Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/OLRG2u-UsmsN-KS2_k6D6zhFeh0.roa
File: OLRG2u-UsmsN-KS2_k6D6zhFeh0.roa (raw, json)
Hash identifier: Qy+UYuc1SEzwENK8K0X6yEQAjebt8KdaR7slE+ak0C8=
Subject key identifier: 38:B4:46:DA:EF:94:B2:6B:0D:F8:A4:B6:FE:4E:83:EB:38:45:7A:1D
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018CC348BB7784C8E38AB9C9FD741E0606E3
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/OLRG2u-UsmsN-KS2_k6D6zhFeh0.roa
Signing time: Mon 01 Jan 2024 04:29:32 +0000
ROA not before: Mon 01 Jan 2024 04:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198369
IP address blocks: 178.130.134.0/24 maxlen: 24
178.130.135.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:bb:77:84:c8:e3:8a:b9:c9:fd:74:1e:06:06:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Jan 1 04:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=38b446daef94b26b0df8a4b6fe4e83eb38457a1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:a7:c8:ab:89:69:fa:06:64:a2:23:e2:5a:cc:
b4:ac:af:29:80:3b:02:00:9d:00:59:c2:38:77:44:
9f:2c:65:42:77:e2:85:90:c3:4b:17:70:1c:f9:09:
9e:f5:f3:55:9b:65:af:04:14:33:b2:e4:b3:78:a2:
cf:01:61:16:06:4f:8c:68:eb:5d:23:19:e0:bf:ae:
ae:7c:ee:d8:f3:b6:8b:12:fd:c0:12:bd:6f:91:3b:
24:19:c9:04:63:4d:ea:6c:b5:3e:51:e3:2d:f1:11:
b4:53:a1:04:04:08:7c:d3:e3:6a:cf:70:fd:31:61:
53:a7:82:33:8a:1c:b9:b2:3f:8c:01:28:00:b0:64:
b1:f3:5d:7d:6b:23:75:37:19:19:5b:c0:c2:7a:6c:
bb:42:84:df:c0:42:cb:9e:f9:92:35:1b:da:65:2d:
2c:d1:17:63:0e:4d:56:04:63:d6:7e:8a:5a:20:1a:
e2:f7:b9:35:3c:0c:f9:6a:48:46:ed:f4:5e:e3:23:
59:87:a2:14:c0:4d:ed:89:28:61:30:17:3c:e8:a4:
15:68:62:3e:24:46:b8:24:bb:e6:ba:94:7b:fe:a9:
b1:0e:24:22:09:34:32:43:16:ef:48:6f:2b:c5:fb:
72:be:94:c6:1f:97:b7:c3:19:da:9d:37:e1:15:34:
92:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:B4:46:DA:EF:94:B2:6B:0D:F8:A4:B6:FE:4E:83:EB:38:45:7A:1D
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/OLRG2u-UsmsN-KS2_k6D6zhFeh0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.130.134.0/23
Signature Algorithm: sha256WithRSAEncryption
35:69:bd:3d:8d:9f:0f:b7:ff:34:ac:38:c2:9c:c6:0a:2f:e0:
6f:4c:0e:fa:62:a6:1d:eb:58:c4:51:fd:a2:a6:38:00:1f:94:
f2:ee:e3:d8:fd:16:e4:c5:ca:0d:54:66:41:22:e6:63:33:eb:
24:29:98:dc:57:63:42:c6:d9:d8:51:c4:33:4a:ea:3b:fd:6a:
37:be:c0:27:fb:8e:57:90:fb:45:aa:b1:36:c8:a4:5f:8f:c6:
68:37:7a:fc:b9:e3:ff:e6:80:a4:fc:76:c9:a3:2f:e1:21:a6:
80:3a:ab:0d:af:e0:19:85:35:75:25:03:1a:ba:87:3c:c5:ec:
a7:5c:a5:bb:6b:78:28:a4:3f:8c:b8:91:b8:fb:f6:46:25:ee:
41:d6:85:7f:33:ab:5f:7b:f3:3f:27:8d:7c:64:d2:b9:0f:2d:
4b:e1:a1:66:f7:54:7d:92:f5:64:c1:26:3c:1f:70:28:4d:91:
62:f9:d3:e8:4f:38:6f:1b:38:34:63:ed:29:74:59:d9:23:05:
ea:9c:f4:a2:6f:14:dc:f8:4c:59:eb:08:03:33:86:63:ad:26:
77:84:54:1d:b3:33:20:a3:9c:04:9c:93:8e:e4:17:96:1e:c2:
64:20:a8:15:01:0f:67:14:9a:09:8e:95:1e:6f:6e:95:4e:9d:
b1:f3:25:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLt3hMjjirnJ/XQeBgbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGI0NDZkYWVmOTRiMjZiMGRmOGE0YjZmZTRlODNlYjM4NDU3YTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnafIq4lp+gZkoiPiWsy0rK8pgDsC
AJ0AWcI4d0SfLGVCd+KFkMNLF3Ac+Qme9fNVm2WvBBQzsuSzeKLPAWEWBk+MaOtd
Ixngv66ufO7Y87aLEv3AEr1vkTskGckEY03qbLU+UeMt8RG0U6EEBAh80+Nqz3D9
MWFTp4Izihy5sj+MASgAsGSx8119ayN1NxkZW8DCemy7QoTfwELLnvmSNRvaZS0s
0RdjDk1WBGPWfopaIBri97k1PAz5akhG7fRe4yNZh6IUwE3tiShhMBc86KQVaGI+
JEa4JLvmupR7/qmxDiQiCTQyQxbvSG8rxftyvpTGH5e3wxnanTfhFTSS1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDi0RtrvlLJrDfiktv5Og+s4RXodMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvT0xSRzJ1LVVzbXNOLUtTMl9rNkQ2emhGZWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsoKGMA0G
CSqGSIb3DQEBCwUAA4IBAQA1ab09jZ8Pt/80rDjCnMYKL+BvTA76YqYd61jEUf2i
pjgAH5Ty7uPY/RbkxcoNVGZBIuZjM+skKZjcV2NCxtnYUcQzSuo7/Wo3vsAn+45X
kPtFqrE2yKRfj8ZoN3r8ueP/5oCk/HbJoy/hIaaAOqsNr+AZhTV1JQMauoc8xeyn
XKW7a3gopD+MuJG4+/ZGJe5B1oV/M6tfe/M/J418ZNK5Dy1L4aFm91R9kvVkwSY8
H3AoTZFi+dPoTzhvGzg0Y+0pdFnZIwXqnPSibxTc+ExZ6wgDM4ZjrSZ3hFQdszMg
o5wEnJOO5BeWHsJkIKgVAQ9nFJoJjpUeb26VTp2x8yUo
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:02 2024 by rpki-client on console-ams.rpki-client.org