Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/HrdhOofwzLdWgtb5rgDSfA_VbPY.roa
File: HrdhOofwzLdWgtb5rgDSfA_VbPY.roa (raw, json)
Hash identifier: lq9KF0BU6psSBkq/CDDO8wxaM2/xVSrBH7dleIerxtc=
Subject key identifier: 1E:B7:61:3A:87:F0:CC:B7:56:82:D6:F9:AE:00:D2:7C:0F:D5:6C:F6
Certificate issuer: /CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Certificate serial: 019205138343573EABEDAC7F3DFD5294542A
Authority key identifier: 02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/HrdhOofwzLdWgtb5rgDSfA_VbPY.roa
Signing time: Wed 18 Sep 2024 12:20:17 +0000
ROA not before: Wed 18 Sep 2024 12:20:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29676
IP address blocks: 109.224.192.0/20 maxlen: 20
109.224.216.0/22 maxlen: 22
109.224.220.0/23 maxlen: 23
109.224.222.0/24 maxlen: 24
109.224.233.0/24 maxlen: 24
109.224.244.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:05:13:83:43:57:3e:ab:ed:ac:7f:3d:fd:52:94:54:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02b980c10d7110f91fff9e0eceb639d9e75b35e2
Validity
Not Before: Sep 18 12:20:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1eb7613a87f0ccb75682d6f9ae00d27c0fd56cf6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:0d:85:f2:a5:8e:15:ff:3b:fb:11:48:1b:e3:
34:d0:d7:73:b8:84:fb:34:62:d4:b6:e0:88:6f:49:
8b:f3:c2:db:01:78:46:34:bc:4a:f4:68:92:a9:86:
cd:96:76:cd:44:8c:a7:91:98:92:8f:82:a5:91:7a:
0b:b7:59:b5:99:b5:79:b7:40:c6:2d:5f:8d:94:29:
cf:b8:24:94:4f:02:66:8c:89:fb:af:e3:29:e6:96:
33:7b:98:c2:e1:e9:1a:45:73:d3:03:4b:29:88:f5:
e5:62:98:d7:47:d7:9f:dc:9c:11:84:5b:9a:66:53:
d4:5a:c8:f6:e2:4b:79:8a:66:bc:37:67:2c:f3:a9:
63:99:7d:ba:a5:f6:bd:ff:de:bd:50:92:ed:ab:bd:
88:18:85:92:39:8a:17:cd:c4:7c:1e:22:fb:29:07:
e0:53:df:c9:0d:e7:c6:b4:8e:14:41:5e:47:b1:7b:
16:10:44:21:3a:80:0d:d7:c0:03:fc:85:e1:cb:68:
1b:37:93:d1:a5:87:a3:df:35:6f:1a:51:b6:3b:ee:
5c:8c:ef:a8:ff:2f:87:0c:c7:8d:61:24:2d:95:eb:
5e:1c:e9:e1:1e:3c:86:b5:30:c7:e6:50:f9:1f:90:
dd:d9:42:ff:00:f4:b9:86:c4:4c:b2:df:62:3a:6f:
73:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:B7:61:3A:87:F0:CC:B7:56:82:D6:F9:AE:00:D2:7C:0F:D5:6C:F6
X509v3 Authority Key Identifier:
keyid:02:B9:80:C1:0D:71:10:F9:1F:FF:9E:0E:CE:B6:39:D9:E7:5B:35:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ArmAwQ1xEPkf_54OzrY52edbNeI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/HrdhOofwzLdWgtb5rgDSfA_VbPY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a8947f-e52c-4de1-bade-70c0a506d797/1/ArmAwQ1xEPkf_54OzrY52edbNeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.224.192.0/20
109.224.216.0-109.224.222.255
109.224.233.0/24
109.224.244.0/22
Signature Algorithm: sha256WithRSAEncryption
09:2f:1f:3e:78:bd:79:f0:8c:ab:9a:09:07:04:f7:60:74:0c:
d0:49:02:b4:86:e0:42:ce:df:88:14:a0:9e:4b:a4:3a:24:0d:
2e:9d:34:82:53:65:8a:0f:6e:f2:5c:4b:f7:96:3d:6b:1d:e1:
10:04:d7:aa:20:ec:ab:97:b5:8f:4c:8e:22:94:d9:56:66:50:
41:53:be:da:ff:56:69:83:17:5a:8b:3c:53:95:6d:a6:fe:4c:
73:a6:1c:a8:46:05:4b:fb:b0:bb:b8:f2:ea:51:c5:3d:3a:73:
d5:b2:a3:ef:c1:c3:d8:65:01:1d:f6:7f:24:9a:6d:25:3a:d8:
80:56:ac:37:6c:34:e5:f6:6b:68:12:36:94:89:59:0a:43:a7:
48:94:93:57:ef:12:3f:a5:19:82:31:72:fd:40:c5:0a:3c:e6:
4c:ce:f6:2d:c4:e8:50:88:19:a8:44:3a:b2:14:df:5e:4f:c8:
cd:55:cb:93:01:e7:96:34:2a:b3:c1:88:bb:82:2d:56:c1:4c:
21:ea:e2:4a:20:7e:6d:c5:68:1b:ad:c5:69:dd:ea:ca:5f:0c:
6e:6d:a1:df:7d:86:ee:0d:f9:21:ef:b2:27:82:6a:cb:70:7d:
da:91:c7:cd:c6:3b:b3:22:5e:ff:2e:ed:8d:59:18:2b:6c:c1:
6e:bd:1b:20
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZIFE4NDVz6r7ax/Pf1SlFQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYjk4MGMxMGQ3MTEwZjkxZmZmOWUwZWNlYjYzOWQ5ZTc1
YjM1ZTIwHhcNMjQwOTE4MTIyMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWI3NjEzYTg3ZjBjY2I3NTY4MmQ2ZjlhZTAwZDI3YzBmZDU2Y2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQ2F8qWOFf87+xFIG+M00NdzuIT7
NGLUtuCIb0mL88LbAXhGNLxK9GiSqYbNlnbNRIynkZiSj4KlkXoLt1m1mbV5t0DG
LV+NlCnPuCSUTwJmjIn7r+Mp5pYze5jC4ekaRXPTA0spiPXlYpjXR9ef3JwRhFua
ZlPUWsj24kt5ima8N2cs86ljmX26pfa9/969UJLtq72IGIWSOYoXzcR8HiL7KQfg
U9/JDefGtI4UQV5HsXsWEEQhOoAN18AD/IXhy2gbN5PRpYej3zVvGlG2O+5cjO+o
/y+HDMeNYSQtleteHOnhHjyGtTDH5lD5H5Dd2UL/APS5hsRMst9iOm9ztwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFB63YTqH8My3VoLW+a4A0nwP1Wz2MB8GA1UdIwQY
MBaAFAK5gMENcRD5H/+eDs62OdnnWzXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUt
NzBjMGE1MDZkNzk3LzEvSHJkaE9vZnd6TGRXZ3RiNXJnRFNmQV9WYlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hODk0N2YtZTUyYy00ZGUxLWJhZGUtNzBjMGE1MDZkNzk3
LzEvQXJtQXdRMXhFUGtmXzU0T3pyWTUyZWRiTmVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQEbeDAMAwD
BANt4NgDBABt4N4DBABt4OkDBAJt4PQwDQYJKoZIhvcNAQELBQADggEBAAkvHz54
vXnwjKuaCQcE92B0DNBJArSG4ELO34gUoJ5LpDokDS6dNIJTZYoPbvJcS/eWPWsd
4RAE16og7KuXtY9MjiKU2VZmUEFTvtr/VmmDF1qLPFOVbab+THOmHKhGBUv7sLu4
8upRxT06c9Wyo+/Bw9hlAR32fySabSU62IBWrDdsNOX2a2gSNpSJWQpDp0iUk1fv
Ej+lGYIxcv1AxQo85kzO9i3E6FCIGahEOrIU315PyM1Vy5MB55Y0KrPBiLuCLVbB
TCHq4kogfm3FaButxWnd6spfDG5tod99hu4N+SHvsieCastwfdqRx83GO7MiXv8u
7Y1ZGCtswW69GyA=
-----END CERTIFICATE-----
Generated at Thu Sep 26 14:02:15 2024 by rpki-client on console-fra.rpki-client.org