Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/hbmuhJvU-RXnKZ6llScw73_G-Ao.roa
File: hbmuhJvU-RXnKZ6llScw73_G-Ao.roa (raw, json)
Hash identifier: Fj3bPmpr/ju8yn6Mji9nKa1a0bzDvBxiSAgMS/LwACw=
Subject key identifier: 85:B9:AE:84:9B:D4:F9:15:E7:29:9E:A5:95:27:30:EF:7F:C6:F8:0A
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0183D5B4C2E19BBA604F7355071A105C39EB
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/hbmuhJvU-RXnKZ6llScw73_G-Ao.roa
Signing time: Fri 14 Oct 2022 08:55:36 +0000
ROA not before: Fri 14 Oct 2022 08:55:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 185.65.68.0/24 maxlen: 24
194.15.152.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:d5:b4:c2:e1:9b:ba:60:4f:73:55:07:1a:10:5c:39:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Oct 14 08:55:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=85b9ae849bd4f915e7299ea5952730ef7fc6f80a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:38:af:54:ee:30:20:fd:d1:ba:d1:04:ce:88:
00:1e:32:56:08:3e:97:25:d0:0d:69:cd:a3:4d:a3:
c8:30:b0:cb:52:1e:07:7e:28:4c:fc:5f:2e:ab:88:
ee:97:3a:12:31:eb:f6:8f:7a:63:32:ff:c5:67:6e:
36:1e:7a:6c:a8:ba:fe:a6:f4:c9:66:3b:b2:c0:87:
c5:11:3c:00:84:2f:40:68:0e:5a:dd:0c:77:85:95:
e5:d2:d1:a1:16:a7:6e:5b:66:0c:ba:17:8b:eb:c0:
02:77:5a:6e:4f:d3:c8:f9:da:1e:55:27:54:f8:bc:
26:59:b5:e1:04:fd:9c:a7:7f:63:2e:da:6f:aa:72:
0f:99:8b:87:1d:45:70:51:f6:04:05:1b:bb:95:b0:
55:98:09:d3:9a:ea:71:17:7d:9f:38:79:80:2e:f7:
07:e6:84:7d:40:4f:f9:62:b1:10:6b:98:2c:77:03:
f0:9d:d9:f2:d3:23:c5:6f:f0:74:53:06:fb:26:b3:
68:81:e5:8e:dc:51:da:2b:0b:d6:f2:06:a2:71:22:
2f:eb:c9:cb:f8:74:62:95:d9:1d:dc:21:69:65:48:
2a:b7:8c:da:3a:01:d2:36:1c:61:63:36:e8:a0:64:
9b:0b:a5:0d:7d:4b:55:1f:8a:e4:a6:c9:8d:a3:e7:
38:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:B9:AE:84:9B:D4:F9:15:E7:29:9E:A5:95:27:30:EF:7F:C6:F8:0A
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/hbmuhJvU-RXnKZ6llScw73_G-Ao.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.65.68.0/24
194.15.152.0/22
Signature Algorithm: sha256WithRSAEncryption
59:e7:a0:54:b8:11:78:5e:b2:73:b2:96:4f:f0:6f:5c:71:d5:
64:06:41:74:07:bd:ab:dc:a9:6b:7d:a5:ae:2c:e6:27:50:52:
b4:4a:7c:f0:3d:1c:b9:1e:4b:63:31:33:76:63:49:18:a5:a7:
36:c9:d2:69:b6:20:91:82:71:31:1c:69:40:d7:44:65:99:8d:
2a:23:69:43:24:a3:4d:21:2f:9e:5c:8b:e8:ae:98:b6:07:21:
f1:41:ee:85:16:52:1d:cd:bf:c4:3b:60:81:29:05:f8:a3:8d:
55:25:73:dc:1c:10:f1:4e:82:d6:6c:c6:16:fb:66:4e:58:06:
8a:41:94:5c:50:ab:2d:be:96:84:ed:ec:ec:9c:4b:5d:4d:b0:
36:ad:03:29:e9:19:2a:f6:88:6d:c0:0c:cb:32:0c:99:ec:3f:
ef:21:12:6a:8d:55:11:79:d2:16:a2:67:14:8d:4d:1b:36:7d:
44:6b:06:f6:19:d3:0a:e4:e7:d6:bd:a2:f9:c3:15:2f:48:02:
06:6d:f1:c5:a2:c3:b6:0b:0b:d5:a4:37:82:1d:55:03:56:20:
7b:b3:60:f2:74:54:9c:1d:76:c5:44:b2:43:24:f3:b5:ce:6e:
cb:9e:d6:14:3e:53:ef:bf:4f:10:72:dc:2c:28:e8:31:89:33:
9a:e6:c8:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYPVtMLhm7pgT3NVBxoQXDnrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjIxMDE0MDg1NTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI5YWU4NDliZDRmOTE1ZTcyOTllYTU5NTI3MzBlZjdmYzZmODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTivVO4wIP3RutEEzogAHjJWCD6X
JdANac2jTaPIMLDLUh4HfihM/F8uq4julzoSMev2j3pjMv/FZ242HnpsqLr+pvTJ
ZjuywIfFETwAhC9AaA5a3Qx3hZXl0tGhFqduW2YMuheL68ACd1puT9PI+doeVSdU
+LwmWbXhBP2cp39jLtpvqnIPmYuHHUVwUfYEBRu7lbBVmAnTmupxF32fOHmALvcH
5oR9QE/5YrEQa5gsdwPwndny0yPFb/B0Uwb7JrNogeWO3FHaKwvW8gaicSIv68nL
+HRildkd3CFpZUgqt4zaOgHSNhxhYzbooGSbC6UNfUtVH4rkpsmNo+c4TwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIW5roSb1PkV5ymepZUnMO9/xvgKMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvaGJtdWhKdlUtUlhuS1o2bGxTY3c3M19HLUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUFEAwQC
wg+YMA0GCSqGSIb3DQEBCwUAA4IBAQBZ56BUuBF4XrJzspZP8G9ccdVkBkF0B72r
3KlrfaWuLOYnUFK0SnzwPRy5HktjMTN2Y0kYpac2ydJptiCRgnExHGlA10RlmY0q
I2lDJKNNIS+eXIvorpi2ByHxQe6FFlIdzb/EO2CBKQX4o41VJXPcHBDxToLWbMYW
+2ZOWAaKQZRcUKstvpaE7ezsnEtdTbA2rQMp6Rkq9ohtwAzLMgyZ7D/vIRJqjVUR
edIWomcUjU0bNn1Eawb2GdMK5OfWvaL5wxUvSAIGbfHFosO2CwvVpDeCHVUDViB7
s2DydFScHXbFRLJDJPO1zm7LntYUPlPvv08QctwsKOgxiTOa5shK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:04 2024 by rpki-client on console-fra.rpki-client.org