Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HXbiMehZ0jlEbrGm6Rz8liPy5nU.roa
File: HXbiMehZ0jlEbrGm6Rz8liPy5nU.roa (raw, json)
Hash identifier: wOq9r5kiCI8+/e28Bl1tAnZvDkLnTtw3OVNA3kfafU8=
Subject key identifier: 1D:76:E2:31:E8:59:D2:39:44:6E:B1:A6:E9:1C:FC:96:23:F2:E6:75
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018683D89809A4EB8F1C9481FAC0BD75E5D6
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HXbiMehZ0jlEbrGm6Rz8liPy5nU.roa
Signing time: Fri 24 Feb 2023 14:34:15 +0000
ROA not before: Fri 24 Feb 2023 14:34:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42864
IP address blocks: 178.210.224.0/22 maxlen: 24
193.138.125.0/24 maxlen: 24
178.248.200.0/21 maxlen: 21
45.9.171.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.169.0/24 maxlen: 24
77.242.145.0/24 maxlen: 24
77.242.144.0/24 maxlen: 24
77.242.151.0/24 maxlen: 24
77.242.148.0/24 maxlen: 24
77.242.147.0/24 maxlen: 24
77.242.146.0/24 maxlen: 24
88.209.192.0/21 maxlen: 24
77.242.158.0/24 maxlen: 24
77.242.157.0/24 maxlen: 24
77.242.156.0/24 maxlen: 24
92.52.219.0/24 maxlen: 24
45.88.93.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.8.0/24 maxlen: 24
92.52.212.0/22 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.209.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:83:d8:98:09:a4:eb:8f:1c:94:81:fa:c0:bd:75:e5:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Feb 24 14:34:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1d76e231e859d239446eb1a6e91cfc9623f2e675
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ef:ad:4c:44:4c:12:02:f2:1d:19:4c:66:ad:
fc:9c:d7:f2:d6:60:e5:52:a8:06:f7:db:90:f0:b4:
6c:9b:0e:f2:b2:7c:91:e0:9a:62:50:f5:1a:07:a4:
a6:f0:89:76:b0:49:e9:0f:3e:e4:97:08:6d:28:6e:
7b:a2:7c:71:5b:3b:5c:26:88:43:97:c3:9d:28:a7:
3b:8b:17:58:7f:28:39:f9:0e:d8:4a:7b:72:05:18:
bd:84:d3:45:20:a8:c0:62:0c:e1:10:3f:9e:f5:5c:
d7:af:bb:2b:d2:43:75:8f:72:57:5f:e2:75:48:5c:
52:9f:cc:4c:2d:46:49:5b:b1:d3:56:c0:4f:26:6f:
c1:eb:70:00:af:3e:62:96:77:e2:7a:e9:9e:f5:a8:
c7:3e:d7:f5:58:3b:9c:e1:3c:2e:f0:8c:04:d3:7a:
62:46:15:6c:01:4d:1b:2f:46:58:a5:d8:d2:1b:2a:
eb:9c:d2:43:c3:90:a6:a6:d0:a8:f6:46:e8:df:83:
fe:f4:87:99:db:bf:bb:bd:f9:60:05:7d:be:bf:bf:
50:42:26:0a:6d:fb:ce:34:fb:78:e2:e6:9b:0f:0d:
34:3d:fb:2a:ae:2e:14:32:41:38:67:9b:df:36:58:
ac:23:d7:31:92:4f:49:a1:72:04:ea:20:3d:d1:3c:
39:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:76:E2:31:E8:59:D2:39:44:6E:B1:A6:E9:1C:FC:96:23:F2:E6:75
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HXbiMehZ0jlEbrGm6Rz8liPy5nU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.169.0-45.9.171.255
45.14.8.0/24
45.14.10.0/24
45.88.93.0/24
77.242.144.0-77.242.148.255
77.242.151.0/24
77.242.156.0-77.242.158.255
88.209.192.0/21
92.52.208.0/21
92.52.219.0/24
178.210.224.0/22
178.248.200.0/21
193.138.125.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:34:df:f8:86:4b:3e:82:35:a3:2b:11:b4:81:fa:19:91:25:
69:f6:82:e8:0a:91:73:71:c6:b2:86:51:3b:68:f5:ca:34:8a:
50:63:75:30:8a:e2:34:48:eb:bf:44:96:c3:f4:e1:f4:bc:a4:
87:28:38:62:98:5a:ff:f6:d0:26:de:0a:b1:d5:d6:82:5b:06:
d6:e6:38:38:a0:2d:7b:97:ab:f0:7b:71:a2:85:24:2d:b7:d3:
02:ec:a8:f1:30:ca:be:1b:75:f0:27:89:d2:18:5f:44:c6:5c:
7f:d7:30:c3:d3:36:dd:c5:a4:97:21:13:6c:63:40:17:08:a6:
db:1b:2c:7a:ef:7f:c9:3d:75:d0:72:0d:d2:07:64:a5:32:cc:
1c:49:1e:5b:14:24:c7:04:a0:f3:c8:69:9f:c5:17:f9:9d:08:
7d:c2:22:22:77:d8:d5:8f:23:6b:84:3d:c4:13:a5:d7:11:f3:
5a:3d:22:29:cb:6f:57:07:3f:11:e8:a7:82:1b:2b:e3:1d:a9:
07:5b:1b:46:57:b4:fa:be:11:b1:cb:ac:5c:57:4e:9a:8f:60:
f5:59:9d:aa:97:bc:ad:8c:43:9e:6b:84:63:7c:f5:66:a1:6f:
b7:11:ef:39:d5:e2:e2:57:d1:ca:ea:49:13:68:20:0f:7c:1d:
3c:fa:23:1c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYaD2JgJpOuPHJSB+sC9deXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwMjI0MTQzNDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDc2ZTIzMWU4NTlkMjM5NDQ2ZWIxYTZlOTFjZmM5NjIzZjJlNjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO+tTERMEgLyHRlMZq38nNfy1mDl
UqgG99uQ8LRsmw7ysnyR4JpiUPUaB6Sm8Il2sEnpDz7klwhtKG57onxxWztcJohD
l8OdKKc7ixdYfyg5+Q7YSntyBRi9hNNFIKjAYgzhED+e9VzXr7sr0kN1j3JXX+J1
SFxSn8xMLUZJW7HTVsBPJm/B63AArz5ilnfieume9ajHPtf1WDuc4Twu8IwE03pi
RhVsAU0bL0ZYpdjSGyrrnNJDw5CmptCo9kbo34P+9IeZ27+7vflgBX2+v79QQiYK
bfvONPt44uabDw00Pfsqri4UMkE4Z5vfNlisI9cxkk9JoXIE6iA90Tw5tQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFB124jHoWdI5RG6xpukc/JYj8uZ1MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvSFhiaU1laFowamxFYnJHbTZSejhsaVB5NW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmMAwDBAAtCakD
BAItCagDBAAtDggDBAAtDgoDBAAtWF0wDAMEBE3ykAMEAE3ylAMEAE3ylzAMAwQC
TfKcAwQATfKeAwQDWNHAAwQDXDTQAwQAXDTbAwQCstLgAwQDsvjIAwQAwYp9MA0G
CSqGSIb3DQEBCwUAA4IBAQAPNN/4hks+gjWjKxG0gfoZkSVp9oLoCpFzccayhlE7
aPXKNIpQY3UwiuI0SOu/RJbD9OH0vKSHKDhimFr/9tAm3gqx1daCWwbW5jg4oC17
l6vwe3GihSQtt9MC7KjxMMq+G3XwJ4nSGF9Exlx/1zDD0zbdxaSXIRNsY0AXCKbb
Gyx673/JPXXQcg3SB2SlMswcSR5bFCTHBKDzyGmfxRf5nQh9wiIid9jVjyNrhD3E
E6XXEfNaPSIpy29XBz8R6KeCGyvjHakHWxtGV7T6vhGxy6xcV06aj2D1WZ2ql7yt
jEOea4RjfPVmoW+3Ee851eLiV9HK6kkTaCAPfB08+iMc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org