Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/HeCYajvJ2TMvZ6m5_H-8IRyjZfM.roa
File: HeCYajvJ2TMvZ6m5_H-8IRyjZfM.roa (raw, json)
Hash identifier: WfCqhW7L5USRQzY9tWqcCh0fx8738gFTmnGKe+OD8Aw=
Subject key identifier: 1D:E0:98:6A:3B:C9:D9:33:2F:67:A9:B9:FC:7F:BC:21:1C:A3:65:F3
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 01856D4AAAFB4B73F9A66FED65B5C8705A81
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/HeCYajvJ2TMvZ6m5_H-8IRyjZfM.roa
Signing time: Sun 01 Jan 2023 12:24:47 +0000
ROA not before: Sun 01 Jan 2023 12:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 178.130.132.0/22 maxlen: 24
178.130.136.0/21 maxlen: 21
109.172.88.0/22 maxlen: 24
109.172.92.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:4a:aa:fb:4b:73:f9:a6:6f:ed:65:b5:c8:70:5a:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Jan 1 12:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1de0986a3bc9d9332f67a9b9fc7fbc211ca365f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:30:d8:ca:d2:64:d2:66:7c:46:4a:6c:de:ff:
f4:88:41:0b:44:e8:3d:09:b4:89:41:f8:4e:83:5c:
ff:d7:15:2a:62:b5:f9:96:f4:a8:18:01:56:b5:26:
d4:ae:d2:13:59:60:93:59:46:4c:af:59:0c:92:b5:
9a:c5:ea:4e:16:b8:1a:4b:e8:7d:e2:f5:53:ce:19:
98:b2:02:02:13:eb:dd:84:33:88:a8:97:cc:fd:74:
c3:0d:65:41:0e:33:df:93:74:84:1b:4a:b1:9f:9c:
15:59:ec:5a:2a:8d:bb:4e:c6:c6:27:a4:bf:9d:5c:
dc:e1:bc:07:b1:b4:68:6b:c5:eb:a0:86:a1:cd:8f:
90:2b:a0:da:fa:51:59:e2:26:ff:4c:bd:eb:52:1a:
96:ef:f7:5f:ce:f3:3c:b4:99:4f:0f:eb:38:22:09:
59:e6:33:84:95:67:56:f1:39:8c:d7:02:58:c3:8f:
1b:be:6d:97:91:03:e3:4b:01:bb:ce:d7:f7:da:82:
65:02:fe:cc:1d:2f:65:b0:10:0b:38:6b:42:8f:60:
0b:6f:3a:5c:fc:46:d3:29:67:87:bc:0b:f2:94:31:
a5:de:f5:43:4c:6a:28:72:cf:6b:c1:9c:d3:6d:8d:
c7:ff:7c:8e:59:88:a6:65:89:66:0b:68:16:75:29:
b0:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:E0:98:6A:3B:C9:D9:33:2F:67:A9:B9:FC:7F:BC:21:1C:A3:65:F3
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/HeCYajvJ2TMvZ6m5_H-8IRyjZfM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.88.0/21
178.130.132.0-178.130.143.255
Signature Algorithm: sha256WithRSAEncryption
72:52:75:3d:9c:9b:72:99:04:6c:7c:14:c6:ca:b5:8c:11:52:
8b:16:9b:cd:17:61:f5:00:e0:4c:83:99:24:c7:d6:53:b3:b1:
2a:0b:a0:bd:d1:fe:b5:b2:99:37:fc:f7:ab:50:75:32:4e:72:
74:15:9a:8f:24:d8:fb:32:da:e2:40:46:d0:24:09:09:03:56:
ec:d4:f6:75:3e:06:54:20:47:17:02:a3:3b:ea:ce:72:b1:83:
ab:62:b8:e2:9a:c3:ff:4c:3b:1b:2a:c4:ec:59:0c:5a:d1:df:
3c:16:56:95:8e:b8:3e:f9:a4:37:06:f1:60:a1:9a:b7:ab:6c:
35:de:6c:9f:fd:3e:12:89:7a:87:58:0c:c6:75:41:ea:ca:48:
90:77:7d:99:df:cb:77:ed:44:73:1e:55:8b:ca:ef:f2:78:4a:
92:9f:a0:69:ad:5a:bc:f1:cd:d8:9f:84:53:5c:14:50:e9:e3:
24:9f:8d:6b:23:d5:11:33:7a:a1:fd:a6:a6:ad:67:56:ef:27:
98:75:bc:01:58:6e:3a:00:77:ff:52:1c:33:70:f3:82:ba:64:
af:a0:62:5f:b7:9d:5f:6d:54:ce:49:c6:dd:cf:fb:05:a6:ca:
79:e9:e6:2f:54:41:ee:50:be:c7:54:b0:97:68:f4:ec:75:c1:
44:aa:b1:17
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVtSqr7S3P5pm/tZbXIcFqBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMTAxMTIyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGUwOTg2YTNiYzlkOTMzMmY2N2E5YjlmYzdmYmMyMTFjYTM2NWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDDYytJk0mZ8Rkps3v/0iEELROg9
CbSJQfhOg1z/1xUqYrX5lvSoGAFWtSbUrtITWWCTWUZMr1kMkrWaxepOFrgaS+h9
4vVTzhmYsgICE+vdhDOIqJfM/XTDDWVBDjPfk3SEG0qxn5wVWexaKo27TsbGJ6S/
nVzc4bwHsbRoa8XroIahzY+QK6Da+lFZ4ib/TL3rUhqW7/dfzvM8tJlPD+s4IglZ
5jOElWdW8TmM1wJYw48bvm2XkQPjSwG7ztf32oJlAv7MHS9lsBALOGtCj2ALbzpc
/EbTKWeHvAvylDGl3vVDTGoocs9rwZzTbY3H/3yOWYimZYlmC2gWdSmw5QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFB3gmGo7ydkzL2epufx/vCEco2XzMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvSGVDWWFqdkoyVE12WjZtNV9ILThJUnlqWmZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDbaxYMAwD
BAKygoQDBASygoAwDQYJKoZIhvcNAQELBQADggEBAHJSdT2cm3KZBGx8FMbKtYwR
UosWm80XYfUA4EyDmSTH1lOzsSoLoL3R/rWymTf896tQdTJOcnQVmo8k2Psy2uJA
RtAkCQkDVuzU9nU+BlQgRxcCozvqznKxg6tiuOKaw/9MOxsqxOxZDFrR3zwWVpWO
uD75pDcG8WChmrerbDXebJ/9PhKJeodYDMZ1QerKSJB3fZnfy3ftRHMeVYvK7/J4
SpKfoGmtWrzxzdifhFNcFFDp4ySfjWsj1REzeqH9pqatZ1bvJ5h1vAFYbjoAd/9S
HDNw84K6ZK+gYl+3nV9tVM5Jxt3P+wWmynnp5i9UQe5QvsdUsJdo9Ox1wUSqsRc=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:01 2023 by rpki-client on console-fra.rpki-client.org