Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/HMzxa-p2zu9dC0YfcA4thC5hIv8.roa
File: HMzxa-p2zu9dC0YfcA4thC5hIv8.roa (raw, json)
Hash identifier: syE3KSMHXyKjv84yF+7xMSnkTCMQGx80M3fDAWiZkxQ=
Subject key identifier: 1C:CC:F1:6B:EA:76:CE:EF:5D:0B:46:1F:70:0E:2D:84:2E:61:22:FF
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 01889A646A1714D4A6F10D38FC3BE63ACD1C
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/HMzxa-p2zu9dC0YfcA4thC5hIv8.roa
Signing time: Thu 08 Jun 2023 09:44:11 +0000
ROA not before: Thu 08 Jun 2023 09:44:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35913
IP address blocks: 194.113.35.0/24 maxlen: 24
192.144.12.0/22 maxlen: 24
194.110.246.0/24 maxlen: 24
5.181.3.0/24 maxlen: 24
5.181.1.0/24 maxlen: 24
5.181.2.0/24 maxlen: 24
5.181.0.0/24 maxlen: 24
45.143.164.0/24 maxlen: 24
45.143.165.0/24 maxlen: 24
45.150.109.0/24 maxlen: 24
2a11:6e40::/32 maxlen: 32
2a09:fb86::/32 maxlen: 32
2a11:2a47::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:9a:64:6a:17:14:d4:a6:f1:0d:38:fc:3b:e6:3a:cd:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Jun 8 09:44:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1cccf16bea76ceef5d0b461f700e2d842e6122ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:7d:d9:55:0f:0d:44:40:2a:50:94:b6:b1:b1:
db:82:74:71:2e:e0:3d:24:81:32:c4:f0:ba:0b:28:
de:bd:66:93:1d:01:a8:53:f2:e3:82:c8:07:13:d2:
d0:b1:40:42:14:a9:6d:3a:a8:c9:9a:16:16:c2:72:
02:df:34:2e:dd:5c:b6:86:dd:9a:ac:db:76:a4:51:
be:04:72:14:36:60:a2:28:a9:b0:98:c3:2c:02:b5:
46:b0:e8:be:6c:21:a7:a4:43:01:b5:c2:3b:d4:cd:
a6:f2:93:6f:21:7d:4d:8e:f5:d0:1f:77:1f:eb:ea:
e4:4c:1b:20:2f:ed:a8:5b:d8:e4:ce:88:72:9f:c0:
55:9e:9d:f2:06:c9:56:08:68:42:0c:91:fa:85:50:
a0:8e:c3:d1:ff:ee:48:e4:d5:c3:3b:e9:67:7b:0d:
16:26:74:76:8b:f8:4b:40:89:96:06:be:84:39:09:
9b:79:05:af:fe:89:fa:49:fe:31:42:5a:c0:c8:fa:
38:80:3f:b5:3d:2c:07:02:ef:d3:a2:18:38:0c:7f:
05:16:36:aa:fa:00:e0:17:fe:cd:1a:96:4e:2f:45:
a0:97:68:05:f5:84:80:1a:f7:99:2f:f1:ab:0b:91:
39:7a:4d:a7:a1:d3:1f:aa:b6:b2:0a:bd:71:78:96:
1b:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:CC:F1:6B:EA:76:CE:EF:5D:0B:46:1F:70:0E:2D:84:2E:61:22:FF
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/HMzxa-p2zu9dC0YfcA4thC5hIv8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.0.0/22
45.143.164.0/23
45.150.109.0/24
192.144.12.0/22
194.110.246.0/24
194.113.35.0/24
IPv6:
2a09:fb86::/32
2a11:2a47::/32
2a11:6e40::/32
Signature Algorithm: sha256WithRSAEncryption
48:a9:33:89:c6:05:0d:b3:36:42:0f:c2:4c:86:1a:72:36:0f:
e4:90:41:fe:48:ba:f8:f0:b0:58:ba:c0:01:b3:26:e6:59:81:
f7:b2:79:49:8a:7b:8a:b8:08:dd:2e:e6:1e:58:5d:bc:1d:e7:
9c:6a:5c:ab:6a:76:ab:f7:93:ee:93:de:b0:cc:39:1f:9b:7b:
12:c5:50:6a:1e:52:46:01:c7:6e:f7:b8:7b:77:9c:66:fa:ad:
fc:b4:8e:e3:f5:28:a5:9f:5d:cc:ce:f4:ad:8b:bf:f2:f1:31:
a4:d4:a2:28:7b:b8:16:ee:fd:ba:e6:e8:0c:c8:b5:3a:bc:6a:
37:23:eb:b0:67:e1:10:21:61:ba:ce:20:7d:6b:08:82:81:a6:
b0:67:37:fc:b3:c7:7c:84:09:7f:f3:1f:fb:e0:26:92:d4:ad:
04:a5:67:cd:6f:3e:30:0d:fa:b4:69:23:85:0f:34:b0:96:55:
f2:17:e7:7f:31:a5:50:8e:67:3f:c8:7c:67:8a:11:ae:e6:df:
fb:c1:0c:db:a3:ee:c0:bc:ae:f4:f8:c3:fc:8d:c5:2b:9b:8f:
bf:2d:c9:89:4e:c0:ba:83:c6:70:79:8f:8b:86:d7:5a:e4:c9:
66:45:22:fd:65:bb:e1:e2:e4:2d:9d:6c:f3:72:59:9e:fe:fc:
2a:63:38:37
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYiaZGoXFNSm8Q04/DvmOs0cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjMwNjA4MDk0NDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2NjZjE2YmVhNzZjZWVmNWQwYjQ2MWY3MDBlMmQ4NDJlNjEyMmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln3ZVQ8NREAqUJS2sbHbgnRxLuA9
JIEyxPC6CyjevWaTHQGoU/LjgsgHE9LQsUBCFKltOqjJmhYWwnIC3zQu3Vy2ht2a
rNt2pFG+BHIUNmCiKKmwmMMsArVGsOi+bCGnpEMBtcI71M2m8pNvIX1NjvXQH3cf
6+rkTBsgL+2oW9jkzohyn8BVnp3yBslWCGhCDJH6hVCgjsPR/+5I5NXDO+lnew0W
JnR2i/hLQImWBr6EOQmbeQWv/on6Sf4xQlrAyPo4gD+1PSwHAu/Tohg4DH8FFjaq
+gDgF/7NGpZOL0Wgl2gF9YSAGveZL/GrC5E5ek2nodMfqrayCr1xeJYb3QIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFBzM8Wvqds7vXQtGH3AOLYQuYSL/MB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvSE16eGEtcDJ6dTlkQzBZZmNBNHRoQzVoSXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAqBAIAATAkAwQCBbUAAwQB
LY+kAwQALZZtAwQCwJAMAwQAwm72AwQAwnEjMBsEAgACMBUDBQAqCfuGAwUAKhEq
RwMFACoRbkAwDQYJKoZIhvcNAQELBQADggEBAEipM4nGBQ2zNkIPwkyGGnI2D+SQ
Qf5IuvjwsFi6wAGzJuZZgfeyeUmKe4q4CN0u5h5YXbwd55xqXKtqdqv3k+6T3rDM
OR+bexLFUGoeUkYBx273uHt3nGb6rfy0juP1KKWfXczO9K2Lv/LxMaTUoih7uBbu
/brm6AzItTq8ajcj67Bn4RAhYbrOIH1rCIKBprBnN/yzx3yECX/zH/vgJpLUrQSl
Z81vPjAN+rRpI4UPNLCWVfIX538xpVCOZz/IfGeKEa7m3/vBDNuj7sC8rvT4w/yN
xSubj78tyYlOwLqDxnB5j4uG11rkyWZFIv1lu+Hi5C2dbPNyWZ7+/CpjODc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:00 2024 by rpki-client on console-ams.rpki-client.org