Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/HM-mfl0_3LVUMgbwMX-6ectl9SI.roa
File: HM-mfl0_3LVUMgbwMX-6ectl9SI.roa (raw, json)
Hash identifier: ufxPRskR5T9CKMjqZHV52CwuNxHxcrecso3bn4BUdVI=
Subject key identifier: 1C:CF:A6:7E:5D:3F:DC:B5:54:32:06:F0:31:7F:BA:79:CB:65:F5:22
Certificate issuer: /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial: 01898BBDE9E93903DD49A7D8D2C323DEDF03
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/HM-mfl0_3LVUMgbwMX-6ectl9SI.roa
Signing time: Tue 25 Jul 2023 06:30:26 +0000
ROA not before: Tue 25 Jul 2023 06:30:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201453
IP address blocks: 185.230.145.0/24 maxlen: 24
185.230.144.0/24 maxlen: 24
185.160.231.0/24 maxlen: 24
185.160.230.0/24 maxlen: 24
185.160.229.0/24 maxlen: 24
185.160.228.0/24 maxlen: 24
185.160.228.0/22 maxlen: 22
185.232.132.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:8b:bd:e9:e9:39:03:dd:49:a7:d8:d2:c3:23:de:df:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Validity
Not Before: Jul 25 06:30:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1ccfa67e5d3fdcb5543206f0317fba79cb65f522
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:5e:56:8f:b2:57:66:f9:2d:ee:25:60:5b:db:
c1:0e:20:6b:a1:ab:61:75:99:b6:47:49:a3:0d:9d:
b9:a9:84:cd:0c:47:b0:a0:2b:89:47:38:50:d0:b0:
28:cc:d5:9d:f8:05:95:1f:97:30:c7:ce:a4:9b:42:
e9:95:3c:0e:ca:ae:51:a7:20:10:e7:05:91:01:e5:
c3:20:54:c3:88:9e:7e:91:b5:2a:cb:69:cb:89:ef:
d1:bc:78:b8:f5:6e:18:ad:34:84:ab:f6:00:e3:60:
f4:f6:23:b1:6b:8a:7c:d7:f3:c6:cb:f2:ee:b2:69:
d9:18:6c:29:71:0d:ef:9f:38:c9:f1:81:6c:7d:39:
4a:3d:8e:ef:22:26:07:12:13:b8:12:d2:f7:4c:3b:
dc:d4:f4:e8:b3:ee:c6:e8:08:aa:bc:83:b1:a5:ec:
e0:a1:2b:48:f6:02:2c:79:1b:60:e2:3d:4d:03:24:
ef:38:57:52:75:92:03:47:f5:b9:38:da:a9:62:a9:
af:ec:84:c7:ea:2c:a3:22:80:17:a5:8a:17:6a:01:
c2:89:1b:27:1f:7e:cb:b8:f7:89:3c:2e:55:ff:64:
a0:87:f6:c8:5c:ba:d8:be:0f:21:d3:b4:96:8f:f0:
5b:08:f9:8b:5b:66:65:30:a7:da:2a:19:53:6c:ff:
0e:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:CF:A6:7E:5D:3F:DC:B5:54:32:06:F0:31:7F:BA:79:CB:65:F5:22
X509v3 Authority Key Identifier:
keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/HM-mfl0_3LVUMgbwMX-6ectl9SI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.160.228.0/22
185.230.144.0/23
185.232.132.0/22
Signature Algorithm: sha256WithRSAEncryption
08:60:ba:b2:18:31:ae:11:36:2f:4b:e6:6a:e0:ad:d6:89:52:
d3:5b:bf:44:6c:68:4d:89:70:ec:24:25:68:49:d1:f6:9d:38:
13:e6:b4:c0:3f:62:d7:cd:d3:7b:0a:ae:48:41:94:e5:99:9b:
cf:59:97:68:f2:21:32:1f:80:b4:ac:87:ff:13:e6:97:b2:e4:
6e:de:b5:64:54:c4:a6:55:dc:4e:b3:b7:61:2d:0d:17:9a:fc:
1b:ec:f0:7a:da:0b:4f:0f:f2:3b:69:ca:e9:7a:3e:79:b0:ca:
45:06:e3:96:68:90:29:9b:03:52:d8:d7:89:ab:09:84:1b:47:
2a:d2:70:36:38:a4:f2:42:9a:77:d8:c8:b4:cc:42:ce:8c:05:
5f:75:f4:36:dd:77:78:83:95:65:db:bf:23:d6:20:0f:b8:48:
19:71:7a:75:98:de:6f:74:90:96:51:68:47:4f:fe:11:d5:80:
33:95:73:2d:d8:a3:68:24:b3:7d:2b:77:34:58:f5:fe:57:91:
ec:6b:87:41:3e:90:f6:66:4e:8b:81:fc:91:02:d3:df:50:bf:
c6:57:e3:1f:f7:09:ed:a7:6b:15:65:af:49:8d:e7:82:0c:dc:
dd:b0:3f:8f:bf:b7:c5:89:81:75:93:83:69:5f:5c:75:59:f7:
ff:e1:21:32
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYmLvenpOQPdSafY0sMj3t8DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjMwNzI1MDYzMDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2NmYTY3ZTVkM2ZkY2I1NTQzMjA2ZjAzMTdmYmE3OWNiNjVmNTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkV5Wj7JXZvkt7iVgW9vBDiBroath
dZm2R0mjDZ25qYTNDEewoCuJRzhQ0LAozNWd+AWVH5cwx86km0LplTwOyq5RpyAQ
5wWRAeXDIFTDiJ5+kbUqy2nLie/RvHi49W4YrTSEq/YA42D09iOxa4p81/PGy/Lu
smnZGGwpcQ3vnzjJ8YFsfTlKPY7vIiYHEhO4EtL3TDvc1PTos+7G6AiqvIOxpezg
oStI9gIseRtg4j1NAyTvOFdSdZIDR/W5ONqpYqmv7ITH6iyjIoAXpYoXagHCiRsn
H37LuPeJPC5V/2Sgh/bIXLrYvg8h07SWj/BbCPmLW2ZlMKfaKhlTbP8O5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBzPpn5dP9y1VDIG8DF/unnLZfUiMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvSE0tbWZsMF8zTFZVTWdid01YLTZlY3RsOVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuaDkAwQB
ueaQAwQCueiEMA0GCSqGSIb3DQEBCwUAA4IBAQAIYLqyGDGuETYvS+Zq4K3WiVLT
W79EbGhNiXDsJCVoSdH2nTgT5rTAP2LXzdN7Cq5IQZTlmZvPWZdo8iEyH4C0rIf/
E+aXsuRu3rVkVMSmVdxOs7dhLQ0Xmvwb7PB62gtPD/I7acrpej55sMpFBuOWaJAp
mwNS2NeJqwmEG0cq0nA2OKTyQpp32Mi0zELOjAVfdfQ23Xd4g5Vl278j1iAPuEgZ
cXp1mN5vdJCWUWhHT/4R1YAzlXMt2KNoJLN9K3c0WPX+V5Hsa4dBPpD2Zk6LgfyR
AtPfUL/GV+Mf9wntp2sVZa9JjeeCDNzdsD+Pv7fFiYF1k4NpX1x1Wff/4SEy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:02 2024 by rpki-client on console-fra.rpki-client.org