Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/HInYJjBOmWV1wj96Nifo-YOmq_s.roa
File: HInYJjBOmWV1wj96Nifo-YOmq_s.roa (raw, json)
Hash identifier: SOWCP1+1bRBUnrdObBfWvTkcncQWxHxGSqXSiKWDjOU=
Subject key identifier: 1C:89:D8:26:30:4E:99:65:75:C2:3F:7A:36:27:E8:F9:83:A6:AB:FB
Certificate issuer: /CN=bab453d97ba2f4a045843e6b4a953b3e5106eaf2
Certificate serial: 018CC49362C65488D9346C8AFE3C6E634E25
Authority key identifier: BA:B4:53:D9:7B:A2:F4:A0:45:84:3E:6B:4A:95:3B:3E:51:06:EA:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/urRT2Xui9KBFhD5rSpU7PlEG6vI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/HInYJjBOmWV1wj96Nifo-YOmq_s.roa
Signing time: Mon 01 Jan 2024 10:30:42 +0000
ROA not before: Mon 01 Jan 2024 10:30:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29385
IP address blocks: 213.206.32.0/19 maxlen: 19
185.4.160.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:62:c6:54:88:d9:34:6c:8a:fe:3c:6e:63:4e:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bab453d97ba2f4a045843e6b4a953b3e5106eaf2
Validity
Not Before: Jan 1 10:30:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1c89d826304e996575c23f7a3627e8f983a6abfb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:93:4d:85:98:7a:b2:e7:27:e4:87:2f:5d:1a:
af:4b:30:e9:4c:18:dc:9c:12:13:a8:77:5d:ce:73:
26:4d:df:ec:4f:e2:86:27:67:90:c8:3c:a3:99:4e:
bc:cd:6f:89:d5:dd:37:3b:13:e1:92:6d:f5:83:8c:
09:48:f9:14:6c:ae:e9:d1:33:ba:67:86:89:0b:59:
38:d7:da:27:12:fa:2b:be:2c:87:08:74:6b:6a:50:
29:d3:29:36:f7:ca:3f:05:8d:a5:aa:6f:6e:d4:c4:
2e:ee:89:ec:7c:dc:85:76:1d:9a:31:d9:4c:20:e3:
5d:4f:b6:c2:f2:67:c0:33:05:aa:56:52:63:d0:fd:
e0:a9:6e:77:37:98:08:0e:25:31:6c:2d:ca:13:63:
27:8a:34:99:ec:63:9c:cf:3f:d5:fe:28:2a:12:ea:
01:70:ec:d3:e0:9f:f7:06:6e:77:c4:80:10:90:a8:
29:5d:2e:ac:97:dd:25:de:0b:86:be:55:1a:01:77:
0d:55:16:4a:f4:92:4a:ba:70:9e:a0:c4:7b:b2:3d:
55:17:66:4f:e7:07:73:50:6a:e6:6e:7d:ab:3b:cb:
2b:76:34:05:bc:02:b8:6c:97:81:7c:e6:52:a3:7c:
9a:0e:ef:30:f2:4d:12:8e:c1:76:46:b2:8e:1a:3a:
9a:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:89:D8:26:30:4E:99:65:75:C2:3F:7A:36:27:E8:F9:83:A6:AB:FB
X509v3 Authority Key Identifier:
keyid:BA:B4:53:D9:7B:A2:F4:A0:45:84:3E:6B:4A:95:3B:3E:51:06:EA:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/urRT2Xui9KBFhD5rSpU7PlEG6vI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/HInYJjBOmWV1wj96Nifo-YOmq_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6703ca-ced4-4207-ab05-4a6f55771bd1/1/urRT2Xui9KBFhD5rSpU7PlEG6vI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.4.160.0/22
213.206.32.0/19
Signature Algorithm: sha256WithRSAEncryption
54:01:a4:e7:5f:f2:d1:d1:df:3e:af:de:c5:38:9c:e3:00:b9:
2a:84:fb:7e:69:7d:c6:af:e0:b4:6a:f9:56:b7:94:89:30:e8:
90:e5:f7:a1:be:ba:1e:45:09:e9:58:1e:ba:19:32:68:64:8b:
c1:f0:5d:a7:3b:4b:f1:12:48:f0:ba:2e:09:c1:38:d6:30:94:
c7:81:b0:c9:46:76:8f:0c:e6:f5:dc:17:00:d8:8a:fc:34:92:
6d:78:83:04:99:3a:ba:64:b5:96:95:89:85:5f:be:b2:d3:1f:
ff:d6:30:25:16:5e:e9:5e:e6:65:0a:dc:55:69:25:9e:91:49:
63:57:da:60:9c:a1:ab:eb:4c:92:d0:95:4e:4d:4e:2c:6c:e5:
e6:28:7d:1b:85:bb:13:01:e2:8f:52:70:0f:e4:4e:4c:c5:b3:
13:e7:3a:99:79:8d:37:e1:d2:91:b7:aa:53:9e:87:b3:9b:b4:
98:e2:5c:e2:ee:ac:94:2e:17:36:ea:33:5e:a6:21:45:66:5f:
6a:c9:4a:bb:95:72:e8:de:32:78:a1:85:87:54:cd:32:ad:a4:
c9:f9:c3:03:8c:c3:2d:1b:97:4c:56:e3:c3:da:e0:6f:d9:16:
84:09:84:44:08:65:c4:12:55:9f:d6:a4:87:1b:60:37:3b:16:
62:92:4a:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk2LGVIjZNGyK/jxuY04lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYjQ1M2Q5N2JhMmY0YTA0NTg0M2U2YjRhOTUzYjNlNTEw
NmVhZjIwHhcNMjQwMTAxMTAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg5ZDgyNjMwNGU5OTY1NzVjMjNmN2EzNjI3ZThmOTgzYTZhYmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5NNhZh6sucn5IcvXRqvSzDpTBjc
nBITqHddznMmTd/sT+KGJ2eQyDyjmU68zW+J1d03OxPhkm31g4wJSPkUbK7p0TO6
Z4aJC1k419onEvorviyHCHRralAp0yk298o/BY2lqm9u1MQu7onsfNyFdh2aMdlM
IONdT7bC8mfAMwWqVlJj0P3gqW53N5gIDiUxbC3KE2MnijSZ7GOczz/V/igqEuoB
cOzT4J/3Bm53xIAQkKgpXS6sl90l3guGvlUaAXcNVRZK9JJKunCeoMR7sj1VF2ZP
5wdzUGrmbn2rO8srdjQFvAK4bJeBfOZSo3yaDu8w8k0SjsF2RrKOGjqa8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFByJ2CYwTplldcI/ejYn6PmDpqv7MB8GA1UdIwQY
MBaAFLq0U9l7ovSgRYQ+a0qVOz5RBuryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXJSVDJYdWk5S0JGaEQ1clNwVTdQbEVHNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82NzAzY2EtY2VkNC00MjA3LWFiMDUt
NGE2ZjU1NzcxYmQxLzEvSEluWUpqQk9tV1Yxd2o5Nk5pZm8tWU9tcV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82NzAzY2EtY2VkNC00MjA3LWFiMDUtNGE2ZjU1NzcxYmQx
LzEvdXJSVDJYdWk5S0JGaEQ1clNwVTdQbEVHNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQSgAwQF
1c4gMA0GCSqGSIb3DQEBCwUAA4IBAQBUAaTnX/LR0d8+r97FOJzjALkqhPt+aX3G
r+C0avlWt5SJMOiQ5fehvroeRQnpWB66GTJoZIvB8F2nO0vxEkjwui4JwTjWMJTH
gbDJRnaPDOb13BcA2Ir8NJJteIMEmTq6ZLWWlYmFX76y0x//1jAlFl7pXuZlCtxV
aSWekUljV9pgnKGr60yS0JVOTU4sbOXmKH0bhbsTAeKPUnAP5E5MxbMT5zqZeY03
4dKRt6pTnoezm7SY4lzi7qyULhc26jNepiFFZl9qyUq7lXLo3jJ4oYWHVM0yraTJ
+cMDjMMtG5dMVuPD2uBv2RaECYRECGXEElWf1qSHG2A3OxZikkr+
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:07:09 2025 by rpki-client