Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/17472b-bd34-4b2b-ac5c-b0d2c72458f3/1/KeHosB5AsGiY7tYhVgondKsAt1c.roa
File: KeHosB5AsGiY7tYhVgondKsAt1c.roa (raw, json)
Hash identifier: mu4lr/zrjF9VObHwzX6eJ5nA4BGmLsg4w3hZlehNCzo=
Subject key identifier: 29:E1:E8:B0:1E:40:B0:68:98:EE:D6:21:56:0A:27:74:AB:00:B7:57
Certificate issuer: /CN=961a7dc731894a6bdebae0d02d32cd68a138cfc7
Certificate serial: 01E78E0B
Authority key identifier: 96:1A:7D:C7:31:89:4A:6B:DE:BA:E0:D0:2D:32:CD:68:A1:38:CF:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lhp9xzGJSmveuuDQLTLNaKE4z8c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/17472b-bd34-4b2b-ac5c-b0d2c72458f3/1/KeHosB5AsGiY7tYhVgondKsAt1c.roa
Signing time: Sat 01 Jan 2022 02:51:01 +0000
ROA not before: Sat 01 Jan 2022 02:51:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 57752
IP address blocks: 185.17.56.0/24 maxlen: 24
185.17.56.0/22 maxlen: 22
185.17.57.0/24 maxlen: 24
45.130.238.0/24 maxlen: 24
45.130.237.0/24 maxlen: 24
45.130.236.0/22 maxlen: 22
45.130.236.0/24 maxlen: 24
45.130.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31952395 (0x1e78e0b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=961a7dc731894a6bdebae0d02d32cd68a138cfc7
Validity
Not Before: Jan 1 02:51:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=29e1e8b01e40b06898eed621560a2774ab00b757
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:02:e3:08:72:2a:8f:6c:a5:f6:1d:43:d8:33:
58:79:eb:29:94:c4:58:03:52:4b:fc:cd:bc:b0:47:
b5:de:89:14:d3:9b:13:6f:17:80:0c:15:1b:ba:8e:
bc:d7:8f:af:ae:d0:4e:01:70:41:f8:6e:0e:e9:56:
30:2c:7a:52:a4:ee:0e:cb:86:db:ce:f0:93:b2:9c:
d6:c2:40:4b:86:e2:57:de:88:12:92:bc:37:8e:7c:
5f:67:d2:85:0e:9d:1d:35:0d:21:c8:fb:68:5e:cf:
60:d6:09:ce:f9:db:33:a4:3e:9e:fd:13:be:cc:5b:
e6:7c:4f:cb:83:af:35:30:b8:3b:38:5a:0b:bd:5f:
ce:10:27:ad:64:64:8b:d5:4d:01:98:81:16:84:b4:
66:80:ba:27:2e:d0:72:7d:4c:e3:f2:91:53:f5:38:
ae:17:ca:2d:88:43:37:21:ba:78:7f:76:01:4c:7b:
50:e8:41:51:91:33:d1:25:86:33:57:14:43:65:37:
c8:b2:0e:87:37:84:59:17:6f:46:5c:e7:2e:79:dc:
a3:83:58:32:18:17:1d:e3:fa:82:f7:c9:6b:4e:e9:
3b:e0:f4:96:b9:fa:39:e4:f2:8d:7e:54:00:dc:e7:
fe:53:07:0b:5b:a9:9e:e1:4b:af:57:ef:a3:a3:88:
13:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:E1:E8:B0:1E:40:B0:68:98:EE:D6:21:56:0A:27:74:AB:00:B7:57
X509v3 Authority Key Identifier:
keyid:96:1A:7D:C7:31:89:4A:6B:DE:BA:E0:D0:2D:32:CD:68:A1:38:CF:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhp9xzGJSmveuuDQLTLNaKE4z8c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/17472b-bd34-4b2b-ac5c-b0d2c72458f3/1/KeHosB5AsGiY7tYhVgondKsAt1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/17472b-bd34-4b2b-ac5c-b0d2c72458f3/1/lhp9xzGJSmveuuDQLTLNaKE4z8c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.130.236.0/22
185.17.56.0/22
Signature Algorithm: sha256WithRSAEncryption
03:58:31:ac:36:7b:80:d7:b9:24:b0:4b:88:23:b3:67:b5:bb:
44:63:1a:82:94:0b:e7:da:a5:7d:0b:fc:49:7d:0d:0f:68:a2:
83:d3:06:65:bf:1b:70:0e:25:6a:78:8b:b3:5a:14:00:fa:24:
57:94:05:d2:38:3f:23:54:5a:61:83:80:35:60:e6:76:35:03:
3f:85:f7:30:b8:31:f5:1b:69:98:0d:93:c9:1e:56:f5:fb:11:
b8:f7:ef:37:cf:bc:25:09:ae:b8:f4:cf:1f:39:91:06:64:8d:
75:75:a6:ac:ca:4e:58:cf:73:9f:98:37:b8:9f:e2:ea:c9:44:
fd:4f:9a:83:55:b6:e2:82:77:78:50:26:93:5b:bf:21:1a:83:
2c:5b:9e:90:6b:b7:43:98:d5:1d:63:39:af:ea:02:bd:9e:49:
57:cb:ab:2d:b0:5e:9d:73:8e:f0:61:21:a2:03:17:33:cd:0e:
54:ee:aa:2b:97:bf:1f:0a:bc:ac:01:1e:e5:5a:89:00:f3:bf:
ad:06:f9:d5:ff:2f:cf:4b:d7:25:cf:72:93:45:51:b1:f7:40:
46:3b:a0:f3:d0:62:39:83:04:15:f4:72:e0:ca:08:65:43:cc:
da:0d:8f:33:87:43:86:5d:fc:30:39:c4:f3:40:f3:74:cb:3a:
6c:64:45:c2
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEAeeOCzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NjFhN2RjNzMxODk0YTZiZGViYWUwZDAyZDMyY2Q2OGExMzhjZmM3MB4XDTIyMDEw
MTAyNTEwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjllMWU4YjAxZTQw
YjA2ODk4ZWVkNjIxNTYwYTI3NzRhYjAwYjc1NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMQC4whyKo9spfYdQ9gzWHnrKZTEWANSS/zNvLBHtd6JFNOb
E28XgAwVG7qOvNePr67QTgFwQfhuDulWMCx6UqTuDsuG287wk7Kc1sJAS4biV96I
EpK8N458X2fShQ6dHTUNIcj7aF7PYNYJzvnbM6Q+nv0Tvsxb5nxPy4OvNTC4Ozha
C71fzhAnrWRki9VNAZiBFoS0ZoC6Jy7Qcn1M4/KRU/U4rhfKLYhDNyG6eH92AUx7
UOhBUZEz0SWGM1cUQ2U3yLIOhzeEWRdvRlznLnnco4NYMhgXHeP6gvfJa07pO+D0
lrn6OeTyjX5UANzn/lMHC1upnuFLr1fvo6OIEzECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQp4eiwHkCwaJju1iFWCid0qwC3VzAfBgNVHSMEGDAWgBSWGn3HMYlKa966
4NAtMs1ooTjPxzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xocDl4ekdKU212ZXV1RFFMVExOYUtFNHo4Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTMvMTc0NzJiLWJkMzQtNGIyYi1hYzVjLWIwZDJjNzI0NThmMy8x
L0tlSG9zQjVBc0dpWTd0WWhWZ29uZEtzQXQxYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMv
MTc0NzJiLWJkMzQtNGIyYi1hYzVjLWIwZDJjNzI0NThmMy8xL2xocDl4ekdKU212
ZXV1RFFMVExOYUtFNHo4Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAi2C7AMEArkRODANBgkqhkiG9w0B
AQsFAAOCAQEAA1gxrDZ7gNe5JLBLiCOzZ7W7RGMagpQL59qlfQv8SX0ND2iig9MG
Zb8bcA4laniLs1oUAPokV5QF0jg/I1RaYYOANWDmdjUDP4X3MLgx9RtpmA2TyR5W
9fsRuPfvN8+8JQmuuPTPHzmRBmSNdXWmrMpOWM9zn5g3uJ/i6slE/U+ag1W24oJ3
eFAmk1u/IRqDLFuekGu3Q5jVHWM5r+oCvZ5JV8urLbBenXOO8GEhogMXM80OVO6q
K5e/Hwq8rAEe5VqJAPO/rQb51f8vz0vXJc9yk0VRsfdARjug89BiOYMEFfRy4MoI
ZUPM2g2PM4dDhl38MDnE80DzdMs6bGRFwg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:59:34 2023 by rpki-client on console-fra.rpki-client.org