Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/hmJxZHiUus5UH1N1_BR5TYNgMFA.roa
File: hmJxZHiUus5UH1N1_BR5TYNgMFA.roa (raw, json)
Hash identifier: txv6MVzxkOzbluXNKxiL85c0EDn5Y2Qx02hTM7cxsE0=
Subject key identifier: 86:62:71:64:78:94:BA:CE:54:1F:53:75:FC:14:79:4D:83:60:30:50
Certificate issuer: /CN=da70c441fb892b8c9816534885069fcd3300c9a4
Certificate serial: 01869218F6F7E6A170ACDB01F9124678E89B
Authority key identifier: DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/hmJxZHiUus5UH1N1_BR5TYNgMFA.roa
Signing time: Mon 27 Feb 2023 08:59:15 +0000
ROA not before: Mon 27 Feb 2023 08:59:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58024
IP address blocks: 84.54.44.0/22 maxlen: 22
84.54.44.0/24 maxlen: 24
84.54.47.0/24 maxlen: 24
84.54.46.0/24 maxlen: 24
84.54.45.0/24 maxlen: 24
194.31.132.0/22 maxlen: 22
77.105.165.0/24 maxlen: 24
77.105.166.0/23 maxlen: 23
176.113.112.0/24 maxlen: 24
176.113.112.0/23 maxlen: 23
176.113.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:92:18:f6:f7:e6:a1:70:ac:db:01:f9:12:46:78:e8:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da70c441fb892b8c9816534885069fcd3300c9a4
Validity
Not Before: Feb 27 08:59:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=866271647894bace541f5375fc14794d83603050
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:9e:33:c4:b3:f0:cd:29:08:4d:8e:58:59:96:
da:eb:5f:0b:7b:25:f8:40:d7:c2:b8:cb:cb:9c:c4:
d0:82:f6:a9:1b:a9:ea:81:f8:34:f7:11:2d:9e:a5:
af:a0:60:17:b2:3b:24:24:ef:16:7c:c6:1d:50:86:
6a:2e:60:9e:b6:0d:5c:dd:6a:ae:44:a0:af:1d:97:
78:6a:23:6f:d4:bc:41:0d:d8:0b:70:c1:62:cc:5b:
1f:53:f4:fd:81:78:2a:16:56:4a:d4:fa:68:58:5c:
bb:7e:fd:0a:14:9b:13:dc:8b:f1:f3:64:a2:76:ab:
84:9e:89:14:4e:51:ad:7e:87:f3:67:d8:c5:5c:a7:
2d:98:60:b8:0f:fa:a2:08:0c:ed:a0:da:37:a3:b1:
91:b2:30:f1:30:a4:d7:23:51:2f:da:e2:80:03:2d:
43:54:ce:e0:27:1f:04:90:5d:76:fe:af:b5:55:d5:
24:ae:fe:b4:21:0b:9d:96:88:2e:21:83:ec:8b:ed:
82:39:97:9f:4e:c1:da:ff:fe:94:62:31:75:cb:d1:
3c:c9:a5:3f:d3:81:f9:5c:55:42:bb:be:f8:da:bf:
5a:51:28:ae:00:86:31:b9:4f:51:8f:94:64:00:45:
e8:3d:26:1e:f8:aa:73:db:83:aa:7b:c9:bd:f5:e9:
cc:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:62:71:64:78:94:BA:CE:54:1F:53:75:FC:14:79:4D:83:60:30:50
X509v3 Authority Key Identifier:
keyid:DA:70:C4:41:FB:89:2B:8C:98:16:53:48:85:06:9F:CD:33:00:C9:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nDEQfuJK4yYFlNIhQafzTMAyaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/hmJxZHiUus5UH1N1_BR5TYNgMFA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e53de5-1b5f-4467-a68c-15fc0b68f844/1/2nDEQfuJK4yYFlNIhQafzTMAyaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.105.165.0-77.105.167.255
84.54.44.0/22
176.113.112.0/23
194.31.132.0/22
Signature Algorithm: sha256WithRSAEncryption
47:2f:b2:44:10:6d:18:26:36:e1:33:45:58:a5:a9:e8:cc:91:
03:de:a8:7b:cc:bf:a4:06:83:14:db:8b:c6:7c:f9:c2:28:dc:
e3:6d:5f:bb:9d:99:20:ed:42:25:b7:77:6c:43:7b:6f:e6:76:
90:5f:53:4d:c1:8e:42:32:20:77:ac:f0:12:50:32:42:d8:71:
4a:50:5b:e7:ba:be:3e:5f:80:80:76:ce:22:f7:4f:90:a7:1a:
29:92:36:26:25:d0:c4:15:3e:41:70:a4:43:54:27:6e:10:7e:
63:b8:78:98:9b:bc:a3:f6:c1:b2:cb:82:19:4e:0f:ee:09:f8:
d7:a8:8a:14:be:64:a8:04:8b:54:79:3e:92:17:6e:0f:95:53:
2a:2b:91:cd:62:db:45:b3:72:9e:5d:aa:ad:74:57:e9:78:e5:
c5:a5:45:cd:ae:18:56:b3:6f:0c:61:6e:90:16:c2:49:b9:0a:
91:99:89:4f:7c:5e:b5:b8:fe:d1:75:92:69:9c:f9:e8:4f:ef:
1b:e1:2f:93:c9:e9:2e:f4:c5:bb:fc:a7:93:8e:e2:21:44:2d:
0f:ee:05:80:0d:32:da:04:c3:7f:34:27:4b:79:08:5d:cc:f1:
5c:23:cd:a1:b5:05:52:db:1c:84:a5:05:bf:72:0e:cf:e8:22:
87:8a:ba:2d
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYaSGPb35qFwrNsB+RJGeOibMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzBjNDQxZmI4OTJiOGM5ODE2NTM0ODg1MDY5ZmNkMzMw
MGM5YTQwHhcNMjMwMjI3MDg1OTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjYyNzE2NDc4OTRiYWNlNTQxZjUzNzVmYzE0Nzk0ZDgzNjAzMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmp4zxLPwzSkITY5YWZba618LeyX4
QNfCuMvLnMTQgvapG6nqgfg09xEtnqWvoGAXsjskJO8WfMYdUIZqLmCetg1c3Wqu
RKCvHZd4aiNv1LxBDdgLcMFizFsfU/T9gXgqFlZK1PpoWFy7fv0KFJsT3Ivx82Si
dquEnokUTlGtfofzZ9jFXKctmGC4D/qiCAztoNo3o7GRsjDxMKTXI1Ev2uKAAy1D
VM7gJx8EkF12/q+1VdUkrv60IQudloguIYPsi+2COZefTsHa//6UYjF1y9E8yaU/
04H5XFVCu7742r9aUSiuAIYxuU9Rj5RkAEXoPSYe+Kpz24Oqe8m99enMMwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIZicWR4lLrOVB9TdfwUeU2DYDBQMB8GA1UdIwQY
MBaAFNpwxEH7iSuMmBZTSIUGn80zAMmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMt
MTVmYzBiNjhmODQ0LzEvaG1KeFpIaVV1czVVSDFOMV9CUjVUWU5nTUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNTNkZTUtMWI1Zi00NDY3LWE2OGMtMTVmYzBiNjhmODQ0
LzEvMm5ERVFmdUpLNHlZRmxOSWhRYWZ6VE1BeWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBABNaaUD
BANNaaADBAJUNiwDBAGwcXADBALCH4QwDQYJKoZIhvcNAQELBQADggEBAEcvskQQ
bRgmNuEzRVilqejMkQPeqHvMv6QGgxTbi8Z8+cIo3ONtX7udmSDtQiW3d2xDe2/m
dpBfU03BjkIyIHes8BJQMkLYcUpQW+e6vj5fgIB2ziL3T5CnGimSNiYl0MQVPkFw
pENUJ24QfmO4eJibvKP2wbLLghlOD+4J+NeoihS+ZKgEi1R5PpIXbg+VUyorkc1i
20Wzcp5dqq10V+l45cWlRc2uGFazbwxhbpAWwkm5CpGZiU98XrW4/tF1kmmc+ehP
7xvhL5PJ6S70xbv8p5OO4iFELQ/uBYANMtoEw380J0t5CF3M8VwjzaG1BVLbHISl
Bb9yDs/oIoeKui0=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:00 2023 by rpki-client on console-fra.rpki-client.org