Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fKXcr4v4ehRdRJ5kFzgIjnhKOmk.roa
File: fKXcr4v4ehRdRJ5kFzgIjnhKOmk.roa (raw, json)
Hash identifier: ZG3oSGMyip0W7sSW2WaBez2fb+yTPVvBQXHLT2Hfqig=
Subject key identifier: 7C:A5:DC:AF:8B:F8:7A:14:5D:44:9E:64:17:38:08:8E:78:4A:3A:69
Certificate issuer: /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial: 1A8F7FFD
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fKXcr4v4ehRdRJ5kFzgIjnhKOmk.roa
Signing time: Wed 26 Jan 2022 16:49:10 +0000
ROA not before: Wed 26 Jan 2022 16:49:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 109.246.240.0/20 maxlen: 24
109.246.144.0/20 maxlen: 24
185.27.178.0/23 maxlen: 24
109.246.160.0/20 maxlen: 24
109.246.176.0/20 maxlen: 24
185.18.120.0/23 maxlen: 24
109.246.192.0/20 maxlen: 24
109.246.208.0/20 maxlen: 24
109.246.224.0/20 maxlen: 24
109.246.128.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 445612029 (0x1a8f7ffd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
Validity
Not Before: Jan 26 16:49:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7ca5dcaf8bf87a145d449e641738088e784a3a69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:d2:e0:b9:9d:66:0f:c0:33:29:c3:3b:d7:95:
a8:e1:a5:9e:04:cb:96:4d:d8:e3:7b:cb:6f:83:79:
09:0a:00:5b:03:cc:49:d9:ed:6a:31:0c:92:50:f9:
d5:a6:ae:cf:97:08:d3:db:13:54:5b:6a:f2:bb:cd:
aa:f1:ab:f1:63:74:f8:25:ba:89:c0:1e:29:10:f2:
2b:02:34:09:36:23:8f:a7:c1:c0:35:1f:8d:bf:ff:
63:19:bb:ab:f0:88:4d:2d:f1:09:12:6f:4d:6c:c2:
9c:72:7a:08:1f:c0:59:df:f9:9d:ff:48:61:5d:ae:
12:6c:74:17:a4:ca:2a:51:13:73:3c:c7:ed:54:79:
32:30:c1:54:e1:f8:33:f6:84:76:5f:f3:57:16:f6:
b9:e4:a3:a4:cc:1f:36:db:ec:86:0f:cf:c7:9c:bd:
37:f5:af:b2:03:f3:0b:59:2c:9f:30:02:05:e4:04:
a4:88:19:02:5f:ae:a0:66:48:3e:09:90:9d:a9:d2:
09:c1:70:49:fa:51:98:6e:69:20:0f:29:c6:f6:b1:
50:3d:43:e1:9d:01:d3:b7:1c:b6:07:bb:0f:1d:d0:
f7:3a:5e:85:da:63:61:e7:8b:09:1b:f4:2d:6e:35:
b9:80:08:d7:f1:c4:f9:d7:62:4b:4b:14:bc:d7:ed:
06:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:A5:DC:AF:8B:F8:7A:14:5D:44:9E:64:17:38:08:8E:78:4A:3A:69
X509v3 Authority Key Identifier:
keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fKXcr4v4ehRdRJ5kFzgIjnhKOmk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.246.128.0/17
185.18.120.0/23
185.27.178.0/23
Signature Algorithm: sha256WithRSAEncryption
70:3e:18:8e:c1:e0:3f:62:52:a0:53:b4:fd:80:aa:e6:26:1f:
04:40:ed:80:54:83:1d:7e:82:7b:0b:cb:06:73:4c:68:93:62:
eb:3a:18:2e:ed:4b:12:c5:09:a2:75:42:cc:b1:4a:7a:53:7c:
3a:75:62:b6:59:1d:6d:12:a6:a2:ad:9b:d6:c0:92:3c:5f:b1:
26:cd:75:3a:6e:78:d1:7b:28:a9:48:c1:20:1c:c3:76:76:fc:
e4:d2:d1:16:fa:69:c7:a3:91:01:fe:91:84:d4:56:b4:75:ad:
e3:f6:a5:f6:a6:b7:1d:df:1c:b3:8f:27:06:92:54:a6:f3:a3:
cb:c9:f2:e4:05:42:09:f6:18:18:14:ae:8c:8d:58:4c:6e:00:
9e:a0:b8:40:e6:17:0b:67:21:ca:16:e9:2a:cc:4c:da:55:5e:
bc:28:60:bc:7b:b1:6c:53:ea:a0:97:61:65:e9:d8:f0:21:4b:
53:3c:3e:72:3c:0a:98:ff:33:10:88:7b:e6:71:49:29:a0:b4:
b0:13:83:73:a4:6b:eb:13:b2:87:d1:d0:86:5e:fe:cf:01:c1:
03:d5:16:bc:bc:39:45:60:21:a7:0c:11:02:a8:c0:72:63:7f:
f7:66:31:bd:f9:38:79:47:4b:78:c9:27:4f:41:c0:87:81:f3:
03:77:c3:4b
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEGo9//TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YzNjMzlkMTg5OWU2OTliZjUxNzc0MThlZTM4MTQ4OWVkZmY0MzgwMB4XDTIyMDEy
NjE2NDkxMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoN2NhNWRjYWY4YmY4
N2ExNDVkNDQ5ZTY0MTczODA4OGU3ODRhM2E2OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJjS4LmdZg/AMynDO9eVqOGlngTLlk3Y43vLb4N5CQoAWwPM
SdntajEMklD51aauz5cI09sTVFtq8rvNqvGr8WN0+CW6icAeKRDyKwI0CTYjj6fB
wDUfjb//Yxm7q/CITS3xCRJvTWzCnHJ6CB/AWd/5nf9IYV2uEmx0F6TKKlETczzH
7VR5MjDBVOH4M/aEdl/zVxb2ueSjpMwfNtvshg/Px5y9N/WvsgPzC1ksnzACBeQE
pIgZAl+uoGZIPgmQnanSCcFwSfpRmG5pIA8pxvaxUD1D4Z0B07cctge7Dx3Q9zpe
hdpjYeeLCRv0LW41uYAI1/HE+ddiS0sUvNftBhMCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBR8pdyvi/h6FF1EnmQXOAiOeEo6aTAfBgNVHSMEGDAWgBR8PDnRiZ5pm/UX
dBjuOBSJ7f9DgDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZEdzUwWW1lYVp2MUYzUVk3amdVaWUzX1E0QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvYzgwMGM5LTUxYjUtNDU4OS05MjYwLTA2M2ZjZGQzYTA1Ny8x
L2ZLWGNyNHY0ZWhSZFJKNWtGemdJam5oS09tay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
YzgwMGM5LTUxYjUtNDU4OS05MjYwLTA2M2ZjZGQzYTA1Ny8xL2ZEdzUwWW1lYVp2
MUYzUVk3amdVaWUzX1E0QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEB232gAMEAbkSeAMEAbkbsjANBgkq
hkiG9w0BAQsFAAOCAQEAcD4YjsHgP2JSoFO0/YCq5iYfBEDtgFSDHX6CewvLBnNM
aJNi6zoYLu1LEsUJonVCzLFKelN8OnVitlkdbRKmoq2b1sCSPF+xJs11Om540Xso
qUjBIBzDdnb85NLRFvppx6ORAf6RhNRWtHWt4/al9qa3Hd8cs48nBpJUpvOjy8ny
5AVCCfYYGBSujI1YTG4AnqC4QOYXC2chyhbpKsxM2lVevChgvHuxbFPqoJdhZenY
8CFLUzw+cjwKmP8zEIh75nFJKaC0sBODc6Rr6xOyh9HQhl7+zwHBA9UWvLw5RWAh
pwwRAqjAcmN/92Yxvfk4eUdLeMknT0HAh4HzA3fDSw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:31 2023 by rpki-client on console-fra.rpki-client.org