Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/WCxaH9-p9SpECwtbd-nrb6slwnE.roa
File: WCxaH9-p9SpECwtbd-nrb6slwnE.roa (raw, json)
Hash identifier: WNPMTM7k0cJU95kkEaceIFosZwg+n3dAZcWiciXCj4c=
Subject key identifier: 58:2C:5A:1F:DF:A9:F5:2A:44:0B:0B:5B:77:E9:EB:6F:AB:25:C2:71
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018616FCC75A8994D83B7A7D5F13B137B9DB
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/WCxaH9-p9SpECwtbd-nrb6slwnE.roa
Signing time: Fri 03 Feb 2023 11:15:09 +0000
ROA not before: Fri 03 Feb 2023 11:15:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 178.130.132.0/22 maxlen: 24
109.172.88.0/22 maxlen: 24
109.172.92.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:16:fc:c7:5a:89:94:d8:3b:7a:7d:5f:13:b1:37:b9:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Feb 3 11:15:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=582c5a1fdfa9f52a440b0b5b77e9eb6fab25c271
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:9c:6e:58:74:f0:60:ea:c6:7c:bf:73:f0:da:
26:d0:af:91:b7:cb:09:95:b4:79:04:dd:e2:94:de:
c4:bf:11:1c:5d:7a:dc:f7:92:bc:d6:2e:5c:48:92:
90:42:ce:b8:d4:d4:a0:69:a1:bb:27:bb:45:12:19:
dd:53:12:d8:8a:69:16:ad:52:97:bd:33:23:12:36:
89:86:b3:f6:a1:03:47:3b:7c:45:8f:c4:40:32:c8:
b8:04:db:bc:98:91:4a:77:c3:6e:e3:62:e7:f0:78:
53:33:3c:01:2b:15:d6:fb:bd:d2:24:62:46:fe:e7:
a1:ac:73:6d:14:85:32:a0:79:d1:0b:c8:5e:1d:b5:
a2:b3:cc:47:aa:02:75:8f:0a:f7:00:94:48:e6:21:
87:b7:47:c5:9d:5c:d0:bc:66:4c:26:e9:c4:ed:ed:
2f:94:8b:08:7d:c7:62:e5:e0:2b:99:cf:c8:52:f6:
43:88:5d:39:42:bb:a7:22:de:b5:0c:aa:79:63:b1:
92:c9:c3:f7:b7:98:6f:6a:83:3d:96:e9:1b:85:af:
85:e6:8a:ee:ed:4b:1c:1a:90:be:a3:da:aa:46:6a:
68:70:53:f1:dd:8e:e9:59:bf:48:74:27:0b:26:cd:
98:ca:66:5f:08:e0:8d:98:02:a1:a4:97:67:6a:65:
01:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:2C:5A:1F:DF:A9:F5:2A:44:0B:0B:5B:77:E9:EB:6F:AB:25:C2:71
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/WCxaH9-p9SpECwtbd-nrb6slwnE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.88.0/21
178.130.132.0/22
Signature Algorithm: sha256WithRSAEncryption
1c:53:66:0a:41:7f:4b:e0:64:0c:91:27:d4:7d:d0:dd:d0:d4:
6d:4e:a5:11:ca:4d:8e:52:5f:64:bb:b2:dc:b2:c7:c8:38:3f:
b4:aa:a8:65:40:af:c3:f7:55:48:8e:f1:a1:19:98:9a:4d:13:
4d:b8:4d:08:15:11:49:f8:20:9e:35:96:d3:56:44:71:dd:a7:
a3:ee:37:72:d1:7d:3c:0e:31:ff:f6:d1:23:f1:f0:ae:90:cf:
12:7e:73:41:e5:77:bc:63:7c:d9:10:a5:39:f3:9f:f2:6a:b9:
d5:0f:23:f9:28:c4:90:34:3e:96:a8:19:44:fd:c6:c9:c9:c1:
ac:6a:1a:99:aa:4e:63:31:a0:b9:50:76:fd:5b:36:3c:70:79:
89:68:2e:43:3a:42:f5:07:52:79:3f:ee:b2:e3:d4:58:5d:f4:
68:6e:43:05:6c:51:6a:cc:56:b5:34:0d:84:44:8c:84:f1:b5:
7f:10:08:a0:98:e5:35:f9:c4:3c:aa:00:55:83:83:e0:5a:56:
78:c8:a2:0f:c1:d4:a2:32:9e:0f:08:13:25:c7:e8:f0:fd:c6:
9b:e8:43:12:85:f5:ac:8c:d1:f9:1a:a6:98:62:e8:47:9d:05:
be:28:e6:0d:17:4f:6a:e2:ad:f0:05:9b:e1:fe:a2:9e:86:8e:
e9:e0:f1:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYYW/MdaiZTYO3p9XxOxN7nbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMjAzMTExNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODJjNWExZmRmYTlmNTJhNDQwYjBiNWI3N2U5ZWI2ZmFiMjVjMjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZxuWHTwYOrGfL9z8Nom0K+Rt8sJ
lbR5BN3ilN7EvxEcXXrc95K81i5cSJKQQs641NSgaaG7J7tFEhndUxLYimkWrVKX
vTMjEjaJhrP2oQNHO3xFj8RAMsi4BNu8mJFKd8Nu42Ln8HhTMzwBKxXW+73SJGJG
/uehrHNtFIUyoHnRC8heHbWis8xHqgJ1jwr3AJRI5iGHt0fFnVzQvGZMJunE7e0v
lIsIfcdi5eArmc/IUvZDiF05QrunIt61DKp5Y7GSycP3t5hvaoM9lukbha+F5oru
7UscGpC+o9qqRmpocFPx3Y7pWb9IdCcLJs2YymZfCOCNmAKhpJdnamUBiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFgsWh/fqfUqRAsLW3fp62+rJcJxMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvV0N4YUg5LXA5U3BFQ3d0YmQtbnJiNnNsd25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbaxYAwQC
soKEMA0GCSqGSIb3DQEBCwUAA4IBAQAcU2YKQX9L4GQMkSfUfdDd0NRtTqURyk2O
Ul9ku7LcssfIOD+0qqhlQK/D91VIjvGhGZiaTRNNuE0IFRFJ+CCeNZbTVkRx3aej
7jdy0X08DjH/9tEj8fCukM8SfnNB5Xe8Y3zZEKU585/yarnVDyP5KMSQND6WqBlE
/cbJycGsahqZqk5jMaC5UHb9WzY8cHmJaC5DOkL1B1J5P+6y49RYXfRobkMFbFFq
zFa1NA2ERIyE8bV/EAigmOU1+cQ8qgBVg4PgWlZ4yKIPwdSiMp4PCBMlx+jw/cab
6EMShfWsjNH5GqaYYuhHnQW+KOYNF09q4q3wBZvh/qKeho7p4PG6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org