Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/b9c1d7-2aed-4696-80a7-d5abf5031d21/1/hn2dRkA5eWkMmOGfpDmkqlZOB-k.roa
File: hn2dRkA5eWkMmOGfpDmkqlZOB-k.roa (raw, json)
Hash identifier: 98+uEYNdx7tIbXdVnf0am/MLON7q5nbeMeXBgCzSemU=
Subject key identifier: 86:7D:9D:46:40:39:79:69:0C:98:E1:9F:A4:39:A4:AA:56:4E:07:E9
Certificate issuer: /CN=9984b9eb122237111c1f8ca57707ec7307291ee8
Certificate serial: 391112D6
Authority key identifier: 99:84:B9:EB:12:22:37:11:1C:1F:8C:A5:77:07:EC:73:07:29:1E:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mYS56xIiNxEcH4yldwfscwcpHug.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/b9c1d7-2aed-4696-80a7-d5abf5031d21/1/hn2dRkA5eWkMmOGfpDmkqlZOB-k.roa
Signing time: Thu 12 May 2022 12:54:02 +0000
ROA not before: Thu 12 May 2022 12:54:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15372
IP address blocks: 193.36.120.0/22 maxlen: 22
212.111.224.0/19 maxlen: 24
188.239.190.0/24 maxlen: 24
188.239.188.0/23 maxlen: 23
31.42.180.0/24 maxlen: 24
2a01:7700::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 957420246 (0x391112d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9984b9eb122237111c1f8ca57707ec7307291ee8
Validity
Not Before: May 12 12:54:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=867d9d46403979690c98e19fa439a4aa564e07e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:a4:f6:a9:0b:6e:68:d7:a0:da:5e:56:cf:29:
8c:ef:30:19:65:66:06:1d:a7:b4:15:6e:d1:b4:07:
36:ff:05:55:7f:1a:9b:46:a4:20:ad:49:3a:ec:e8:
eb:a7:1a:62:32:65:13:c5:d4:83:69:a2:84:03:21:
fa:1d:39:01:44:e1:fc:60:ce:7f:91:56:94:8b:b4:
ca:7b:be:4d:f8:a7:d8:ce:68:28:d1:ad:67:a0:91:
66:fc:99:5f:e0:57:fa:c1:9e:25:e6:59:75:8f:98:
43:08:3f:b2:6e:00:f0:26:3c:f5:37:75:b4:cf:1c:
6a:7d:7f:93:c1:f9:65:bb:23:45:89:31:08:de:ce:
af:37:e8:8a:08:9d:30:26:5b:3b:82:de:e6:72:e9:
2a:9b:ab:44:41:c7:37:f7:07:8e:b0:0c:52:8f:06:
54:79:5a:94:f7:f4:43:c9:1f:77:fb:49:ba:05:0b:
9d:f2:2b:12:c2:e1:21:67:a5:33:21:ad:12:a0:b5:
13:a5:a0:9f:d9:e1:68:57:79:b6:48:11:51:e2:40:
b5:ad:17:99:40:22:3c:99:50:e3:fb:e5:d4:5b:7f:
fe:5b:3d:d3:94:86:f0:e9:f5:a1:50:6a:3e:03:c7:
61:d6:25:f5:61:98:31:27:2a:f1:e6:f1:1f:56:7a:
35:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:7D:9D:46:40:39:79:69:0C:98:E1:9F:A4:39:A4:AA:56:4E:07:E9
X509v3 Authority Key Identifier:
keyid:99:84:B9:EB:12:22:37:11:1C:1F:8C:A5:77:07:EC:73:07:29:1E:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mYS56xIiNxEcH4yldwfscwcpHug.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/b9c1d7-2aed-4696-80a7-d5abf5031d21/1/hn2dRkA5eWkMmOGfpDmkqlZOB-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/b9c1d7-2aed-4696-80a7-d5abf5031d21/1/mYS56xIiNxEcH4yldwfscwcpHug.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.180.0/24
188.239.188.0-188.239.190.255
193.36.120.0/22
212.111.224.0/19
IPv6:
2a01:7700::/32
Signature Algorithm: sha256WithRSAEncryption
c3:47:d6:c3:e3:9d:6c:2d:d1:95:d7:94:e9:d2:27:0a:78:0d:
84:ea:7f:8f:e6:3c:85:ba:3d:a9:a4:33:0a:76:d9:3c:21:25:
cc:93:0a:56:93:4d:ec:5e:0b:c5:95:c5:93:6e:b2:35:83:98:
e5:da:8f:a9:08:4a:1e:90:a1:be:83:15:5b:bc:f1:bb:63:3a:
ba:43:dc:42:f2:df:e9:7e:4d:6c:c3:de:df:55:62:21:64:04:
c2:09:6b:4c:11:90:6a:09:7a:b2:83:74:8e:1a:1d:dd:ec:d4:
d1:a1:8f:f9:4d:9e:8c:65:45:48:80:f1:74:4a:aa:9f:e1:8d:
68:1c:da:8c:18:a1:27:cc:4f:ea:f9:36:f3:6d:5b:c5:a9:21:
73:55:de:f3:86:3c:f4:ef:84:4a:fc:1c:0f:87:ec:56:17:99:
90:29:e7:5a:22:98:c6:0b:85:e4:ba:04:d1:67:e7:db:d8:b4:
b9:c1:6d:64:a4:61:ee:d7:15:24:c1:8e:08:94:ae:d0:7e:eb:
86:5b:61:94:3f:cf:0e:e4:32:cb:f5:ff:70:4b:fb:88:23:80:
b8:30:f2:80:e2:be:d9:b7:53:93:03:f7:12:8e:eb:6f:6c:8e:
5a:10:38:0b:15:7e:d3:9c:0f:ad:77:28:ad:bb:c0:13:3d:a8:
d8:29:bc:ce
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEORES1jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
OTg0YjllYjEyMjIzNzExMWMxZjhjYTU3NzA3ZWM3MzA3MjkxZWU4MB4XDTIyMDUx
MjEyNTQwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODY3ZDlkNDY0MDM5
Nzk2OTBjOThlMTlmYTQzOWE0YWE1NjRlMDdlOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMSk9qkLbmjXoNpeVs8pjO8wGWVmBh2ntBVu0bQHNv8FVX8a
m0akIK1JOuzo66caYjJlE8XUg2mihAMh+h05AUTh/GDOf5FWlIu0ynu+Tfin2M5o
KNGtZ6CRZvyZX+BX+sGeJeZZdY+YQwg/sm4A8CY89Td1tM8can1/k8H5ZbsjRYkx
CN7OrzfoigidMCZbO4Le5nLpKpurREHHN/cHjrAMUo8GVHlalPf0Q8kfd/tJugUL
nfIrEsLhIWelMyGtEqC1E6Wgn9nhaFd5tkgRUeJAta0XmUAiPJlQ4/vl1Ft//ls9
05SG8On1oVBqPgPHYdYl9WGYMScq8ebxH1Z6NXMCAwEAAaOCAjIwggIuMB0GA1Ud
DgQWBBSGfZ1GQDl5aQyY4Z+kOaSqVk4H6TAfBgNVHSMEGDAWgBSZhLnrEiI3ERwf
jKV3B+xzByke6DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21ZUzU2eElpTnhFY0g0eWxkd2ZzY3djcEh1Zy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWQvYjljMWQ3LTJhZWQtNDY5Ni04MGE3LWQ1YWJmNTAzMWQyMS8x
L2huMmRSa0E1ZVdrTW1PR2ZwRG1rcWxaT0Itay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQv
YjljMWQ3LTJhZWQtNDY5Ni04MGE3LWQ1YWJmNTAzMWQyMS8xL21ZUzU2eElpTnhF
Y0g0eWxkd2ZzY3djcEh1Zy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBI
BggrBgEFBQcBBwEB/wQ5MDcwJgQCAAEwIAMEAB8qtDAMAwQCvO+8AwQAvO++AwQC
wSR4AwQF1G/gMA0EAgACMAcDBQAqAXcAMA0GCSqGSIb3DQEBCwUAA4IBAQDDR9bD
451sLdGV15Tp0icKeA2E6n+P5jyFuj2ppDMKdtk8ISXMkwpWk03sXgvFlcWTbrI1
g5jl2o+pCEoekKG+gxVbvPG7Yzq6Q9xC8t/pfk1sw97fVWIhZATCCWtMEZBqCXqy
g3SOGh3d7NTRoY/5TZ6MZUVIgPF0Sqqf4Y1oHNqMGKEnzE/q+TbzbVvFqSFzVd7z
hjz074RK/BwPh+xWF5mQKedaIpjGC4XkugTRZ+fb2LS5wW1kpGHu1xUkwY4IlK7Q
fuuGW2GUP88O5DLL9f9wS/uII4C4MPKA4r7Zt1OTA/cSjutvbI5aEDgLFX7TnA+t
dyitu8ATPajYKbzO
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:13:45 2025 by rpki-client