Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/hrAH-_isfYWc8Y3sP2aLfd4yn0A.roa
File: hrAH-_isfYWc8Y3sP2aLfd4yn0A.roa (raw, json)
Hash identifier: fkGGzK87AyWHQZhJlL3Bd4tabo2sn7B/kYKSFKp8D2U=
Subject key identifier: 86:B0:07:FB:F8:AC:7D:85:9C:F1:8D:EC:3F:66:8B:7D:DE:32:9F:40
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018677FE9078AA64CFD563151465DB7D9846
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/hrAH-_isfYWc8Y3sP2aLfd4yn0A.roa
Signing time: Wed 22 Feb 2023 07:20:17 +0000
ROA not before: Wed 22 Feb 2023 07:20:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50738
IP address blocks: 87.117.150.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:77:fe:90:78:aa:64:cf:d5:63:15:14:65:db:7d:98:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Feb 22 07:20:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=86b007fbf8ac7d859cf18dec3f668b7dde329f40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:47:5b:63:51:52:ed:50:cc:60:3d:ec:3c:99:
7e:58:ca:2b:22:80:82:4b:18:e9:29:64:45:4b:fd:
74:b8:67:f6:83:3c:b4:14:1a:e4:36:17:45:db:9b:
4e:9a:19:ab:22:b1:30:ab:1e:97:6f:52:67:5a:d3:
31:0b:31:1e:5a:46:a0:17:e1:99:0c:a1:70:cf:7f:
9a:f6:1a:0f:11:f2:7a:01:cb:d2:9d:47:6e:ba:bb:
f7:05:c8:20:d4:8c:33:8a:f5:34:73:fb:85:b2:02:
e5:1a:c1:f1:f2:c2:1e:4e:9b:41:cf:d4:d6:1f:11:
4e:1d:a6:bf:a7:47:40:2c:d1:19:53:73:2a:f4:28:
fe:43:53:53:82:4e:99:53:52:3c:cc:b2:bc:62:b2:
ff:39:9e:17:89:8e:b7:61:9e:1c:be:82:ce:7d:23:
3b:23:68:ef:25:b7:53:05:59:d4:34:e8:36:55:1c:
87:28:ab:a5:5c:b5:d6:fd:01:18:da:5b:26:91:12:
c9:a9:50:7c:98:36:08:c5:02:f3:11:f3:d0:46:7d:
0b:9b:b5:af:74:29:4b:1d:94:04:27:ea:9c:e6:09:
c4:0e:a9:12:6b:9a:a2:53:9d:2e:8e:3d:4b:91:8b:
87:e1:e9:5b:3d:56:c7:17:b9:81:65:26:54:6f:97:
d4:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:B0:07:FB:F8:AC:7D:85:9C:F1:8D:EC:3F:66:8B:7D:DE:32:9F:40
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/hrAH-_isfYWc8Y3sP2aLfd4yn0A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.117.150.0/24
Signature Algorithm: sha256WithRSAEncryption
76:69:78:ee:3e:71:eb:7f:3d:ef:d2:94:cc:0b:be:09:84:69:
a1:11:56:b2:8f:46:64:ee:87:4b:08:27:46:f8:b1:9f:b1:57:
60:97:34:a9:6d:8a:dc:88:f6:cc:25:1d:c8:43:bb:d3:02:bc:
91:b5:2b:51:56:3d:a0:99:9a:49:a8:00:21:28:af:e4:f7:e6:
22:e4:67:f1:44:54:7a:5f:e0:e7:2e:d5:b3:7e:54:7e:91:5f:
95:80:04:2d:4e:45:e7:91:d2:c6:f1:a7:46:1d:b5:de:68:6f:
67:2f:15:4d:2d:72:0a:d1:dd:86:33:be:42:3d:b7:95:ce:db:
e0:5e:5b:ba:0d:95:ec:93:4d:a4:24:98:45:23:0d:16:19:73:
1b:2f:cc:c2:d6:01:04:73:0b:da:f8:90:4e:57:82:5c:11:0d:
e3:79:40:28:60:73:c4:bf:5f:f8:59:7a:3c:9d:7a:f6:f2:c4:
08:74:b0:72:29:09:43:23:37:3f:a8:3c:c9:37:15:28:1b:ea:
58:c1:c1:1d:8b:e5:d2:d6:8f:6d:3c:c7:bd:ed:8d:fa:67:19:
94:dd:8a:3e:31:46:b4:35:ba:34:51:e0:fe:8a:b4:1c:ad:12:
0b:9e:ff:5a:b1:31:7b:2b:22:5f:20:47:86:d9:61:39:4b:5d:
9b:a9:8d:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYZ3/pB4qmTP1WMVFGXbfZhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMjIyMDcyMDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIwMDdmYmY4YWM3ZDg1OWNmMThkZWMzZjY2OGI3ZGRlMzI5ZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskdbY1FS7VDMYD3sPJl+WMorIoCC
SxjpKWRFS/10uGf2gzy0FBrkNhdF25tOmhmrIrEwqx6Xb1JnWtMxCzEeWkagF+GZ
DKFwz3+a9hoPEfJ6AcvSnUduurv3Bcgg1IwzivU0c/uFsgLlGsHx8sIeTptBz9TW
HxFOHaa/p0dALNEZU3Mq9Cj+Q1NTgk6ZU1I8zLK8YrL/OZ4XiY63YZ4cvoLOfSM7
I2jvJbdTBVnUNOg2VRyHKKulXLXW/QEY2lsmkRLJqVB8mDYIxQLzEfPQRn0Lm7Wv
dClLHZQEJ+qc5gnEDqkSa5qiU50ujj1LkYuH4elbPVbHF7mBZSZUb5fUAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIawB/v4rH2FnPGN7D9mi33eMp9AMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvaHJBSC1faXNmWVdjOFkzc1AyYUxmZDR5bjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3WWMA0G
CSqGSIb3DQEBCwUAA4IBAQB2aXjuPnHrfz3v0pTMC74JhGmhEVayj0Zk7odLCCdG
+LGfsVdglzSpbYrciPbMJR3IQ7vTAryRtStRVj2gmZpJqAAhKK/k9+Yi5GfxRFR6
X+DnLtWzflR+kV+VgAQtTkXnkdLG8adGHbXeaG9nLxVNLXIK0d2GM75CPbeVztvg
Xlu6DZXsk02kJJhFIw0WGXMbL8zC1gEEcwva+JBOV4JcEQ3jeUAoYHPEv1/4WXo8
nXr28sQIdLByKQlDIzc/qDzJNxUoG+pYwcEdi+XS1o9tPMe97Y36ZxmU3Yo+MUa0
Nbo0UeD+irQcrRILnv9asTF7KyJfIEeG2WE5S12bqY1E
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org