Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/hjDU947uClvgobTfLrOCeHUUcOQ.roa
File: hjDU947uClvgobTfLrOCeHUUcOQ.roa (raw, json)
Hash identifier: lzSy6K815AzMOuDvzjHKtmVDbkZ91xi/mhJRxWx3n64=
Subject key identifier: 86:30:D4:F7:8E:EE:0A:5B:E0:A1:B4:DF:2E:B3:82:78:75:14:70:E4
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018CC348BC0A8F5879B0F1AF1E12A2556452
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/hjDU947uClvgobTfLrOCeHUUcOQ.roa
Signing time: Mon 01 Jan 2024 04:29:32 +0000
ROA not before: Mon 01 Jan 2024 04:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207967
IP address blocks: 178.130.132.0/22 maxlen: 22
109.172.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:bc:0a:8f:58:79:b0:f1:af:1e:12:a2:55:64:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Jan 1 04:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8630d4f78eee0a5be0a1b4df2eb38278751470e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:11:89:86:7f:1a:34:e8:26:ed:6a:4f:6b:04:
3d:ad:99:f3:81:03:1f:d9:df:35:df:88:c6:81:39:
be:76:53:03:16:07:b1:44:84:d7:46:60:80:d3:78:
8e:be:49:54:f1:f1:5f:ab:db:92:ed:78:27:1e:d2:
2e:68:e3:f0:43:16:21:b9:af:36:9a:cd:01:41:69:
94:c0:84:b3:8a:b4:72:45:e3:52:19:cb:71:20:86:
42:66:66:84:1d:a7:82:20:01:4f:52:c6:75:33:5e:
38:7f:06:18:03:c2:4e:62:78:c7:aa:a4:07:60:06:
0d:ef:87:9d:01:b3:01:0f:f7:49:3e:8c:ca:13:d1:
86:b9:cb:b0:ef:95:5d:12:7d:ca:b9:c3:2a:b9:15:
5f:3b:a1:d1:2b:9b:98:e5:8c:bb:cf:f7:bc:ce:8a:
66:d9:19:3d:98:c1:c3:54:7a:fd:91:a3:f2:b1:ef:
1a:fa:b8:20:4a:31:2c:66:14:ba:d5:aa:ce:bf:19:
e9:fa:a2:62:3d:a7:96:ae:21:bc:13:82:52:42:ab:
90:6f:22:32:94:bb:21:66:34:7d:3e:16:b9:ed:39:
02:e3:bb:b0:15:29:b5:f8:1a:db:b6:e8:9c:60:78:
b6:97:01:cb:b5:aa:38:c7:c1:b1:55:d2:7f:af:e4:
13:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:30:D4:F7:8E:EE:0A:5B:E0:A1:B4:DF:2E:B3:82:78:75:14:70:E4
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/hjDU947uClvgobTfLrOCeHUUcOQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.92.0/22
178.130.132.0/22
Signature Algorithm: sha256WithRSAEncryption
86:5a:a1:3e:f1:0f:fc:37:5d:ed:41:66:c0:e5:78:ac:9e:2b:
38:8f:35:fc:73:14:19:fa:57:7f:cc:c8:a9:ed:d4:8a:ae:86:
92:7f:90:8d:45:44:c2:f3:c0:2d:a2:d1:8f:b4:c0:c4:b0:4d:
59:11:bf:fa:48:a6:25:82:12:0a:00:8f:20:6e:f1:12:d9:31:
fa:eb:63:bc:b2:71:86:76:d9:c4:62:3a:c0:64:a1:68:b6:ef:
8c:e6:2e:c2:a9:82:bc:a6:dd:cf:0b:cd:b5:4a:ca:8b:66:07:
ec:62:2e:2f:a0:37:c1:12:16:58:78:a7:b6:23:6b:54:75:01:
c1:ac:21:1c:4a:f2:76:83:45:6e:59:51:ae:ab:e2:2a:48:7e:
6e:3f:71:3f:e4:c0:be:84:b0:04:7a:71:94:f1:2f:93:50:d7:
4e:95:75:b4:2a:bf:55:b5:70:de:a0:cd:fd:c9:7f:c7:41:95:
0e:c0:e7:57:b8:35:2d:93:0b:2c:6a:c1:78:f8:58:a6:ff:8d:
1d:48:94:0e:b9:e4:92:26:0a:5b:f9:02:fa:23:28:a9:03:d3:
3d:15:14:6f:7b:7a:bd:b0:08:55:b9:d9:90:2d:e0:7a:f8:3b:
70:64:8a:e2:af:b8:a8:c5:7f:d5:ac:72:55:3e:41:4f:71:0c:
0d:bd:ca:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSLwKj1h5sPGvHhKiVWRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjMwZDRmNzhlZWUwYTViZTBhMWI0ZGYyZWIzODI3ODc1MTQ3MGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBGJhn8aNOgm7WpPawQ9rZnzgQMf
2d8134jGgTm+dlMDFgexRITXRmCA03iOvklU8fFfq9uS7XgnHtIuaOPwQxYhua82
ms0BQWmUwISzirRyReNSGctxIIZCZmaEHaeCIAFPUsZ1M144fwYYA8JOYnjHqqQH
YAYN74edAbMBD/dJPozKE9GGucuw75VdEn3KucMquRVfO6HRK5uY5Yy7z/e8zopm
2Rk9mMHDVHr9kaPyse8a+rggSjEsZhS61arOvxnp+qJiPaeWriG8E4JSQquQbyIy
lLshZjR9Pha57TkC47uwFSm1+BrbtuicYHi2lwHLtao4x8GxVdJ/r+QTRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIYw1PeO7gpb4KG03y6zgnh1FHDkMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvaGpEVTk0N3VDbHZnb2JUZkxyT0NlSFVVY09RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbaxcAwQC
soKEMA0GCSqGSIb3DQEBCwUAA4IBAQCGWqE+8Q/8N13tQWbA5Xisnis4jzX8cxQZ
+ld/zMip7dSKroaSf5CNRUTC88AtotGPtMDEsE1ZEb/6SKYlghIKAI8gbvES2TH6
62O8snGGdtnEYjrAZKFotu+M5i7CqYK8pt3PC821SsqLZgfsYi4voDfBEhZYeKe2
I2tUdQHBrCEcSvJ2g0VuWVGuq+IqSH5uP3E/5MC+hLAEenGU8S+TUNdOlXW0Kr9V
tXDeoM39yX/HQZUOwOdXuDUtkwssasF4+Fim/40dSJQOueSSJgpb+QL6IyipA9M9
FRRve3q9sAhVudmQLeB6+DtwZIrir7ioxX/VrHJVPkFPcQwNvcqB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org