Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/HkcPnnLU4scmqs6R5UG6_R_IzPI.roa
File: HkcPnnLU4scmqs6R5UG6_R_IzPI.roa (raw, json)
Hash identifier: v7yZfaNDz2TzAHLxbGvLR3UOXSGeAnqYjqRPQvuRqo4=
Subject key identifier: 1E:47:0F:9E:72:D4:E2:C7:26:AA:CE:91:E5:41:BA:FD:1F:C8:CC:F2
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 0186412FFA64ECA921EFB3E25CA1420E7C12
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/HkcPnnLU4scmqs6R5UG6_R_IzPI.roa
Signing time: Sat 11 Feb 2023 15:55:08 +0000
ROA not before: Sat 11 Feb 2023 15:55:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31102
IP address blocks: 89.44.108.0/24 maxlen: 24
86.107.52.0/24 maxlen: 24
188.241.134.0/23 maxlen: 23
89.42.9.0/24 maxlen: 24
188.240.202.0/23 maxlen: 23
89.47.255.0/24 maxlen: 24
92.114.39.0/24 maxlen: 24
92.114.52.0/24 maxlen: 24
188.215.70.0/23 maxlen: 23
86.107.20.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:41:2f:fa:64:ec:a9:21:ef:b3:e2:5c:a1:42:0e:7c:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Feb 11 15:55:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1e470f9e72d4e2c726aace91e541bafd1fc8ccf2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:58:07:31:d6:d4:8b:da:58:44:a6:63:c2:89:
d3:82:06:a2:78:09:95:81:9a:6c:52:7c:70:54:93:
b3:df:3a:8c:e1:90:78:2c:99:37:a8:0a:12:86:f0:
b7:6d:5f:c0:d3:a4:42:e4:90:18:21:51:d5:1f:e2:
5c:ec:26:41:6f:1e:e1:35:3e:e9:10:cd:a3:f8:c2:
85:c2:76:5d:15:e1:d4:28:8f:d2:3e:20:fa:d7:19:
cd:18:21:dd:30:db:b0:0c:ef:29:99:e9:72:9f:b6:
50:21:3a:04:08:c7:20:21:11:23:37:e9:33:ab:ce:
9b:d1:23:30:88:da:98:b2:12:0a:88:c2:af:3f:9a:
7a:0b:44:f9:1b:35:b5:94:ff:65:d5:d1:14:4a:5e:
c1:07:bf:c9:d7:fd:d8:b3:07:40:bc:d6:42:90:c1:
5d:f4:68:96:70:b5:24:10:f2:46:a3:f5:3c:c8:e0:
0b:95:eb:fc:1e:52:03:44:c6:98:88:ab:27:57:90:
6e:7c:31:71:d9:23:18:de:1f:b2:bd:3d:6b:ce:46:
99:4c:e9:59:b5:ae:99:8a:4f:20:5c:02:9f:c6:80:
a1:5c:88:ee:96:db:53:13:52:bd:9e:d9:75:bf:1e:
d3:e3:65:ba:7b:da:99:df:92:26:f6:13:7c:86:39:
83:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:47:0F:9E:72:D4:E2:C7:26:AA:CE:91:E5:41:BA:FD:1F:C8:CC:F2
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/HkcPnnLU4scmqs6R5UG6_R_IzPI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.107.20.0/24
86.107.52.0/24
89.42.9.0/24
89.44.108.0/24
89.47.255.0/24
92.114.39.0/24
92.114.52.0/24
188.215.70.0/23
188.240.202.0/23
188.241.134.0/23
Signature Algorithm: sha256WithRSAEncryption
50:a8:5c:a3:5a:13:e1:39:b0:a5:6a:9b:45:39:57:9f:67:27:
d8:7f:82:77:94:6a:dd:0f:48:b0:68:80:78:ad:1d:0e:c4:14:
d4:f4:4e:45:fe:a1:99:ba:8b:7e:d1:1f:ec:b6:a3:db:1e:d4:
e2:5e:5d:b6:d5:ab:ba:c1:45:4f:4b:10:d1:53:3a:98:f7:95:
79:0c:58:c6:b4:05:17:a3:b1:c1:a3:59:b1:9f:c9:a9:8e:0e:
99:df:9a:a8:ba:4a:91:04:2c:7e:8b:27:00:be:eb:72:8b:c7:
f3:ec:05:3c:f1:a8:fd:68:b6:68:6d:5b:c1:1f:fb:14:69:ca:
e0:47:4a:26:c6:a7:07:e1:98:26:88:68:d9:a1:8a:d5:c7:42:
ab:41:35:2f:37:1e:f2:71:60:34:ec:3f:4a:32:28:55:d0:8e:
84:54:18:b8:64:de:5e:ff:a3:44:ea:70:10:35:86:14:bb:02:
67:02:b0:da:a3:27:00:0c:16:07:43:a1:b5:20:69:db:96:cf:
f2:c5:cf:92:c9:77:a4:b9:5c:2a:e0:34:08:19:45:af:3a:7b:
2d:58:18:c6:be:5b:c8:d7:79:8d:e9:70:fc:1c:99:2a:91:2c:
f3:6d:b0:46:fd:0a:e7:57:e4:ce:46:23:f7:40:f9:f3:1d:b4:
d2:bd:ac:14
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYZBL/pk7Kkh77PiXKFCDnwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjMwMjExMTU1NTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQ3MGY5ZTcyZDRlMmM3MjZhYWNlOTFlNTQxYmFmZDFmYzhjY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1gHMdbUi9pYRKZjwonTggaieAmV
gZpsUnxwVJOz3zqM4ZB4LJk3qAoShvC3bV/A06RC5JAYIVHVH+Jc7CZBbx7hNT7p
EM2j+MKFwnZdFeHUKI/SPiD61xnNGCHdMNuwDO8pmelyn7ZQIToECMcgIREjN+kz
q86b0SMwiNqYshIKiMKvP5p6C0T5GzW1lP9l1dEUSl7BB7/J1/3YswdAvNZCkMFd
9GiWcLUkEPJGo/U8yOALlev8HlIDRMaYiKsnV5BufDFx2SMY3h+yvT1rzkaZTOlZ
ta6Zik8gXAKfxoChXIjulttTE1K9ntl1vx7T42W6e9qZ35Im9hN8hjmD2wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFB5HD55y1OLHJqrOkeVBuv0fyMzyMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvSGtjUG5uTFU0c2NtcXM2UjVVRzZfUl9JelBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVmsUAwQA
Vms0AwQAWSoJAwQAWSxsAwQAWS//AwQAXHInAwQAXHI0AwQBvNdGAwQBvPDKAwQB
vPGGMA0GCSqGSIb3DQEBCwUAA4IBAQBQqFyjWhPhObClaptFOVefZyfYf4J3lGrd
D0iwaIB4rR0OxBTU9E5F/qGZuot+0R/stqPbHtTiXl221au6wUVPSxDRUzqY95V5
DFjGtAUXo7HBo1mxn8mpjg6Z35qoukqRBCx+iycAvutyi8fz7AU88aj9aLZobVvB
H/sUacrgR0omxqcH4ZgmiGjZoYrVx0KrQTUvNx7ycWA07D9KMihV0I6EVBi4ZN5e
/6NE6nAQNYYUuwJnArDaoycADBYHQ6G1IGnbls/yxc+SyXekuVwq4DQIGUWvOnst
WBjGvlvI13mN6XD8HJkqkSzzbbBG/QrnV+TORiP3QPnzHbTSvawU
-----END CERTIFICATE-----
Generated at Fri Apr 18 06:38:47 2025 by rpki-client