Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/WNMbeRws7opR13ksj-Mf3C5do3M.roa
File: WNMbeRws7opR13ksj-Mf3C5do3M.roa (raw, json)
Hash identifier: vTAT111PfvmiYVQSrOb5QPeNVNZtUg/xd8wuDXsgv8U=
Subject key identifier: 58:D3:1B:79:1C:2C:EE:8A:51:D7:79:2C:8F:E3:1F:DC:2E:5D:A3:73
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018A55874B01E6DC2A8BF84B6C785F2BC009
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/WNMbeRws7opR13ksj-Mf3C5do3M.roa
Signing time: Sat 02 Sep 2023 10:54:04 +0000
ROA not before: Sat 02 Sep 2023 10:54:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207967
IP address blocks: 178.130.132.0/22 maxlen: 22
109.172.88.0/22 maxlen: 22
109.172.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:55:87:4b:01:e6:dc:2a:8b:f8:4b:6c:78:5f:2b:c0:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Sep 2 10:54:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=58d31b791c2cee8a51d7792c8fe31fdc2e5da373
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:4a:66:cb:06:39:2c:16:d3:14:fd:2e:d5:79:
76:9f:ff:28:9b:42:23:fa:28:a4:35:cf:14:52:b3:
ff:91:41:fb:63:e7:c3:bc:da:3e:b3:1c:3f:b6:6c:
79:92:0e:10:3c:0f:ee:05:97:20:c1:75:30:c7:81:
d8:f1:aa:ec:cb:f8:64:3e:7b:6e:2c:e2:06:89:52:
9d:96:a7:66:86:4e:10:1e:c5:cf:39:07:16:62:d7:
ce:30:60:e7:7e:79:b1:a0:4b:23:58:53:28:83:97:
13:ae:0d:86:e9:73:14:cc:b2:5a:6e:27:13:f9:69:
35:c5:5b:d4:bc:cc:5c:5c:c2:f2:b4:bc:f9:55:03:
82:7d:a5:6f:3f:0a:0e:00:ec:9c:bb:6e:e8:a1:9c:
5e:ba:3a:a5:f0:cc:2e:f6:16:cd:1e:6c:1d:c4:c2:
32:64:86:7b:65:8c:b0:86:40:68:b5:26:e3:d8:cc:
78:68:3d:0d:dd:a5:b4:81:48:ac:5e:29:4d:bf:14:
c3:90:ff:cc:c5:5e:86:60:15:c7:fe:37:3b:59:d2:
4b:50:5e:2c:a0:42:ea:d8:5a:2d:6b:20:3e:c5:6b:
49:38:e4:57:e5:f0:62:d6:75:a2:c2:a7:c4:f5:13:
94:cb:9f:41:81:1f:b2:9b:59:5c:54:95:67:2c:11:
03:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:D3:1B:79:1C:2C:EE:8A:51:D7:79:2C:8F:E3:1F:DC:2E:5D:A3:73
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/WNMbeRws7opR13ksj-Mf3C5do3M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.88.0/21
178.130.132.0/22
Signature Algorithm: sha256WithRSAEncryption
10:fa:47:b6:d9:1e:83:6d:f6:44:c4:10:32:13:61:a7:99:35:
87:dc:ea:f5:78:13:03:19:6b:2d:26:cf:93:e0:61:ca:55:a8:
09:68:2c:b1:f4:a2:3a:4b:a0:93:fd:a2:ac:c1:a8:39:cd:eb:
6f:ff:b3:ac:9e:7d:e8:8e:dc:2b:38:5f:9f:74:98:7a:45:1e:
d3:18:bb:95:6d:b8:4f:0a:a5:68:33:f8:87:6a:99:b0:98:3d:
20:80:aa:28:b1:8b:53:1f:70:4d:f3:2e:88:f8:c5:64:b3:2c:
8b:4e:21:37:dc:23:c7:af:74:6e:68:42:6e:5c:bb:c6:fa:69:
37:30:29:26:58:ae:75:f4:71:81:19:21:1b:3c:0c:c6:4a:47:
6b:f8:a0:a3:0f:1f:0e:9d:a9:c9:16:fa:42:7c:4a:a8:3c:1a:
51:41:c6:3c:aa:5c:43:81:2b:06:79:de:30:c2:9d:b2:76:8d:
e3:e1:c0:4b:97:09:26:d0:1d:36:b5:cc:9f:6f:23:f3:5f:4c:
34:5e:49:15:54:c4:df:4d:8c:c8:ae:be:c9:c3:18:f2:23:fe:
97:de:74:a4:0a:17:1c:20:cf:b1:41:22:b9:a8:c3:79:b0:79:
83:f3:d4:58:f5:2a:98:f5:03:40:f3:bd:62:4d:41:80:cb:af:
73:eb:3f:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYpVh0sB5twqi/hLbHhfK8AJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwOTAyMTA1NDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQzMWI3OTFjMmNlZThhNTFkNzc5MmM4ZmUzMWZkYzJlNWRhMzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEpmywY5LBbTFP0u1Xl2n/8om0Ij
+iikNc8UUrP/kUH7Y+fDvNo+sxw/tmx5kg4QPA/uBZcgwXUwx4HY8arsy/hkPntu
LOIGiVKdlqdmhk4QHsXPOQcWYtfOMGDnfnmxoEsjWFMog5cTrg2G6XMUzLJabicT
+Wk1xVvUvMxcXMLytLz5VQOCfaVvPwoOAOycu27ooZxeujql8Mwu9hbNHmwdxMIy
ZIZ7ZYywhkBotSbj2Mx4aD0N3aW0gUisXilNvxTDkP/MxV6GYBXH/jc7WdJLUF4s
oELq2FotayA+xWtJOORX5fBi1nWiwqfE9ROUy59BgR+ym1lcVJVnLBEDtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFjTG3kcLO6KUdd5LI/jH9wuXaNzMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvV05NYmVSd3M3b3BSMTNrc2otTWYzQzVkbzNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbaxYAwQC
soKEMA0GCSqGSIb3DQEBCwUAA4IBAQAQ+ke22R6DbfZExBAyE2GnmTWH3Or1eBMD
GWstJs+T4GHKVagJaCyx9KI6S6CT/aKswag5zetv/7Osnn3ojtwrOF+fdJh6RR7T
GLuVbbhPCqVoM/iHapmwmD0ggKoosYtTH3BN8y6I+MVksyyLTiE33CPHr3RuaEJu
XLvG+mk3MCkmWK519HGBGSEbPAzGSkdr+KCjDx8OnanJFvpCfEqoPBpRQcY8qlxD
gSsGed4wwp2ydo3j4cBLlwkm0B02tcyfbyPzX0w0XkkVVMTfTYzIrr7JwxjyI/6X
3nSkChccIM+xQSK5qMN5sHmD89RY9SqY9QNA871iTUGAy69z6z9W
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org