Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/fiYJ67oo2vvTAOO8207iiK_YZVw.roa
File: fiYJ67oo2vvTAOO8207iiK_YZVw.roa (raw, json)
Hash identifier: ENxxdS/V6IIsKw4M3u19dEenmtWQidbJdewysANmlPw=
Subject key identifier: 7E:26:09:EB:BA:28:DA:FB:D3:00:E3:BC:DB:4E:E2:88:AF:D8:65:5C
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 01855F4961977366DDC8C3709C9CA4ABB826
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/fiYJ67oo2vvTAOO8207iiK_YZVw.roa
Signing time: Thu 29 Dec 2022 19:08:42 +0000
ROA not before: Thu 29 Dec 2022 19:08:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 178.130.132.0/22 maxlen: 24
178.130.136.0/21 maxlen: 21
109.172.88.0/22 maxlen: 24
109.172.92.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:5f:49:61:97:73:66:dd:c8:c3:70:9c:9c:a4:ab:b8:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Dec 29 19:08:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=7e2609ebba28dafbd300e3bcdb4ee288afd8655c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:81:c3:4c:8e:b5:0b:e1:b9:68:dc:43:44:c9:
a9:21:63:95:cf:e7:50:7c:12:39:5a:91:90:4d:7d:
38:c4:7f:9e:56:cd:af:97:db:55:7a:48:96:d2:03:
9a:ac:5b:07:0f:d6:d8:83:e6:c4:13:70:54:24:be:
25:ea:7d:43:0d:32:6a:5b:a5:b5:81:1c:4e:bd:34:
df:8c:fa:da:59:b5:6e:d3:ba:5f:86:68:36:d8:04:
3a:c3:5c:b7:75:95:c9:a9:18:19:5e:78:32:50:e2:
89:2b:74:b3:21:3d:c4:f6:57:f2:bf:89:81:b2:46:
bf:e4:8b:1d:ff:5f:45:60:a9:9c:a2:b1:8b:10:a2:
ce:c0:4f:f3:97:8a:0f:85:a2:38:41:5e:78:c1:c0:
7c:89:15:61:90:e3:49:a4:08:a4:e4:1d:f8:ce:72:
71:a4:04:69:37:85:c9:22:ff:45:f6:01:58:21:94:
33:bb:32:a2:cd:bf:4b:00:14:8e:2e:a6:ba:93:40:
14:3b:09:96:12:26:9e:96:bf:af:ac:56:41:55:1a:
1e:a0:e2:a0:5d:cd:33:b8:66:e9:11:a5:6a:0c:df:
34:ce:3d:a9:fb:4b:ff:80:5f:cb:cb:de:a7:cd:72:
43:3c:4f:8c:49:66:89:78:d0:03:9e:c5:e9:b9:b9:
c4:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:26:09:EB:BA:28:DA:FB:D3:00:E3:BC:DB:4E:E2:88:AF:D8:65:5C
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/fiYJ67oo2vvTAOO8207iiK_YZVw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.88.0/21
178.130.132.0-178.130.143.255
Signature Algorithm: sha256WithRSAEncryption
97:bc:62:d9:5a:64:bc:28:90:df:2a:fa:25:e3:ab:cd:29:b4:
d0:80:8a:b3:af:7b:95:09:8f:4b:83:05:04:d3:88:b3:f5:6c:
98:d4:4a:5a:4d:d9:5f:c8:16:1f:db:f1:41:5c:f5:74:3c:1b:
ad:33:23:5c:97:9c:56:64:17:96:13:95:64:9f:4c:46:fe:28:
69:f4:42:c8:b1:2a:7f:32:12:c5:d3:ee:bd:fb:08:99:c8:ef:
c8:bd:d9:a9:0b:69:98:37:c5:36:07:58:57:f1:92:5e:dc:38:
3b:72:37:a5:42:c1:76:17:c0:65:90:a1:85:54:ac:cb:38:07:
44:f1:52:c1:31:74:c4:b2:1f:20:7e:ec:b3:c7:b6:10:41:39:
2e:f9:61:ec:f5:ee:de:55:1f:2a:f4:6e:34:90:c9:15:3e:1c:
97:06:72:df:ca:e2:16:1c:6e:a2:46:32:3c:08:a1:b1:69:e0:
55:67:d4:e4:17:d7:e4:4c:d0:5f:7c:58:82:98:a1:43:10:de:
bb:52:f6:d2:c4:cf:3d:a5:91:08:46:ad:13:b8:f8:f8:73:1b:
10:04:ed:25:19:5a:4d:2d:48:d0:9b:cf:02:be:70:3f:81:05:
df:36:f4:c1:d6:f9:0f:42:75:3d:52:06:4c:ef:b6:8f:c2:40:
35:13:83:81
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVfSWGXc2bdyMNwnJykq7gmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjIxMjI5MTkwODQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTI2MDllYmJhMjhkYWZiZDMwMGUzYmNkYjRlZTI4OGFmZDg2NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4HDTI61C+G5aNxDRMmpIWOVz+dQ
fBI5WpGQTX04xH+eVs2vl9tVekiW0gOarFsHD9bYg+bEE3BUJL4l6n1DDTJqW6W1
gRxOvTTfjPraWbVu07pfhmg22AQ6w1y3dZXJqRgZXngyUOKJK3SzIT3E9lfyv4mB
ska/5Isd/19FYKmcorGLEKLOwE/zl4oPhaI4QV54wcB8iRVhkONJpAik5B34znJx
pARpN4XJIv9F9gFYIZQzuzKizb9LABSOLqa6k0AUOwmWEiaelr+vrFZBVRoeoOKg
Xc0zuGbpEaVqDN80zj2p+0v/gF/Ly96nzXJDPE+MSWaJeNADnsXpubnEkwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFH4mCeu6KNr70wDjvNtO4oiv2GVcMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvZmlZSjY3b28ydnZUQU9PODIwN2lpS19ZWlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDbaxYMAwD
BAKygoQDBASygoAwDQYJKoZIhvcNAQELBQADggEBAJe8YtlaZLwokN8q+iXjq80p
tNCAirOve5UJj0uDBQTTiLP1bJjUSlpN2V/IFh/b8UFc9XQ8G60zI1yXnFZkF5YT
lWSfTEb+KGn0QsixKn8yEsXT7r37CJnI78i92akLaZg3xTYHWFfxkl7cODtyN6VC
wXYXwGWQoYVUrMs4B0TxUsExdMSyHyB+7LPHthBBOS75Yez17t5VHyr0bjSQyRU+
HJcGct/K4hYcbqJGMjwIobFp4FVn1OQX1+RM0F98WIKYoUMQ3rtS9tLEzz2lkQhG
rRO4+PhzGxAE7SUZWk0tSNCbzwK+cD+BBd829MHW+Q9CdT1SBkzvto/CQDUTg4E=
-----END CERTIFICATE-----
Generated at Fri Apr 18 20:27:47 2025 by rpki-client