Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/HEg7MGBVhqrjW3AvIJZBknES21E.roa
File: HEg7MGBVhqrjW3AvIJZBknES21E.roa (raw, json)
Hash identifier: vTldvIoR7DtwNpVcC4JDgO76UhxLjxBqvzK08KAQgb8=
Subject key identifier: 1C:48:3B:30:60:55:86:AA:E3:5B:70:2F:20:96:41:92:71:12:DB:51
Certificate issuer: /CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Certificate serial: 0185701EDC9B089756D919E280E81AFA8948
Authority key identifier: 59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/HEg7MGBVhqrjW3AvIJZBknES21E.roa
Signing time: Mon 02 Jan 2023 01:35:48 +0000
ROA not before: Mon 02 Jan 2023 01:35:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199366
IP address blocks: 37.247.101.0/24 maxlen: 24
46.20.10.0/24 maxlen: 24
46.20.12.0/24 maxlen: 24
46.20.13.0/24 maxlen: 24
95.130.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:1e:dc:9b:08:97:56:d9:19:e2:80:e8:1a:fa:89:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Validity
Not Before: Jan 2 01:35:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1c483b30605586aae35b702f209641927112db51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:3a:ae:5f:4a:88:ab:ef:b3:a7:7d:49:50:c5:
00:e6:17:eb:6d:aa:1d:28:fa:56:fa:1d:32:1f:e9:
03:60:13:cb:3a:c3:8e:ef:10:dd:05:99:5b:78:f5:
d6:94:3f:70:e1:45:71:61:c7:5d:6b:cf:e8:3a:1f:
c4:27:8b:47:3b:9e:b1:03:1d:93:33:5c:ff:2e:7d:
1d:5a:a7:98:e1:38:84:a1:d3:7a:01:cf:b0:84:9d:
bf:8c:fd:f4:9d:8f:6d:be:fa:df:e3:c8:4f:12:ac:
d7:46:83:8e:d6:7c:e2:0e:a4:4b:7a:bb:a7:6f:d4:
e4:48:7e:27:0d:9b:46:1e:b6:cd:23:ea:35:b0:df:
52:53:35:aa:42:7e:db:2c:72:6f:9a:28:d0:24:08:
56:9d:61:a3:10:84:6e:7a:22:ee:52:eb:86:d6:25:
c8:92:49:4c:60:92:4d:8a:88:81:09:2c:19:40:fb:
52:98:5e:14:d5:55:94:ab:4f:a8:fa:ed:1a:23:0a:
5a:05:f6:dc:b6:8b:15:34:ff:76:31:3c:a3:64:4e:
b6:d0:4e:ba:46:2c:8b:f3:05:7f:9e:2c:d0:d4:56:
9b:36:0e:ab:a8:a2:f6:79:e7:44:4d:0a:83:86:5b:
30:58:ed:58:52:ab:35:c2:b5:09:2b:5e:fc:ad:32:
4b:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:48:3B:30:60:55:86:AA:E3:5B:70:2F:20:96:41:92:71:12:DB:51
X509v3 Authority Key Identifier:
keyid:59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/HEg7MGBVhqrjW3AvIJZBknES21E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.247.101.0/24
46.20.10.0/24
46.20.12.0/23
95.130.174.0/24
Signature Algorithm: sha256WithRSAEncryption
b1:24:ed:83:89:b1:34:a5:e8:88:f7:06:9d:cc:cd:9a:1d:b6:
41:8d:92:90:cf:1d:52:4f:5a:1a:e7:76:07:21:8e:32:b4:fc:
f3:3c:df:db:62:f8:e1:50:bb:af:c8:23:8c:a8:dd:cf:1d:c6:
31:d3:7f:6a:13:33:8e:f4:5f:20:67:9a:ce:08:81:04:39:5f:
8b:cf:f8:b3:84:a0:d2:05:b1:95:1a:84:a0:58:4e:2b:26:0c:
22:40:99:38:ac:e6:09:8a:ce:99:6d:b7:46:18:00:b0:85:b7:
4b:78:52:be:f1:ee:96:76:13:f0:dc:45:7f:a0:f2:26:36:fd:
5d:fb:32:e1:a0:41:fa:32:13:15:c1:f5:b8:2e:fb:3c:12:c1:
3b:74:13:d5:07:c8:93:4d:2a:53:ea:04:59:ad:55:92:9e:0c:
07:a4:20:ec:0d:a3:1b:46:dc:d9:13:e5:9b:60:03:8a:1b:e6:
e8:35:f5:5b:67:cf:e0:c8:76:de:2f:72:35:78:82:44:0f:41:
b5:1e:9c:bc:b9:ba:86:46:b2:83:40:4e:a9:11:01:c5:63:3a:
00:5f:0e:87:04:11:b1:01:3f:6e:f6:53:e9:4c:25:2b:d5:af:
45:f9:5e:7c:a3:ef:62:9b:77:e6:1c:69:12:08:ea:ae:84:8e:
5e:16:8f:f9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVwHtybCJdW2RnigOga+olIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmU3YzFmMjM5NGMzZTNhYWE4Y2NiNjQ3ZmQ4MzY3MWQ2
MDk4YjcwHhcNMjMwMTAyMDEzNTQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQ4M2IzMDYwNTU4NmFhZTM1YjcwMmYyMDk2NDE5MjcxMTJkYjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DquX0qIq++zp31JUMUA5hfrbaod
KPpW+h0yH+kDYBPLOsOO7xDdBZlbePXWlD9w4UVxYcdda8/oOh/EJ4tHO56xAx2T
M1z/Ln0dWqeY4TiEodN6Ac+whJ2/jP30nY9tvvrf48hPEqzXRoOO1nziDqRLerun
b9TkSH4nDZtGHrbNI+o1sN9SUzWqQn7bLHJvmijQJAhWnWGjEIRueiLuUuuG1iXI
kklMYJJNioiBCSwZQPtSmF4U1VWUq0+o+u0aIwpaBfbctosVNP92MTyjZE620E66
RiyL8wV/nizQ1FabNg6rqKL2eedETQqDhlswWO1YUqs1wrUJK178rTJLrQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBxIOzBgVYaq41twLyCWQZJxEttRMB8GA1UdIwQY
MBaAFFkufB8jlMPjqqjMtkf9g2cdYJi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAt
NDQzYmU2M2ZjMTIzLzEvSEVnN01HQlZocXJqVzNBdklKWkJrbkVTMjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAtNDQzYmU2M2ZjMTIz
LzEvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJfdlAwQA
LhQKAwQBLhQMAwQAX4KuMA0GCSqGSIb3DQEBCwUAA4IBAQCxJO2DibE0peiI9wad
zM2aHbZBjZKQzx1ST1oa53YHIY4ytPzzPN/bYvjhULuvyCOMqN3PHcYx039qEzOO
9F8gZ5rOCIEEOV+Lz/izhKDSBbGVGoSgWE4rJgwiQJk4rOYJis6ZbbdGGACwhbdL
eFK+8e6WdhPw3EV/oPImNv1d+zLhoEH6MhMVwfW4Lvs8EsE7dBPVB8iTTSpT6gRZ
rVWSngwHpCDsDaMbRtzZE+WbYAOKG+boNfVbZ8/gyHbeL3I1eIJED0G1Hpy8ubqG
RrKDQE6pEQHFYzoAXw6HBBGxAT9u9lPpTCUr1a9F+V58o+9im3fmHGkSCOquhI5e
Fo/5
-----END CERTIFICATE-----
Generated at Sat Apr 19 08:20:58 2025 by rpki-client