Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/HRvDcS5DjqBZAvar88ictYp5CEo.roa
File: HRvDcS5DjqBZAvar88ictYp5CEo.roa (raw, json)
Hash identifier: 6unjnXZFtzaHZPwhWN/SIqx9SpFplEJr38bqavJkEJo=
Subject key identifier: 1D:1B:C3:71:2E:43:8E:A0:59:02:F6:AB:F3:C8:9C:B5:8A:79:08:4A
Certificate issuer: /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial: 018704B762F8D0B53B0C400B6B3CCEFB5D29
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/HRvDcS5DjqBZAvar88ictYp5CEo.roa
Signing time: Tue 21 Mar 2023 15:08:59 +0000
ROA not before: Tue 21 Mar 2023 15:08:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58024
IP address blocks: 77.105.145.0/24 maxlen: 24
84.54.46.0/24 maxlen: 24
84.54.45.0/24 maxlen: 24
77.105.165.0/24 maxlen: 24
77.105.166.0/23 maxlen: 23
176.113.112.0/24 maxlen: 24
176.113.112.0/23 maxlen: 23
176.113.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:04:b7:62:f8:d0:b5:3b:0c:40:0b:6b:3c:ce:fb:5d:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
Validity
Not Before: Mar 21 15:08:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1d1bc3712e438ea05902f6abf3c89cb58a79084a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:92:e4:16:aa:a0:ba:bc:1c:b5:7e:78:40:0f:
d2:70:85:9d:93:5e:77:7f:a3:25:19:9f:58:83:d1:
77:31:54:a6:59:99:3a:0d:c9:ee:9f:e1:99:d1:28:
bc:e3:0b:23:39:ba:b6:be:78:c9:2e:3e:50:56:99:
7d:2d:62:bd:65:bf:b1:49:08:c2:bc:1d:5f:1a:53:
86:76:cf:9e:4d:ef:67:79:20:a5:59:63:32:7a:51:
39:89:72:27:25:23:fe:57:2f:d0:74:f8:fc:54:86:
7c:54:70:d6:8b:04:0a:d5:b3:b6:85:9c:da:fe:c7:
8b:c0:de:fc:62:b5:72:ff:1d:ed:e9:07:ac:f7:f3:
79:26:48:23:84:c6:7b:1f:d6:da:7a:18:21:26:f2:
b5:21:16:46:ea:96:54:bb:89:c1:93:50:77:2c:d0:
03:09:1d:ae:98:34:bf:bc:6a:21:47:4e:d2:99:23:
47:9f:90:7d:d4:1d:e6:28:43:2c:34:6b:f1:8f:bb:
ed:5a:aa:4e:64:4d:be:90:1c:16:4e:10:39:fe:01:
63:66:2a:a9:36:92:88:4d:9b:1e:51:da:7e:f8:fd:
09:57:44:c9:72:8f:df:e8:43:f9:75:e1:cc:3a:b5:
65:72:ba:5b:95:83:3c:5b:34:a8:b9:cd:63:f1:26:
51:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:1B:C3:71:2E:43:8E:A0:59:02:F6:AB:F3:C8:9C:B5:8A:79:08:4A
X509v3 Authority Key Identifier:
keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/HRvDcS5DjqBZAvar88ictYp5CEo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.105.145.0/24
77.105.165.0-77.105.167.255
84.54.45.0-84.54.46.255
176.113.112.0/23
Signature Algorithm: sha256WithRSAEncryption
59:b1:51:b4:22:1d:de:e1:6c:2d:76:1e:09:80:b2:71:78:38:
58:bf:c5:98:31:95:d9:67:eb:69:f5:6a:40:78:a4:2e:64:e0:
90:89:3f:1a:f1:cc:d6:72:3c:cc:9c:3e:98:19:8d:94:97:2a:
10:c6:cc:6e:19:94:f3:96:fa:c2:5d:a1:42:d2:dc:c1:57:2f:
db:15:77:26:26:6b:e7:13:0f:41:35:07:a6:45:78:5c:d4:a9:
e9:e1:0f:82:4f:ed:02:4a:97:ce:e2:2c:c2:ed:34:62:b2:15:
cd:06:b2:f6:08:dd:d0:43:04:82:69:17:bf:66:80:00:b6:92:
d0:b9:52:4d:2d:d3:6b:ab:a3:3f:91:4d:6e:d8:9b:05:cb:bf:
a5:aa:b2:0b:0f:2b:ed:63:02:a4:98:b7:2e:d9:c9:0f:5e:01:
cb:4e:84:67:4b:93:16:d2:f1:e4:7c:50:7f:2a:23:3f:93:19:
aa:74:0b:d7:87:72:f4:4f:4f:fe:9a:5a:bc:b4:2f:ba:e5:93:
62:d4:1d:a7:63:a5:5e:61:cc:38:2f:c8:f5:c3:68:3e:3f:96:
bd:ea:1c:f6:75:5e:a6:4e:5c:85:4d:95:b3:61:9b:ce:b7:96:
ea:d0:e8:2a:79:4b:23:6f:d1:4b:77:d2:44:20:20:1f:f1:57:
b0:42:df:c7
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYcEt2L40LU7DEALazzO+10pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMw
MGM5YTQwHhcNMjMwMzIxMTUwODU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDFiYzM3MTJlNDM4ZWEwNTkwMmY2YWJmM2M4OWNiNThhNzkwODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpLkFqqgurwctX54QA/ScIWdk153
f6MlGZ9Yg9F3MVSmWZk6Dcnun+GZ0Si84wsjObq2vnjJLj5QVpl9LWK9Zb+xSQjC
vB1fGlOGds+eTe9neSClWWMyelE5iXInJSP+Vy/QdPj8VIZ8VHDWiwQK1bO2hZza
/seLwN78YrVy/x3t6Qes9/N5JkgjhMZ7H9baehghJvK1IRZG6pZUu4nBk1B3LNAD
CR2umDS/vGohR07SmSNHn5B91B3mKEMsNGvxj7vtWqpOZE2+kBwWThA5/gFjZiqp
NpKITZseUdp++P0JV0TJco/f6EP5deHMOrVlcrpblYM8WzSouc1j8SZR8wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFB0bw3EuQ46gWQL2q/PInLWKeQhKMB8GA1UdIwQY
MBaAFNpwxEH7iSuMmBZTSIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMt
MTVmYzBiNjhmODQ0LzEvSFJ2RGNTNURqcUJaQXZhcjg4aWN0WXA1Q0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0
LzEvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQATWmRMAwD
BABNaaUDBANNaaAwDAMEAFQ2LQMEAFQ2LgMEAbBxcDANBgkqhkiG9w0BAQsFAAOC
AQEAWbFRtCId3uFsLXYeCYCycXg4WL/FmDGV2WfrafVqQHikLmTgkIk/GvHM1nI8
zJw+mBmNlJcqEMbMbhmU85b6wl2hQtLcwVcv2xV3JiZr5xMPQTUHpkV4XNSp6eEP
gk/tAkqXzuIswu00YrIVzQay9gjd0EMEgmkXv2aAALaS0LlSTS3Ta6ujP5FNbtib
Bcu/paqyCw8r7WMCpJi3LtnJD14By06EZ0uTFtLx5HxQfyojP5MZqnQL14dy9E9P
/ppavLQvuuWTYtQdp2OlXmHMOC/I9cNoPj+Wveoc9nVepk5chU2Vs2GbzreW6tDo
KnlLI2/RS3fSRCAgH/FXsELfxw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:21 2024 by rpki-client on console-ams.rpki-client.org