Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/YZNHtGEeCLGOQM6TZdmD2mgSVOE.roa
File: YZNHtGEeCLGOQM6TZdmD2mgSVOE.roa (raw, json)
Hash identifier: eCwbq1KnznK91tLodl07gb87IDDEdiiniJdHak5YiHQ=
Subject key identifier: 61:93:47:B4:61:1E:08:B1:8E:40:CE:93:65:D9:83:DA:68:12:54:E1
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018CC348BAED1FF81ED3ACF2A45D817640CD
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/YZNHtGEeCLGOQM6TZdmD2mgSVOE.roa
Signing time: Mon 01 Jan 2024 04:29:32 +0000
ROA not before: Mon 01 Jan 2024 04:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 57043
IP address blocks: 178.130.132.0/24 maxlen: 24
178.130.131.0/24 maxlen: 24
178.130.133.0/24 maxlen: 24
109.172.80.0/24 maxlen: 24
109.172.81.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:ba:ed:1f:f8:1e:d3:ac:f2:a4:5d:81:76:40:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Jan 1 04:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=619347b4611e08b18e40ce9365d983da681254e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:60:96:5d:de:6f:05:1e:0d:4f:3e:d0:d1:c3:
03:8b:84:02:52:ad:cb:a7:b3:7e:e3:57:94:8a:6e:
ec:82:f7:05:08:af:3c:14:c7:53:ae:5c:b1:6e:00:
ec:20:cc:1b:76:d8:e8:8e:a4:72:a4:fe:52:1f:bd:
f9:6f:6c:d3:58:1f:83:cd:fd:c0:c8:6a:d3:36:a9:
73:a8:6d:f8:ca:9d:30:e1:d7:50:39:39:6a:0b:b1:
58:6f:73:9e:1e:de:c0:ad:09:28:73:42:f5:ce:cf:
4f:86:84:3b:cc:0d:13:46:09:f4:65:b8:4e:fc:e6:
a8:e7:51:ea:7c:5f:d2:d7:f6:87:5d:ed:7f:8e:e3:
bd:6f:d6:85:2b:04:4d:1e:a2:e1:cd:6c:c5:8f:5b:
79:a7:15:40:2b:72:45:05:3e:6b:4a:f5:92:6e:9e:
35:ee:41:ab:63:78:70:8f:7b:6d:6e:32:82:94:d3:
80:1d:a9:97:ec:aa:60:cb:3c:4a:8d:0b:bd:cd:08:
31:e5:15:4a:7a:5d:64:cf:8c:08:54:a2:5f:20:f3:
0f:a7:7f:da:cc:da:e1:00:49:d4:14:7f:48:18:20:
fa:2e:05:7f:59:46:18:e4:82:72:0f:e5:7c:e2:c4:
3a:c2:ac:36:7b:69:d2:8c:9b:84:30:8d:da:bd:b2:
fc:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:93:47:B4:61:1E:08:B1:8E:40:CE:93:65:D9:83:DA:68:12:54:E1
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/YZNHtGEeCLGOQM6TZdmD2mgSVOE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.80.0/23
178.130.131.0-178.130.133.255
Signature Algorithm: sha256WithRSAEncryption
85:50:b0:b5:a9:aa:e7:5a:15:4f:08:1a:26:ff:95:8e:37:4e:
86:37:7d:39:2b:21:9f:e0:02:60:64:32:ff:8f:49:ea:2d:30:
a0:66:0b:9c:30:c3:65:63:0e:7a:9d:04:c4:c2:11:c8:38:d4:
71:01:28:0d:25:bc:e3:15:f2:2c:ca:d0:52:b0:4e:89:75:f1:
b3:93:17:30:0f:01:80:34:17:a1:18:fc:84:7b:60:c7:3b:3b:
3e:b7:93:e0:c1:77:aa:ad:e6:5a:d4:a7:41:84:ac:3b:94:bc:
6c:b8:a8:45:0d:fd:49:af:e9:15:d9:cb:59:7b:c0:42:80:38:
31:ef:2e:f2:55:e4:8a:21:59:cb:19:cf:dc:4e:a8:b4:ff:bc:
ec:d2:73:30:9b:b9:c7:f3:55:34:22:ed:dd:6f:d6:00:c9:b0:
cb:2e:4e:2d:bc:05:92:8c:21:11:df:b3:6c:ca:3e:35:1f:1a:
67:73:e4:7f:b0:e4:c4:57:20:c7:13:21:19:60:f3:96:8e:e6:
5e:00:c4:31:02:65:ea:9a:01:4f:4b:ce:06:67:6d:f5:4a:0e:
ab:ab:55:13:0d:2d:4a:ea:33:15:fa:4d:75:8b:e3:d1:49:79:
22:dc:95:e5:d6:05:3c:5a:64:a3:61:15:80:73:e5:1b:bf:82:
cf:c8:d2:bf
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDSLrtH/ge06zypF2BdkDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTkzNDdiNDYxMWUwOGIxOGU0MGNlOTM2NWQ5ODNkYTY4MTI1NGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmCWXd5vBR4NTz7Q0cMDi4QCUq3L
p7N+41eUim7sgvcFCK88FMdTrlyxbgDsIMwbdtjojqRypP5SH735b2zTWB+Dzf3A
yGrTNqlzqG34yp0w4ddQOTlqC7FYb3OeHt7ArQkoc0L1zs9PhoQ7zA0TRgn0ZbhO
/Oao51HqfF/S1/aHXe1/juO9b9aFKwRNHqLhzWzFj1t5pxVAK3JFBT5rSvWSbp41
7kGrY3hwj3ttbjKClNOAHamX7KpgyzxKjQu9zQgx5RVKel1kz4wIVKJfIPMPp3/a
zNrhAEnUFH9IGCD6LgV/WUYY5IJyD+V84sQ6wqw2e2nSjJuEMI3avbL8YwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGGTR7RhHgixjkDOk2XZg9poElThMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvWVpOSHRHRWVDTEdPUU02VFpkbUQybWdTVk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBbaxQMAwD
BACygoMDBAGygoQwDQYJKoZIhvcNAQELBQADggEBAIVQsLWpqudaFU8IGib/lY43
ToY3fTkrIZ/gAmBkMv+PSeotMKBmC5www2VjDnqdBMTCEcg41HEBKA0lvOMV8izK
0FKwTol18bOTFzAPAYA0F6EY/IR7YMc7Oz63k+DBd6qt5lrUp0GErDuUvGy4qEUN
/Umv6RXZy1l7wEKAODHvLvJV5IohWcsZz9xOqLT/vOzSczCbucfzVTQi7d1v1gDJ
sMsuTi28BZKMIRHfs2zKPjUfGmdz5H+w5MRXIMcTIRlg85aO5l4AxDECZeqaAU9L
zgZnbfVKDqurVRMNLUrqMxX6TXWL49FJeSLcleXWBTxaZKNhFYBz5Ru/gs/I0r8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org