Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/HGXhy6KArxyEANGcGOC2b04A-5U.roa
File: HGXhy6KArxyEANGcGOC2b04A-5U.roa (raw, json)
Hash identifier: i677R7CmvmDdz1SxtBQzKUnDgTNhk7t20Z94VIH4RDA=
Subject key identifier: 1C:65:E1:CB:A2:80:AF:1C:84:00:D1:9C:18:E0:B6:6F:4E:00:FB:95
Certificate issuer: /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial: 01865230765D017C495A9151E61E55BADC88
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/HGXhy6KArxyEANGcGOC2b04A-5U.roa
Signing time: Tue 14 Feb 2023 23:09:12 +0000
ROA not before: Tue 14 Feb 2023 23:09:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44667
IP address blocks: 185.93.104.0/22 maxlen: 22
45.157.252.0/22 maxlen: 24
209.16.140.0/23 maxlen: 23
158.41.0.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:52:30:76:5d:01:7c:49:5a:91:51:e6:1e:55:ba:dc:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Validity
Not Before: Feb 14 23:09:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1c65e1cba280af1c8400d19c18e0b66f4e00fb95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:97:9b:18:0c:d7:39:a5:4c:2c:a7:0b:4b:33:
1f:46:59:c1:18:5a:d7:29:42:02:3a:73:00:ef:5d:
b5:de:94:0a:29:33:7b:57:6a:66:31:92:f1:10:4c:
6d:eb:70:6f:1f:1b:02:f8:70:d8:a4:c0:72:dc:5b:
c9:ad:af:be:07:78:29:49:6c:94:8b:8b:d8:4e:cd:
a7:2b:35:b3:e4:46:d0:13:52:c5:84:6d:9c:d0:1e:
36:f2:c3:7e:de:79:3c:de:3b:3b:5d:4e:35:86:36:
0c:34:20:b0:80:39:2b:bd:f8:38:14:2d:70:d5:3c:
5c:2e:fa:d7:1d:1f:2d:52:1f:c2:88:ad:83:38:dd:
e0:a3:17:63:cb:ea:41:23:4e:fb:26:75:b3:df:13:
83:dc:b3:cd:85:e4:8b:7a:f8:de:ad:c8:58:f8:a1:
8b:3a:16:8a:6c:f8:fa:da:83:f6:12:65:18:78:40:
f9:91:bd:b4:c1:95:d6:35:57:bc:e9:13:15:17:05:
a9:1a:05:07:4b:47:1f:e7:f1:35:c9:ce:bf:a8:e8:
bf:56:03:4b:6e:a7:a0:cd:b0:ee:81:27:37:2e:b6:
a4:fc:8f:d6:e8:9b:4c:2b:a4:3e:06:18:e6:32:ca:
26:ec:5e:a9:5b:80:39:f7:0b:14:36:33:fc:27:ea:
3c:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:65:E1:CB:A2:80:AF:1C:84:00:D1:9C:18:E0:B6:6F:4E:00:FB:95
X509v3 Authority Key Identifier:
keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/HGXhy6KArxyEANGcGOC2b04A-5U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.157.252.0/22
158.41.0.0/20
185.93.104.0/22
209.16.140.0/23
Signature Algorithm: sha256WithRSAEncryption
1d:11:95:2d:a7:aa:f3:b6:a4:cf:13:60:5d:63:91:39:cd:42:
b8:ea:3a:ab:aa:cf:f0:de:17:f0:91:27:a1:d7:a7:78:7d:2b:
dd:9e:62:f0:d5:b2:17:cc:84:01:69:99:f6:b2:99:38:c2:91:
7d:8d:f7:97:b2:a6:f4:a9:0b:93:c0:6e:93:0b:28:c3:2b:9d:
b3:ca:88:31:4d:ed:0e:74:92:e2:d6:95:de:43:ad:fe:26:09:
af:5b:84:f0:61:80:02:26:cc:a8:3e:2c:c9:d0:e5:7e:b0:e3:
bb:b5:a9:66:f1:fb:d7:c4:cd:c8:6b:5d:16:8f:a6:41:44:5b:
b9:8e:56:ea:a1:33:cf:35:5b:63:d3:9b:ec:29:06:ef:d9:8b:
ec:4a:cf:49:e7:45:83:70:e3:99:e7:64:45:49:53:76:61:ef:
ac:df:c2:2b:25:89:10:e1:88:88:c1:75:4a:87:61:64:b5:ef:
fd:88:81:ca:1a:95:bf:29:60:02:af:52:dd:f1:a7:22:bc:e5:
44:98:e4:02:9b:a9:8d:11:2a:ef:53:86:3a:dd:cf:76:8e:d9:
8c:64:a9:49:f9:35:a8:d1:2e:76:18:8f:43:3e:8e:fe:8d:e3:
c8:a0:22:02:8b:74:93:9c:ab:6c:47:7b:dd:24:93:19:1b:ed:
da:72:da:a3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYZSMHZdAXxJWpFR5h5VutyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjMwMjE0MjMwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzY1ZTFjYmEyODBhZjFjODQwMGQxOWMxOGUwYjY2ZjRlMDBmYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5ebGAzXOaVMLKcLSzMfRlnBGFrX
KUICOnMA71213pQKKTN7V2pmMZLxEExt63BvHxsC+HDYpMBy3FvJra++B3gpSWyU
i4vYTs2nKzWz5EbQE1LFhG2c0B428sN+3nk83js7XU41hjYMNCCwgDkrvfg4FC1w
1TxcLvrXHR8tUh/CiK2DON3goxdjy+pBI077JnWz3xOD3LPNheSLevjerchY+KGL
OhaKbPj62oP2EmUYeED5kb20wZXWNVe86RMVFwWpGgUHS0cf5/E1yc6/qOi/VgNL
bqegzbDugSc3Lrak/I/W6JtMK6Q+BhjmMsom7F6pW4A59wsUNjP8J+o8HwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBxl4cuigK8chADRnBjgtm9OAPuVMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvSEdYaHk2S0FyeHlFQU5HY0dPQzJiMDRBLTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLZ38AwQE
nikAAwQCuV1oAwQB0RCMMA0GCSqGSIb3DQEBCwUAA4IBAQAdEZUtp6rztqTPE2Bd
Y5E5zUK46jqrqs/w3hfwkSeh16d4fSvdnmLw1bIXzIQBaZn2spk4wpF9jfeXsqb0
qQuTwG6TCyjDK52zyogxTe0OdJLi1pXeQ63+JgmvW4TwYYACJsyoPizJ0OV+sOO7
talm8fvXxM3Ia10Wj6ZBRFu5jlbqoTPPNVtj05vsKQbv2YvsSs9J50WDcOOZ52RF
SVN2Ye+s38IrJYkQ4YiIwXVKh2Fkte/9iIHKGpW/KWACr1Ld8acivOVEmOQCm6mN
ESrvU4Y63c92jtmMZKlJ+TWo0S52GI9DPo7+jePIoCICi3STnKtsR3vdJJMZG+3a
ctqj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:13 2024 by rpki-client on console-fra.rpki-client.org