Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BxNBXkRXd7WdoGQxH5ebCbFS_hs.roa
File: BxNBXkRXd7WdoGQxH5ebCbFS_hs.roa (raw, json)
Hash identifier: SaQFuVk+prZeNUt4udxj6RD094MMgc1W/TZgAb2xuC8=
Subject key identifier: 07:13:41:5E:44:57:77:B5:9D:A0:64:31:1F:97:9B:09:B1:52:FE:1B
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 15558FF2
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BxNBXkRXd7WdoGQxH5ebCbFS_hs.roa
Signing time: Wed 15 Jun 2022 03:04:45 +0000
ROA not before: Wed 15 Jun 2022 03:04:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 185.220.236.0/22 maxlen: 24
213.173.32.0/22 maxlen: 24
185.36.192.0/22 maxlen: 22
185.129.116.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 357928946 (0x15558ff2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jun 15 03:04:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0713415e445777b59da064311f979b09b152fe1b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:89:79:57:dc:4c:3b:c2:1e:bb:14:02:65:26:
39:8c:94:d1:7a:09:52:1f:3e:6f:90:01:e3:48:82:
20:c3:4b:79:6b:a0:6c:c0:40:62:c3:66:94:dd:c3:
74:e2:f0:e7:1c:02:50:c5:b7:5e:16:56:e3:8c:b4:
fc:09:85:26:fc:e6:f7:f3:e7:ef:82:54:21:50:23:
a0:56:b5:ba:de:2b:bc:dc:f5:5b:cf:d8:16:da:ed:
6c:d1:5a:30:41:f5:c7:ec:e8:4f:cb:a3:9a:2e:69:
8e:09:ed:00:7a:48:cf:01:dd:1c:e0:f6:ea:c9:9d:
34:45:f6:6a:6a:55:06:91:51:a3:e9:88:11:c5:ee:
20:66:ae:50:35:26:51:b6:37:44:e5:43:b6:6c:87:
b4:9b:a9:13:f4:e1:59:9d:81:33:1a:1c:03:75:b9:
1e:76:96:58:c7:0d:90:a7:34:65:e3:aa:08:a1:c6:
00:55:e6:9e:07:93:eb:ab:37:a6:1f:db:09:71:2f:
d8:de:02:a2:e2:a1:5e:d0:07:81:cf:c9:22:ff:91:
a1:1a:e7:59:65:e9:17:2f:b7:68:24:27:f5:56:68:
f8:7f:4e:a5:fd:a9:b2:64:0e:6c:82:ca:fd:6f:db:
0b:b3:09:b1:fe:c9:c0:16:89:78:8e:0e:06:9e:c7:
3f:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:13:41:5E:44:57:77:B5:9D:A0:64:31:1F:97:9B:09:B1:52:FE:1B
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BxNBXkRXd7WdoGQxH5ebCbFS_hs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.36.192.0/22
185.129.116.0/22
185.220.236.0/22
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
20:5a:7c:a0:4e:1e:58:02:87:93:ef:21:c2:d2:58:92:45:be:
ba:02:c4:ca:e0:c2:0d:69:6f:56:d3:77:c3:10:41:ad:91:9a:
2e:b4:61:fa:f4:55:ec:ad:a3:9f:94:d0:1e:45:4b:0f:24:8a:
18:49:d5:0c:3e:7a:c7:12:22:fe:b4:bf:d5:3f:08:6c:5b:39:
a8:71:18:6a:62:a0:78:a4:15:4a:0b:e9:a2:76:06:d1:5b:d9:
3e:da:d4:89:40:4c:72:bd:40:19:15:62:23:8c:f4:36:a4:e2:
9b:12:bc:ad:39:c8:d7:27:37:b1:5e:38:bd:1f:81:85:db:94:
36:a2:48:81:8f:06:9f:f6:2a:02:f1:21:0a:97:78:8e:3f:6f:
99:75:49:0b:d4:0b:1e:4d:17:81:ed:7d:1f:e9:e1:b0:11:e8:
96:ee:70:6d:c4:8e:6a:95:cd:90:32:0d:34:31:07:47:e8:6d:
f1:a7:1c:52:07:75:3a:fc:a0:7d:11:fa:fc:e6:70:03:60:70:
cd:22:83:d9:48:8c:f7:4f:f5:54:c7:01:50:a0:7f:f1:4d:5f:
01:4f:12:5c:8b:97:d0:47:e3:fa:12:7d:30:70:e6:fc:da:55:
11:38:4f:6a:40:b0:9c:3c:b5:1e:e7:59:56:6f:05:97:d0:c6:
ae:f3:7b:89
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEFVWP8jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDYx
NTAzMDQ0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDcxMzQxNWU0NDU3
NzdiNTlkYTA2NDMxMWY5NzliMDliMTUyZmUxYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJqJeVfcTDvCHrsUAmUmOYyU0XoJUh8+b5AB40iCIMNLeWug
bMBAYsNmlN3DdOLw5xwCUMW3XhZW44y0/AmFJvzm9/Pn74JUIVAjoFa1ut4rvNz1
W8/YFtrtbNFaMEH1x+zoT8ujmi5pjgntAHpIzwHdHOD26smdNEX2ampVBpFRo+mI
EcXuIGauUDUmUbY3ROVDtmyHtJupE/ThWZ2BMxocA3W5HnaWWMcNkKc0ZeOqCKHG
AFXmngeT66s3ph/bCXEv2N4CouKhXtAHgc/JIv+RoRrnWWXpFy+3aCQn9VZo+H9O
pf2psmQObILK/W/bC7MJsf7JwBaJeI4OBp7HP0UCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBQHE0FeRFd3tZ2gZDEfl5sJsVL+GzAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
L0J4TkJYa1JYZDdXZG9HUXhINWViQ2JGU19ocy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEArkkwAMEArmBdAMEArnc7AMEAtWt
IDANBgkqhkiG9w0BAQsFAAOCAQEAIFp8oE4eWAKHk+8hwtJYkkW+ugLEyuDCDWlv
VtN3wxBBrZGaLrRh+vRV7K2jn5TQHkVLDySKGEnVDD56xxIi/rS/1T8IbFs5qHEY
amKgeKQVSgvponYG0VvZPtrUiUBMcr1AGRViI4z0NqTimxK8rTnI1yc3sV44vR+B
hduUNqJIgY8Gn/YqAvEhCpd4jj9vmXVJC9QLHk0Xge19H+nhsBHolu5wbcSOapXN
kDINNDEHR+ht8accUgd1OvygfRH6/OZwA2BwzSKD2UiM90/1VMcBUKB/8U1fAU8S
XIuX0Efj+hJ9MHDm/NpVEThPakCwnDy1HudZVm8Fl9DGrvN7iQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:42 2023 by rpki-client on console-fra.rpki-client.org