Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/wVq3sTUSNIM0hH7Y6JGoFGXwVu8.roa
File: wVq3sTUSNIM0hH7Y6JGoFGXwVu8.roa (raw, json)
Hash identifier: Atu46Z2pugi/SrR1iC+3idX7pL3xSUZcyBLr/ff4lis=
Subject key identifier: C1:5A:B7:B1:35:12:34:83:34:84:7E:D8:E8:91:A8:14:65:F0:56:EF
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018CC348BAA977EB6CF0CF366229A2242A73
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/wVq3sTUSNIM0hH7Y6JGoFGXwVu8.roa
Signing time: Mon 01 Jan 2024 04:29:32 +0000
ROA not before: Mon 01 Jan 2024 04:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34665
IP address blocks: 109.172.87.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:ba:a9:77:eb:6c:f0:cf:36:62:29:a2:24:2a:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Jan 1 04:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c15ab7b13512348334847ed8e891a81465f056ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:81:5a:29:77:ce:8d:09:3d:72:f5:b2:9b:b9:
40:6f:64:b9:c3:0f:9f:36:4e:47:6c:d1:b4:85:89:
a3:d5:a5:05:98:82:17:97:8d:ad:d8:c9:0b:4b:77:
75:3f:a5:aa:93:10:69:a9:a7:71:04:b4:ea:c6:94:
04:a3:34:df:1a:d1:34:09:66:94:71:4c:4d:8d:a9:
9b:7f:77:77:ac:b3:5d:d7:39:ed:56:3c:4d:6c:47:
7b:d3:1f:8a:9f:1a:c7:58:7b:88:64:b4:04:29:1e:
14:ef:b5:18:03:4f:1e:71:9f:6c:e4:4f:0b:b9:25:
cf:da:fd:ee:6b:6e:45:d7:69:20:e2:58:cc:d4:26:
e8:ec:92:77:92:a0:1a:77:64:32:f6:a4:c2:7b:24:
97:69:6c:24:63:15:f8:ed:2e:25:99:56:e9:64:3c:
28:56:98:6b:08:9b:35:6d:b7:10:59:84:fc:75:91:
41:90:40:0d:31:9a:f1:73:7f:71:ee:76:c0:a6:c0:
dc:33:51:af:90:78:4b:51:4e:5b:60:56:76:78:f7:
a0:60:6f:90:00:1f:a8:5d:99:a5:f0:a1:9d:7a:fe:
93:4a:88:74:3a:7d:a8:c6:c2:66:b7:39:f5:eb:db:
85:89:ca:8b:be:ce:6b:b9:3d:ae:90:96:2a:f8:96:
e9:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:5A:B7:B1:35:12:34:83:34:84:7E:D8:E8:91:A8:14:65:F0:56:EF
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/wVq3sTUSNIM0hH7Y6JGoFGXwVu8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.87.0/24
Signature Algorithm: sha256WithRSAEncryption
89:f6:5b:26:b6:8c:4e:61:ef:a7:c4:b1:d2:58:29:8a:85:f0:
5b:31:94:25:34:a2:b0:04:3c:46:63:04:0f:b3:80:1d:14:19:
62:1a:e9:51:51:8a:89:96:3d:9e:cb:7d:72:54:81:73:3a:a4:
bd:8b:f1:ba:92:b0:ae:90:c3:d3:2e:72:05:cd:42:b3:30:14:
d5:51:64:3d:55:31:c4:b7:56:95:61:39:cc:11:7b:39:a7:54:
00:df:73:db:81:e7:b9:06:54:98:91:5d:2d:56:f6:d0:36:38:
d6:a8:cd:dd:8c:41:42:47:ab:f9:13:30:3a:3c:8d:1e:67:0d:
9f:81:49:64:43:38:c2:e8:10:7f:9c:4e:ed:96:6e:cd:88:c8:
c7:bd:61:2b:de:4b:4b:75:da:25:c3:c8:90:5e:d3:64:3b:60:
76:ce:84:6c:a7:5a:d2:c9:d7:d5:50:62:76:2a:83:77:b2:be:
71:3b:d8:3f:09:f1:0d:b6:eb:9c:0f:de:55:85:18:d2:8e:29:
fa:98:8a:c8:db:4f:d6:85:c6:77:41:8a:01:93:87:e0:d1:e1:
e7:37:3f:46:e4:e7:d6:27:d1:46:97:f4:87:c5:16:4b:bd:88:
54:12:f0:ee:b5:e3:20:f7:24:58:95:c4:8a:38:c6:c5:f5:f5:
a7:21:86:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLqpd+ts8M82YimiJCpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTVhYjdiMTM1MTIzNDgzMzQ4NDdlZDhlODkxYTgxNDY1ZjA1NmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4FaKXfOjQk9cvWym7lAb2S5ww+f
Nk5HbNG0hYmj1aUFmIIXl42t2MkLS3d1P6WqkxBpqadxBLTqxpQEozTfGtE0CWaU
cUxNjambf3d3rLNd1zntVjxNbEd70x+KnxrHWHuIZLQEKR4U77UYA08ecZ9s5E8L
uSXP2v3ua25F12kg4ljM1Cbo7JJ3kqAad2Qy9qTCeySXaWwkYxX47S4lmVbpZDwo
VphrCJs1bbcQWYT8dZFBkEANMZrxc39x7nbApsDcM1GvkHhLUU5bYFZ2ePegYG+Q
AB+oXZml8KGdev6TSoh0On2oxsJmtzn169uFicqLvs5ruT2ukJYq+JbpAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFat7E1EjSDNIR+2OiRqBRl8FbvMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvd1ZxM3NUVVNOSU0waEg3WTZKR29GR1h3VnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbaxXMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ9lsmtoxOYe+nxLHSWCmKhfBbMZQlNKKwBDxGYwQP
s4AdFBliGulRUYqJlj2ey31yVIFzOqS9i/G6krCukMPTLnIFzUKzMBTVUWQ9VTHE
t1aVYTnMEXs5p1QA33Pbgee5BlSYkV0tVvbQNjjWqM3djEFCR6v5EzA6PI0eZw2f
gUlkQzjC6BB/nE7tlm7NiMjHvWEr3ktLddolw8iQXtNkO2B2zoRsp1rSydfVUGJ2
KoN3sr5xO9g/CfENtuucD95VhRjSjin6mIrI20/WhcZ3QYoBk4fg0eHnNz9G5OfW
J9FGl/SHxRZLvYhUEvDuteMg9yRYlcSKOMbF9fWnIYb6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:02 2024 by rpki-client on console-ams.rpki-client.org