Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/2rfSNdbt5jlJiEc5_f-7gm6m1a4.roa
File: 2rfSNdbt5jlJiEc5_f-7gm6m1a4.roa (raw, json)
Hash identifier: 4kHVecpTzYM6fUq4YnDy5VjuRkqWwco7mTGHc7n7dms=
Subject key identifier: DA:B7:D2:35:D6:ED:E6:39:49:88:47:39:FD:FF:BB:82:6E:A6:D5:AE
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 01911D7619F93A4ABD0A0152BCBA1D5AF26F
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/2rfSNdbt5jlJiEc5_f-7gm6m1a4.roa
Signing time: Sun 04 Aug 2024 12:56:04 +0000
ROA not before: Sun 04 Aug 2024 12:56:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44477
IP address blocks: 92.61.64.0/24 maxlen: 24
92.61.65.0/24 maxlen: 24
109.172.36.0/24 maxlen: 24
109.172.37.0/24 maxlen: 24
109.172.38.0/24 maxlen: 24
109.172.39.0/24 maxlen: 24
109.172.96.0/24 maxlen: 24
109.172.97.0/24 maxlen: 24
109.172.98.0/24 maxlen: 24
109.172.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:1d:76:19:f9:3a:4a:bd:0a:01:52:bc:ba:1d:5a:f2:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Aug 4 12:56:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dab7d235d6ede63949884739fdffbb826ea6d5ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:c9:a8:83:f6:d9:f7:e3:31:25:a9:f3:9a:87:
00:9b:f4:53:ab:19:b5:8b:91:3b:11:78:1b:62:66:
29:0c:00:5f:27:8a:62:a0:12:6f:cb:1e:8d:e7:79:
4b:ff:73:e5:6c:d0:a9:00:ad:6d:65:7f:87:7f:e8:
44:04:00:68:fc:a9:39:63:2f:af:9b:e5:7e:3a:42:
a5:f2:e7:3f:25:8c:fa:3d:01:b0:b8:14:c1:3a:a2:
f1:2c:59:97:5f:3a:5b:04:88:ee:bd:52:03:f4:1b:
79:81:25:60:9a:d1:f9:05:cd:70:43:88:76:11:ae:
f4:de:47:97:2b:4a:db:f4:a5:fe:24:cc:02:4f:e3:
f8:86:d8:54:a6:ab:fa:01:a4:71:dc:5c:0c:48:8b:
ec:33:46:af:a7:5a:e0:5d:22:d1:ea:8a:02:1e:c8:
1c:39:ec:43:51:01:7a:09:8b:2a:a4:34:9c:ad:31:
0c:3f:f2:62:da:0c:42:93:10:23:45:ac:68:05:53:
dc:90:f5:af:1b:82:dc:9d:df:28:04:3c:34:de:57:
df:46:2a:5e:3a:18:b1:52:24:24:1b:be:ed:fb:50:
b5:e4:88:86:43:52:8b:bc:83:ee:ae:12:b1:c2:ce:
e1:2a:b0:68:8d:ac:4c:b3:b0:05:62:2c:2f:b0:d5:
3e:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:B7:D2:35:D6:ED:E6:39:49:88:47:39:FD:FF:BB:82:6E:A6:D5:AE
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/2rfSNdbt5jlJiEc5_f-7gm6m1a4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.61.64.0/23
109.172.36.0/22
109.172.96.0/22
Signature Algorithm: sha256WithRSAEncryption
af:fc:e0:40:d1:01:f3:70:9d:c2:60:45:2a:fb:fd:11:96:49:
7a:d3:ca:94:83:f0:ca:9a:32:41:81:62:8e:1d:2d:a7:0d:f0:
e2:a2:d9:38:5a:6d:13:23:2a:d3:e6:1d:a2:db:79:6b:34:60:
65:a9:a9:6f:49:57:4f:b7:3c:fd:ff:5a:d9:99:06:0d:15:89:
62:b5:fd:b2:db:2e:cc:67:7e:fb:96:d9:ea:0e:4c:ea:d5:e7:
42:47:dd:e6:43:a7:13:35:dc:3c:b8:5d:78:f8:0d:94:9b:18:
93:f0:c3:9a:76:9a:90:4d:e2:41:f0:a4:8d:8e:46:6b:32:6a:
bb:15:c3:a8:db:14:e2:9b:e6:bc:32:54:3d:1c:27:e2:a4:89:
b0:c6:ff:11:ce:0c:d5:d9:c5:d8:ff:61:a2:64:b8:55:b7:9a:
7a:f3:14:be:31:9a:4c:cb:64:a1:35:1a:70:e1:6e:3c:7b:1c:
0a:14:86:10:65:da:2b:59:0f:b7:94:b8:58:8e:f9:78:49:50:
98:18:0d:fc:34:db:66:d0:52:6b:50:b4:a5:3a:d7:17:41:17:
14:8d:b4:0a:e7:19:48:09:44:7b:52:5e:87:40:b4:3b:cb:95:
a8:98:c8:1c:90:00:f8:3a:64:6b:72:55:21:ec:aa:59:03:09:
ec:7d:48:3e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZEddhn5Okq9CgFSvLodWvJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjQwODA0MTI1NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWI3ZDIzNWQ2ZWRlNjM5NDk4ODQ3MzlmZGZmYmI4MjZlYTZkNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcmog/bZ9+MxJanzmocAm/RTqxm1
i5E7EXgbYmYpDABfJ4pioBJvyx6N53lL/3PlbNCpAK1tZX+Hf+hEBABo/Kk5Yy+v
m+V+OkKl8uc/JYz6PQGwuBTBOqLxLFmXXzpbBIjuvVID9Bt5gSVgmtH5Bc1wQ4h2
Ea703keXK0rb9KX+JMwCT+P4hthUpqv6AaRx3FwMSIvsM0avp1rgXSLR6ooCHsgc
OexDUQF6CYsqpDScrTEMP/Ji2gxCkxAjRaxoBVPckPWvG4Lcnd8oBDw03lffRipe
OhixUiQkG77t+1C15IiGQ1KLvIPurhKxws7hKrBojaxMs7AFYiwvsNU+awIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNq30jXW7eY5SYhHOf3/u4JuptWuMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvMnJmU05kYnQ1amxKaUVjNV9mLTdnbTZtMWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBXD1AAwQC
bawkAwQCbaxgMA0GCSqGSIb3DQEBCwUAA4IBAQCv/OBA0QHzcJ3CYEUq+/0Rlkl6
08qUg/DKmjJBgWKOHS2nDfDiotk4Wm0TIyrT5h2i23lrNGBlqalvSVdPtzz9/1rZ
mQYNFYlitf2y2y7MZ377ltnqDkzq1edCR93mQ6cTNdw8uF14+A2UmxiT8MOadpqQ
TeJB8KSNjkZrMmq7FcOo2xTim+a8MlQ9HCfipImwxv8RzgzV2cXY/2GiZLhVt5p6
8xS+MZpMy2ShNRpw4W48exwKFIYQZdorWQ+3lLhYjvl4SVCYGA38NNtm0FJrULSl
OtcXQRcUjbQK5xlICUR7Ul6HQLQ7y5WomMgckAD4OmRrclUh7KpZAwnsfUg+
-----END CERTIFICATE-----
Generated at Sat Apr 19 18:56:51 2025 by rpki-client