Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/3XWUiv1MzVD21PH-KW6P3Z57MMg.roa
File: 3XWUiv1MzVD21PH-KW6P3Z57MMg.roa (raw, json)
Hash identifier: QEHQREFD0fIUZY4PRaJvcWJ2pFC6POjLmUhkry0uplU=
Subject key identifier: DD:75:94:8A:FD:4C:CD:50:F6:D4:F1:FE:29:6E:8F:DD:9E:7B:30:C8
Certificate issuer: /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial: 0185E84D36A22E55879152ED2B71CA1CD9A0
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/3XWUiv1MzVD21PH-KW6P3Z57MMg.roa
Signing time: Wed 25 Jan 2023 09:40:52 +0000
ROA not before: Wed 25 Jan 2023 09:40:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62240
IP address blocks: 109.246.240.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:e8:4d:36:a2:2e:55:87:91:52:ed:2b:71:ca:1c:d9:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
Validity
Not Before: Jan 25 09:40:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd75948afd4ccd50f6d4f1fe296e8fdd9e7b30c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:d0:1c:9a:bc:23:bb:22:ba:55:a0:6f:a7:b4:
f8:ef:29:05:3d:a8:84:2a:a1:d6:7b:d3:ac:20:fe:
27:db:97:38:01:21:8d:b2:45:23:25:b1:92:3c:69:
49:ca:9d:2b:d9:22:3b:78:fe:41:2e:86:24:5f:43:
34:08:99:67:b1:6e:a6:69:c3:ae:4f:8a:55:67:b1:
99:2e:e5:24:46:d9:ef:e8:4f:85:92:fc:d3:e6:2c:
4d:ba:2a:87:fb:94:16:af:bb:ad:01:c4:26:79:ff:
e6:8f:3d:25:38:06:2a:9e:cb:3a:64:72:07:c2:6f:
4f:88:c0:4a:88:f9:3b:9a:bd:44:bc:93:a4:06:72:
69:9e:28:2d:1a:77:b3:63:d7:a1:3d:e2:cd:56:8b:
2e:92:75:18:f2:04:c9:3d:57:cc:01:56:bb:d6:d8:
61:be:dc:1c:f8:a4:35:3c:96:c1:a0:98:59:1d:ac:
0b:b4:8b:46:36:3a:43:eb:ac:fb:7c:89:03:fd:35:
c1:4b:77:d5:09:24:7d:09:e7:01:31:58:5e:5d:53:
78:e9:c1:f5:7f:6b:29:d7:87:bb:84:c8:1a:d0:7a:
ce:ee:3d:95:02:98:42:1c:07:c8:86:94:c5:aa:cc:
85:2c:99:0a:1d:f6:13:9f:84:0c:67:67:0c:dd:b5:
8d:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:75:94:8A:FD:4C:CD:50:F6:D4:F1:FE:29:6E:8F:DD:9E:7B:30:C8
X509v3 Authority Key Identifier:
keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/3XWUiv1MzVD21PH-KW6P3Z57MMg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.246.240.0/20
Signature Algorithm: sha256WithRSAEncryption
2f:be:d4:1a:e2:73:77:c5:8b:27:c1:f3:c5:83:df:9e:62:e8:
95:79:47:3a:95:a8:44:88:43:e7:2c:2d:74:66:67:d9:99:96:
97:ef:a5:f2:e9:b8:11:81:13:be:1b:d9:74:a9:a6:f5:e8:ca:
82:fe:27:67:ee:2f:29:c3:47:ce:ec:7e:a8:9a:a6:33:8b:2e:
64:c7:9b:30:26:b6:1a:00:32:6d:6f:3e:86:84:74:91:4a:a2:
5d:d5:a2:72:b7:6b:5a:7a:ee:31:f5:78:11:64:5b:5a:a7:2d:
46:f2:37:15:4d:e5:d8:96:d9:ad:3f:bd:f9:ad:6b:f4:15:e7:
ac:4d:2e:06:a7:92:7d:70:12:37:0f:1c:f8:23:31:0b:c4:7e:
8e:eb:0f:d4:5c:56:9a:35:45:90:99:96:76:34:9c:42:64:a2:
b1:91:31:45:11:3d:1b:82:4e:06:b9:63:31:18:44:db:80:0a:
49:0c:7e:39:ef:89:60:63:ed:7b:ff:5e:68:0a:c9:b0:ce:31:
f5:44:59:eb:48:76:1e:2c:47:a4:a2:99:2b:45:5a:9b:41:88:
9f:07:17:3b:e0:81:17:cc:fa:b1:a5:44:1b:71:2d:0b:8a:7c:
24:2b:3e:59:44:e0:60:1e:40:d3:6b:4f:91:ad:bf:95:13:76:
4b:4a:59:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYXoTTaiLlWHkVLtK3HKHNmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjMwMTI1MDk0MDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDc1OTQ4YWZkNGNjZDUwZjZkNGYxZmUyOTZlOGZkZDllN2IzMGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNAcmrwjuyK6VaBvp7T47ykFPaiE
KqHWe9OsIP4n25c4ASGNskUjJbGSPGlJyp0r2SI7eP5BLoYkX0M0CJlnsW6macOu
T4pVZ7GZLuUkRtnv6E+FkvzT5ixNuiqH+5QWr7utAcQmef/mjz0lOAYqnss6ZHIH
wm9PiMBKiPk7mr1EvJOkBnJpnigtGnezY9ehPeLNVosuknUY8gTJPVfMAVa71thh
vtwc+KQ1PJbBoJhZHawLtItGNjpD66z7fIkD/TXBS3fVCSR9CecBMVheXVN46cH1
f2sp14e7hMga0HrO7j2VAphCHAfIhpTFqsyFLJkKHfYTn4QMZ2cM3bWNIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN11lIr9TM1Q9tTx/iluj92eezDIMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvM1hXVWl2MU16VkQyMVBILUtXNlAzWjU3TU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbfbwMA0G
CSqGSIb3DQEBCwUAA4IBAQAvvtQa4nN3xYsnwfPFg9+eYuiVeUc6lahEiEPnLC10
ZmfZmZaX76Xy6bgRgRO+G9l0qab16MqC/idn7i8pw0fO7H6omqYziy5kx5swJrYa
ADJtbz6GhHSRSqJd1aJyt2taeu4x9XgRZFtapy1G8jcVTeXYltmtP735rWv0Fees
TS4Gp5J9cBI3Dxz4IzELxH6O6w/UXFaaNUWQmZZ2NJxCZKKxkTFFET0bgk4GuWMx
GETbgApJDH4574lgY+17/15oCsmwzjH1RFnrSHYeLEekopkrRVqbQYifBxc74IEX
zPqxpUQbcS0LinwkKz5ZROBgHkDTa0+Rrb+VE3ZLSllt
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:18 2023 by rpki-client on console-ams.rpki-client.org