Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HEQT-tMiJmG1NELJFGnqy1tNR4E.roa
File: HEQT-tMiJmG1NELJFGnqy1tNR4E.roa (raw, json)
Hash identifier: liJ3jQMDV3uGc9UGAiEMpvpbZbQS0P5+/5gx5V3RpUg=
Subject key identifier: 1C:44:13:FA:D3:22:26:61:B5:34:42:C9:14:69:EA:CB:5B:4D:47:81
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187DB3F7E10EE6EDE731AD9F406DC3E1917
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HEQT-tMiJmG1NELJFGnqy1tNR4E.roa
Signing time: Tue 02 May 2023 06:56:23 +0000
ROA not before: Tue 02 May 2023 06:56:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.115.146.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
89.38.136.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:db:3f:7e:10:ee:6e:de:73:1a:d9:f4:06:dc:3e:19:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 2 06:56:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1c4413fad3222661b53442c91469eacb5b4d4781
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:0c:1f:40:eb:9f:d3:e5:54:b4:b4:84:19:dc:
b1:74:81:98:b1:a8:22:d0:1e:5e:72:6a:e3:3c:23:
04:7e:bc:ec:a1:a0:95:2f:57:ae:d9:fe:ff:72:a4:
ee:58:8f:67:5b:1a:45:f6:8f:0c:30:cd:02:5c:3d:
0b:a4:3e:1c:a2:66:9a:a3:81:5d:39:c0:be:4d:43:
8a:07:f2:53:8d:fa:c3:d8:65:ce:65:35:27:b1:76:
d2:0e:b4:14:41:6e:e6:b5:c0:37:82:6c:bf:d5:70:
f3:4c:a2:2f:f1:48:30:bb:a8:7b:99:eb:d1:a1:f4:
1d:a3:b9:d6:7a:b1:e2:44:7a:f1:e4:b9:46:fb:3c:
72:06:39:0f:f4:81:1f:ab:6d:72:28:08:d7:08:2e:
d2:90:74:60:1a:83:d7:72:cd:ea:91:62:9b:70:eb:
fb:b4:bf:79:13:e0:8e:76:56:79:f0:c9:02:94:09:
a0:58:34:60:8c:3e:a4:23:45:77:6c:44:54:b3:60:
d5:7e:29:52:14:33:b4:e8:c9:90:62:b2:75:93:f3:
fc:25:89:70:f4:46:2c:b2:e6:d6:fd:94:e3:3e:75:
c7:6c:33:09:d3:02:4a:f5:24:89:b5:60:48:c4:bc:
9a:d2:f1:b3:84:a9:3c:bb:69:2e:57:2e:25:74:2d:
f9:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:44:13:FA:D3:22:26:61:B5:34:42:C9:14:69:EA:CB:5B:4D:47:81
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HEQT-tMiJmG1NELJFGnqy1tNR4E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.135.0/24
78.142.242.0/23
89.38.136.0/24
89.43.208.0/24
89.43.210.0/23
178.239.192.0/24
178.239.203.0/24
185.103.73.0/24
185.103.75.0/24
185.115.146.0/24
185.121.230.0/23
185.229.104.0/24
185.229.106.0/24
185.230.248.0/23
185.236.62.0/24
185.245.237.0-185.245.238.255
194.4.156.0/23
194.4.159.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
07:50:a6:5e:b6:fe:bc:fd:a0:b3:0a:b7:21:39:f2:b4:ad:5f:
09:d1:b1:72:5b:03:88:fc:a6:14:05:22:1b:53:36:a9:00:3a:
0e:9a:bb:1f:ad:23:aa:d6:9c:de:6b:bd:8a:33:46:27:13:de:
e9:c5:64:cb:e5:fb:27:08:66:6b:31:06:a7:11:84:6e:50:10:
7a:f9:75:49:76:e3:f7:05:f3:9e:79:f3:de:44:52:cd:90:b6:
44:f5:91:1f:0e:d1:30:00:3b:21:bb:ee:a8:86:01:f7:96:00:
c3:43:d8:22:26:74:49:f2:1e:3a:7e:d8:45:72:31:4d:c9:35:
aa:4f:f2:bf:6b:1f:52:b7:99:80:6c:af:cf:d8:1b:ca:2a:84:
af:21:4a:95:4c:6e:92:5e:85:80:32:a4:ef:9d:44:04:49:44:
f4:47:21:82:f3:fd:bd:9d:da:72:db:1c:d1:42:55:1d:53:2f:
30:43:24:61:71:45:68:54:8f:ab:21:d4:b4:45:36:6e:60:57:
5d:25:87:b0:e5:ca:8c:92:13:de:57:e2:8e:85:1b:73:ec:52:
67:6f:da:ec:9e:09:92:55:9c:0d:d8:64:a9:dc:65:48:1b:1c:
11:7a:0d:f9:96:bb:19:b5:36:9c:31:9f:6a:67:f8:24:64:e2:
50:45:a6:8a
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYfbP34Q7m7ecxrZ9AbcPhkXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTAyMDY1NjIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQ0MTNmYWQzMjIyNjYxYjUzNDQyYzkxNDY5ZWFjYjViNGQ0NzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwwfQOuf0+VUtLSEGdyxdIGYsagi
0B5ecmrjPCMEfrzsoaCVL1eu2f7/cqTuWI9nWxpF9o8MMM0CXD0LpD4comaao4Fd
OcC+TUOKB/JTjfrD2GXOZTUnsXbSDrQUQW7mtcA3gmy/1XDzTKIv8Ugwu6h7mevR
ofQdo7nWerHiRHrx5LlG+zxyBjkP9IEfq21yKAjXCC7SkHRgGoPXcs3qkWKbcOv7
tL95E+COdlZ58MkClAmgWDRgjD6kI0V3bERUs2DVfilSFDO06MmQYrJ1k/P8JYlw
9EYssubW/ZTjPnXHbDMJ0wJK9SSJtWBIxLya0vGzhKk8u2kuVy4ldC357wIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFBxEE/rTIiZhtTRCyRRp6stbTUeBMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSEVRVC10TWlKbUcxTkVMSkZHbnF5MXROUjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgwDAME
Ay2fmAMEAC2fmgMEAD7FhwMEAU6O8gMEAFkmiAMEAFkr0AMEAVkr0gMEALLvwAME
ALLvywMEALlnSQMEALlnSwMEALlzkgMEAbl55gMEALnlaAMEALnlagMEAbnm+AME
ALnsPjAMAwQAufXtAwQAufXuAwQBwgScAwQAwgSfAwQA1SD5MA0GCSqGSIb3DQEB
CwUAA4IBAQAHUKZetv68/aCzCrchOfK0rV8J0bFyWwOI/KYUBSIbUzapADoOmrsf
rSOq1pzea72KM0YnE97pxWTL5fsnCGZrMQanEYRuUBB6+XVJduP3BfOeefPeRFLN
kLZE9ZEfDtEwADshu+6ohgH3lgDDQ9giJnRJ8h46fthFcjFNyTWqT/K/ax9St5mA
bK/P2BvKKoSvIUqVTG6SXoWAMqTvnUQESUT0RyGC8/29ndpy2xzRQlUdUy8wQyRh
cUVoVI+rIdS0RTZuYFddJYew5cqMkhPeV+KOhRtz7FJnb9rsngmSVZwN2GSp3GVI
GxwReg35lrsZtTacMZ9qZ/gkZOJQRaaK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org