Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/37cJ25RO3rw3ydUEFZhMHrfKIvE.roa
File: 37cJ25RO3rw3ydUEFZhMHrfKIvE.roa (raw, json)
Hash identifier: dhLIn9QhjtT/nbj/nDJ8JnBx0NfX0L4bxNX4E0b2JdU=
Subject key identifier: DF:B7:09:DB:94:4E:DE:BC:37:C9:D5:04:15:98:4C:1E:B7:CA:22:F1
Certificate issuer: /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial: 0184EBC534834D2324F769BD137629983109
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/37cJ25RO3rw3ydUEFZhMHrfKIvE.roa
Signing time: Wed 07 Dec 2022 08:48:00 +0000
ROA not before: Wed 07 Dec 2022 08:48:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 58024
IP address blocks: 84.54.44.0/22 maxlen: 22
84.54.47.0/24 maxlen: 24
84.54.45.0/24 maxlen: 24
194.31.132.0/22 maxlen: 22
77.105.166.0/23 maxlen: 23
176.113.112.0/24 maxlen: 24
176.113.112.0/23 maxlen: 23
176.113.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:eb:c5:34:83:4d:23:24:f7:69:bd:13:76:29:98:31:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
Validity
Not Before: Dec 7 08:48:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dfb709db944edebc37c9d50415984c1eb7ca22f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:48:1d:07:b2:f7:32:26:71:44:1a:c6:44:62:
7e:58:73:70:b6:b9:e9:e3:24:db:66:cd:36:b0:ac:
ed:c5:0c:3a:c0:4b:10:c3:e6:1c:2f:30:e3:50:8e:
14:fc:3f:42:06:74:2c:03:c0:60:01:52:70:e8:e3:
6f:2b:72:8a:a5:24:b9:1e:38:3f:b6:eb:28:2f:20:
91:6f:da:26:c4:67:83:2b:5e:96:39:e6:04:4b:ef:
79:5b:a9:6f:2e:98:76:51:ab:3d:bf:9f:61:fb:03:
99:7b:96:37:c9:3e:5f:66:e0:59:eb:ff:5a:56:52:
c8:ab:14:18:55:0d:c6:ed:82:61:41:4e:3a:4c:29:
6c:05:5d:56:c6:68:56:b2:c4:26:d3:6a:d9:97:f5:
4b:ae:5a:b1:53:54:bf:56:01:74:fa:c4:7f:35:de:
a5:6d:82:29:a8:d1:a8:44:a1:07:76:2e:8e:e7:e6:
cc:b3:c7:ff:aa:a5:3e:29:8c:6c:f8:9a:fe:df:24:
68:02:b2:44:b0:63:61:9f:4d:9a:69:7d:73:60:dc:
ab:11:97:fa:50:e4:3f:57:e6:02:dd:ac:c3:fc:4a:
15:bb:01:ac:2f:50:07:f4:31:df:b2:bf:6a:3e:6b:
89:6b:6d:d6:d7:89:b3:34:79:00:a7:60:c0:6a:81:
85:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:B7:09:DB:94:4E:DE:BC:37:C9:D5:04:15:98:4C:1E:B7:CA:22:F1
X509v3 Authority Key Identifier:
keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/37cJ25RO3rw3ydUEFZhMHrfKIvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.105.166.0/23
84.54.44.0/22
176.113.112.0/23
194.31.132.0/22
Signature Algorithm: sha256WithRSAEncryption
a0:80:34:02:e6:8b:34:ae:17:6f:12:2d:d6:a5:0c:df:b0:63:
92:43:bf:e0:dd:59:c2:13:ce:09:8a:69:29:9d:ab:53:db:ca:
e6:c9:f9:0e:6d:3f:1b:57:9a:39:96:9f:c2:05:a2:4d:6c:a6:
25:50:b2:81:4e:59:0e:25:21:77:c0:af:01:6b:c1:fa:21:d5:
94:a3:0c:0d:55:4e:50:c4:f1:bc:08:7d:c9:4d:e8:b9:79:21:
c3:19:e7:08:73:11:28:80:ea:e5:f8:df:ff:0a:08:ba:bd:43:
c1:33:b5:c2:7a:88:2c:b9:bc:28:3a:79:50:bc:03:f6:d0:73:
89:9e:ec:64:60:35:52:89:20:a7:3e:09:a8:48:16:51:76:71:
90:1c:af:2c:52:44:85:d3:88:54:cf:53:8f:67:ae:79:89:fa:
40:36:bf:c0:ce:9d:37:ff:04:89:fd:f3:7a:87:e4:95:c1:b9:
77:ec:50:ff:be:a0:3c:b8:e8:4a:d4:9c:48:8c:b4:0c:ad:43:
27:c3:b4:0c:89:6c:3c:88:dd:3c:78:75:da:24:76:cb:c4:29:
ec:7a:e3:69:21:1b:78:e5:b4:dd:50:fd:7a:53:1c:ec:80:77:
62:74:cf:6d:b4:56:3b:b3:c5:d7:04:04:9a:9e:7d:40:7b:0a:
5c:52:d1:a4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYTrxTSDTSMk92m9E3YpmDEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMw
MGM5YTQwHhcNMjIxMjA3MDg0ODAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmI3MDlkYjk0NGVkZWJjMzdjOWQ1MDQxNTk4NGMxZWI3Y2EyMmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEgdB7L3MiZxRBrGRGJ+WHNwtrnp
4yTbZs02sKztxQw6wEsQw+YcLzDjUI4U/D9CBnQsA8BgAVJw6ONvK3KKpSS5Hjg/
tusoLyCRb9omxGeDK16WOeYES+95W6lvLph2Uas9v59h+wOZe5Y3yT5fZuBZ6/9a
VlLIqxQYVQ3G7YJhQU46TClsBV1WxmhWssQm02rZl/VLrlqxU1S/VgF0+sR/Nd6l
bYIpqNGoRKEHdi6O5+bMs8f/qqU+KYxs+Jr+3yRoArJEsGNhn02aaX1zYNyrEZf6
UOQ/V+YC3azD/EoVuwGsL1AH9DHfsr9qPmuJa23W14mzNHkAp2DAaoGFGQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN+3CduUTt68N8nVBBWYTB63yiLxMB8GA1UdIwQY
MBaAFNpwxEH7iSuMmBZTSIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMt
MTVmYzBiNjhmODQ0LzEvMzdjSjI1Uk8zcnczeWRVRUZaaE1IcmZLSXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0
LzEvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBTWmmAwQC
VDYsAwQBsHFwAwQCwh+EMA0GCSqGSIb3DQEBCwUAA4IBAQCggDQC5os0rhdvEi3W
pQzfsGOSQ7/g3VnCE84JimkpnatT28rmyfkObT8bV5o5lp/CBaJNbKYlULKBTlkO
JSF3wK8Ba8H6IdWUowwNVU5QxPG8CH3JTei5eSHDGecIcxEogOrl+N//Cgi6vUPB
M7XCeogsubwoOnlQvAP20HOJnuxkYDVSiSCnPgmoSBZRdnGQHK8sUkSF04hUz1OP
Z655ifpANr/Azp03/wSJ/fN6h+SVwbl37FD/vqA8uOhK1JxIjLQMrUMnw7QMiWw8
iN08eHXaJHbLxCnseuNpIRt45bTdUP16UxzsgHdidM9ttFY7s8XXBASann1Aewpc
UtGk
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:00 2023 by rpki-client on console-fra.rpki-client.org