Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/KgbGGfR3ZJf3PlQk0JILThJPabQ.roa
File: KgbGGfR3ZJf3PlQk0JILThJPabQ.roa (raw, json)
Hash identifier: ZFCIOMuD6TCsVEfcZ20mI6D1Z0aCehEhEdJzM5PtCCY=
Subject key identifier: 2A:06:C6:19:F4:77:64:97:F7:3E:54:24:D0:92:0B:4E:12:4F:69:B4
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: B23294
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/KgbGGfR3ZJf3PlQk0JILThJPabQ.roa
Signing time: Mon 25 Apr 2022 11:59:21 +0000
ROA not before: Mon 25 Apr 2022 11:59:21 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202984
IP address blocks: 109.172.108.0/22 maxlen: 22
109.172.112.0/22 maxlen: 22
109.172.4.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11678356 (0xb23294)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Apr 25 11:59:21 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2a06c619f4776497f73e5424d0920b4e124f69b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:54:ce:72:b2:d8:f2:dc:45:a4:fb:d1:a3:cb:
ad:ed:3c:21:f6:b5:ac:4f:8b:ad:22:65:ff:40:77:
b4:7d:2c:a8:70:93:ba:67:e0:21:e8:de:03:e1:3e:
e3:fc:7a:5f:85:3b:b6:47:18:8b:c1:d2:ab:39:3a:
63:80:40:92:ad:68:1e:a1:16:11:48:8b:13:10:45:
c4:35:66:43:eb:d9:e8:d8:4d:c4:85:6a:7b:fb:15:
b9:e8:77:04:18:e1:42:6e:d6:8e:0a:d1:0a:41:6e:
c2:bc:d0:8c:6f:f5:1c:ce:fd:55:8c:6c:70:6e:38:
bd:59:b3:e5:86:f6:b5:f0:5e:d3:28:47:4c:d9:ed:
6d:c6:c3:e8:64:6b:df:92:29:ea:f6:16:a7:72:5f:
11:c4:0f:21:95:ac:da:20:7e:7d:a9:8d:34:f5:2a:
dd:3b:29:5e:36:8c:6d:5f:c3:d4:87:1c:fd:5f:23:
0d:f0:f2:0e:ed:6c:da:ec:ca:d2:02:ec:0c:57:79:
e2:3b:1f:20:8a:a1:21:03:3f:6f:e1:b5:d7:4a:4f:
83:2f:fc:47:de:50:db:b2:c6:1e:47:ee:b1:c6:d7:
ee:16:ee:9b:67:9e:93:6c:94:7e:63:5b:a7:d3:43:
5e:a4:19:de:93:07:df:78:69:1b:db:be:09:15:7d:
44:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:06:C6:19:F4:77:64:97:F7:3E:54:24:D0:92:0B:4E:12:4F:69:B4
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/KgbGGfR3ZJf3PlQk0JILThJPabQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.4.0/22
109.172.108.0-109.172.115.255
Signature Algorithm: sha256WithRSAEncryption
80:f9:26:df:3b:84:d9:7d:7d:4d:37:d2:19:d2:8b:48:5c:ba:
5a:32:a8:a8:51:80:d7:ee:58:c3:f7:d3:b1:24:45:b9:64:d7:
84:ea:56:4d:cd:79:25:45:c9:c0:8f:ef:d3:18:1c:aa:99:73:
f6:a8:e6:db:2b:be:32:5d:98:f1:ff:79:ce:ea:bc:ca:00:d5:
2a:b3:fa:80:24:ac:cf:57:35:30:a4:7c:4e:22:c7:c3:a4:a1:
f3:d5:b8:d9:10:4a:a1:f8:41:01:6c:29:6a:f8:63:8d:28:87:
04:dc:1f:7f:ae:08:00:1a:b6:c2:cf:ad:75:b6:25:da:ad:9b:
44:2d:94:0b:8c:66:30:97:72:4a:dc:56:03:6f:79:81:49:60:
ca:f5:26:60:ac:5b:96:30:f8:be:b0:87:69:d1:fe:62:bb:d2:
07:19:55:d9:c9:dc:46:ef:c6:09:bb:b9:69:83:4c:ed:97:92:
49:ff:15:d8:52:ef:dc:03:eb:bd:fd:bb:84:ef:a3:d8:38:a0:
ac:c0:96:0c:d3:94:f4:bf:e9:c7:0d:a8:a7:4c:28:7a:55:b8:
b2:d4:43:4d:8e:e5:7d:15:c4:14:6d:f5:51:17:99:71:d1:9b:
68:5d:1a:7d:b5:fe:bd:b6:e5:60:ba:bc:1a:7c:a7:1d:a3:04:
0d:aa:14:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIEALIylDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
N2VkNDllZmFjOTc5NTk4Nzc3MWFjZGM3N2EwZTIyODkwNDI3N2FkMB4XDTIyMDQy
NTExNTkyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMmEwNmM2MTlmNDc3
NjQ5N2Y3M2U1NDI0ZDA5MjBiNGUxMjRmNjliNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKNUznKy2PLcRaT70aPLre08Ifa1rE+LrSJl/0B3tH0sqHCT
umfgIejeA+E+4/x6X4U7tkcYi8HSqzk6Y4BAkq1oHqEWEUiLExBFxDVmQ+vZ6NhN
xIVqe/sVueh3BBjhQm7WjgrRCkFuwrzQjG/1HM79VYxscG44vVmz5Yb2tfBe0yhH
TNntbcbD6GRr35Ip6vYWp3JfEcQPIZWs2iB+famNNPUq3TspXjaMbV/D1Icc/V8j
DfDyDu1s2uzK0gLsDFd54jsfIIqhIQM/b+G110pPgy/8R95Q27LGHkfuscbX7hbu
m2eek2yUfmNbp9NDXqQZ3pMH33hpG9u+CRV9RH8CAwEAAaOCAhcwggITMB0GA1Ud
DgQWBBQqBsYZ9Hdkl/c+VCTQkgtOEk9ptDAfBgNVHSMEGDAWgBQ37UnvrJeVmHdx
rNx3oOIokEJ3rTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L04tMUo3NnlYbFpoM2NhemNkNkRpS0pCQ2Q2MC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmYvMjE3MWJlLWIwODMtNDc5Yi1hNTgwLTZhMDZiNzUwMmJkNy8x
L0tnYkdHZlIzWkpmM1BsUWswSklMVGhKUGFiUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmYv
MjE3MWJlLWIwODMtNDc5Yi1hNTgwLTZhMDZiNzUwMmJkNy8xL04tMUo3NnlYbFpo
M2NhemNkNkRpS0pCQ2Q2MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAt
BggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEAm2sBDAMAwQCbaxsAwQCbaxwMA0G
CSqGSIb3DQEBCwUAA4IBAQCA+SbfO4TZfX1NN9IZ0otIXLpaMqioUYDX7ljD99Ox
JEW5ZNeE6lZNzXklRcnAj+/TGByqmXP2qObbK74yXZjx/3nO6rzKANUqs/qAJKzP
VzUwpHxOIsfDpKHz1bjZEEqh+EEBbClq+GONKIcE3B9/rggAGrbCz611tiXarZtE
LZQLjGYwl3JK3FYDb3mBSWDK9SZgrFuWMPi+sIdp0f5iu9IHGVXZydxG78YJu7lp
g0ztl5JJ/xXYUu/cA+u9/buE76PYOKCswJYM05T0v+nHDainTCh6Vbiy1ENNjuV9
FcQUbfVRF5lx0ZtoXRp9tf69tuVgurwafKcdowQNqhT8
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:02 2024 by rpki-client on console-ams.rpki-client.org