Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/HfJergHKR33UUCkp-oojZf55Xq4.roa
File: HfJergHKR33UUCkp-oojZf55Xq4.roa (raw, json)
Hash identifier: /5nLzT1Ji8VSc92Nm8lZQDIF33vuhatx5rQ9JtUj0uE=
Subject key identifier: 1D:F2:5E:AE:01:CA:47:7D:D4:50:29:29:FA:8A:23:65:FE:79:5E:AE
Certificate issuer: /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial: 0AC1355F
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/HfJergHKR33UUCkp-oojZf55Xq4.roa
Signing time: Wed 23 Mar 2022 11:45:41 +0000
ROA not before: Wed 23 Mar 2022 11:45:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 204175
IP address blocks: 185.228.118.0/24 maxlen: 24
185.228.117.0/24 maxlen: 24
185.228.116.0/24 maxlen: 24
185.228.116.0/22 maxlen: 22
185.228.119.0/24 maxlen: 24
185.177.43.0/24 maxlen: 24
185.177.42.0/24 maxlen: 24
185.226.231.0/24 maxlen: 24
185.220.166.0/24 maxlen: 24
185.220.167.0/24 maxlen: 24
185.232.132.0/24 maxlen: 24
185.232.133.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 180434271 (0xac1355f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Validity
Not Before: Mar 23 11:45:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1df25eae01ca477dd4502929fa8a2365fe795eae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:0e:4f:8b:fb:91:c1:e2:ac:15:d4:3a:20:e2:
3b:bd:8c:aa:fe:d8:f0:0f:b2:57:ed:3b:25:d2:1d:
e2:08:24:ac:d0:f0:3c:92:ba:37:c3:d4:4e:3c:2b:
57:31:f4:51:76:3b:c3:80:f4:29:79:5e:94:d9:3d:
84:82:ae:ee:94:c4:1f:d7:f2:bc:58:1a:e9:db:22:
9d:e4:a8:2c:b9:12:d6:44:c7:7f:4c:a7:e0:75:97:
60:b6:b9:38:d1:16:f9:3b:3e:a3:4d:d0:8b:8b:14:
bc:1c:28:34:fb:0b:f2:75:5c:48:40:fe:60:b6:fc:
cb:eb:15:2a:cd:5d:8a:5f:71:2b:0e:80:8a:3e:67:
e0:93:68:4b:38:f9:50:81:6b:52:49:d2:46:69:e3:
84:58:96:f4:a9:14:28:23:54:d7:d7:76:47:83:78:
86:82:1f:2c:ac:72:b1:52:57:dd:06:31:5e:8d:fa:
f3:75:bc:af:83:49:fc:87:bd:0a:f2:fa:83:bc:76:
bd:4f:b9:f8:b9:31:85:65:e6:0d:ea:90:4b:e3:02:
53:00:5d:60:14:e8:98:df:23:ba:d0:dd:f5:67:cd:
15:26:db:14:c7:6b:ff:f1:f9:4f:6e:60:eb:cf:12:
e5:d8:7d:47:08:8f:3b:92:28:a9:89:82:40:7d:12:
13:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:F2:5E:AE:01:CA:47:7D:D4:50:29:29:FA:8A:23:65:FE:79:5E:AE
X509v3 Authority Key Identifier:
keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/HfJergHKR33UUCkp-oojZf55Xq4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.177.42.0/23
185.220.166.0/23
185.226.231.0/24
185.228.116.0/22
185.232.132.0/23
Signature Algorithm: sha256WithRSAEncryption
0b:d1:57:cd:fe:9b:18:11:6e:24:6c:61:6c:88:9a:23:46:98:
85:ec:73:5a:98:ed:99:c5:70:78:f2:fa:c1:8a:75:2b:96:a5:
f9:1e:9f:8b:24:6f:d8:a7:1e:0c:a2:f0:b5:d7:6e:8d:5d:29:
d3:ac:5f:28:42:c6:58:e4:81:91:eb:1d:93:8b:cc:2e:d4:f4:
89:26:d8:bf:85:e2:6f:79:ae:90:0a:e8:c8:1a:a6:ac:18:5e:
8b:69:22:c6:5d:e2:01:b9:56:21:10:a2:7e:d0:46:4c:9b:5e:
63:46:9b:e3:ce:71:c3:b6:49:e9:d0:8e:d0:2d:05:05:77:bb:
82:9c:c0:23:c0:63:73:6d:8a:1e:fc:e9:14:4b:a1:c4:c8:3e:
2b:66:7b:61:60:e3:b6:3e:a4:39:c3:b5:b8:95:16:b1:d8:97:
90:79:1f:bd:4d:58:46:5b:59:e2:f5:7b:11:92:62:8a:d9:5d:
ed:6a:94:9d:13:19:aa:e6:36:e2:87:d7:e4:10:88:56:29:ce:
63:4a:62:22:e1:41:ff:f5:c2:c1:09:1a:96:f6:da:3e:8c:f3:
fc:7c:c6:5a:11:85:c7:da:5d:43:7b:81:22:a0:17:06:9f:cd:
07:0d:22:e0:90:d1:b7:0a:4b:af:55:38:bf:de:c1:39:68:9b:
03:bb:26:f6
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIECsE1XzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ODQ5MjA0Y2E0ZjBlYjRlNTZlMDhlMDk5ZmUzNzg1Y2UwNmZmZWFhMB4XDTIyMDMy
MzExNDU0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWRmMjVlYWUwMWNh
NDc3ZGQ0NTAyOTI5ZmE4YTIzNjVmZTc5NWVhZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALIOT4v7kcHirBXUOiDiO72Mqv7Y8A+yV+07JdId4ggkrNDw
PJK6N8PUTjwrVzH0UXY7w4D0KXlelNk9hIKu7pTEH9fyvFga6dsineSoLLkS1kTH
f0yn4HWXYLa5ONEW+Ts+o03Qi4sUvBwoNPsL8nVcSED+YLb8y+sVKs1dil9xKw6A
ij5n4JNoSzj5UIFrUknSRmnjhFiW9KkUKCNU19d2R4N4hoIfLKxysVJX3QYxXo36
83W8r4NJ/Ie9CvL6g7x2vU+5+LkxhWXmDeqQS+MCUwBdYBTomN8jutDd9WfNFSbb
FMdr//H5T25g688S5dh9RwiPO5IoqYmCQH0SE4cCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBQd8l6uAcpHfdRQKSn6iiNl/nlerjAfBgNVHSMEGDAWgBSoSSBMpPDrTlbg
jgmf43hc4G/+qjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FFa2dUS1R3NjA1VzRJNEpuLU40WE9Cdl9xby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTIvNDViMjNmLTMwMmItNDFmMi05NDk2LTljY2JiMDg0MjhmYS8x
L0hmSmVyZ0hLUjMzVVVDa3Atb29qWmY1NVhxNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIv
NDViMjNmLTMwMmItNDFmMi05NDk2LTljY2JiMDg0MjhmYS8xL3FFa2dUS1R3NjA1
VzRJNEpuLU40WE9Cdl9xby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAbmxKgMEAbncpgMEALni5wMEArnk
dAMEAbnohDANBgkqhkiG9w0BAQsFAAOCAQEAC9FXzf6bGBFuJGxhbIiaI0aYhexz
WpjtmcVwePL6wYp1K5al+R6fiyRv2KceDKLwtddujV0p06xfKELGWOSBkesdk4vM
LtT0iSbYv4Xib3mukAroyBqmrBhei2kixl3iAblWIRCiftBGTJteY0ab485xw7ZJ
6dCO0C0FBXe7gpzAI8Bjc22KHvzpFEuhxMg+K2Z7YWDjtj6kOcO1uJUWsdiXkHkf
vU1YRltZ4vV7EZJiitld7WqUnRMZquY24ofX5BCIVinOY0piIuFB//XCwQkalvba
Pozz/HzGWhGFx9pdQ3uBIqAXBp/NBw0i4JDRtwpLr1U4v97BOWibA7sm9g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:02 2024 by rpki-client on console-fra.rpki-client.org