Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/ppflGIwAs5bUNZeMm1Jwn-gDX9A.roa
File: ppflGIwAs5bUNZeMm1Jwn-gDX9A.roa (raw, json)
Hash identifier: bEp1iaE6Wv52xlIwzdGTWXKIsZTFgKuM4OWPP1H7dS4=
Subject key identifier: A6:97:E5:18:8C:00:B3:96:D4:35:97:8C:9B:52:70:9F:E8:03:5F:D0
Certificate issuer: /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial: 01856E5413F8E60B240463E8895EB55F155E
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/ppflGIwAs5bUNZeMm1Jwn-gDX9A.roa
Signing time: Sun 01 Jan 2023 17:14:41 +0000
ROA not before: Sun 01 Jan 2023 17:14:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 109.246.240.0/20 maxlen: 24
109.246.144.0/20 maxlen: 24
109.246.160.0/20 maxlen: 24
109.246.176.0/20 maxlen: 24
109.246.192.0/20 maxlen: 24
109.246.208.0/20 maxlen: 24
109.246.224.0/20 maxlen: 24
109.246.128.0/20 maxlen: 24
109.246.128.0/17 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:54:13:f8:e6:0b:24:04:63:e8:89:5e:b5:5f:15:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
Validity
Not Before: Jan 1 17:14:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a697e5188c00b396d435978c9b52709fe8035fd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:49:e6:d3:82:78:59:71:5d:5a:b7:08:51:a3:
c7:88:7d:67:a6:8c:07:11:30:6c:32:ad:52:e2:01:
16:cb:42:da:4e:2a:e3:01:d2:3a:ba:b6:64:45:e0:
6d:b7:cb:ed:38:e3:49:f9:41:b4:1b:13:ce:90:07:
04:6f:14:3d:ec:07:c1:4d:bd:83:72:29:ee:fe:86:
4d:87:60:70:70:ed:0f:21:f2:1a:54:09:2b:ef:3a:
33:94:e4:4e:6a:9f:a9:55:9b:a3:bd:c6:47:1c:6a:
0d:54:f8:c2:ec:44:08:00:43:48:20:4b:a4:24:ea:
8a:8e:58:fa:a4:bb:bb:e0:ac:f0:b5:7c:6f:50:10:
24:fc:9a:0b:58:f2:88:0f:89:ff:44:46:bf:9f:e5:
bd:52:aa:8e:74:3a:6f:a9:c2:74:13:ad:21:eb:fa:
0b:f6:b5:72:00:f5:6b:70:1f:01:7f:df:a4:73:2e:
e1:96:4f:bd:74:ff:49:c5:a0:aa:06:9c:11:ab:cd:
16:1f:d8:a3:bb:0f:66:28:f6:6c:e6:c1:b6:c8:0a:
ff:f6:cf:60:80:99:cd:d4:7c:a4:e0:c0:d3:24:0e:
e9:c2:a1:b0:d6:37:d1:7e:f9:53:84:1c:ed:fe:8e:
c8:09:0d:bd:f2:ad:bc:bf:85:43:26:56:2a:9d:19:
81:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:97:E5:18:8C:00:B3:96:D4:35:97:8C:9B:52:70:9F:E8:03:5F:D0
X509v3 Authority Key Identifier:
keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/ppflGIwAs5bUNZeMm1Jwn-gDX9A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.246.128.0/17
Signature Algorithm: sha256WithRSAEncryption
2e:c8:e9:3f:94:71:93:44:f4:56:fd:0b:5b:2a:b5:f2:32:1d:
58:6f:39:31:f0:60:7d:a9:61:9d:f1:ab:a1:a3:14:c5:7d:1c:
ca:e3:35:3a:a2:4f:6f:71:d5:13:42:d5:12:c1:52:57:c6:5e:
e4:5a:d2:fc:8a:f8:a6:41:45:58:4b:ce:3c:3b:17:34:e5:44:
5d:ea:15:f6:0b:ec:c2:f2:c8:3e:1f:55:78:7b:40:cf:1d:0f:
1f:b4:82:b5:ad:e2:b8:55:a0:0f:d1:f5:60:6c:b3:be:21:00:
e9:a4:e3:e9:79:0d:f0:66:ca:e3:0d:1e:ac:e6:d3:43:61:ff:
f1:1d:3c:e2:6a:f9:77:3b:9a:12:ce:38:0d:47:f1:93:a3:21:
71:be:8e:b0:07:f3:ab:ed:0a:80:2f:c8:c0:29:bb:f5:fc:af:
e3:6d:3b:e7:c2:75:46:c6:89:af:b5:70:b4:86:0f:11:38:8a:
f9:76:6e:7d:0a:e1:cd:29:81:42:e1:78:26:7a:f2:11:ef:d1:
74:aa:e7:2d:4f:49:0c:ec:b3:0f:52:e0:eb:64:42:fd:b5:9a:
64:00:07:48:72:b0:d9:db:d2:41:85:e4:7d:4e:81:db:68:e6:
f5:c8:b1:f0:02:d7:ad:81:3b:ad:f3:65:a6:9a:36:bf:3a:30:
9e:94:f7:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuVBP45gskBGPoiV61XxVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjMwMTAxMTcxNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk3ZTUxODhjMDBiMzk2ZDQzNTk3OGM5YjUyNzA5ZmU4MDM1ZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUnm04J4WXFdWrcIUaPHiH1npowH
ETBsMq1S4gEWy0LaTirjAdI6urZkReBtt8vtOONJ+UG0GxPOkAcEbxQ97AfBTb2D
cinu/oZNh2BwcO0PIfIaVAkr7zozlOROap+pVZujvcZHHGoNVPjC7EQIAENIIEuk
JOqKjlj6pLu74KzwtXxvUBAk/JoLWPKID4n/REa/n+W9UqqOdDpvqcJ0E60h6/oL
9rVyAPVrcB8Bf9+kcy7hlk+9dP9JxaCqBpwRq80WH9ijuw9mKPZs5sG2yAr/9s9g
gJnN1Hyk4MDTJA7pwqGw1jfRfvlThBzt/o7ICQ298q28v4VDJlYqnRmB/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaX5RiMALOW1DWXjJtScJ/oA1/QMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvcHBmbEdJd0FzNWJVTlplTW0xSnduLWdEWDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHbfaAMA0G
CSqGSIb3DQEBCwUAA4IBAQAuyOk/lHGTRPRW/QtbKrXyMh1Ybzkx8GB9qWGd8auh
oxTFfRzK4zU6ok9vcdUTQtUSwVJXxl7kWtL8ivimQUVYS848Oxc05URd6hX2C+zC
8sg+H1V4e0DPHQ8ftIK1reK4VaAP0fVgbLO+IQDppOPpeQ3wZsrjDR6s5tNDYf/x
HTziavl3O5oSzjgNR/GToyFxvo6wB/Or7QqAL8jAKbv1/K/jbTvnwnVGxomvtXC0
hg8ROIr5dm59CuHNKYFC4XgmevIR79F0quctT0kM7LMPUuDrZEL9tZpkAAdIcrDZ
29JBheR9ToHbaOb1yLHwAtetgTut82Wmmja/OjCelPfW
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:31 2023 by rpki-client on console-fra.rpki-client.org