Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/_BJinIb1vj6UbH5GpZtqJmAiJto.roa
File: _BJinIb1vj6UbH5GpZtqJmAiJto.roa (raw, json)
Hash identifier: WXfBE9fAG5dk47IJvd1JfBDodKhXFpjKMHfG4Nf+r2o=
Subject key identifier: FC:12:62:9C:86:F5:BE:3E:94:6C:7E:46:A5:9B:6A:26:60:22:26:DA
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 018616FCC5CCB41346ED608CC7632056A384
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/_BJinIb1vj6UbH5GpZtqJmAiJto.roa
Signing time: Fri 03 Feb 2023 11:15:09 +0000
ROA not before: Fri 03 Feb 2023 11:15:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 996
IP address blocks: 178.130.132.0/22 maxlen: 24
109.172.74.0/23 maxlen: 23
109.172.74.0/24 maxlen: 24
109.172.84.0/22 maxlen: 24
109.172.88.0/22 maxlen: 24
109.172.92.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:16:fc:c5:cc:b4:13:46:ed:60:8c:c7:63:20:56:a3:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: Feb 3 11:15:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fc12629c86f5be3e946c7e46a59b6a26602226da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:5a:92:3c:99:19:da:ac:3c:3c:ba:fb:3d:dc:
5c:28:7d:b5:42:dc:26:45:7a:28:81:ef:dc:52:07:
77:df:06:ba:fe:ae:f5:3b:ae:19:dc:b4:cf:9a:17:
a5:2c:4f:b0:5f:13:41:28:0f:22:d2:c2:72:0e:e0:
a9:b5:d3:ea:5d:c7:50:46:62:a5:69:89:6d:67:96:
48:e8:17:0e:a1:8f:c1:1f:75:4d:85:7b:cc:f7:18:
57:0c:9d:88:16:65:55:a4:84:cb:f4:03:6b:1a:b4:
36:20:1e:35:6d:b6:bb:09:99:d1:80:b4:76:b4:6e:
d1:f4:bf:ba:72:76:47:9b:12:17:a3:6e:fa:75:a4:
94:b5:b7:1d:83:00:27:ef:ad:f9:ed:1f:c0:ae:5a:
99:39:ff:d0:e9:17:6f:3a:e6:0d:31:2c:ac:71:6d:
4a:11:e9:33:28:cb:da:13:bd:0b:f3:a3:74:a4:a1:
dd:76:91:1f:8a:74:0f:46:66:c8:0d:02:61:be:6b:
88:93:93:99:cc:04:38:00:a9:7e:51:48:c6:d3:71:
d6:ef:9c:8a:8e:4d:40:88:9d:cc:db:4c:66:60:2a:
46:a6:57:24:4e:1c:42:8c:db:0c:f9:c6:35:18:3f:
64:f8:b7:c2:95:7e:9f:5f:83:6d:84:30:25:ad:39:
d3:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:12:62:9C:86:F5:BE:3E:94:6C:7E:46:A5:9B:6A:26:60:22:26:DA
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/_BJinIb1vj6UbH5GpZtqJmAiJto.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.74.0/23
109.172.84.0-109.172.95.255
178.130.132.0/22
Signature Algorithm: sha256WithRSAEncryption
19:96:d6:90:c5:46:41:44:c8:b3:f1:26:7d:22:69:af:25:d4:
57:91:ca:78:36:86:07:d4:b8:a2:84:21:1d:fd:85:b9:af:11:
c1:46:2f:32:7d:0e:be:db:c5:66:6c:39:23:12:b5:0d:95:a9:
ff:8b:45:fc:fd:e9:c1:b2:d9:44:7b:42:56:ba:75:cc:08:30:
07:b5:a9:a1:8a:5a:91:29:3f:5c:ed:9f:ed:d2:c0:81:b0:17:
3d:b2:22:46:c1:be:81:83:7f:a2:e0:29:7d:2c:59:e5:4d:b2:
c1:39:b3:c3:7e:f5:bc:cc:a8:f5:55:2d:ce:b7:ad:aa:de:e7:
a9:3e:57:3f:fd:3c:54:22:fb:47:ac:22:eb:e6:59:6d:32:01:
da:27:51:17:fc:8a:49:be:aa:43:16:f0:d4:a1:57:18:5c:c4:
a1:a0:fb:bb:16:e1:33:5f:a7:8f:bf:32:6c:0d:87:15:95:89:
e4:a8:57:94:c4:ba:59:d2:c5:3e:1e:ac:44:e8:4d:d4:b8:8b:
6e:ae:da:43:da:37:2b:ac:b5:5c:f3:f7:04:62:6e:ac:b3:28:
e4:94:b5:ee:9c:50:9c:8f:02:99:83:bc:44:7a:cd:f7:32:c7:
8e:27:f3:27:ea:d1:e9:8c:98:f1:23:0d:97:f5:36:cb:b2:48:
cf:89:ac:27
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYYW/MXMtBNG7WCMx2MgVqOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMwMjAzMTExNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzEyNjI5Yzg2ZjViZTNlOTQ2YzdlNDZhNTliNmEyNjYwMjIyNmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1qSPJkZ2qw8PLr7PdxcKH21Qtwm
RXooge/cUgd33wa6/q71O64Z3LTPmhelLE+wXxNBKA8i0sJyDuCptdPqXcdQRmKl
aYltZ5ZI6BcOoY/BH3VNhXvM9xhXDJ2IFmVVpITL9ANrGrQ2IB41bba7CZnRgLR2
tG7R9L+6cnZHmxIXo276daSUtbcdgwAn76357R/ArlqZOf/Q6RdvOuYNMSyscW1K
EekzKMvaE70L86N0pKHddpEfinQPRmbIDQJhvmuIk5OZzAQ4AKl+UUjG03HW75yK
jk1AiJ3M20xmYCpGplckThxCjNsM+cY1GD9k+LfClX6fX4NthDAlrTnTEwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPwSYpyG9b4+lGx+RqWbaiZgIibaMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvX0JKaW5JYjF2ajZVYkg1R3BadHFKbUFpSnRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBbaxKMAwD
BAJtrFQDBAVtrEADBAKygoQwDQYJKoZIhvcNAQELBQADggEBABmW1pDFRkFEyLPx
Jn0iaa8l1FeRyng2hgfUuKKEIR39hbmvEcFGLzJ9Dr7bxWZsOSMStQ2Vqf+LRfz9
6cGy2UR7Qla6dcwIMAe1qaGKWpEpP1ztn+3SwIGwFz2yIkbBvoGDf6LgKX0sWeVN
ssE5s8N+9bzMqPVVLc63rare56k+Vz/9PFQi+0esIuvmWW0yAdonURf8ikm+qkMW
8NShVxhcxKGg+7sW4TNfp4+/MmwNhxWVieSoV5TEulnSxT4erEToTdS4i26u2kPa
NyustVzz9wRibqyzKOSUte6cUJyPApmDvER6zfcyx44n8yfq0emMmPEjDZf1Nsuy
SM+JrCc=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:46 2023 by rpki-client on console.sobornost.net