Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Hzk73X6G0_DQKFVHj4Vx6vgPwvQ.roa
File: Hzk73X6G0_DQKFVHj4Vx6vgPwvQ.roa (raw, json)
Hash identifier: TZmixzeXJ2TTTL2pTW3iT9Ib+xbOFI1xM+KZD5i/2rE=
Subject key identifier: 1F:39:3B:DD:7E:86:D3:F0:D0:28:55:47:8F:85:71:EA:F8:0F:C2:F4
Certificate issuer: /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial: 018CC49245B942D1FFE0E4AABCFDFDA2A619
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Hzk73X6G0_DQKFVHj4Vx6vgPwvQ.roa
Signing time: Mon 01 Jan 2024 10:29:29 +0000
ROA not before: Mon 01 Jan 2024 10:29:29 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201942
IP address blocks: 185.58.196.0/22 maxlen: 22
185.119.112.0/22 maxlen: 22
212.23.223.0/24 maxlen: 24
195.184.72.0/24 maxlen: 24
45.130.16.0/22 maxlen: 22
193.56.3.0/24 maxlen: 24
46.226.144.0/21 maxlen: 21
194.26.143.0/24 maxlen: 24
195.182.205.0/24 maxlen: 24
193.163.117.0/24 maxlen: 24
193.46.216.0/24 maxlen: 24
185.232.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:92:45:b9:42:d1:ff:e0:e4:aa:bc:fd:fd:a2:a6:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
Validity
Not Before: Jan 1 10:29:29 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1f393bdd7e86d3f0d02855478f8571eaf80fc2f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:3e:e6:7f:a2:72:6b:f9:28:c4:ef:c5:86:5a:
d4:3c:fe:b8:17:57:22:44:07:0f:4c:79:ce:b3:9f:
d7:73:a7:20:5b:c5:6e:de:a6:8e:66:96:5e:2e:06:
a3:8b:87:51:cc:95:49:af:62:c1:6d:33:e7:a2:59:
5a:e4:96:f5:72:ce:e7:bd:09:8c:1d:41:3f:ed:19:
e8:bb:30:b5:81:0a:86:cc:c9:7f:76:98:2c:1a:86:
5f:65:2e:84:0b:45:c7:b4:7b:a8:09:6a:37:b0:d8:
29:86:50:1e:8b:12:6a:92:ef:8b:e6:95:29:81:89:
41:cb:f7:e9:6f:bb:ce:f3:d5:02:bf:2a:a8:23:d3:
69:3f:d5:d5:e6:1e:69:26:b1:7c:05:85:8b:66:d1:
db:78:98:f7:47:68:b2:01:f4:85:77:45:e0:69:d1:
ce:d4:ea:32:0b:54:0e:52:98:00:78:76:a8:3d:c3:
70:21:90:0a:ce:29:f2:fd:f8:c4:b8:c5:31:c9:b7:
d7:ce:93:bb:b0:4f:84:71:cd:f4:05:e5:c0:37:0c:
d7:c7:71:6d:21:65:d4:18:87:d8:3c:50:89:43:0a:
c4:5b:77:92:4a:49:bd:56:b0:87:7c:fb:a7:2a:be:
4b:6c:ec:69:aa:a3:4b:ff:96:c2:f3:53:5a:8a:7e:
bf:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:39:3B:DD:7E:86:D3:F0:D0:28:55:47:8F:85:71:EA:F8:0F:C2:F4
X509v3 Authority Key Identifier:
keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Hzk73X6G0_DQKFVHj4Vx6vgPwvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.130.16.0/22
46.226.144.0/21
185.58.196.0/22
185.119.112.0/22
185.232.41.0/24
193.46.216.0/24
193.56.3.0/24
193.163.117.0/24
194.26.143.0/24
195.182.205.0/24
195.184.72.0/24
212.23.223.0/24
Signature Algorithm: sha256WithRSAEncryption
41:7c:c1:13:aa:e2:0a:d8:a5:4f:3e:43:94:5b:a9:b4:0c:53:
43:29:9f:42:93:8f:cf:2b:48:0d:65:81:7d:ce:f0:31:30:a0:
b7:1c:e4:98:58:41:0b:d6:0a:d3:4d:6e:08:67:76:3d:d8:e2:
8a:a0:b0:4b:bb:98:21:8a:bd:b5:9f:e3:58:8c:fc:a7:bb:ea:
00:c4:c1:f8:de:4a:b0:79:af:ca:9d:97:34:ea:02:0f:14:4b:
2d:82:37:bf:4f:d2:e6:9d:1f:96:c0:cf:e2:f3:aa:b7:43:a1:
12:c1:d6:71:f3:fd:2d:b6:55:9b:d3:f2:8d:a8:f1:57:84:a1:
e7:10:de:53:20:26:29:b1:92:ad:d4:df:f7:5f:1e:0e:5c:cc:
f8:20:83:42:83:f9:7c:de:a7:5f:8f:bb:51:70:5a:4e:03:51:
b8:f6:1a:82:a3:fa:a1:2f:da:4a:b4:ef:e1:3a:26:1c:3e:a4:
53:e9:6b:f6:a0:97:d5:43:fa:f8:e9:d4:2f:27:45:b7:4e:3e:
ca:d6:c2:ed:ec:fa:52:0e:ad:09:88:37:6d:66:07:e6:7c:51:
a2:ca:0d:a2:2f:b5:bb:1d:b9:11:9a:0f:e9:99:f0:37:a2:6d:
56:3f:f2:57:0c:0b:43:b2:d3:0d:a2:12:10:06:8d:3d:83:39:
e3:5b:8f:0b
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYzEkkW5QtH/4OSqvP39oqYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM5M2JkZDdlODZkM2YwZDAyODU1NDc4Zjg1NzFlYWY4MGZjMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4T7mf6Jya/koxO/FhlrUPP64F1ci
RAcPTHnOs5/Xc6cgW8Vu3qaOZpZeLgaji4dRzJVJr2LBbTPnolla5Jb1cs7nvQmM
HUE/7RnouzC1gQqGzMl/dpgsGoZfZS6EC0XHtHuoCWo3sNgphlAeixJqku+L5pUp
gYlBy/fpb7vO89UCvyqoI9NpP9XV5h5pJrF8BYWLZtHbeJj3R2iyAfSFd0XgadHO
1OoyC1QOUpgAeHaoPcNwIZAKziny/fjEuMUxybfXzpO7sE+Ecc30BeXANwzXx3Ft
IWXUGIfYPFCJQwrEW3eSSkm9VrCHfPunKr5LbOxpqqNL/5bC81Nain6/kQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFB85O91+htPw0ChVR4+Fcer4D8L0MB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvSHprNzNYNkcwX0RRS0ZWSGo0Vng2dmdQd3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCLYIQAwQD
LuKQAwQCuTrEAwQCuXdwAwQAuegpAwQAwS7YAwQAwTgDAwQAwaN1AwQAwhqPAwQA
w7bNAwQAw7hIAwQA1BffMA0GCSqGSIb3DQEBCwUAA4IBAQBBfMETquIK2KVPPkOU
W6m0DFNDKZ9Ck4/PK0gNZYF9zvAxMKC3HOSYWEEL1grTTW4IZ3Y92OKKoLBLu5gh
ir21n+NYjPynu+oAxMH43kqwea/KnZc06gIPFEstgje/T9LmnR+WwM/i86q3Q6ES
wdZx8/0ttlWb0/KNqPFXhKHnEN5TICYpsZKt1N/3Xx4OXMz4IINCg/l83qdfj7tR
cFpOA1G49hqCo/qhL9pKtO/hOiYcPqRT6Wv2oJfVQ/r46dQvJ0W3Tj7K1sLt7PpS
Dq0JiDdtZgfmfFGiyg2iL7W7HbkRmg/pmfA3om1WP/JXDAtDstMNohIQBo09gznj
W48L
-----END CERTIFICATE-----
Generated at Fri Sep 20 12:50:47 2024 by rpki-client on console-fra.rpki-client.org