Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-htw_MV-P5zBCKuKOoeWAqktFeY.roa
File: 1-htw_MV-P5zBCKuKOoeWAqktFeY.roa (raw, json)
Hash identifier: RtbcBRc/gILCIfFw2afmDz9yLaJZ4CoRizH38L24ciI=
Subject key identifier: FA:1B:70:FC:C5:7E:3F:9C:C1:08:AB:8A:3A:87:96:02:A9:2D:15:E6
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0181DC89BE65A1D5FF03D726142D9D7CC22C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-htw_MV-P5zBCKuKOoeWAqktFeY.roa
Signing time: Fri 08 Jul 2022 06:40:23 +0000
ROA not before: Fri 08 Jul 2022 06:40:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 2118
IP address blocks: 194.87.1.0/24 maxlen: 24
194.87.7.0/24 maxlen: 24
194.87.16.0/24 maxlen: 24
194.135.23.0/24 maxlen: 24
194.87.166.0/24 maxlen: 24
192.124.173.0/24 maxlen: 24
192.124.178.0/24 maxlen: 24
192.124.181.0/24 maxlen: 24
192.124.182.0/23 maxlen: 24
192.124.180.0/22 maxlen: 24
192.124.180.0/24 maxlen: 24
192.124.188.0/22 maxlen: 22
194.87.179.0/24 maxlen: 24
193.124.203.0/24 maxlen: 24
192.124.209.0/24 maxlen: 24
194.135.124.0/24 maxlen: 24
194.87.64.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:dc:89:be:65:a1:d5:ff:03:d7:26:14:2d:9d:7c:c2:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 8 06:40:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fa1b70fcc57e3f9cc108ab8a3a879602a92d15e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:57:3d:89:68:be:ec:31:de:aa:a6:c6:90:f8:
bf:2a:99:95:4d:d8:69:90:2c:a9:cc:11:11:ad:67:
a3:09:71:f6:4b:3e:b4:c2:14:33:81:da:f0:a4:fb:
19:ae:68:a3:7f:e2:1c:2a:b2:19:34:05:3a:3b:83:
5f:29:85:56:f9:97:19:7c:e8:ec:4a:de:6d:e5:78:
14:84:62:0d:f2:74:f4:01:fc:c3:b6:a7:47:39:8b:
b8:7f:00:17:77:18:06:74:a8:cb:a4:d0:5c:6f:e0:
28:c1:92:d6:e9:87:ae:ad:75:0c:18:68:98:00:ff:
4d:e3:b1:7d:ba:e6:17:a9:e5:89:90:ee:be:7a:ed:
54:7f:c0:a8:c6:c6:e4:f0:34:37:75:65:c7:f6:f0:
14:e8:6d:62:84:20:43:c5:1c:24:c8:50:88:1c:01:
c7:28:e6:b4:ae:17:2d:1e:45:9c:1e:f6:ed:8e:be:
fa:64:8e:63:4f:2e:2e:59:79:7f:ec:52:36:b6:61:
36:1b:f0:1e:33:65:8f:1e:43:6f:71:d2:7a:d9:66:
1d:9e:9e:1e:9f:f0:74:d5:20:8a:93:d9:a1:e4:7b:
9f:da:ae:90:67:e3:92:bf:41:83:9d:c7:09:41:b8:
52:f3:b1:b3:8e:6d:de:d8:12:37:6e:15:0a:e9:df:
7e:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:1B:70:FC:C5:7E:3F:9C:C1:08:AB:8A:3A:87:96:02:A9:2D:15:E6
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-htw_MV-P5zBCKuKOoeWAqktFeY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.173.0/24
192.124.178.0/24
192.124.180.0/22
192.124.188.0/22
192.124.209.0/24
193.124.203.0/24
194.87.1.0/24
194.87.7.0/24
194.87.16.0/24
194.87.64.0/24
194.87.166.0/24
194.87.179.0/24
194.135.23.0/24
194.135.124.0/24
Signature Algorithm: sha256WithRSAEncryption
30:0a:52:32:cc:ba:a5:50:ec:3d:56:99:07:a8:13:aa:b3:ed:
f1:48:7a:ae:b5:8f:01:82:a2:92:f4:b0:6f:86:de:aa:d4:75:
33:8d:dc:d7:ba:1b:5f:44:3a:98:7e:67:96:e0:9c:1e:23:66:
bb:45:ba:26:fc:aa:25:2d:68:15:fb:f0:e1:1e:4c:ce:e7:51:
9c:f4:f2:8b:30:3f:5f:e5:f0:66:28:33:c7:87:d0:21:f4:4f:
c4:99:ee:62:d5:23:17:01:9a:6c:37:7f:f3:86:e0:11:a4:6c:
9f:59:9a:11:3b:65:c5:db:5c:95:76:0d:55:68:f3:47:04:a9:
e1:2f:7d:dc:33:c4:09:15:5a:95:ea:79:7c:44:75:64:ca:35:
3d:97:59:6e:a6:cd:56:de:2c:20:bf:ee:65:ea:4e:0e:1a:cd:
58:69:79:63:c4:d8:ae:a1:da:94:b5:ff:68:20:58:5b:96:cb:
cd:aa:e9:d4:c4:fc:21:39:bf:fe:05:0c:e9:4c:ff:23:34:3c:
19:32:ac:f8:03:0b:4a:89:6c:7e:87:26:fb:d9:20:df:42:0d:
22:fe:0f:2e:cc:81:f5:08:40:13:1b:55:db:82:6c:51:0d:80:
6f:59:a6:75:da:ef:9b:93:93:fd:ca:80:c6:12:26:af:3c:7f:
00:fc:4c:25
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYHcib5lodX/A9cmFC2dfMIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjIwNzA4MDY0MDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTFiNzBmY2M1N2UzZjljYzEwOGFiOGEzYTg3OTYwMmE5MmQxNWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllc9iWi+7DHeqqbGkPi/KpmVTdhp
kCypzBERrWejCXH2Sz60whQzgdrwpPsZrmijf+IcKrIZNAU6O4NfKYVW+ZcZfOjs
St5t5XgUhGIN8nT0AfzDtqdHOYu4fwAXdxgGdKjLpNBcb+AowZLW6YeurXUMGGiY
AP9N47F9uuYXqeWJkO6+eu1Uf8Coxsbk8DQ3dWXH9vAU6G1ihCBDxRwkyFCIHAHH
KOa0rhctHkWcHvbtjr76ZI5jTy4uWXl/7FI2tmE2G/AeM2WPHkNvcdJ62WYdnp4e
n/B01SCKk9mh5Huf2q6QZ+OSv0GDnccJQbhS87Gzjm3e2BI3bhUK6d9+VwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFPobcPzFfj+cwQirijqHlgKpLRXmMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMS1odHdfTVYtUDV6QkNLdUtPb2VXQXFrdEZlWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvZTE0NDdhLThmMTgtNGE4MC1hNDIyLTVhNDI0MjhmMTE0
My8xL05Xa1BYakxWeUdyeDRUU2RfVTZNN3JjT0dzYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBtBggrBgEFBQcBBwEB/wReMFwwWgQCAAEwVAMEAMB8rQME
AMB8sgMEAsB8tAMEAsB8vAMEAMB80QMEAMF8ywMEAMJXAQMEAMJXBwMEAMJXEAME
AMJXQAMEAMJXpgMEAMJXswMEAMKHFwMEAMKHfDANBgkqhkiG9w0BAQsFAAOCAQEA
MApSMsy6pVDsPVaZB6gTqrPt8Uh6rrWPAYKikvSwb4beqtR1M43c17obX0Q6mH5n
luCcHiNmu0W6JvyqJS1oFfvw4R5MzudRnPTyizA/X+XwZigzx4fQIfRPxJnuYtUj
FwGabDd/84bgEaRsn1maETtlxdtclXYNVWjzRwSp4S993DPECRValep5fER1ZMo1
PZdZbqbNVt4sIL/uZepODhrNWGl5Y8TYrqHalLX/aCBYW5bLzarp1MT8ITm//gUM
6Uz/IzQ8GTKs+AMLSolsfocm+9kg30INIv4PLsyB9QhAExtV24JsUQ2Ab1mmddrv
m5OT/cqAxhImrzx/APxMJQ==
-----END CERTIFICATE-----
Generated at Mon Apr 21 06:47:06 2025 by rpki-client