Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/HW1dNiq63gE1LQj-zXYrchT-2dk.roa
File: HW1dNiq63gE1LQj-zXYrchT-2dk.roa (raw, json)
Hash identifier: +Y12ko1agowwCBOuYKJlSknDgp3qd+sZ77oDNwtVjCE=
Subject key identifier: 1D:6D:5D:36:2A:BA:DE:01:35:2D:08:FE:CD:76:2B:72:14:FE:D9:D9
Certificate issuer: /CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Certificate serial: 02231433
Authority key identifier: 35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/HW1dNiq63gE1LQj-zXYrchT-2dk.roa
Signing time: Sat 01 Jan 2022 11:55:09 +0000
ROA not before: Sat 01 Jan 2022 11:55:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 168.220.128.0/19 maxlen: 24
198.14.16.0/20 maxlen: 24
77.223.192.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35853363 (0x2231433)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Validity
Not Before: Jan 1 11:55:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1d6d5d362abade01352d08fecd762b7214fed9d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:0f:2a:53:93:4b:ab:82:f7:47:27:7d:fc:a2:
f4:f9:49:7c:3c:66:fc:e9:9c:ed:a5:53:2d:f9:dc:
0f:fc:35:a9:16:c5:e1:7b:4f:10:6d:d7:88:18:d8:
98:d1:03:8e:23:f2:a5:97:a6:07:ac:83:5e:23:a7:
96:45:02:4c:3c:d4:9d:e4:db:1f:14:e5:6a:59:04:
aa:8e:40:ba:3e:2d:a7:2d:90:34:59:6e:db:7c:9a:
61:d7:89:cf:19:24:54:42:e5:18:fa:95:db:a7:2c:
dc:83:d4:6e:e4:dd:00:50:81:bc:2c:2e:eb:7a:b3:
04:29:24:79:58:3d:25:9f:07:65:f4:d0:f6:98:1d:
0d:0a:91:82:6e:d8:c2:a5:ca:d5:66:a3:a1:36:7f:
04:1a:32:ae:80:54:02:32:0a:28:25:ab:6e:cb:da:
17:64:dc:61:07:70:66:9f:ff:b1:8e:73:fb:07:03:
48:c5:cb:01:2a:8b:0f:08:48:9f:a6:13:f5:b6:52:
65:07:fe:c1:d2:c2:58:5e:95:ec:8d:16:00:18:2f:
90:ed:e8:18:86:a9:81:e6:ca:53:e8:f9:c3:b5:36:
3e:b8:55:56:0a:2a:c7:cf:18:18:68:92:40:c9:c4:
b3:53:c8:fc:c0:62:1a:c3:1a:54:0c:13:eb:52:88:
f0:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:6D:5D:36:2A:BA:DE:01:35:2D:08:FE:CD:76:2B:72:14:FE:D9:D9
X509v3 Authority Key Identifier:
keyid:35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/HW1dNiq63gE1LQj-zXYrchT-2dk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/NclgZQk5mLpCz7oRvw0X06xAPUA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.223.192.0/21
168.220.128.0/19
198.14.16.0/20
Signature Algorithm: sha256WithRSAEncryption
0d:7e:7a:0c:1f:12:38:df:11:d9:93:c1:4a:c5:3d:0d:6f:aa:
b2:aa:fe:b5:54:67:44:68:d6:e1:9f:4b:5f:1e:5b:65:60:8a:
5f:c7:b0:b7:e3:e1:f6:6b:98:a8:be:e8:23:ad:a5:60:76:6d:
da:6c:34:41:22:e9:c8:f9:19:6d:4a:e6:eb:f1:7a:87:2a:62:
56:94:c4:3b:3a:9b:54:6c:4f:f1:8a:d4:e4:e6:4d:15:3c:a0:
70:83:90:22:36:94:41:11:dc:ee:ae:55:4c:68:7a:54:86:06:
a2:64:ef:eb:8b:d5:dc:fc:88:3a:ef:9a:f9:ed:e4:80:96:14:
57:98:1d:6d:1b:e0:17:0d:50:56:ef:79:a7:53:ef:0f:29:78:
bd:90:bb:a0:76:65:a0:2d:0c:ee:1f:f7:fb:cb:51:3c:e7:cc:
5b:5d:60:e2:a4:bd:ee:50:dc:c2:6c:23:2d:f2:35:83:32:a9:
6d:21:74:85:61:da:19:e2:03:7c:3b:44:34:bb:b4:47:d6:e0:
72:43:9e:20:6e:1b:75:1b:21:25:2a:ee:ad:55:1a:93:34:04:
30:42:c4:42:ad:b0:54:15:ee:1e:1f:25:c9:b5:d8:b6:14:e4:
dd:ce:41:e1:18:62:12:07:54:7f:de:5e:51:e2:db:30:51:38:
38:bc:43:31
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEAiMUMzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NWM5NjA2NTA5Mzk5OGJhNDJjZmJhMTFiZjBkMTdkM2FjNDAzZDQwMB4XDTIyMDEw
MTExNTUwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWQ2ZDVkMzYyYWJh
ZGUwMTM1MmQwOGZlY2Q3NjJiNzIxNGZlZDlkOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOgPKlOTS6uC90cnffyi9PlJfDxm/Omc7aVTLfncD/w1qRbF
4XtPEG3XiBjYmNEDjiPypZemB6yDXiOnlkUCTDzUneTbHxTlalkEqo5Auj4tpy2Q
NFlu23yaYdeJzxkkVELlGPqV26cs3IPUbuTdAFCBvCwu63qzBCkkeVg9JZ8HZfTQ
9pgdDQqRgm7YwqXK1WajoTZ/BBoyroBUAjIKKCWrbsvaF2TcYQdwZp//sY5z+wcD
SMXLASqLDwhIn6YT9bZSZQf+wdLCWF6V7I0WABgvkO3oGIapgebKU+j5w7U2PrhV
Vgoqx88YGGiSQMnEs1PI/MBiGsMaVAwT61KI8G0CAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBQdbV02KrreATUtCP7NdityFP7Z2TAfBgNVHSMEGDAWgBQ1yWBlCTmYukLP
uhG/DRfTrEA9QDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05jbGdaUWs1bUxwQ3o3b1J2dzBYMDZ4QVBVQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGIvNjI3NjRiLTlhYTYtNGYxMi1hNzFjLTZiYWMzNDk4NzAxOS8x
L0hXMWROaXE2M2dFMUxRai16WFlyY2hULTJkay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIv
NjI3NjRiLTlhYTYtNGYxMi1hNzFjLTZiYWMzNDk4NzAxOS8xL05jbGdaUWs1bUxw
Q3o3b1J2dzBYMDZ4QVBVQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEA03fwAMEBajcgAMEBMYOEDANBgkq
hkiG9w0BAQsFAAOCAQEADX56DB8SON8R2ZPBSsU9DW+qsqr+tVRnRGjW4Z9LXx5b
ZWCKX8ewt+Ph9muYqL7oI62lYHZt2mw0QSLpyPkZbUrm6/F6hypiVpTEOzqbVGxP
8YrU5OZNFTygcIOQIjaUQRHc7q5VTGh6VIYGomTv64vV3PyIOu+a+e3kgJYUV5gd
bRvgFw1QVu95p1PvDyl4vZC7oHZloC0M7h/3+8tRPOfMW11g4qS97lDcwmwjLfI1
gzKpbSF0hWHaGeIDfDtENLu0R9bgckOeIG4bdRshJSrurVUakzQEMELEQq2wVBXu
Hh8lybXYthTk3c5B4RhiEgdUf95eUeLbMFE4OLxDMQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:41 2023 by rpki-client on console-fra.rpki-client.org