Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/TE7tzwYTp-UT0p8RRgGzpG-RpL0.roa
File: TE7tzwYTp-UT0p8RRgGzpG-RpL0.roa (raw, json)
Hash identifier: 9gORVigtuRQ6OeRPbMRvDfJ6+S9vt0A2ZyBsRmWTKKs=
Subject key identifier: 4C:4E:ED:CF:06:13:A7:E5:13:D2:9F:11:46:01:B3:A4:6F:91:A4:BD
Certificate issuer: /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial: 0184A53098574359F3AD900EFA3CDAFBD3C4
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/TE7tzwYTp-UT0p8RRgGzpG-RpL0.roa
Signing time: Wed 23 Nov 2022 15:52:16 +0000
ROA not before: Wed 23 Nov 2022 15:52:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 109.246.240.0/20 maxlen: 24
109.246.144.0/20 maxlen: 24
109.246.160.0/20 maxlen: 24
109.246.176.0/20 maxlen: 24
109.246.192.0/20 maxlen: 24
109.246.208.0/20 maxlen: 24
109.246.224.0/20 maxlen: 24
109.246.128.0/20 maxlen: 24
109.246.128.0/17 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:a5:30:98:57:43:59:f3:ad:90:0e:fa:3c:da:fb:d3:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
Validity
Not Before: Nov 23 15:52:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4c4eedcf0613a7e513d29f114601b3a46f91a4bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:5f:19:ac:c1:bb:b8:86:12:6e:92:b2:d0:e7:
f7:1a:5a:b4:91:5d:00:86:f5:42:34:48:f0:7a:c1:
33:21:c1:5c:d9:d7:f8:e0:93:2f:dc:ff:d3:3e:7a:
02:1a:98:d2:ca:15:24:6e:af:7c:cc:a1:00:fc:84:
96:29:45:6f:6b:f2:a4:85:ac:e6:64:33:2c:0e:f7:
4c:7b:ac:4a:c2:33:3a:aa:8a:07:3d:80:4d:8b:a2:
3b:0a:34:2a:bc:17:63:6f:93:0f:49:d5:4b:03:50:
81:b3:67:00:02:a6:05:0c:0f:98:56:b6:9a:4e:8f:
f7:0e:cd:73:1d:91:c1:7f:e2:09:29:13:d4:1d:c1:
fa:83:9d:20:12:f0:1d:c8:7b:e1:16:d2:f0:19:85:
ba:14:43:ad:c6:41:8a:49:f5:2b:50:08:5d:01:f4:
97:36:bf:87:c7:8f:20:48:a0:f3:a4:7b:c3:e2:42:
c4:6d:ad:2b:e3:1d:9a:b9:14:b4:fc:75:c2:e5:cb:
ac:af:45:ca:c0:49:b4:8c:52:cf:14:a6:fb:3e:1c:
0a:54:48:1a:5e:b2:b5:96:37:72:a7:6b:25:28:5e:
1a:18:bc:15:0c:07:88:53:24:85:2c:fb:ec:5e:54:
76:0d:fc:ed:ad:37:42:74:4a:76:35:20:d0:98:99:
95:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:4E:ED:CF:06:13:A7:E5:13:D2:9F:11:46:01:B3:A4:6F:91:A4:BD
X509v3 Authority Key Identifier:
keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/TE7tzwYTp-UT0p8RRgGzpG-RpL0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.246.128.0/17
Signature Algorithm: sha256WithRSAEncryption
4d:64:a3:40:1d:ec:b6:ca:a2:7b:69:4c:9b:fc:05:12:ff:f4:
ba:04:18:6e:ad:d8:5e:7e:ec:35:4d:d2:71:df:3a:22:b6:59:
2a:b2:5f:30:97:44:6b:52:d5:b3:3f:2c:f7:e2:7c:b6:8d:00:
71:bc:31:df:f3:70:3f:e9:9a:8f:96:3f:40:d2:93:f7:54:e2:
a8:60:8d:44:23:d9:6c:37:f2:9f:2a:df:1b:3b:df:94:25:b9:
84:89:28:bc:b5:38:2c:d4:be:bf:64:fa:15:3e:18:93:e7:2e:
c3:81:be:e8:27:e6:fd:dc:5c:7f:d2:7f:e2:9b:fc:82:5d:a0:
43:39:fc:3a:4d:18:1e:cb:6a:62:98:e8:55:98:4b:97:d7:7a:
54:2e:16:b3:a5:77:35:4e:d3:8d:82:9a:5b:69:b5:5d:7e:f9:
3e:89:8f:e8:73:b1:44:37:2d:40:3e:ea:fd:fa:69:b9:a0:f7:
76:e7:18:42:35:ce:7f:07:d5:36:28:c7:a1:d2:e3:a2:51:53:
a8:35:56:3e:b6:bc:85:da:a6:50:b5:93:de:d6:fe:3c:b8:b4:
14:b7:db:d5:c8:c1:ac:07:2a:08:01:6b:bd:8c:15:3e:24:bf:
fa:1b:ce:ce:84:1c:e0:cb:49:aa:1b:89:a4:e6:01:0b:4f:b4:
13:9b:3d:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSlMJhXQ1nzrZAO+jza+9PEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjIxMTIzMTU1MjE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzRlZWRjZjA2MTNhN2U1MTNkMjlmMTE0NjAxYjNhNDZmOTFhNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4V8ZrMG7uIYSbpKy0Of3Glq0kV0A
hvVCNEjwesEzIcFc2df44JMv3P/TPnoCGpjSyhUkbq98zKEA/ISWKUVva/Kkhazm
ZDMsDvdMe6xKwjM6qooHPYBNi6I7CjQqvBdjb5MPSdVLA1CBs2cAAqYFDA+YVraa
To/3Ds1zHZHBf+IJKRPUHcH6g50gEvAdyHvhFtLwGYW6FEOtxkGKSfUrUAhdAfSX
Nr+Hx48gSKDzpHvD4kLEba0r4x2auRS0/HXC5cusr0XKwEm0jFLPFKb7PhwKVEga
XrK1ljdyp2slKF4aGLwVDAeIUySFLPvsXlR2DfztrTdCdEp2NSDQmJmV1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExO7c8GE6flE9KfEUYBs6RvkaS9MB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvVEU3dHp3WVRwLVVUMHA4UlJnR3pwRy1ScEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHbfaAMA0G
CSqGSIb3DQEBCwUAA4IBAQBNZKNAHey2yqJ7aUyb/AUS//S6BBhurdhefuw1TdJx
3zoitlkqsl8wl0RrUtWzPyz34ny2jQBxvDHf83A/6ZqPlj9A0pP3VOKoYI1EI9ls
N/KfKt8bO9+UJbmEiSi8tTgs1L6/ZPoVPhiT5y7Dgb7oJ+b93Fx/0n/im/yCXaBD
Ofw6TRgey2pimOhVmEuX13pULhazpXc1TtONgppbabVdfvk+iY/oc7FENy1APur9
+mm5oPd25xhCNc5/B9U2KMeh0uOiUVOoNVY+tryF2qZQtZPe1v48uLQUt9vVyMGs
ByoIAWu9jBU+JL/6G87OhBzgy0mqG4mk5gELT7QTmz3v
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:18 2023 by rpki-client on console-ams.rpki-client.org