Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/zSaUGf0dMCHQCjU_AwuEUeRMqyE.roa
File: zSaUGf0dMCHQCjU_AwuEUeRMqyE.roa (raw, json)
Hash identifier: GHQBbYoaWqx47jG03hC6OFp+9193mvbRXmuZZx24vo4=
Subject key identifier: CD:26:94:19:FD:1D:30:21:D0:0A:35:3F:03:0B:84:51:E4:4C:AB:21
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 01852F4EBF5810BFEBA7A3DF97AF1C0D6AD0
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/zSaUGf0dMCHQCjU_AwuEUeRMqyE.roa
Signing time: Tue 20 Dec 2022 11:32:47 +0000
ROA not before: Tue 20 Dec 2022 11:32:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 996
IP address blocks: 109.172.45.0/24 maxlen: 24
178.130.136.0/21 maxlen: 21
109.172.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2f:4e:bf:58:10:bf:eb:a7:a3:df:97:af:1c:0d:6a:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Dec 20 11:32:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cd269419fd1d3021d00a353f030b8451e44cab21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:5f:0a:3b:58:17:2e:64:c3:85:da:6a:00:28:
e7:d4:27:7e:74:3e:da:a0:09:af:d7:04:e2:c9:9f:
30:04:1d:02:5f:d1:69:b5:f9:00:b3:b1:7a:2d:dd:
ea:64:36:f6:ea:c5:c8:52:91:a6:0f:82:8f:b0:ee:
eb:e4:43:a5:fa:8c:40:9f:a6:c4:40:88:21:6e:9f:
b7:0d:23:07:8d:4c:e3:84:eb:a5:25:f9:76:a0:af:
f6:9b:2b:01:51:94:0e:1f:80:1b:6f:06:4d:67:72:
47:fc:c2:24:db:5d:8d:a6:54:64:1b:1e:e1:3d:16:
ec:c4:49:ae:b7:ba:c5:b6:0d:0f:f0:3e:d9:14:75:
cd:24:1c:1e:89:f4:86:07:04:6d:cc:17:c2:10:a7:
70:ad:4b:d3:96:95:ec:08:42:7f:95:f4:a9:d8:0b:
d8:13:59:50:78:15:e0:6b:21:01:2c:7a:7f:c0:6e:
b4:11:dd:8a:bf:38:00:90:f4:1e:e0:41:7b:32:09:
31:ff:a9:2f:92:77:b7:db:e2:d8:ac:89:bc:f0:e9:
28:37:08:32:86:97:25:9c:61:af:e2:ae:71:0f:a5:
b5:04:c6:78:c4:60:d7:c8:1e:e9:48:36:ac:fc:d4:
de:09:11:0f:65:4d:88:71:eb:2f:48:e2:67:08:be:
2a:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:26:94:19:FD:1D:30:21:D0:0A:35:3F:03:0B:84:51:E4:4C:AB:21
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/zSaUGf0dMCHQCjU_AwuEUeRMqyE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.45.0/24
109.172.74.0/24
178.130.136.0/21
Signature Algorithm: sha256WithRSAEncryption
30:96:e9:2b:53:db:ab:59:25:d2:0c:40:fd:9d:3e:0a:65:ab:
77:c7:e5:90:45:41:66:aa:d3:5c:2d:2d:c2:f0:5a:e7:04:c4:
3c:99:27:25:eb:76:9b:1a:c1:78:d4:84:0e:a8:81:58:04:a3:
5d:60:e7:ca:2c:82:96:bb:0c:61:7a:23:e7:aa:79:36:d2:e0:
e8:f6:9d:d4:f4:6a:b0:87:8b:22:6d:c6:21:3c:e8:cd:01:0d:
c0:10:28:e0:50:f5:8d:0b:b2:d4:33:c2:3f:4d:0c:22:4b:93:
c4:c6:f3:1f:4e:2b:b4:24:18:e6:c9:ba:8b:ab:be:9d:7f:84:
82:c6:43:44:fb:70:27:8e:5e:54:f0:4d:2f:cb:8b:1e:5d:b8:
08:98:79:64:03:f0:2d:0e:7a:43:73:39:dd:ee:e4:a6:72:63:
1f:aa:e1:73:2b:7d:f7:e5:88:be:5b:17:65:96:57:d9:78:02:
52:46:2d:df:7d:1a:3e:19:08:96:18:4d:c0:9b:51:e2:e2:63:
0a:87:dd:84:71:97:ea:ee:2c:52:42:ef:34:af:df:d6:80:65:
e5:ff:a1:3e:c4:65:e5:f8:7f:a7:18:66:bd:b3:ae:ad:83:bf:
34:fe:13:aa:b4:8e:62:60:d5:c8:b2:af:47:25:90:4f:69:56:
4c:89:cd:16
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYUvTr9YEL/rp6Pfl68cDWrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjIxMjIwMTEzMjQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDI2OTQxOWZkMWQzMDIxZDAwYTM1M2YwMzBiODQ1MWU0NGNhYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF8KO1gXLmTDhdpqACjn1Cd+dD7a
oAmv1wTiyZ8wBB0CX9FptfkAs7F6Ld3qZDb26sXIUpGmD4KPsO7r5EOl+oxAn6bE
QIghbp+3DSMHjUzjhOulJfl2oK/2mysBUZQOH4AbbwZNZ3JH/MIk212NplRkGx7h
PRbsxEmut7rFtg0P8D7ZFHXNJBweifSGBwRtzBfCEKdwrUvTlpXsCEJ/lfSp2AvY
E1lQeBXgayEBLHp/wG60Ed2KvzgAkPQe4EF7Mgkx/6kvkne32+LYrIm88OkoNwgy
hpclnGGv4q5xD6W1BMZ4xGDXyB7pSDas/NTeCREPZU2IcesvSOJnCL4qHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM0mlBn9HTAh0Ao1PwMLhFHkTKshMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvelNhVUdmMGRNQ0hRQ2pVX0F3dUVVZVJNcXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbawtAwQA
baxKAwQDsoKIMA0GCSqGSIb3DQEBCwUAA4IBAQAwlukrU9urWSXSDED9nT4KZat3
x+WQRUFmqtNcLS3C8FrnBMQ8mScl63abGsF41IQOqIFYBKNdYOfKLIKWuwxheiPn
qnk20uDo9p3U9Gqwh4sibcYhPOjNAQ3AECjgUPWNC7LUM8I/TQwiS5PExvMfTiu0
JBjmybqLq76df4SCxkNE+3Anjl5U8E0vy4seXbgImHlkA/AtDnpDcznd7uSmcmMf
quFzK3335Yi+WxdlllfZeAJSRi3ffRo+GQiWGE3Am1Hi4mMKh92EcZfq7ixSQu80
r9/WgGXl/6E+xGXl+H+nGGa9s66tg780/hOqtI5iYNXIsq9HJZBPaVZMic0W
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org