Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/hb3IACCwuhPgJNH5LFvK7d79crE.roa
File: hb3IACCwuhPgJNH5LFvK7d79crE.roa (raw, json)
Hash identifier: lFn/5Y0rOFv6q4IhCViu+XbkJjQ3O4sZYef+uv7DPS0=
Subject key identifier: 85:BD:C8:00:20:B0:BA:13:E0:24:D1:F9:2C:5B:CA:ED:DE:FD:72:B1
Certificate issuer: /CN=679a75debd65359a45317f203f11a321e14b2f2c
Certificate serial: 057A3E38
Authority key identifier: 67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/hb3IACCwuhPgJNH5LFvK7d79crE.roa
Signing time: Mon 17 Jan 2022 18:37:52 +0000
ROA not before: Mon 17 Jan 2022 18:37:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211585
IP address blocks: 87.121.136.0/21 maxlen: 24
176.111.240.0/22 maxlen: 24
185.61.156.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 91897400 (0x57a3e38)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=679a75debd65359a45317f203f11a321e14b2f2c
Validity
Not Before: Jan 17 18:37:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=85bdc80020b0ba13e024d1f92c5bcaeddefd72b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:4a:a6:d4:9d:a7:e7:3a:95:5b:8c:4a:3c:a5:
f4:96:8b:20:f8:8e:02:36:b1:67:3b:ab:37:9e:68:
cc:d3:e8:0b:0c:e2:1e:ac:99:8c:44:df:42:99:b8:
62:15:7b:aa:48:c6:54:b2:80:c3:f6:b7:4e:41:9f:
55:35:5d:7f:52:96:96:f9:74:df:07:bd:e5:6f:a5:
56:91:fb:a8:7f:3a:b9:33:ff:95:d8:11:e8:f5:c7:
d2:b5:25:88:0f:cd:69:90:d7:67:56:0e:6c:4d:9b:
4e:2a:76:38:51:db:06:9d:54:5c:c4:0e:87:dd:36:
0f:f3:0f:1e:52:c0:03:c5:93:fa:18:ed:fd:24:fd:
73:18:49:58:95:1a:77:f9:8c:ab:5d:b5:69:53:d5:
6f:51:9f:bc:58:36:10:ac:71:27:7b:61:e8:ce:46:
22:65:2d:44:98:d0:6a:1c:c4:84:49:04:96:2b:43:
4f:0e:f2:3f:55:be:19:40:cc:0e:55:f3:73:53:c9:
1f:65:6f:b4:b9:13:f3:d8:9f:34:f9:b2:54:80:f7:
d7:23:31:3b:53:30:2d:ac:42:e6:a4:3f:96:49:25:
b1:3a:06:24:91:29:ed:65:48:f4:83:2e:bf:9f:09:
1a:eb:b5:6d:f8:f7:b6:4d:5f:26:af:c6:18:58:fb:
8d:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:BD:C8:00:20:B0:BA:13:E0:24:D1:F9:2C:5B:CA:ED:DE:FD:72:B1
X509v3 Authority Key Identifier:
keyid:67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/hb3IACCwuhPgJNH5LFvK7d79crE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/Z5p13r1lNZpFMX8gPxGjIeFLLyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.136.0/21
176.111.240.0/22
185.61.156.0/22
Signature Algorithm: sha256WithRSAEncryption
8d:c5:b2:11:40:45:02:a4:18:50:e1:62:65:f6:68:b2:82:6a:
1d:be:cd:2c:55:74:55:1b:c8:f4:f3:93:0f:80:0a:86:cb:32:
07:0c:d7:b9:ff:b3:f9:62:18:d3:c3:fd:98:4c:1f:8e:ea:09:
80:eb:7c:b5:d7:e1:9b:1d:49:92:b7:ae:2a:84:38:9a:41:aa:
62:fb:4a:9a:5a:d7:ee:8c:07:9b:ad:0a:4f:7b:9f:04:75:7a:
85:da:6b:a2:30:ca:69:dd:5a:05:21:88:71:83:cf:4c:97:12:
4a:c6:0e:3f:0c:da:23:d5:c1:5e:8e:82:70:05:8b:64:41:74:
ab:8e:6d:87:3a:4e:ae:80:2d:95:30:db:61:36:6a:59:c3:78:
07:b1:8d:af:c1:3c:13:d2:38:42:a1:d5:b7:d6:b6:0a:0f:86:
9d:4b:7c:94:34:a5:d8:53:8e:eb:b4:76:c0:f3:0b:89:16:05:
12:2d:c6:64:76:74:83:5e:97:9e:08:12:c9:a5:23:0c:23:36:
a5:6e:f6:ae:9f:ac:1a:3a:76:58:99:b8:ab:1a:36:14:fc:6f:
23:cb:99:d3:06:52:a6:a4:89:b2:65:28:66:c7:21:4a:7b:30:
ef:ff:90:49:62:a9:e9:29:a8:3f:3f:c2:6d:44:af:43:7a:64:
7f:16:1d:8e
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEBXo+ODANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NzlhNzVkZWJkNjUzNTlhNDUzMTdmMjAzZjExYTMyMWUxNGIyZjJjMB4XDTIyMDEx
NzE4Mzc1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODViZGM4MDAyMGIw
YmExM2UwMjRkMWY5MmM1YmNhZWRkZWZkNzJiMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKJKptSdp+c6lVuMSjyl9JaLIPiOAjaxZzurN55ozNPoCwzi
HqyZjETfQpm4YhV7qkjGVLKAw/a3TkGfVTVdf1KWlvl03we95W+lVpH7qH86uTP/
ldgR6PXH0rUliA/NaZDXZ1YObE2bTip2OFHbBp1UXMQOh902D/MPHlLAA8WT+hjt
/ST9cxhJWJUad/mMq121aVPVb1GfvFg2EKxxJ3th6M5GImUtRJjQahzEhEkElitD
Tw7yP1W+GUDMDlXzc1PJH2VvtLkT89ifNPmyVID31yMxO1MwLaxC5qQ/lkklsToG
JJEp7WVI9IMuv58JGuu1bfj3tk1fJq/GGFj7jfsCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBSFvcgAILC6E+Ak0fksW8rt3v1ysTAfBgNVHSMEGDAWgBRnmnXevWU1mkUx
fyA/EaMh4UsvLDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1o1cDEzcjFsTlpwRk1YOGdQeEdqSWVGTEx5dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjUvN2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8x
L2hiM0lBQ0N3dWhQZ0pOSDVMRnZLN2Q3OWNyRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUv
N2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8xL1o1cDEzcjFsTlpw
Rk1YOGdQeEdqSWVGTEx5dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEA1d5iAMEArBv8AMEArk9nDANBgkq
hkiG9w0BAQsFAAOCAQEAjcWyEUBFAqQYUOFiZfZosoJqHb7NLFV0VRvI9POTD4AK
hssyBwzXuf+z+WIY08P9mEwfjuoJgOt8tdfhmx1JkreuKoQ4mkGqYvtKmlrX7owH
m60KT3ufBHV6hdprojDKad1aBSGIcYPPTJcSSsYOPwzaI9XBXo6CcAWLZEF0q45t
hzpOroAtlTDbYTZqWcN4B7GNr8E8E9I4QqHVt9a2Cg+GnUt8lDSl2FOO67R2wPML
iRYFEi3GZHZ0g16XnggSyaUjDCM2pW72rp+sGjp2WJm4qxo2FPxvI8uZ0wZSpqSJ
smUoZschSnsw7/+QSWKp6SmoPz/CbUSvQ3pkfxYdjg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:30 2023 by rpki-client on console-ams.rpki-client.org