Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/LHbGBP7EMn8ziidWklSAfbHgR-I.roa
File: LHbGBP7EMn8ziidWklSAfbHgR-I.roa (raw, json)
Hash identifier: cf6yPOD6FyDKqrYp3lSnZyyHLLy6/Jg1SBBWOio7RxY=
Subject key identifier: 2C:76:C6:04:FE:C4:32:7F:33:8A:27:56:92:54:80:7D:B1:E0:47:E2
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 018A2EB9225F2D00F4A0F9E3F2C3B85403BB
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/LHbGBP7EMn8ziidWklSAfbHgR-I.roa
Signing time: Fri 25 Aug 2023 22:03:19 +0000
ROA not before: Fri 25 Aug 2023 22:03:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 64249
IP address blocks: 198.151.96.0/20 maxlen: 20
198.151.112.0/20 maxlen: 20
155.193.80.0/22 maxlen: 22
155.193.8.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:2e:b9:22:5f:2d:00:f4:a0:f9:e3:f2:c3:b8:54:03:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Aug 25 22:03:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2c76c604fec4327f338a27569254807db1e047e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:b9:65:4a:58:55:cc:bd:f6:7e:6e:10:29:b9:
5f:80:eb:d3:b6:cd:dd:39:ce:e2:6f:17:a1:1d:bf:
01:9a:5e:61:86:c9:27:4b:ff:d7:a1:0a:77:11:aa:
0a:dd:fd:9f:96:15:b6:d3:03:a0:36:ed:c7:0c:02:
77:09:9d:e3:2c:a8:03:9e:9f:a9:85:8b:08:3c:72:
eb:f3:2a:a8:4d:67:a3:96:12:f6:8e:95:1f:82:36:
60:b7:e9:28:57:74:d9:76:6a:90:98:4c:0b:94:42:
01:c3:92:5a:2b:b8:68:0c:67:f6:2b:f3:83:96:a7:
bf:bc:d8:77:88:d3:28:f6:02:d0:a3:45:c1:c9:73:
bc:4e:7f:7c:69:99:6e:ab:87:e0:88:1e:d6:7f:79:
bf:3e:a8:38:07:8d:fb:36:38:91:7a:77:f9:00:b7:
a9:b0:00:e0:9d:82:c1:e0:1f:8d:6b:c9:14:55:76:
c1:a8:8f:8c:5c:2d:eb:e8:de:2d:36:29:eb:c9:81:
9b:5d:45:01:5c:8e:88:35:ad:0e:15:e6:2f:1e:03:
52:df:52:ea:f1:ab:b0:5e:16:97:67:dd:a4:4f:b8:
51:72:b2:67:6d:34:e6:2e:a8:b5:b4:50:65:f7:5a:
7d:1b:68:00:d5:d4:df:25:77:7c:bb:93:59:9c:f2:
00:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:76:C6:04:FE:C4:32:7F:33:8A:27:56:92:54:80:7D:B1:E0:47:E2
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/LHbGBP7EMn8ziidWklSAfbHgR-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
155.193.8.0/22
155.193.80.0/22
198.151.96.0/19
Signature Algorithm: sha256WithRSAEncryption
a1:14:2e:67:4e:b6:80:ae:06:ec:f2:b1:f7:ca:10:0f:85:ae:
7c:be:d1:47:ab:fe:0f:4d:15:84:f4:68:02:7e:95:5e:d9:37:
00:d2:4b:96:d3:b8:57:56:26:d7:be:c0:36:ec:5c:db:40:5d:
c4:18:55:7a:4f:34:12:32:cc:9e:aa:df:6b:0c:22:f4:aa:68:
8b:28:66:d5:87:f4:0e:0b:98:d4:91:90:28:c1:c8:e3:bd:84:
2f:94:7e:ec:28:ab:61:9c:3e:1a:44:3d:f2:85:e6:25:1d:ba:
ff:c3:e4:7c:d1:df:c9:67:f0:0d:d7:69:a8:1e:9b:ca:59:2a:
f5:fd:e8:55:fe:d6:3c:75:b2:4e:41:09:93:db:40:55:a8:df:
fc:c9:e6:0c:dc:ce:88:13:71:5c:10:d2:ca:7a:cf:a5:ee:4b:
6d:db:d4:e2:40:7d:64:2f:59:6d:db:1d:36:21:09:7a:bb:d6:
c7:4d:bc:e6:dc:d1:b0:1b:7b:94:ed:5e:3b:e5:52:0a:b8:c1:
38:d5:50:cf:91:54:eb:f5:27:f8:f0:ab:47:fa:69:db:4a:e5:
e1:3a:b6:3f:fb:55:93:8d:c6:4e:bd:db:5f:6e:ce:c3:f4:23:
3d:de:1f:b7:bf:9f:f7:bf:cd:1b:70:53:07:02:fb:f6:4b:86:
e3:dc:d9:d9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYouuSJfLQD0oPnj8sO4VAO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwODI1MjIwMzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzc2YzYwNGZlYzQzMjdmMzM4YTI3NTY5MjU0ODA3ZGIxZTA0N2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLllSlhVzL32fm4QKblfgOvTts3d
Oc7ibxehHb8Bml5hhsknS//XoQp3EaoK3f2flhW20wOgNu3HDAJ3CZ3jLKgDnp+p
hYsIPHLr8yqoTWejlhL2jpUfgjZgt+koV3TZdmqQmEwLlEIBw5JaK7hoDGf2K/OD
lqe/vNh3iNMo9gLQo0XByXO8Tn98aZluq4fgiB7Wf3m/Pqg4B437NjiRenf5ALep
sADgnYLB4B+Na8kUVXbBqI+MXC3r6N4tNinryYGbXUUBXI6INa0OFeYvHgNS31Lq
8auwXhaXZ92kT7hRcrJnbTTmLqi1tFBl91p9G2gA1dTfJXd8u5NZnPIA/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCx2xgT+xDJ/M4onVpJUgH2x4EfiMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvTEhiR0JQN0VNbjh6aWlkV2tsU0FmYkhnUi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCm8EIAwQC
m8FQAwQFxpdgMA0GCSqGSIb3DQEBCwUAA4IBAQChFC5nTraArgbs8rH3yhAPha58
vtFHq/4PTRWE9GgCfpVe2TcA0kuW07hXVibXvsA27FzbQF3EGFV6TzQSMsyeqt9r
DCL0qmiLKGbVh/QOC5jUkZAowcjjvYQvlH7sKKthnD4aRD3yheYlHbr/w+R80d/J
Z/AN12moHpvKWSr1/ehV/tY8dbJOQQmT20BVqN/8yeYM3M6IE3FcENLKes+l7ktt
29TiQH1kL1lt2x02IQl6u9bHTbzm3NGwG3uU7V475VIKuME41VDPkVTr9Sf48KtH
+mnbSuXhOrY/+1WTjcZOvdtfbs7D9CM93h+3v5/3v80bcFMHAvv2S4bj3NnZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:15 2024 by rpki-client on console-fra.rpki-client.org