Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/lhWKQjrk4KCCWUgzyv3PUnQWA3g.roa
File: lhWKQjrk4KCCWUgzyv3PUnQWA3g.roa (raw, json)
Hash identifier: MHUbk6z4aaCMdmcpKCKwXuUNXEB/W9i2wLggGMa9UQU=
Subject key identifier: 96:15:8A:42:3A:E4:E0:A0:82:59:48:33:CA:FD:CF:52:74:16:03:78
Certificate issuer: /CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Certificate serial: 0188CA74FE431FF13368DEC57E48396D2E9D
Authority key identifier: 1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/lhWKQjrk4KCCWUgzyv3PUnQWA3g.roa
Signing time: Sat 17 Jun 2023 17:44:04 +0000
ROA not before: Sat 17 Jun 2023 17:44:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206065
IP address blocks: 109.230.64.0/21 maxlen: 21
109.230.80.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:ca:74:fe:43:1f:f1:33:68:de:c5:7e:48:39:6d:2e:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a392dfc6ba2d3186d3269c7091b7019815345d3
Validity
Not Before: Jun 17 17:44:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=96158a423ae4e0a082594833cafdcf5274160378
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:df:b2:7d:77:a0:58:56:73:bb:41:10:e3:76:
ae:c4:87:8c:fb:b0:ce:69:85:c0:b5:7e:1f:6a:2c:
75:d7:0a:4f:35:51:21:4e:56:9b:dc:44:39:64:c5:
1a:2c:cf:9a:e5:98:78:cf:33:50:28:6e:d8:82:27:
ee:89:f3:0b:73:3a:6d:5a:ae:0b:3d:f1:7a:53:a1:
9e:29:fa:47:54:0e:13:fa:4a:3a:fb:ea:da:70:ae:
2d:49:b4:7d:cf:08:ed:13:97:05:16:df:f4:55:46:
82:3b:4c:a4:23:df:f8:6b:f7:28:38:3e:1b:c6:ce:
06:c3:be:4b:8c:88:d7:6b:93:54:b8:bc:e4:6f:ea:
7a:81:47:58:d9:02:d5:9c:67:1e:25:14:f7:a2:64:
6a:aa:93:8a:cc:53:a4:0a:d7:5c:b1:26:a1:7b:0d:
db:27:0d:f4:06:ff:5a:34:c3:e5:08:62:5f:67:3f:
3f:6f:97:e5:1e:7a:12:79:aa:33:8a:32:eb:59:38:
21:89:04:ac:b0:2c:2a:0e:90:d3:e7:37:3b:ec:25:
68:9c:81:80:ae:aa:21:b8:54:f4:9b:11:da:4d:bb:
10:0b:b5:f2:cd:c6:b4:44:0a:90:67:66:b1:7f:50:
f0:3e:86:3a:6e:98:9e:08:42:ed:56:eb:45:95:9d:
58:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:15:8A:42:3A:E4:E0:A0:82:59:48:33:CA:FD:CF:52:74:16:03:78
X509v3 Authority Key Identifier:
keyid:1A:39:2D:FC:6B:A2:D3:18:6D:32:69:C7:09:1B:70:19:81:53:45:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/lhWKQjrk4KCCWUgzyv3PUnQWA3g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/32d85d-a717-4d68-82a6-2f365f22a18c/1/Gjkt_Gui0xhtMmnHCRtwGYFTRdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.64.0/21
109.230.80.0/20
Signature Algorithm: sha256WithRSAEncryption
69:11:f8:07:cb:ad:78:f8:28:9e:db:d7:1a:96:e5:fd:5a:ec:
0a:32:9c:76:e9:cf:43:ac:d4:c4:49:6b:23:17:62:67:b3:9e:
fd:71:bf:2d:6d:0f:f4:22:ec:24:01:6a:be:58:db:e7:54:5b:
cb:fb:65:fe:0e:c3:6c:5a:3c:67:7f:c3:5b:3c:41:2f:94:c9:
0c:28:f9:67:b5:b3:df:62:ca:74:ce:df:f2:24:91:26:43:4f:
60:8d:e3:95:12:13:cb:b3:23:e6:2c:2e:d4:d6:cb:7e:b8:e4:
9f:e9:13:bd:53:ba:14:82:40:15:98:46:68:62:32:66:e9:81:
aa:54:33:9b:28:fc:da:4d:bf:95:14:b8:62:db:b0:b9:f0:6e:
a0:c5:fb:86:e0:0a:4e:56:d3:5a:17:1f:7f:46:ee:b8:96:ca:
a7:af:f8:16:20:cc:3f:93:b7:f3:9d:aa:0b:43:c8:10:da:14:
bf:39:9a:32:5d:fa:2a:35:c1:e2:6c:31:e5:9c:96:a7:b4:de:
17:81:b4:2a:07:9f:dd:e2:27:69:fa:2b:87:46:ea:e3:60:07:
9d:ee:08:83:3c:b5:28:03:b1:c7:09:49:2f:70:26:c0:43:13:
81:a3:83:fe:24:ad:c1:b9:85:8e:14:64:bf:7a:9a:df:62:a2:
2b:ec:48:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYjKdP5DH/EzaN7Ffkg5bS6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMzkyZGZjNmJhMmQzMTg2ZDMyNjljNzA5MWI3MDE5ODE1
MzQ1ZDMwHhcNMjMwNjE3MTc0NDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjE1OGE0MjNhZTRlMGEwODI1OTQ4MzNjYWZkY2Y1Mjc0MTYwMzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN+yfXegWFZzu0EQ43auxIeM+7DO
aYXAtX4faix11wpPNVEhTlab3EQ5ZMUaLM+a5Zh4zzNQKG7YgifuifMLczptWq4L
PfF6U6GeKfpHVA4T+ko6++racK4tSbR9zwjtE5cFFt/0VUaCO0ykI9/4a/coOD4b
xs4Gw75LjIjXa5NUuLzkb+p6gUdY2QLVnGceJRT3omRqqpOKzFOkCtdcsSahew3b
Jw30Bv9aNMPlCGJfZz8/b5flHnoSeaozijLrWTghiQSssCwqDpDT5zc77CVonIGA
rqohuFT0mxHaTbsQC7Xyzca0RAqQZ2axf1DwPoY6bpieCELtVutFlZ1YiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJYVikI65OCggllIM8r9z1J0FgN4MB8GA1UdIwQY
MBaAFBo5LfxrotMYbTJpxwkbcBmBU0XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYt
MmYzNjVmMjJhMThjLzEvbGhXS1Fqcms0S0NDV1Vnenl2M1BVblFXQTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zMmQ4NWQtYTcxNy00ZDY4LTgyYTYtMmYzNjVmMjJhMThj
LzEvR2prdF9HdWkweGh0TW1uSENSdHdHWUZUUmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbeZAAwQE
beZQMA0GCSqGSIb3DQEBCwUAA4IBAQBpEfgHy614+Cie29caluX9WuwKMpx26c9D
rNTESWsjF2Jns579cb8tbQ/0IuwkAWq+WNvnVFvL+2X+DsNsWjxnf8NbPEEvlMkM
KPlntbPfYsp0zt/yJJEmQ09gjeOVEhPLsyPmLC7U1st+uOSf6RO9U7oUgkAVmEZo
YjJm6YGqVDObKPzaTb+VFLhi27C58G6gxfuG4ApOVtNaFx9/Ru64lsqnr/gWIMw/
k7fznaoLQ8gQ2hS/OZoyXfoqNcHibDHlnJantN4XgbQqB5/d4idp+iuHRurjYAed
7giDPLUoA7HHCUkvcCbAQxOBo4P+JK3BuYWOFGS/eprfYqIr7Eji
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:18 2024 by rpki-client on console-ams.rpki-client.org