Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/H1YezXDsjDvOLCJ4l9irJzEULpk.roa
File: H1YezXDsjDvOLCJ4l9irJzEULpk.roa (raw, json)
Hash identifier: jQWAYADo7EVSkn3BXYJwGrWMFLJ8KK0bx6F1FQgt2DU=
Subject key identifier: 1F:56:1E:CD:70:EC:8C:3B:CE:2C:22:78:97:D8:AB:27:31:14:2E:99
Certificate issuer: /CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Certificate serial: 018A8921F611FC9E0007D2D6BFE43D6998C5
Authority key identifier: 35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/H1YezXDsjDvOLCJ4l9irJzEULpk.roa
Signing time: Tue 12 Sep 2023 11:23:38 +0000
ROA not before: Tue 12 Sep 2023 11:23:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208308
IP address blocks: 77.223.200.0/23 maxlen: 24
66.245.192.0/19 maxlen: 24
176.222.48.0/22 maxlen: 24
178.216.184.0/21 maxlen: 24
79.139.64.0/23 maxlen: 24
158.247.56.0/22 maxlen: 24
198.14.16.0/20 maxlen: 24
77.223.192.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:89:21:f6:11:fc:9e:00:07:d2:d6:bf:e4:3d:69:98:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Validity
Not Before: Sep 12 11:23:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1f561ecd70ec8c3bce2c227897d8ab2731142e99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:5e:79:df:9b:fe:8f:5d:d7:4e:66:e3:e4:cf:
9a:c7:15:55:0f:ff:7f:99:c1:d0:00:9b:7e:27:78:
36:29:c1:3c:c5:96:0c:16:7c:f1:3f:43:f0:1e:da:
8e:7b:1d:64:2e:f2:f6:80:70:3e:c0:28:c7:e9:c7:
90:52:b0:24:14:97:5b:fe:31:f4:85:a7:55:81:08:
f6:a2:a5:bc:db:a9:3f:61:6c:45:17:8d:97:65:dd:
17:09:24:b3:f5:3e:7c:5c:96:4b:9d:77:bc:b5:39:
0c:4d:fd:2e:7e:dd:b9:ab:fc:11:82:36:68:d2:f3:
30:98:88:b4:78:9e:ae:5f:c6:92:17:d8:c6:ac:0c:
0f:26:56:27:f0:d5:3b:b1:f3:8c:bd:4b:2c:76:ca:
70:07:1d:2b:5d:8a:79:4b:c3:9c:b1:16:35:ce:d2:
14:10:7d:1c:23:58:3e:93:94:bb:05:fd:19:07:06:
9e:f0:bf:76:57:4e:b0:7f:0f:b5:3d:42:46:17:e0:
f2:61:a4:56:d5:10:bd:b5:37:4a:f7:77:ea:84:c8:
85:c7:48:b6:7b:65:dd:25:5c:0d:7c:9c:1c:2f:a6:
02:3c:35:48:fa:c5:7d:ae:96:b0:4b:bf:65:b9:dd:
2b:d9:2f:bd:a9:1b:f7:07:36:78:96:61:54:b3:80:
2e:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:56:1E:CD:70:EC:8C:3B:CE:2C:22:78:97:D8:AB:27:31:14:2E:99
X509v3 Authority Key Identifier:
keyid:35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/H1YezXDsjDvOLCJ4l9irJzEULpk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/NclgZQk5mLpCz7oRvw0X06xAPUA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
66.245.192.0/19
77.223.192.0-77.223.201.255
79.139.64.0/23
158.247.56.0/22
176.222.48.0/22
178.216.184.0/21
198.14.16.0/20
Signature Algorithm: sha256WithRSAEncryption
21:18:13:1f:e4:31:94:7a:19:c8:50:ba:ea:63:e3:dc:8b:94:
ad:f4:6d:e0:be:1c:05:9b:4c:f9:b2:14:e4:79:39:59:d6:97:
99:ac:43:89:07:f3:0c:8d:ab:3f:bc:bd:3b:29:f2:48:a2:d2:
01:a2:04:c2:00:34:11:b4:99:14:16:46:a2:78:aa:72:0a:47:
e7:ca:d0:75:34:4e:8b:56:6a:d1:39:32:c8:6f:34:da:f7:76:
a9:0b:7c:a2:a4:dd:bc:30:b8:ad:35:f6:ce:e3:e8:d6:9f:42:
2a:bb:12:c9:86:e3:00:4e:ee:7c:3b:83:27:5c:f9:c0:b3:07:
7b:c3:44:85:5c:9a:53:52:c3:f2:57:b1:7c:0a:7e:6f:e4:d0:
33:7b:40:6f:44:76:b3:65:ae:81:2e:90:b9:33:9e:59:d8:21:
6b:43:da:06:5c:41:87:0d:31:a8:ff:b8:c4:3b:35:86:61:82:
9f:15:23:33:54:41:33:d4:57:83:58:7d:a1:85:69:39:4a:52:
9d:5e:eb:88:e1:8a:e8:99:a3:a1:fe:78:0b:82:0c:95:29:a7:
3e:0b:9f:45:ee:cf:07:66:76:c5:73:a1:bd:67:b6:34:cd:bf:
e2:13:e4:6a:ba:45:87:18:95:4f:62:fb:c5:af:34:25:bf:d8:
5e:ba:ff:16
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYqJIfYR/J4AB9LWv+Q9aZjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1Yzk2MDY1MDkzOTk4YmE0MmNmYmExMWJmMGQxN2QzYWM0
MDNkNDAwHhcNMjMwOTEyMTEyMzM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjU2MWVjZDcwZWM4YzNiY2UyYzIyNzg5N2Q4YWIyNzMxMTQyZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF5535v+j13XTmbj5M+axxVVD/9/
mcHQAJt+J3g2KcE8xZYMFnzxP0PwHtqOex1kLvL2gHA+wCjH6ceQUrAkFJdb/jH0
hadVgQj2oqW826k/YWxFF42XZd0XCSSz9T58XJZLnXe8tTkMTf0uft25q/wRgjZo
0vMwmIi0eJ6uX8aSF9jGrAwPJlYn8NU7sfOMvUssdspwBx0rXYp5S8OcsRY1ztIU
EH0cI1g+k5S7Bf0ZBwae8L92V06wfw+1PUJGF+DyYaRW1RC9tTdK93fqhMiFx0i2
e2XdJVwNfJwcL6YCPDVI+sV9rpawS79lud0r2S+9qRv3BzZ4lmFUs4AudQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFB9WHs1w7Iw7ziwieJfYqycxFC6ZMB8GA1UdIwQY
MBaAFDXJYGUJOZi6Qs+6Eb8NF9OsQD1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMt
NmJhYzM0OTg3MDE5LzEvSDFZZXpYRHNqRHZPTENKNGw5aXJKekVVTHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMtNmJhYzM0OTg3MDE5
LzEvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQFQvXAMAwD
BAZN38ADBAFN38gDBAFPi0ADBAKe9zgDBAKw3jADBAOy2LgDBATGDhAwDQYJKoZI
hvcNAQELBQADggEBACEYEx/kMZR6GchQuupj49yLlK30beC+HAWbTPmyFOR5OVnW
l5msQ4kH8wyNqz+8vTsp8kii0gGiBMIANBG0mRQWRqJ4qnIKR+fK0HU0TotWatE5
MshvNNr3dqkLfKKk3bwwuK019s7j6NafQiq7EsmG4wBO7nw7gydc+cCzB3vDRIVc
mlNSw/JXsXwKfm/k0DN7QG9EdrNlroEukLkznlnYIWtD2gZcQYcNMaj/uMQ7NYZh
gp8VIzNUQTPUV4NYfaGFaTlKUp1e64jhiuiZo6H+eAuCDJUppz4Ln0XuzwdmdsVz
ob1ntjTNv+IT5Gq6RYcYlU9i+8WvNCW/2F66/xY=
-----END CERTIFICATE-----
Generated at Tue Sep 26 14:33:07 2023 by rpki-client on console-ams.rpki-client.org