Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f32f37-443c-4065-8f05-cfb51916490d/1/HMg62k73K4Bdw6S4ivl_pb02aS0.roa
File: HMg62k73K4Bdw6S4ivl_pb02aS0.roa (raw, json)
Hash identifier: gTep5gjv1OInhn3HURlDKdl0McYAXl28qG315V5yKiI=
Subject key identifier: 1C:C8:3A:DA:4E:F7:2B:80:5D:C3:A4:B8:8A:F9:7F:A5:BD:36:69:2D
Certificate issuer: /CN=5e644315e56e96b153b4ffde4d70dacbaa15ce92
Certificate serial: 018DCC5BDAC2AADAAD6348BE474817039362
Authority key identifier: 5E:64:43:15:E5:6E:96:B1:53:B4:FF:DE:4D:70:DA:CB:AA:15:CE:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XmRDFeVulrFTtP_eTXDay6oVzpI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/f32f37-443c-4065-8f05-cfb51916490d/1/HMg62k73K4Bdw6S4ivl_pb02aS0.roa
Signing time: Wed 21 Feb 2024 15:49:48 +0000
ROA not before: Wed 21 Feb 2024 15:49:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42375
IP address blocks: 109.196.104.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:cc:5b:da:c2:aa:da:ad:63:48:be:47:48:17:03:93:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e644315e56e96b153b4ffde4d70dacbaa15ce92
Validity
Not Before: Feb 21 15:49:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1cc83ada4ef72b805dc3a4b88af97fa5bd36692d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:42:48:c3:b2:0d:a0:30:ba:81:dc:1f:08:26:
8c:3e:ea:1d:a7:c3:3a:a3:a6:93:4a:6e:a1:36:60:
30:1b:86:4b:fe:a7:ef:ff:ca:b0:67:93:b6:e5:7e:
1e:f2:1a:78:8b:4c:51:b0:31:93:63:d9:2d:ad:35:
83:4d:26:b7:a2:ac:00:63:ec:4c:1d:dd:8f:65:91:
49:96:87:98:82:14:c7:f4:e8:49:5c:09:e7:0d:55:
3a:e7:90:d3:67:0e:1a:33:41:b1:23:c5:4a:ec:16:
b0:f2:8d:95:6c:52:e4:c0:df:2a:5f:c9:f0:aa:75:
a8:25:d5:e3:c5:f9:ae:03:6b:a0:c8:37:fb:4f:9d:
83:b0:65:b0:bb:38:b0:26:b9:d1:b3:c8:c0:b2:aa:
6d:d7:4c:2b:8d:07:8b:99:98:3a:d7:93:cf:96:31:
93:9e:1e:f7:3e:cd:3e:57:15:08:c6:8f:42:a0:77:
92:ed:6f:ea:fd:c0:de:2d:38:d5:99:60:d0:dc:6a:
62:59:60:e5:1e:a2:61:4b:69:89:5c:46:6c:15:cf:
6b:03:05:97:52:77:f2:77:90:8f:3c:0a:be:d8:94:
ca:df:29:4d:7b:c1:1e:bf:81:50:c2:8f:a6:f4:f1:
b7:23:65:5b:1a:58:db:00:b6:22:54:fc:58:5f:1a:
f4:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:C8:3A:DA:4E:F7:2B:80:5D:C3:A4:B8:8A:F9:7F:A5:BD:36:69:2D
X509v3 Authority Key Identifier:
keyid:5E:64:43:15:E5:6E:96:B1:53:B4:FF:DE:4D:70:DA:CB:AA:15:CE:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XmRDFeVulrFTtP_eTXDay6oVzpI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f32f37-443c-4065-8f05-cfb51916490d/1/HMg62k73K4Bdw6S4ivl_pb02aS0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f32f37-443c-4065-8f05-cfb51916490d/1/XmRDFeVulrFTtP_eTXDay6oVzpI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.196.104.0/21
Signature Algorithm: sha256WithRSAEncryption
3b:e0:0c:be:27:5d:da:c0:86:84:b2:63:f4:dc:e3:04:3e:0b:
58:9a:a7:16:19:e2:3c:c8:5d:6e:d5:e7:b3:0f:b5:13:f7:91:
7b:0a:a4:1d:a5:fe:fd:f2:93:d1:d2:4c:e2:da:ad:fb:cc:9a:
a9:4e:32:71:f2:4a:b4:5e:d0:4b:d9:61:b2:11:b9:49:e8:98:
15:de:2d:f1:43:47:12:d4:7e:5b:6d:e0:63:4b:4e:b7:5b:03:
35:fb:f7:79:53:45:1c:e5:65:6f:ce:1f:03:e2:e6:80:06:d1:
8c:be:6e:1e:b0:49:31:26:94:83:78:7d:9c:19:d0:46:ba:de:
c8:db:f9:0e:a0:be:ab:f0:6d:0c:e1:42:a8:fd:af:55:45:3c:
54:13:01:21:21:8f:97:ef:6b:4a:c9:6f:1e:54:75:fa:2a:81:
92:b6:06:74:4a:87:a4:f0:a7:7a:95:2f:43:91:66:72:00:8d:
3d:9f:d1:05:a8:4f:93:97:bd:96:69:8a:95:f5:65:b7:b3:39:
28:72:05:67:00:9b:44:14:62:85:72:83:60:b0:e7:f7:81:8a:
8e:a1:e3:30:33:91:e9:4e:81:61:27:dc:82:97:21:a4:6f:51:
18:66:a4:fd:a6:7b:9e:ad:30:5a:66:92:f6:fc:5d:2e:df:81:
36:f1:26:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3MW9rCqtqtY0i+R0gXA5NiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNjQ0MzE1ZTU2ZTk2YjE1M2I0ZmZkZTRkNzBkYWNiYWEx
NWNlOTIwHhcNMjQwMjIxMTU0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2M4M2FkYTRlZjcyYjgwNWRjM2E0Yjg4YWY5N2ZhNWJkMzY2OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0JIw7INoDC6gdwfCCaMPuodp8M6
o6aTSm6hNmAwG4ZL/qfv/8qwZ5O25X4e8hp4i0xRsDGTY9ktrTWDTSa3oqwAY+xM
Hd2PZZFJloeYghTH9OhJXAnnDVU655DTZw4aM0GxI8VK7Baw8o2VbFLkwN8qX8nw
qnWoJdXjxfmuA2ugyDf7T52DsGWwuziwJrnRs8jAsqpt10wrjQeLmZg615PPljGT
nh73Ps0+VxUIxo9CoHeS7W/q/cDeLTjVmWDQ3GpiWWDlHqJhS2mJXEZsFc9rAwWX
Unfyd5CPPAq+2JTK3ylNe8Eev4FQwo+m9PG3I2VbGljbALYiVPxYXxr0PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzIOtpO9yuAXcOkuIr5f6W9NmktMB8GA1UdIwQY
MBaAFF5kQxXlbpaxU7T/3k1w2suqFc6SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG1SREZlVnVsckZUdFBfZVRYRGF5Nm9WenBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMzJmMzctNDQzYy00MDY1LThmMDUt
Y2ZiNTE5MTY0OTBkLzEvSE1nNjJrNzNLNEJkdzZTNGl2bF9wYjAyYVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMzJmMzctNDQzYy00MDY1LThmMDUtY2ZiNTE5MTY0OTBk
LzEvWG1SREZlVnVsckZUdFBfZVRYRGF5Nm9WenBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbcRoMA0G
CSqGSIb3DQEBCwUAA4IBAQA74Ay+J13awIaEsmP03OMEPgtYmqcWGeI8yF1u1eez
D7UT95F7CqQdpf798pPR0kzi2q37zJqpTjJx8kq0XtBL2WGyEblJ6JgV3i3xQ0cS
1H5bbeBjS063WwM1+/d5U0Uc5WVvzh8D4uaABtGMvm4esEkxJpSDeH2cGdBGut7I
2/kOoL6r8G0M4UKo/a9VRTxUEwEhIY+X72tKyW8eVHX6KoGStgZ0Soek8Kd6lS9D
kWZyAI09n9EFqE+Tl72WaYqV9WW3szkocgVnAJtEFGKFcoNgsOf3gYqOoeMwM5Hp
ToFhJ9yClyGkb1EYZqT9pnuerTBaZpL2/F0u34E28SaO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:33 2024 by rpki-client on console-fra.rpki-client.org