Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/cjwsIYzi6JN_I0x1fnIPXfkSdhw.roa
File: cjwsIYzi6JN_I0x1fnIPXfkSdhw.roa (raw, json)
Hash identifier: iUQ9AcM7OFseY8DGv1LP1Mf9Ju+RVBcW0MMD36qktVE=
Subject key identifier: 72:3C:2C:21:8C:E2:E8:93:7F:23:4C:75:7E:72:0F:5D:F9:12:76:1C
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018E2D33C9700F32CE31192B373EC9BAD28A
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/cjwsIYzi6JN_I0x1fnIPXfkSdhw.roa
Signing time: Mon 11 Mar 2024 11:09:12 +0000
ROA not before: Mon 11 Mar 2024 11:09:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9123
IP address blocks: 109.172.88.0/24 maxlen: 24
109.172.89.0/24 maxlen: 24
109.172.90.0/24 maxlen: 24
109.172.91.0/24 maxlen: 24
178.130.131.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:2d:33:c9:70:0f:32:ce:31:19:2b:37:3e:c9:ba:d2:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Mar 11 11:09:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=723c2c218ce2e8937f234c757e720f5df912761c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:8e:92:b6:c6:b2:43:b5:ca:a0:27:bf:f0:8b:
90:4b:23:89:99:59:0d:2d:f4:ed:f2:5d:57:6b:7d:
18:79:34:23:7a:c5:2f:ac:b0:5b:4b:c9:50:6f:9b:
e0:57:86:17:42:01:43:b2:d8:18:cb:c0:d2:2c:b1:
f7:bd:af:a4:d2:1d:c8:27:0f:54:f5:dd:49:79:f9:
0a:20:04:21:46:ff:34:b9:6b:91:3b:33:cb:b7:03:
91:1f:4f:df:95:ca:a2:eb:d0:56:94:d5:7a:44:e0:
5f:fe:70:13:7f:b6:61:a7:fc:0f:56:85:22:88:83:
b9:4f:9f:ff:f0:a0:64:94:af:86:91:38:d5:57:78:
f6:20:a2:72:98:d3:78:ee:eb:04:7c:71:c5:46:f7:
9e:2c:ff:f1:44:ae:82:18:f4:1a:01:5f:e6:20:1e:
24:27:1b:58:f6:80:d9:79:4c:94:f1:d1:f9:a1:34:
78:ba:22:f9:31:d6:b0:bf:7a:b0:bb:71:c5:94:26:
c5:e4:0e:29:9b:6e:b0:d4:36:5c:3d:ed:eb:59:c1:
68:24:93:a7:a4:1c:2c:ab:2c:de:ec:84:da:da:a6:
39:c8:fc:76:4c:e4:47:5f:2c:6a:e2:67:87:24:76:
a3:a5:e7:4c:d8:18:39:13:4c:41:a2:90:b3:eb:46:
ac:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:3C:2C:21:8C:E2:E8:93:7F:23:4C:75:7E:72:0F:5D:F9:12:76:1C
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/cjwsIYzi6JN_I0x1fnIPXfkSdhw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.88.0/22
178.130.131.0/24
Signature Algorithm: sha256WithRSAEncryption
a6:a6:f2:59:39:8a:79:0f:03:d4:58:a3:ba:39:8d:c1:5c:49:
4b:50:45:00:76:59:a4:57:3c:b4:de:6f:07:42:41:9c:80:a6:
95:a0:ed:68:56:50:01:8a:9c:48:7b:d8:4e:f1:64:2b:73:b4:
9b:ca:59:f2:c1:cf:b4:cc:32:60:c1:49:66:d8:93:f7:b1:8d:
b5:ce:70:00:54:6e:f2:43:b6:84:89:5f:e9:af:d4:52:7d:d0:
1d:80:66:c4:6b:28:23:ba:ad:a3:c9:12:db:3e:5e:3a:44:74:
f1:3d:77:bd:1b:3e:27:44:d1:89:b3:aa:78:9c:cd:f1:8a:3b:
c9:17:9c:f7:6f:40:c4:62:e7:5a:6b:64:e9:37:c7:1c:84:94:
73:e8:45:65:e0:07:be:33:2e:60:6d:5a:1d:99:a0:ef:40:39:
b3:32:1a:bc:c2:ff:03:b3:dc:29:16:df:54:b4:06:61:08:fc:
10:31:39:50:26:12:04:7a:3d:96:97:8f:20:da:c7:71:cf:af:
9b:47:d8:19:3a:4b:4b:6f:f2:31:16:a1:d7:d0:00:27:97:be:
36:65:04:e6:82:19:00:01:65:47:7d:a7:16:85:b6:eb:6d:b0:
68:d7:55:29:9b:74:10:f9:31:97:83:ca:56:7c:0e:4d:6b:e4:
5a:3b:04:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4tM8lwDzLOMRkrNz7JutKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjQwMzExMTEwOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjNjMmMyMThjZTJlODkzN2YyMzRjNzU3ZTcyMGY1ZGY5MTI3NjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgY6StsayQ7XKoCe/8IuQSyOJmVkN
LfTt8l1Xa30YeTQjesUvrLBbS8lQb5vgV4YXQgFDstgYy8DSLLH3va+k0h3IJw9U
9d1JefkKIAQhRv80uWuROzPLtwORH0/flcqi69BWlNV6ROBf/nATf7Zhp/wPVoUi
iIO5T5//8KBklK+GkTjVV3j2IKJymNN47usEfHHFRveeLP/xRK6CGPQaAV/mIB4k
JxtY9oDZeUyU8dH5oTR4uiL5Mdawv3qwu3HFlCbF5A4pm26w1DZcPe3rWcFoJJOn
pBwsqyze7ITa2qY5yPx2TORHXyxq4meHJHajpedM2Bg5E0xBopCz60asxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHI8LCGM4uiTfyNMdX5yD135EnYcMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvY2p3c0lZemk2Sk5fSTB4MWZuSVBYZmtTZGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbaxYAwQA
soKDMA0GCSqGSIb3DQEBCwUAA4IBAQCmpvJZOYp5DwPUWKO6OY3BXElLUEUAdlmk
Vzy03m8HQkGcgKaVoO1oVlABipxIe9hO8WQrc7Sbylnywc+0zDJgwUlm2JP3sY21
znAAVG7yQ7aEiV/pr9RSfdAdgGbEaygjuq2jyRLbPl46RHTxPXe9Gz4nRNGJs6p4
nM3xijvJF5z3b0DEYudaa2TpN8cchJRz6EVl4Ae+My5gbVodmaDvQDmzMhq8wv8D
s9wpFt9UtAZhCPwQMTlQJhIEej2Wl48g2sdxz6+bR9gZOktLb/IxFqHX0AAnl742
ZQTmghkAAWVHfacWhbbrbbBo11Upm3QQ+TGXg8pWfA5Na+RaOwTF
-----END CERTIFICATE-----
Generated at Thu May 16 14:27:34 2024 by rpki-client on console-ams.rpki-client.org