Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/SmYYCyc9Kx6TvRjfOJxNM8zStOM.roa
File: SmYYCyc9Kx6TvRjfOJxNM8zStOM.roa (raw, json)
Hash identifier: 4Uyv3TlYxxyUjHRY/LP0l3dR20BtDaHXW72x6XyIaGo=
Subject key identifier: 4A:66:18:0B:27:3D:2B:1E:93:BD:18:DF:38:9C:4D:33:CC:D2:B4:E3
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 0327D822
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/SmYYCyc9Kx6TvRjfOJxNM8zStOM.roa
Signing time: Sat 01 Jan 2022 12:02:33 +0000
ROA not before: Sat 01 Jan 2022 12:02:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59854
IP address blocks: 37.156.33.0/24 maxlen: 24
37.156.32.0/24 maxlen: 24
37.156.32.0/23 maxlen: 24
188.215.36.0/24 maxlen: 24
86.105.187.0/24 maxlen: 24
89.40.21.0/24 maxlen: 24
86.105.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 52942882 (0x327d822)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: Jan 1 12:02:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4a66180b273d2b1e93bd18df389c4d33ccd2b4e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:37:c7:e4:5d:4c:c4:44:bb:92:b9:24:28:8b:
a6:ce:95:54:b2:71:f4:c8:70:cd:11:b8:0c:62:da:
93:43:17:d8:a8:01:a0:56:08:d1:ff:8f:b9:f1:c9:
52:4b:1d:6c:b1:d3:f9:ff:73:5f:87:2f:1a:d3:93:
95:cc:57:75:b4:02:b3:1b:0c:59:d0:9d:22:bd:8c:
48:91:67:f2:10:fc:aa:99:8b:a1:17:48:2d:4a:04:
a4:39:2a:65:b0:d0:17:fc:cc:91:58:3a:2f:7d:63:
0f:16:51:ed:23:8e:4f:53:1c:be:ab:3f:99:5b:1a:
0f:a2:04:35:e3:df:be:7d:bc:06:ee:b0:42:f6:54:
d8:b9:6c:39:c5:c1:6b:4e:22:44:12:62:b0:aa:5a:
57:9f:c1:a5:99:7b:68:cc:cd:4f:24:c4:cb:c7:ec:
19:30:9c:f2:6c:3e:09:6e:1a:99:5e:57:cd:4d:13:
ff:1d:33:c3:c3:a9:d6:ac:91:23:63:e2:cb:ac:4e:
61:4c:d6:c8:f5:89:45:b3:63:9d:6e:ea:45:48:0f:
3e:45:d1:13:57:a8:84:49:91:df:3a:4c:4f:b6:dd:
3b:10:96:c8:b6:e8:b8:7d:fa:e9:72:33:36:17:89:
78:d8:f6:63:3e:db:00:b7:db:5e:58:2b:12:eb:9c:
ba:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:66:18:0B:27:3D:2B:1E:93:BD:18:DF:38:9C:4D:33:CC:D2:B4:E3
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/SmYYCyc9Kx6TvRjfOJxNM8zStOM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.32.0/23
86.105.187.0/24
86.105.215.0/24
89.40.21.0/24
188.215.36.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:05:56:e5:ae:00:b7:37:40:da:60:70:ff:e6:b3:70:cd:0f:
ce:bd:03:19:1f:d4:59:68:a8:df:00:1a:10:e9:52:60:51:cb:
86:90:1a:5b:c8:a4:96:ee:45:e2:d1:a8:67:67:ca:4a:e2:f0:
1d:d1:7f:a2:0f:85:cf:cf:df:98:f9:96:65:28:2f:c0:16:b4:
87:96:71:c1:4a:d6:35:1c:73:6d:6a:5b:cd:88:49:06:22:b1:
bc:89:03:12:1a:c8:75:80:1f:f9:a2:c6:c7:52:ac:94:88:f7:
c2:79:a4:66:ca:26:f9:44:f0:44:81:69:e1:fd:c2:c1:a7:3a:
fe:5e:80:3a:27:b4:0a:94:a6:df:57:c9:f1:a3:8a:61:27:63:
2d:29:60:98:33:7e:62:41:15:de:73:a6:61:f7:6d:08:42:84:
13:14:86:32:f0:a1:7c:c1:ec:89:50:c1:a0:f3:b9:55:6a:96:
9c:6c:4b:88:bb:03:99:c3:7b:7d:59:fd:86:12:ab:63:90:b5:
ef:fb:ed:2c:d9:e8:66:0d:0d:f9:3f:5c:05:dd:91:0d:7a:74:
f9:e6:ce:45:97:09:a0:89:68:cd:b1:3a:0b:3a:34:19:f1:18:
e8:8f:5e:46:35:fa:dd:78:e9:5d:15:81:33:1f:1b:39:8f:90:
3a:7f:2e:c6
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEAyfYIjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MDhhZjQ4NWI0ZmQwZjAzNzE3Y2Q0YTcwOWVmMTFjNjFkM2VmNDZlMB4XDTIyMDEw
MTEyMDIzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGE2NjE4MGIyNzNk
MmIxZTkzYmQxOGRmMzg5YzRkMzNjY2QyYjRlMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALA3x+RdTMREu5K5JCiLps6VVLJx9MhwzRG4DGLak0MX2KgB
oFYI0f+PufHJUksdbLHT+f9zX4cvGtOTlcxXdbQCsxsMWdCdIr2MSJFn8hD8qpmL
oRdILUoEpDkqZbDQF/zMkVg6L31jDxZR7SOOT1Mcvqs/mVsaD6IENePfvn28Bu6w
QvZU2LlsOcXBa04iRBJisKpaV5/BpZl7aMzNTyTEy8fsGTCc8mw+CW4amV5XzU0T
/x0zw8Op1qyRI2Piy6xOYUzWyPWJRbNjnW7qRUgPPkXRE1eohEmR3zpMT7bdOxCW
yLbouH366XIzNheJeNj2Yz7bALfbXlgrEuucusMCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBRKZhgLJz0rHpO9GN84nE0zzNK04zAfBgNVHSMEGDAWgBRAivSFtP0PA3F8
1KcJ7xHGHT70bjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FJcjBoYlQ5RHdOeGZOU25DZThSeGgwLTlHNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzYvZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8x
L1NtWVlDeWM5S3g2VHZSamZPSnhOTTh6U3RPTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzYv
ZTExNzFjLTUyNzAtNDljZC05Mzc5LWI5NWIwOGEyM2FlMS8xL1FJcjBoYlQ5RHdO
eGZOU25DZThSeGgwLTlHNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEASWcIAMEAFZpuwMEAFZp1wMEAFko
FQMEALzXJDANBgkqhkiG9w0BAQsFAAOCAQEAmwVW5a4AtzdA2mBw/+azcM0Pzr0D
GR/UWWio3wAaEOlSYFHLhpAaW8iklu5F4tGoZ2fKSuLwHdF/og+Fz8/fmPmWZSgv
wBa0h5ZxwUrWNRxzbWpbzYhJBiKxvIkDEhrIdYAf+aLGx1KslIj3wnmkZsom+UTw
RIFp4f3Cwac6/l6AOie0CpSm31fJ8aOKYSdjLSlgmDN+YkEV3nOmYfdtCEKEExSG
MvChfMHsiVDBoPO5VWqWnGxLiLsDmcN7fVn9hhKrY5C17/vtLNnoZg0N+T9cBd2R
DXp0+ebORZcJoIlozbE6Czo0GfEY6I9eRjX63XjpXRWBMx8bOY+QOn8uxg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:36 2023 by rpki-client on console-fra.rpki-client.org