Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/1-um7yNaKWB0itx6goFJIh3O6RzM.roa
File: 1-um7yNaKWB0itx6goFJIh3O6RzM.roa (raw, json)
Hash identifier: hbBFu5KfIxaSkvOFG6Z1Ofzae0guKV1eGrk+qSu0/VA=
Subject key identifier: FA:E9:BB:C8:D6:8A:58:1D:22:B7:1E:A0:A0:52:48:87:73:BA:47:33
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018DCC340134BAD2BBB24CCA682C2F7029C6
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/1-um7yNaKWB0itx6goFJIh3O6RzM.roa
Signing time: Wed 21 Feb 2024 15:06:16 +0000
ROA not before: Wed 21 Feb 2024 15:06:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 57043
IP address blocks: 109.172.80.0/24 maxlen: 24
109.172.81.0/24 maxlen: 24
178.130.131.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:cc:34:01:34:ba:d2:bb:b2:4c:ca:68:2c:2f:70:29:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Feb 21 15:06:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fae9bbc8d68a581d22b71ea0a052488773ba4733
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:a7:1f:fc:24:32:c6:46:e4:af:20:ea:d0:29:
10:aa:a0:7f:9e:d9:40:55:ef:0e:d7:56:33:ac:59:
a8:7c:58:b0:4c:45:07:1b:4e:b3:0d:2a:8e:8c:59:
21:08:6e:1e:ab:9c:14:d8:a0:c7:eb:28:51:b0:f0:
d5:a1:a9:8a:0f:37:b0:39:56:85:39:79:10:7d:4e:
db:c2:a4:8c:b3:0c:17:37:cc:61:d8:80:5c:71:3c:
42:9a:b2:fe:f2:4a:b6:4c:82:58:8e:24:30:fa:84:
d3:21:e7:7f:2c:fd:a0:87:1f:ab:f1:c8:43:3e:33:
92:1c:7e:98:3b:c7:6a:1a:0f:80:56:05:c6:61:a5:
34:e0:15:9a:97:36:7e:30:4c:a7:a2:cf:ab:e3:48:
88:2d:87:4c:dc:1f:83:18:89:fc:48:3e:0f:59:3a:
86:7c:f5:27:59:17:05:3a:fb:6b:be:fc:1e:d6:32:
54:10:c9:75:97:35:22:f7:e8:76:e9:54:d1:0d:d3:
9e:d1:df:57:49:02:55:2c:70:8f:39:be:9b:4b:ee:
21:41:b4:d9:5f:12:d0:0d:eb:01:8a:6d:5e:5c:72:
37:25:7c:36:3e:92:a8:ba:47:d6:ca:29:14:0b:ed:
15:8b:36:e9:c6:7a:e9:e5:a9:19:de:04:30:02:5f:
b4:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:E9:BB:C8:D6:8A:58:1D:22:B7:1E:A0:A0:52:48:87:73:BA:47:33
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/1-um7yNaKWB0itx6goFJIh3O6RzM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.80.0/23
178.130.131.0/24
Signature Algorithm: sha256WithRSAEncryption
17:06:f4:c0:0b:a4:85:4f:eb:b1:d7:c6:ec:17:ee:ce:03:e4:
0a:48:8b:c6:db:5c:31:f1:50:2b:d6:b8:c3:9a:c1:d4:3e:bb:
b8:05:f6:9a:f0:ac:23:83:57:1e:6c:4f:bb:4a:7b:dc:1d:71:
6e:9d:ae:08:bd:82:9c:eb:1e:f3:41:3b:3f:82:94:5e:d0:aa:
6f:a3:29:a8:55:4a:19:0e:78:84:06:fa:88:47:7f:aa:13:fb:
23:7b:5d:e5:7b:bf:17:32:56:07:9d:d3:cf:a1:40:7e:6e:2d:
65:e0:0d:07:c5:9c:34:22:eb:f6:51:ad:32:28:4a:3d:f7:62:
6b:6c:a9:dd:a7:bb:c1:9c:a8:7d:1a:98:70:1c:e4:3d:00:a4:
f1:92:50:c8:c8:28:fe:11:43:73:65:b9:1b:1d:fa:bb:0b:64:
26:f4:d0:0f:45:86:51:1e:d6:c2:87:64:62:50:28:0e:5e:ee:
a5:b3:6c:9e:0f:90:a2:a3:bd:a1:03:b3:7c:e8:26:aa:20:09:
c5:a4:a8:59:fe:b9:ba:c2:95:34:de:ce:03:57:93:d6:ed:41:
c2:05:87:4b:ae:11:93:46:7f:e9:c7:18:bb:d0:6d:b8:76:54:
8e:da:39:5f:29:d2:7d:1a:5e:29:a2:6a:90:d9:6f:91:cf:0c:
19:5f:64:92
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAY3MNAE0utK7skzKaCwvcCnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjQwMjIxMTUwNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWU5YmJjOGQ2OGE1ODFkMjJiNzFlYTBhMDUyNDg4NzczYmE0NzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqcf/CQyxkbkryDq0CkQqqB/ntlA
Ve8O11YzrFmofFiwTEUHG06zDSqOjFkhCG4eq5wU2KDH6yhRsPDVoamKDzewOVaF
OXkQfU7bwqSMswwXN8xh2IBccTxCmrL+8kq2TIJYjiQw+oTTIed/LP2ghx+r8chD
PjOSHH6YO8dqGg+AVgXGYaU04BWalzZ+MEynos+r40iILYdM3B+DGIn8SD4PWTqG
fPUnWRcFOvtrvvwe1jJUEMl1lzUi9+h26VTRDdOe0d9XSQJVLHCPOb6bS+4hQbTZ
XxLQDesBim1eXHI3JXw2PpKoukfWyikUC+0Vizbpxnrp5akZ3gQwAl+0rQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPrpu8jWilgdIrceoKBSSIdzukczMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvMS11bTd5TmFLV0IwaXR4NmdvRkpJaDNPNlJ6TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmYvMjE3MWJlLWIwODMtNDc5Yi1hNTgwLTZhMDZiNzUwMmJk
Ny8xL04tMUo3NnlYbFpoM2NhemNkNkRpS0pCQ2Q2MC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAW2sUAME
ALKCgzANBgkqhkiG9w0BAQsFAAOCAQEAFwb0wAukhU/rsdfG7BfuzgPkCkiLxttc
MfFQK9a4w5rB1D67uAX2mvCsI4NXHmxPu0p73B1xbp2uCL2CnOse80E7P4KUXtCq
b6MpqFVKGQ54hAb6iEd/qhP7I3td5Xu/FzJWB53Tz6FAfm4tZeANB8WcNCLr9lGt
MihKPfdia2yp3ae7wZyofRqYcBzkPQCk8ZJQyMgo/hFDc2W5Gx36uwtkJvTQD0WG
UR7WwodkYlAoDl7upbNsng+QoqO9oQOzfOgmqiAJxaSoWf65usKVNN7OA1eT1u1B
wgWHS64Rk0Z/6ccYu9BtuHZUjto5XynSfRpeKaJqkNlvkc8MGV9kkg==
-----END CERTIFICATE-----
Generated at Mon Mar 11 17:50:02 2024 by rpki-client on console.sobornost.net