Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/pG5AS1LaYG_19GURUyD9NlVnx4s.roa
File: pG5AS1LaYG_19GURUyD9NlVnx4s.roa (raw, json)
Hash identifier: V7jzm4jJqu9GZKHoJlXC5wBT3eIDmIdo51Z1j0rJeHs=
Subject key identifier: A4:6E:40:4B:52:DA:60:6F:F5:F4:65:11:53:20:FD:36:55:67:C7:8B
Certificate issuer: /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial: 1AEC3109
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/pG5AS1LaYG_19GURUyD9NlVnx4s.roa
Signing time: Fri 04 Mar 2022 12:05:25 +0000
ROA not before: Fri 04 Mar 2022 12:05:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 109.246.240.0/20 maxlen: 24
109.246.144.0/20 maxlen: 24
185.27.178.0/23 maxlen: 24
109.246.160.0/20 maxlen: 24
109.246.176.0/20 maxlen: 24
109.246.192.0/20 maxlen: 24
109.246.208.0/20 maxlen: 24
109.246.0.0/17 maxlen: 24
109.246.224.0/20 maxlen: 24
109.246.128.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 451686665 (0x1aec3109)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
Validity
Not Before: Mar 4 12:05:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a46e404b52da606ff5f465115320fd365567c78b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:43:16:bf:86:11:76:4a:0e:a7:d9:cb:12:1c:
b2:13:46:d2:9a:c1:a2:ae:02:5e:12:76:91:12:1a:
68:f6:77:09:53:e3:de:03:00:f5:5a:1a:d9:b8:1c:
49:59:42:a8:4c:55:ff:51:e3:ec:51:66:0e:d3:62:
38:8a:11:37:df:f0:f0:a5:4c:a4:e6:4b:8b:f2:50:
71:70:95:ca:6d:19:74:85:ef:78:20:99:b9:2b:f7:
b1:d5:fb:46:23:9b:e3:76:84:79:dd:ac:f3:f5:0a:
9c:9d:f9:43:c4:2b:43:4f:6a:66:52:93:1f:03:de:
c5:e4:72:42:50:87:2a:f1:d6:a0:71:ae:b6:6c:c5:
b7:3e:00:68:24:8f:5d:b7:e7:e4:84:ee:50:34:e3:
a0:b4:6d:be:d3:05:a0:3e:21:e1:e6:03:47:43:a4:
29:5f:67:f2:1a:86:be:f8:7d:c6:08:ea:6b:1b:e2:
c0:7d:0b:c0:22:2e:8c:8b:14:8a:04:43:8c:6c:24:
84:85:49:a3:d8:84:28:08:a2:50:c4:ea:42:95:3a:
31:d6:52:05:69:f7:95:f6:de:10:6e:b9:92:56:8f:
04:4a:4c:5c:c7:1c:01:4f:12:2c:47:8b:8e:3c:a2:
15:b5:0f:96:e3:51:a3:c4:86:53:b1:c6:bb:93:a1:
ee:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:6E:40:4B:52:DA:60:6F:F5:F4:65:11:53:20:FD:36:55:67:C7:8B
X509v3 Authority Key Identifier:
keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/pG5AS1LaYG_19GURUyD9NlVnx4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.246.0.0/16
185.27.178.0/23
Signature Algorithm: sha256WithRSAEncryption
15:89:f3:6b:c4:55:e6:7d:d7:62:18:08:6c:79:6d:7e:09:20:
89:a1:46:a1:82:2f:db:9e:03:ea:08:e8:13:e6:20:b5:ab:bc:
d3:5e:24:95:86:eb:fe:a6:72:b9:40:fb:70:af:85:32:b4:88:
3b:b3:53:b9:a4:01:55:1b:0a:4e:5c:59:5f:19:4d:4c:07:2e:
36:5a:0e:a3:8a:fd:72:27:93:68:74:f6:4d:0c:34:6f:74:b6:
64:0b:dc:a0:4f:68:b5:5c:68:96:14:1b:d2:f9:5a:26:e5:33:
50:96:12:4c:b9:7a:ec:c9:01:12:90:ca:77:9e:ed:20:1b:50:
ba:47:29:44:de:82:e6:da:f8:73:1e:a1:ef:3f:73:ef:bf:fd:
2d:fc:fb:3b:d0:9f:57:73:79:f0:14:fb:d7:bd:b1:1c:63:8c:
59:09:36:af:1d:dd:3e:e6:26:97:4e:4d:15:e2:59:08:3d:f9:
ea:a1:9b:69:01:3d:76:aa:65:43:23:80:46:5a:87:dc:75:63:
54:68:f8:23:4d:9c:9e:99:a0:14:c2:57:0d:37:01:12:69:eb:
4e:16:ba:6f:9b:ac:44:4c:86:c4:7d:33:69:1a:49:30:64:1b:
ab:91:42:47:4a:4a:4e:f8:f7:ec:c0:9d:9d:8a:97:00:52:b6:
37:8c:62:ad
-----BEGIN CERTIFICATE-----
MIIE9DCCA9ygAwIBAgIEGuwxCTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YzNjMzlkMTg5OWU2OTliZjUxNzc0MThlZTM4MTQ4OWVkZmY0MzgwMB4XDTIyMDMw
NDEyMDUyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTQ2ZTQwNGI1MmRh
NjA2ZmY1ZjQ2NTExNTMyMGZkMzY1NTY3Yzc4YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKJDFr+GEXZKDqfZyxIcshNG0prBoq4CXhJ2kRIaaPZ3CVPj
3gMA9Voa2bgcSVlCqExV/1Hj7FFmDtNiOIoRN9/w8KVMpOZLi/JQcXCVym0ZdIXv
eCCZuSv3sdX7RiOb43aEed2s8/UKnJ35Q8QrQ09qZlKTHwPexeRyQlCHKvHWoHGu
tmzFtz4AaCSPXbfn5ITuUDTjoLRtvtMFoD4h4eYDR0OkKV9n8hqGvvh9xgjqaxvi
wH0LwCIujIsUigRDjGwkhIVJo9iEKAiiUMTqQpU6MdZSBWn3lfbeEG65klaPBEpM
XMccAU8SLEeLjjyiFbUPluNRo8SGU7HGu5Oh7gcCAwEAAaOCAg4wggIKMB0GA1Ud
DgQWBBSkbkBLUtpgb/X0ZRFTIP02VWfHizAfBgNVHSMEGDAWgBR8PDnRiZ5pm/UX
dBjuOBSJ7f9DgDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZEdzUwWW1lYVp2MUYzUVk3amdVaWUzX1E0QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvYzgwMGM5LTUxYjUtNDU4OS05MjYwLTA2M2ZjZGQzYTA1Ny8x
L3BHNUFTMUxhWUdfMTlHVVJVeUQ5TmxWbng0cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
YzgwMGM5LTUxYjUtNDU4OS05MjYwLTA2M2ZjZGQzYTA1Ny8xL2ZEdzUwWW1lYVp2
MUYzUVk3amdVaWUzX1E0QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAk
BggrBgEFBQcBBwEB/wQVMBMwEQQCAAEwCwMDAG32AwQBuRuyMA0GCSqGSIb3DQEB
CwUAA4IBAQAVifNrxFXmfddiGAhseW1+CSCJoUahgi/bngPqCOgT5iC1q7zTXiSV
huv+pnK5QPtwr4UytIg7s1O5pAFVGwpOXFlfGU1MBy42Wg6jiv1yJ5NodPZNDDRv
dLZkC9ygT2i1XGiWFBvS+Vom5TNQlhJMuXrsyQESkMp3nu0gG1C6RylE3oLm2vhz
HqHvP3Pvv/0t/Ps70J9Xc3nwFPvXvbEcY4xZCTavHd0+5iaXTk0V4lkIPfnqoZtp
AT12qmVDI4BGWofcdWNUaPgjTZyemaAUwlcNNwESaetOFrpvm6xETIbEfTNpGkkw
ZBurkUJHSkpO+PfswJ2dipcAUrY3jGKt
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:31 2023 by rpki-client on console-fra.rpki-client.org