Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/HAcxT1q-f6du7iosxzUH9MkfEXM.roa
File: HAcxT1q-f6du7iosxzUH9MkfEXM.roa (raw, json)
Hash identifier: jqj672vRbBt//g0GAMHXAxHkxAt6hQUTj45IMf0MZf4=
Subject key identifier: 1C:07:31:4F:5A:BE:7F:A7:6E:EE:2A:2C:C7:35:07:F4:C9:1F:11:73
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 018D1661073589C68E6CE0CC53F3E0DFD445
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/HAcxT1q-f6du7iosxzUH9MkfEXM.roa
Signing time: Wed 17 Jan 2024 07:44:34 +0000
ROA not before: Wed 17 Jan 2024 07:44:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197248
IP address blocks: 62.112.192.0/21 maxlen: 21
62.112.208.0/20 maxlen: 20
62.112.208.0/21 maxlen: 21
77.111.88.0/21 maxlen: 24
77.111.96.0/20 maxlen: 24
93.88.192.0/21 maxlen: 21
93.88.194.0/24 maxlen: 24
109.61.0.0/22 maxlen: 22
109.61.8.0/21 maxlen: 21
109.61.20.0/22 maxlen: 22
109.61.22.0/24 maxlen: 24
109.61.24.0/21 maxlen: 21
109.61.32.0/19 maxlen: 19
109.61.48.0/20 maxlen: 20
109.61.64.0/20 maxlen: 20
109.61.96.0/21 maxlen: 21
109.61.112.0/20 maxlen: 20
109.61.112.0/21 maxlen: 21
2a01:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:16:61:07:35:89:c6:8e:6c:e0:cc:53:f3:e0:df:d4:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: Jan 17 07:44:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1c07314f5abe7fa76eee2a2cc73507f4c91f1173
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:3b:0c:09:7f:f8:db:01:bd:78:0b:74:0a:aa:
eb:38:41:81:24:83:a4:b5:bd:bf:c4:0c:d7:20:d4:
fc:a2:0d:99:87:2a:4c:17:81:fc:82:81:30:16:b0:
56:c1:84:7e:05:fe:9f:2e:51:e8:5f:7b:cc:4b:5a:
36:f1:67:a5:14:2b:59:88:fe:40:2f:02:13:e7:4b:
78:f4:6c:08:63:b0:d5:f1:7a:c4:2d:03:86:60:10:
28:f0:87:c4:ed:b3:79:10:6f:10:f2:23:73:32:46:
58:2c:77:f6:83:02:37:3b:eb:e5:90:46:83:7e:93:
4a:11:0e:63:18:c8:50:52:e5:98:d7:ed:b0:b3:47:
cc:8c:d0:0a:d2:ba:de:dd:1f:4d:ad:97:42:58:c3:
39:0d:01:e8:7d:c1:4b:35:2c:74:6d:33:cd:fd:df:
86:da:77:77:95:7b:17:51:21:8f:24:47:c4:28:3a:
78:cd:ed:e0:96:c3:19:f7:95:9f:ee:f2:af:f6:d0:
ae:74:3f:82:6d:cd:98:02:37:0d:48:81:06:8f:ea:
fc:25:9b:52:bf:ed:d9:77:df:8d:bc:dc:3d:06:15:
1b:21:59:c4:c2:57:55:25:c0:a0:41:1f:3d:13:e5:
b8:5e:b4:28:15:71:0a:00:f7:72:d5:43:ee:52:8b:
20:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:07:31:4F:5A:BE:7F:A7:6E:EE:2A:2C:C7:35:07:F4:C9:1F:11:73
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/HAcxT1q-f6du7iosxzUH9MkfEXM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/21
62.112.208.0/20
77.111.88.0-77.111.111.255
93.88.192.0/21
109.61.0.0/22
109.61.8.0/21
109.61.20.0-109.61.79.255
109.61.96.0/21
109.61.112.0/20
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
3e:fa:64:7b:45:4d:6f:25:f0:c1:5f:0f:98:7f:3f:fd:32:74:
e2:a7:7c:82:bb:ef:a0:a1:55:76:88:4f:f6:09:16:79:4f:ad:
22:54:e2:1b:2a:86:9e:28:f6:28:28:03:cc:1f:0b:14:82:dc:
3a:62:8d:be:83:77:1a:0b:1b:e9:74:1c:a6:ab:1c:66:6f:be:
10:b3:0b:82:0c:29:ec:69:7b:1b:2a:25:67:41:a0:71:b2:dc:
8f:05:85:01:98:02:c0:9a:6a:22:92:cb:54:0e:70:73:f7:c9:
0f:f4:6b:ad:83:c1:65:61:9c:a7:9e:df:84:66:bc:f6:55:2b:
1b:6b:91:0c:1a:67:80:48:63:8d:42:42:98:b3:44:6e:22:5f:
be:f8:f4:95:d7:08:16:0e:f6:f6:30:ab:2d:16:e2:6a:63:33:
32:f8:1d:fe:cf:0e:7e:78:0e:19:d1:9c:b1:f5:08:ea:62:14:
6f:6c:e8:39:0d:5e:3d:a7:09:35:de:32:35:29:5b:52:13:f3:
11:46:69:2e:fc:f9:68:4b:7c:11:44:58:1b:e3:f5:90:85:e9:
91:ff:60:e6:51:d0:4e:f7:1c:49:c7:48:eb:88:90:cf:25:85:
a2:76:27:1f:3e:72:e9:85:33:16:fc:3f:a5:87:a1:3d:5c:d3:
cf:9e:90:97
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAY0WYQc1icaObODMU/Pg39RFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjQwMTE3MDc0NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzA3MzE0ZjVhYmU3ZmE3NmVlZTJhMmNjNzM1MDdmNGM5MWYxMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzsMCX/42wG9eAt0CqrrOEGBJIOk
tb2/xAzXINT8og2ZhypMF4H8goEwFrBWwYR+Bf6fLlHoX3vMS1o28WelFCtZiP5A
LwIT50t49GwIY7DV8XrELQOGYBAo8IfE7bN5EG8Q8iNzMkZYLHf2gwI3O+vlkEaD
fpNKEQ5jGMhQUuWY1+2ws0fMjNAK0rre3R9NrZdCWMM5DQHofcFLNSx0bTPN/d+G
2nd3lXsXUSGPJEfEKDp4ze3glsMZ95Wf7vKv9tCudD+Cbc2YAjcNSIEGj+r8JZtS
v+3Zd9+NvNw9BhUbIVnEwldVJcCgQR89E+W4XrQoFXEKAPdy1UPuUosgNwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFBwHMU9avn+nbu4qLMc1B/TJHxFzMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvSEFjeFQxcS1mNmR1N2lvc3h6VUg5TWtmRVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQDPnDAAwQE
PnDQMAwDBANNb1gDBARNb2ADBANdWMADBAJtPQADBANtPQgwDAMEAm09FAMEBG09
QAMEA209YAMEBG09cDANBAIAAjAHAwUAKgG+ADANBgkqhkiG9w0BAQsFAAOCAQEA
Pvpke0VNbyXwwV8PmH8//TJ04qd8grvvoKFVdohP9gkWeU+tIlTiGyqGnij2KCgD
zB8LFILcOmKNvoN3Ggsb6XQcpqscZm++ELMLggwp7Gl7GyolZ0GgcbLcjwWFAZgC
wJpqIpLLVA5wc/fJD/RrrYPBZWGcp57fhGa89lUrG2uRDBpngEhjjUJCmLNEbiJf
vvj0ldcIFg729jCrLRbiamMzMvgd/s8OfngOGdGcsfUI6mIUb2zoOQ1ePacJNd4y
NSlbUhPzEUZpLvz5aEt8EURYG+P1kIXpkf9g5lHQTvccScdI64iQzyWFonYnHz5y
6YUzFvw/pYehPVzTz56Qlw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:39 2024 by rpki-client on console-fra.rpki-client.org