Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/lgDt-Szvy88ZNKO4mx6gHDvv-fE.roa
File: lgDt-Szvy88ZNKO4mx6gHDvv-fE.roa (raw, json)
Hash identifier: i2AT/6NMdEc071Ok/mnYG6XbO2QBs3MR8hOVTtnoP+w=
Subject key identifier: 96:00:ED:F9:2C:EF:CB:CF:19:34:A3:B8:9B:1E:A0:1C:3B:EF:F9:F1
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018A3C3FA92C07C16C7E2FB900EFBFDCAAAD
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/lgDt-Szvy88ZNKO4mx6gHDvv-fE.roa
Signing time: Mon 28 Aug 2023 13:05:19 +0000
ROA not before: Mon 28 Aug 2023 13:05:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 178.130.132.0/22 maxlen: 22
109.172.88.0/22 maxlen: 22
109.172.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:3c:3f:a9:2c:07:c1:6c:7e:2f:b9:00:ef:bf:dc:aa:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Aug 28 13:05:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9600edf92cefcbcf1934a3b89b1ea01c3beff9f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:19:26:d9:b4:d5:10:e4:91:9f:41:84:5b:45:
f3:f5:50:59:20:1c:56:2f:c6:ec:14:f8:0e:b1:49:
73:a5:e3:47:63:bc:df:b2:06:5e:30:75:69:73:d4:
de:ea:4b:8d:9a:2a:73:4a:50:b1:52:d3:2b:cb:30:
73:7b:83:2e:9f:41:02:46:94:d0:33:04:28:36:d4:
cd:86:d0:ea:79:56:2c:10:f2:21:b7:ba:29:34:7c:
f7:98:02:7b:9b:e9:5f:6e:47:52:6f:20:23:dd:dd:
63:90:84:b9:9e:14:3b:fd:ff:f8:3f:b8:89:ee:fc:
da:57:84:dc:43:44:c2:d5:81:3f:79:87:a3:92:03:
1d:59:f4:aa:3d:59:2f:fd:17:77:d8:f3:e5:b8:2e:
40:79:bb:9c:fc:b8:c8:b9:65:4d:64:f0:d9:af:21:
e2:3d:69:b3:de:a6:1a:f3:e7:bb:d3:05:e8:a4:c1:
cd:2f:93:47:3c:c6:8d:2b:22:fa:b3:18:a7:0a:45:
da:f3:42:22:e7:6d:7d:f3:b7:b0:9a:0f:40:ff:0b:
c4:1a:8d:15:ac:0d:87:e0:0b:41:eb:54:dd:03:33:
0c:64:8d:a0:ee:9a:d0:95:4f:7b:e6:c8:fa:5a:8b:
4e:c9:ae:95:ab:5b:25:6c:e4:82:ce:68:9d:6a:5c:
33:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:00:ED:F9:2C:EF:CB:CF:19:34:A3:B8:9B:1E:A0:1C:3B:EF:F9:F1
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/lgDt-Szvy88ZNKO4mx6gHDvv-fE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.88.0/21
178.130.132.0/22
Signature Algorithm: sha256WithRSAEncryption
6f:20:a1:b7:8e:c9:b2:e7:dc:f9:a4:b7:cd:8e:38:61:93:5a:
9d:e1:07:ef:17:6f:23:9e:86:39:8a:86:36:ce:81:95:b1:5c:
8d:7a:b1:2a:a2:cc:26:2d:44:b3:dc:53:a0:87:c0:85:a6:25:
52:7e:44:4b:e9:54:ce:36:d0:e3:ae:02:df:54:30:65:63:26:
b0:dd:20:99:21:70:a2:9d:1b:c1:ba:0c:ac:ad:c7:59:65:f2:
b3:ce:e2:f2:9d:ec:16:e2:dc:27:cd:53:bd:3f:13:f5:61:b9:
f5:d5:e7:7f:b9:0f:39:5b:a2:4e:ee:3e:f6:ff:dc:02:b8:ae:
fa:f8:ee:9b:9f:bb:d8:78:c7:db:de:a4:fa:81:a1:8b:df:eb:
68:05:57:d6:3d:7e:5d:ba:13:0f:7a:c8:e5:ba:42:9d:77:fb:
40:73:5f:57:9a:b4:a0:93:f2:65:8d:40:5f:8c:4b:01:f0:b5:
d0:40:8a:4a:25:3e:5e:61:31:86:83:ac:16:a8:c0:6e:a7:7d:
95:f7:80:e4:f9:b8:78:f7:9a:91:da:24:ce:52:83:86:37:bc:
9e:82:ba:20:91:d4:72:e4:6d:0d:fb:8f:fb:2d:c8:ea:09:90:
4a:64:37:f4:2f:15:1b:6f:3c:46:d0:29:3a:25:21:30:4a:02:
b8:2f:0c:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYo8P6ksB8Fsfi+5AO+/3KqtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwODI4MTMwNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjAwZWRmOTJjZWZjYmNmMTkzNGEzYjg5YjFlYTAxYzNiZWZmOWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhkm2bTVEOSRn0GEW0Xz9VBZIBxW
L8bsFPgOsUlzpeNHY7zfsgZeMHVpc9Te6kuNmipzSlCxUtMryzBze4Mun0ECRpTQ
MwQoNtTNhtDqeVYsEPIht7opNHz3mAJ7m+lfbkdSbyAj3d1jkIS5nhQ7/f/4P7iJ
7vzaV4TcQ0TC1YE/eYejkgMdWfSqPVkv/Rd32PPluC5Aebuc/LjIuWVNZPDZryHi
PWmz3qYa8+e70wXopMHNL5NHPMaNKyL6sxinCkXa80Ii521987ewmg9A/wvEGo0V
rA2H4AtB61TdAzMMZI2g7prQlU975sj6WotOya6Vq1slbOSCzmidalwzBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJYA7fks78vPGTSjuJseoBw77/nxMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvbGdEdC1TenZ5ODhaTktPNG14NmdIRHZ2LWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbaxYAwQC
soKEMA0GCSqGSIb3DQEBCwUAA4IBAQBvIKG3jsmy59z5pLfNjjhhk1qd4QfvF28j
noY5ioY2zoGVsVyNerEqoswmLUSz3FOgh8CFpiVSfkRL6VTONtDjrgLfVDBlYyaw
3SCZIXCinRvBugysrcdZZfKzzuLynewW4twnzVO9PxP1Ybn11ed/uQ85W6JO7j72
/9wCuK76+O6bn7vYeMfb3qT6gaGL3+toBVfWPX5duhMPesjlukKdd/tAc19XmrSg
k/JljUBfjEsB8LXQQIpKJT5eYTGGg6wWqMBup32V94Dk+bh495qR2iTOUoOGN7ye
grogkdRy5G0N+4/7LcjqCZBKZDf0LxUbbzxG0Ck6JSEwSgK4LwwW
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:02 2024 by rpki-client on console-ams.rpki-client.org