68:2C:09:55:F4:CF:47:A3:5F:8B:B0:C2:B5:7F:3A:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V7ArX2gsCVX0z0ejX4uwwrV_OnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/58bac7-0f52-4e70-9d9f-6a0ad6bc8240/1/vlQd0sB6GP2jw0lqwZmo4VJMeKk.roa
Signing time: Sun 01 Jan 2023 11:14:42 +0000
ROA not before: Sun 01 Jan 2023 11:14:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39259
IP address blocks: 109.230.210.0/24 maxlen: 24
2a05:c680::/29 maxlen: 29
2a05:c680:53::/48 maxlen: 48
2a0c:e6c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:0a:7f:75:e3:31:05:4d:29:44:00:9a:21:d3:c7:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=57b02b5f682c0955f4cf47a35f8bb0c2b57f3a75
Validity
Not Before: Jan 1 11:14:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=be541dd2c07a18fda3c3496ac199a8e1524c78a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:42:03:d0:95:d8:dd:1c:5c:bf:04:b9:52:d6:
de:f2:b5:25:bc:c5:39:43:db:6a:3e:6c:cc:c3:13:
57:15:46:45:42:be:41:4c:cc:ba:4d:2d:8c:c8:c7:
15:78:90:72:9c:c2:a9:29:ea:89:26:6d:d6:3d:c8:
b2:22:29:c7:64:bf:36:f7:47:59:b4:07:69:03:18:
a0:b8:7c:84:c7:d9:f6:67:2c:bb:46:35:80:20:0b:
cc:7a:9a:92:94:e5:58:74:af:4f:4f:b1:f2:23:5e:
6a:70:68:0e:fc:03:ac:57:39:55:d9:40:f0:9b:61:
43:9e:e2:e9:48:41:07:86:de:49:42:87:50:7a:db:
9a:29:4e:43:2b:64:66:d8:3a:21:48:7a:3b:02:33:
bb:d3:9d:43:5b:b0:b1:24:3c:fa:f1:51:d4:fd:81:
ac:5d:0d:ee:ee:18:41:d4:03:cc:e6:57:bf:b5:7f:
02:c3:c4:02:8b:76:65:cf:fc:b5:b1:50:96:ab:df:
b2:34:7a:42:85:49:5c:62:e0:89:20:bf:06:4d:b9:
cd:d4:c6:88:88:94:74:32:63:92:3e:cb:45:f0:ae:
b4:12:1a:9c:f7:17:c9:b6:6c:06:b3:81:72:58:67:
20:f5:09:a6:6e:00:a7:68:fb:0e:6b:16:8e:89:48:
f7:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:54:1D:D2:C0:7A:18:FD:A3:C3:49:6A:C1:99:A8:E1:52:4C:78:A9
X509v3 Authority Key Identifier:
keyid:57:B0:2B:5F:68:2C:09:55:F4:CF:47:A3:5F:8B:B0:C2:B5:7F:3A:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V7ArX2gsCVX0z0ejX4uwwrV_OnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/58bac7-0f52-4e70-9d9f-6a0ad6bc8240/1/vlQd0sB6GP2jw0lqwZmo4VJMeKk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/58bac7-0f52-4e70-9d9f-6a0ad6bc8240/1/V7ArX2gsCVX0z0ejX4uwwrV_OnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.210.0/24
IPv6:
2a05:c680::/29
2a0c:e6c0::/29
Signature Algorithm: sha256WithRSAEncryption
28:c1:19:0a:8b:fc:b9:35:e6:5a:1e:c1:5f:62:c7:db:87:90:
5f:28:e9:a8:3a:ba:95:05:ca:02:04:84:88:93:e0:60:2e:58:
87:6a:a5:26:1e:03:73:d6:8a:23:00:31:97:48:50:20:22:1a:
13:06:df:f0:a9:6e:d0:45:20:64:e9:89:84:6f:1e:ff:4b:95:
60:3c:16:b6:83:43:f9:6a:41:85:71:f1:a5:96:01:5c:3b:7b:
8a:c7:01:a8:61:a8:9f:10:d4:52:a5:9f:d4:c8:41:0f:a3:b0:
38:b7:d0:f1:f5:8c:28:26:5a:83:ef:0b:7a:a4:db:aa:40:36:
60:e6:ad:dd:ba:a2:5d:70:3b:be:1c:d2:f6:2f:41:14:97:89:
ce:28:b9:b8:73:4e:79:ec:49:56:7b:b9:93:a1:49:1b:91:9f:
32:9e:ae:71:19:f3:b4:cf:12:de:e5:5c:9a:39:d4:16:56:42:
cc:8c:63:96:6a:9a:4e:1e:22:8d:fa:de:49:50:ac:6c:c7:4a:
18:4b:28:17:0c:fe:71:cf:45:3a:93:d4:1c:6c:58:be:09:bd:
29:ad:03:fa:ed:bb:9c:83:ed:da:38:ef:46:74:a6:60:12:ef:
62:3a:cc:9d:b5:39:2c:80:5d:f5:ca:c2:3b:32:38:47:df:61:
d9:5c:69:02
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYVtCn914zEFTSlEAJoh08eEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YjAyYjVmNjgyYzA5NTVmNGNmNDdhMzVmOGJiMGMyYjU3
ZjNhNzUwHhcNMjMwMTAxMTExNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTU0MWRkMmMwN2ExOGZkYTNjMzQ5NmFjMTk5YThlMTUyNGM3OGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEID0JXY3RxcvwS5Utbe8rUlvMU5
Q9tqPmzMwxNXFUZFQr5BTMy6TS2MyMcVeJBynMKpKeqJJm3WPciyIinHZL8290dZ
tAdpAxiguHyEx9n2Zyy7RjWAIAvMepqSlOVYdK9PT7HyI15qcGgO/AOsVzlV2UDw
m2FDnuLpSEEHht5JQodQetuaKU5DK2Rm2DohSHo7AjO7051DW7CxJDz68VHU/YGs
XQ3u7hhB1APM5le/tX8Cw8QCi3Zlz/y1sVCWq9+yNHpChUlcYuCJIL8GTbnN1MaI
iJR0MmOSPstF8K60Ehqc9xfJtmwGs4FyWGcg9QmmbgCnaPsOaxaOiUj3vQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFL5UHdLAehj9o8NJasGZqOFSTHipMB8GA1UdIwQY
MBaAFFewK19oLAlV9M9Ho1+LsMK1fzp1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjdBclgyZ3NDVlgwejBlalg0dXd3clZfT25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi81OGJhYzctMGY1Mi00ZTcwLTlkOWYt
NmEwYWQ2YmM4MjQwLzEvdmxRZDBzQjZHUDJqdzBscXdabW80VkpNZUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi81OGJhYzctMGY1Mi00ZTcwLTlkOWYtNmEwYWQ2YmM4MjQw
LzEvVjdBclgyZ3NDVlgwejBlalg0dXd3clZfT25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAbebSMBQE
AgACMA4DBQMqBcaAAwUDKgzmwDANBgkqhkiG9w0BAQsFAAOCAQEAKMEZCov8uTXm
Wh7BX2LH24eQXyjpqDq6lQXKAgSEiJPgYC5Yh2qlJh4Dc9aKIwAxl0hQICIaEwbf
8Klu0EUgZOmJhG8e/0uVYDwWtoND+WpBhXHxpZYBXDt7iscBqGGonxDUUqWf1MhB
D6OwOLfQ8fWMKCZag+8LeqTbqkA2YOat3bqiXXA7vhzS9i9BFJeJzii5uHNOeexJ
Vnu5k6FJG5GfMp6ucRnztM8S3uVcmjnUFlZCzIxjlmqaTh4ijfreSVCsbMdKGEso
Fwz+cc9FOpPUHGxYvgm9Ka0D+u27nIPt2jjvRnSmYBLvYjrMnbU5LIBd9crCOzI4
R99h2VxpAg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:00 2024 by rpki-client on console-ams.rpki-client.org