Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HnJHTXIJGNpQT_ttBuITZ5ZLDtg.roa
File: HnJHTXIJGNpQT_ttBuITZ5ZLDtg.roa (raw, json)
Hash identifier: QLuiuulGwliWLpfALiwc5g5aPehIoUrtcVsdoZXVEs8=
Subject key identifier: 1E:72:47:4D:72:09:18:DA:50:4F:FB:6D:06:E2:13:67:96:4B:0E:D8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01880012766293CB122315D2C354CD78C76E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HnJHTXIJGNpQT_ttBuITZ5ZLDtg.roa
Signing time: Tue 09 May 2023 10:33:09 +0000
ROA not before: Tue 09 May 2023 10:33:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213200
IP address blocks: 84.21.173.0/24 maxlen: 24
87.121.59.0/24 maxlen: 24
176.125.255.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:00:12:76:62:93:cb:12:23:15:d2:c3:54:cd:78:c7:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 9 10:33:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1e72474d720918da504ffb6d06e21367964b0ed8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:03:15:0c:50:7e:ac:5f:2b:8d:16:9f:35:7e:
55:3a:86:2d:28:7b:26:20:28:98:f8:48:51:28:15:
5f:a3:03:ac:a4:6a:06:5b:2f:54:8e:b8:5c:64:37:
f4:88:e2:12:da:ba:f0:88:22:17:69:ce:e1:2e:e6:
6e:ec:66:9f:84:25:9b:6e:28:50:27:34:6a:d5:90:
ea:6d:3f:06:1a:98:3c:e3:af:e3:32:27:de:93:7e:
a0:37:c5:1c:10:ac:6e:be:50:01:7f:1d:7a:33:54:
d8:2a:bf:c5:7f:63:bb:a2:38:2e:67:bc:4b:77:c5:
90:b1:fe:41:97:a8:00:36:80:f8:93:c1:0c:34:27:
fc:c0:a0:37:0f:40:b9:a3:ac:22:8e:a5:fe:44:58:
15:0f:2d:d9:f1:01:19:69:3c:ec:81:54:da:21:43:
09:ee:2d:aa:0e:25:83:91:a3:49:87:02:32:b3:98:
3a:c3:6b:5c:9d:1d:bd:43:4a:d9:9d:a8:89:e7:13:
4f:1f:07:c2:c6:c3:9c:eb:25:c3:37:4e:bd:0d:31:
d2:11:b8:d3:3c:82:c8:29:82:c8:60:33:55:af:97:
f1:f6:9b:30:d1:13:82:1e:22:11:8c:08:73:cb:4c:
e6:6d:b0:0c:31:91:95:b6:60:a8:e8:28:39:18:93:
2c:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:72:47:4D:72:09:18:DA:50:4F:FB:6D:06:E2:13:67:96:4B:0E:D8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HnJHTXIJGNpQT_ttBuITZ5ZLDtg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.21.173.0/24
87.121.59.0/24
176.125.255.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:e4:ce:0d:0b:bd:39:23:8b:6d:64:81:42:e2:f1:02:ba:96:
8a:d2:51:7d:b5:7a:32:7b:9e:70:e2:8c:70:e8:ef:a5:73:09:
e9:82:1a:d4:05:61:c5:7d:fe:46:b6:c2:b4:aa:30:09:f5:24:
0b:e0:9f:24:e9:6e:a4:90:41:6d:6a:52:42:49:db:b4:b2:3b:
23:36:a8:35:24:07:38:ea:e7:33:c7:82:1e:de:37:f4:4c:86:
a7:2e:4c:02:54:d5:c5:55:b6:b1:02:28:8d:ad:97:82:8e:f3:
9f:60:18:f2:43:af:53:cf:5c:c2:e6:6f:f7:c6:75:97:05:dc:
56:0e:69:cb:77:57:85:d6:b1:fd:38:95:b6:54:0a:1b:3d:2a:
6a:0c:1e:f8:1f:95:68:68:72:93:35:34:3f:b3:3d:2e:7e:c9:
b1:05:37:40:64:0c:c1:8a:cb:d8:16:04:1d:21:7f:2d:11:77:
82:2b:e6:6e:50:29:1b:4c:a5:2b:17:1f:8e:e2:8f:87:0c:9c:
ed:09:c8:a6:4d:38:6b:5f:61:d9:f0:e8:f8:f8:75:38:b8:89:
67:07:a3:49:38:16:4a:d7:29:d2:ad:9e:a0:6d:24:dc:62:0c:
3a:4e:4b:7b:c1:7d:df:79:9f:1c:9f:bc:1b:f6:ac:8d:8d:29:
b4:f6:e7:3e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYgAEnZik8sSIxXSw1TNeMduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTA5MTAzMzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTcyNDc0ZDcyMDkxOGRhNTA0ZmZiNmQwNmUyMTM2Nzk2NGIwZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwMVDFB+rF8rjRafNX5VOoYtKHsm
ICiY+EhRKBVfowOspGoGWy9UjrhcZDf0iOIS2rrwiCIXac7hLuZu7GafhCWbbihQ
JzRq1ZDqbT8GGpg846/jMifek36gN8UcEKxuvlABfx16M1TYKr/Ff2O7ojguZ7xL
d8WQsf5Bl6gANoD4k8EMNCf8wKA3D0C5o6wijqX+RFgVDy3Z8QEZaTzsgVTaIUMJ
7i2qDiWDkaNJhwIys5g6w2tcnR29Q0rZnaiJ5xNPHwfCxsOc6yXDN069DTHSEbjT
PILIKYLIYDNVr5fx9psw0ROCHiIRjAhzy0zmbbAMMZGVtmCo6Cg5GJMsIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB5yR01yCRjaUE/7bQbiE2eWSw7YMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSG5KSFRYSUpHTnBRVF90dEJ1SVRaNVpMRHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVBWtAwQA
V3k7AwQAsH3/MA0GCSqGSIb3DQEBCwUAA4IBAQCL5M4NC705I4ttZIFC4vECupaK
0lF9tXoye55w4oxw6O+lcwnpghrUBWHFff5GtsK0qjAJ9SQL4J8k6W6kkEFtalJC
Sdu0sjsjNqg1JAc46uczx4Ie3jf0TIanLkwCVNXFVbaxAiiNrZeCjvOfYBjyQ69T
z1zC5m/3xnWXBdxWDmnLd1eF1rH9OJW2VAobPSpqDB74H5VoaHKTNTQ/sz0ufsmx
BTdAZAzBisvYFgQdIX8tEXeCK+ZuUCkbTKUrFx+O4o+HDJztCcimTThrX2HZ8Oj4
+HU4uIlnB6NJOBZK1ynSrZ6gbSTcYgw6Tkt7wX3feZ8cn7wb9qyNjSm09uc+
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org