Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/hatSc1uL9I207lZhc3oEKxDQtL0.roa
File: hatSc1uL9I207lZhc3oEKxDQtL0.roa (raw, json)
Hash identifier: /W5xmG0/jKSape33hza3DCijWiplOsOvrAH99nvLWM0=
Subject key identifier: 85:AB:52:73:5B:8B:F4:8D:B4:EE:56:61:73:7A:04:2B:10:D0:B4:BD
Certificate issuer: /CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
Certificate serial: 0192CDB3AAF4E71339BB2F30F55165B44524
Authority key identifier: C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/hatSc1uL9I207lZhc3oEKxDQtL0.roa
Signing time: Sun 27 Oct 2024 11:19:16 +0000
ROA not before: Sun 27 Oct 2024 11:19:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200937
IP address blocks: 185.90.148.0/25 maxlen: 25
185.90.148.128/26 maxlen: 26
185.90.148.192/27 maxlen: 27
185.90.148.224/27 maxlen: 27
185.90.149.0/24 maxlen: 24
185.90.150.0/24 maxlen: 24
185.90.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:cd:b3:aa:f4:e7:13:39:bb:2f:30:f5:51:65:b4:45:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
Validity
Not Before: Oct 27 11:19:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=85ab52735b8bf48db4ee5661737a042b10d0b4bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:7d:d5:c1:e9:6d:5c:cd:e6:a0:1f:bb:b7:53:
15:37:38:61:f1:ae:56:0d:18:3e:fe:1b:26:d9:32:
1a:70:9d:22:fb:62:d1:5e:97:ee:28:86:60:c6:98:
d0:4f:fb:46:e8:a3:89:02:50:9d:a5:0c:a0:76:bf:
ac:ca:3d:27:07:61:dd:47:aa:09:d8:33:ca:18:1a:
39:dc:d3:c0:4a:3e:de:8e:57:8a:7e:99:93:6e:85:
1c:39:a9:00:5a:09:56:48:31:47:80:f9:fc:88:93:
b6:64:82:e6:90:75:5b:64:a5:55:a9:78:8d:e8:7d:
f8:0e:a6:8b:a9:13:3c:f9:9e:c6:7e:8f:30:f6:dc:
df:91:0d:a9:08:1f:94:29:6b:e7:4c:3c:e0:22:0e:
50:4f:c9:20:18:8d:ad:0a:de:47:3c:5b:cf:c2:dd:
04:70:7c:f5:eb:7c:47:47:3e:99:c2:7a:9e:0e:b2:
a2:76:04:81:38:fd:0b:05:e9:52:74:bd:e1:38:42:
05:11:4d:67:3c:b1:8b:06:39:95:84:4e:57:63:f5:
0f:89:02:79:9d:34:96:35:bc:5b:2f:83:87:9f:7e:
2a:ba:37:e8:66:04:bc:c6:d2:ee:fc:f9:4e:78:13:
31:28:29:73:72:12:87:24:84:4a:87:0c:17:30:f9:
17:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:AB:52:73:5B:8B:F4:8D:B4:EE:56:61:73:7A:04:2B:10:D0:B4:BD
X509v3 Authority Key Identifier:
keyid:C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/hatSc1uL9I207lZhc3oEKxDQtL0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.90.148.0/22
Signature Algorithm: sha256WithRSAEncryption
8c:ac:1c:7d:3a:c9:67:8d:21:90:d5:1a:3a:7a:2d:5f:21:58:
47:13:b3:6c:12:ac:b7:2a:37:66:ef:03:b6:85:d2:c5:9c:79:
a0:5c:bc:4f:07:16:88:c2:ca:37:b7:23:89:7b:19:1f:17:55:
49:d1:ae:78:62:f4:81:91:d9:db:71:c4:fc:44:09:06:9c:ae:
2e:1b:b4:dd:38:eb:ec:f4:a6:22:ed:f1:6c:30:76:2d:3a:e8:
93:8c:de:68:ed:5c:51:77:3f:f9:97:a7:37:4e:f6:c3:b1:05:
9f:ca:03:aa:3a:0d:5b:25:09:5d:fa:fa:16:06:c0:ed:89:8b:
6b:eb:cf:02:35:e4:e6:34:f7:0e:04:5c:a9:ea:45:f5:30:b3:
0a:b4:78:e7:73:30:c0:04:b4:ca:1b:36:5c:4d:27:e5:5b:d5:
b2:97:14:ae:e1:47:a0:47:6e:12:c8:0d:0b:60:c3:48:82:e1:
73:b8:a8:67:10:7d:2c:b5:6e:65:a6:75:15:4d:11:1a:90:f6:
52:b9:d8:77:d5:69:fd:2c:9f:5b:87:54:f8:24:67:27:8e:1e:
a2:f6:b8:bf:af:3f:81:72:25:06:72:a1:64:54:77:83:02:cd:
42:13:8a:94:77:a2:c3:96:09:b9:11:ec:a2:7c:b7:d4:3f:8e:
11:0d:bd:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLNs6r05xM5uy8w9VFltEUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZDkxNDYyYzRkYzFkZjZhOGEzYTk3YTFhZWU1N2EwY2Mx
NGVmYmEwHhcNMjQxMDI3MTExOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWFiNTI3MzViOGJmNDhkYjRlZTU2NjE3MzdhMDQyYjEwZDBiNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH3VweltXM3moB+7t1MVNzhh8a5W
DRg+/hsm2TIacJ0i+2LRXpfuKIZgxpjQT/tG6KOJAlCdpQygdr+syj0nB2HdR6oJ
2DPKGBo53NPASj7ejleKfpmTboUcOakAWglWSDFHgPn8iJO2ZILmkHVbZKVVqXiN
6H34DqaLqRM8+Z7Gfo8w9tzfkQ2pCB+UKWvnTDzgIg5QT8kgGI2tCt5HPFvPwt0E
cHz163xHRz6ZwnqeDrKidgSBOP0LBelSdL3hOEIFEU1nPLGLBjmVhE5XY/UPiQJ5
nTSWNbxbL4OHn34qujfoZgS8xtLu/PlOeBMxKClzchKHJIRKhwwXMPkXRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWrUnNbi/SNtO5WYXN6BCsQ0LS9MB8GA1UdIwQY
MBaAFMfZFGLE3B32qKOpehruV6DMFO+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDlrVVlzVGNIZmFvbzZsNkd1NVhvTXdVNzdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zMThhMjMtMjg3Ni00NmEyLWFmNzIt
MzQ5N2Y3ZTJkZTYyLzEvaGF0U2MxdUw5STIwN2xaaGMzb0VLeERRdEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zMThhMjMtMjg3Ni00NmEyLWFmNzItMzQ5N2Y3ZTJkZTYy
LzEveDlrVVlzVGNIZmFvbzZsNkd1NVhvTXdVNzdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVqUMA0G
CSqGSIb3DQEBCwUAA4IBAQCMrBx9OslnjSGQ1Ro6ei1fIVhHE7NsEqy3Kjdm7wO2
hdLFnHmgXLxPBxaIwso3tyOJexkfF1VJ0a54YvSBkdnbccT8RAkGnK4uG7TdOOvs
9KYi7fFsMHYtOuiTjN5o7VxRdz/5l6c3TvbDsQWfygOqOg1bJQld+voWBsDtiYtr
688CNeTmNPcOBFyp6kX1MLMKtHjnczDABLTKGzZcTSflW9WylxSu4UegR24SyA0L
YMNIguFzuKhnEH0stW5lpnUVTREakPZSudh31Wn9LJ9bh1T4JGcnjh6i9ri/rz+B
ciUGcqFkVHeDAs1CE4qUd6LDlgm5EeyifLfUP44RDb1O
-----END CERTIFICATE-----
Generated at Wed Apr 16 08:21:04 2025 by rpki-client