Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/7v7gTq5M-gWAnXMu98IbOX23QxU.roa
File: 7v7gTq5M-gWAnXMu98IbOX23QxU.roa (raw, json)
Hash identifier: aSgTu599VL3rcjt/cFv7YoEt0X/aagOFEIHJS20q1AA=
Subject key identifier: EE:FE:E0:4E:AE:4C:FA:05:80:9D:73:2E:F7:C2:1B:39:7D:B7:43:15
Certificate issuer: /CN=1d53c2c8bb7364a553242f3f1773362227b30e94
Certificate serial: 018CC649AA78DC953CC17DE4BF0EF6764F78
Authority key identifier: 1D:53:C2:C8:BB:73:64:A5:53:24:2F:3F:17:73:36:22:27:B3:0E:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HVPCyLtzZKVTJC8_F3M2IiezDpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/7v7gTq5M-gWAnXMu98IbOX23QxU.roa
Signing time: Mon 01 Jan 2024 18:29:25 +0000
ROA not before: Mon 01 Jan 2024 18:29:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59545
IP address blocks: 109.205.192.0/24 maxlen: 24
109.205.192.0/23 maxlen: 24
109.205.196.0/23 maxlen: 24
109.205.193.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:49:aa:78:dc:95:3c:c1:7d:e4:bf:0e:f6:76:4f:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d53c2c8bb7364a553242f3f1773362227b30e94
Validity
Not Before: Jan 1 18:29:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=eefee04eae4cfa05809d732ef7c21b397db74315
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:05:98:91:e1:9a:cf:41:d1:d0:4b:5e:4c:3c:
63:bf:89:7f:69:d5:02:6e:d8:5a:88:6a:57:1d:9c:
c0:57:19:1b:39:4e:29:2c:4a:56:c2:fc:0c:39:c9:
05:bb:ca:43:b1:dd:72:9e:02:00:f1:4e:4a:24:ed:
37:06:06:91:ee:2b:ac:62:69:11:6b:9a:61:05:2e:
91:43:c0:6d:3d:00:36:22:a4:3a:ce:22:c4:92:00:
17:6c:eb:bf:3f:55:bb:f6:a6:63:a8:ef:26:51:1a:
2f:41:55:e8:4b:fe:03:b2:6b:ed:bd:94:55:9e:24:
76:9d:5a:cb:db:4f:5f:08:45:ff:34:81:8f:05:8a:
46:f9:24:ef:dc:c8:1b:6d:08:72:4f:ff:c3:ec:5e:
59:74:49:8f:45:bc:91:a6:0f:df:4b:8c:b3:7f:c9:
04:f8:c2:22:b5:a8:68:b1:dd:27:24:d1:9a:af:f5:
62:09:23:56:b3:fa:d6:9a:ad:60:c5:8b:18:e5:5d:
0e:a3:ea:4a:82:3f:1e:b1:aa:a3:f2:bc:9e:df:16:
d6:95:a4:23:f8:95:8f:4e:48:39:f9:08:6f:2f:e9:
80:5b:29:f3:69:3c:d6:d2:f5:11:3d:4b:0a:69:1c:
e2:46:9a:d7:1d:b1:b5:3b:12:48:e2:0a:d9:c7:07:
32:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:FE:E0:4E:AE:4C:FA:05:80:9D:73:2E:F7:C2:1B:39:7D:B7:43:15
X509v3 Authority Key Identifier:
keyid:1D:53:C2:C8:BB:73:64:A5:53:24:2F:3F:17:73:36:22:27:B3:0E:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HVPCyLtzZKVTJC8_F3M2IiezDpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/7v7gTq5M-gWAnXMu98IbOX23QxU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/HVPCyLtzZKVTJC8_F3M2IiezDpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.205.192.0/23
109.205.196.0/23
Signature Algorithm: sha256WithRSAEncryption
43:cb:d5:91:c3:ef:aa:05:91:7d:cb:71:67:ba:51:55:9a:2a:
57:78:97:d5:b5:e5:22:1c:4e:61:36:02:d1:cc:e2:e9:c3:b2:
18:67:b5:22:2c:65:79:13:ad:b2:22:e1:db:8e:c5:0a:3b:40:
e1:ce:11:4c:f9:64:9a:e6:40:3d:75:32:e5:1f:b0:b6:8f:23:
dc:6f:eb:ae:78:cd:98:93:8b:7d:1e:ef:12:8e:7b:f1:94:f3:
fc:77:1b:42:c7:b8:af:dc:77:08:6d:6c:a9:04:28:b4:a5:d5:
ae:94:41:f9:74:40:11:3d:5a:45:26:02:77:d7:3a:9a:b3:81:
4a:32:1a:9d:84:64:75:75:57:a1:24:41:c0:f3:9a:a2:07:39:
f7:40:fb:7d:f6:ec:34:34:25:3c:88:04:81:ac:ed:de:ec:46:
d0:c3:b3:b0:7e:56:cb:87:3f:03:d9:8e:e7:6b:bc:9d:77:ea:
b4:fb:5e:8e:21:04:61:33:d7:0e:8a:f0:4b:0d:c6:d6:ea:b6:
ad:22:22:0d:cb:42:a8:31:42:02:6b:82:2c:cc:62:16:33:a8:
15:5b:e1:ba:fe:02:30:87:a6:32:46:2d:6c:cf:67:73:ae:11:
39:85:0d:cb:ed:88:6d:17:cc:d5:18:b0:84:d3:25:4c:8a:eb:
c8:32:96:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSap43JU8wX3kvw72dk94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNTNjMmM4YmI3MzY0YTU1MzI0MmYzZjE3NzMzNjIyMjdi
MzBlOTQwHhcNMjQwMTAxMTgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWZlZTA0ZWFlNGNmYTA1ODA5ZDczMmVmN2MyMWIzOTdkYjc0MzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwWYkeGaz0HR0EteTDxjv4l/adUC
bthaiGpXHZzAVxkbOU4pLEpWwvwMOckFu8pDsd1yngIA8U5KJO03BgaR7iusYmkR
a5phBS6RQ8BtPQA2IqQ6ziLEkgAXbOu/P1W79qZjqO8mURovQVXoS/4DsmvtvZRV
niR2nVrL209fCEX/NIGPBYpG+STv3MgbbQhyT//D7F5ZdEmPRbyRpg/fS4yzf8kE
+MIitahosd0nJNGar/ViCSNWs/rWmq1gxYsY5V0Oo+pKgj8esaqj8rye3xbWlaQj
+JWPTkg5+QhvL+mAWynzaTzW0vURPUsKaRziRprXHbG1OxJI4grZxwcyQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO7+4E6uTPoFgJ1zLvfCGzl9t0MVMB8GA1UdIwQY
MBaAFB1Twsi7c2SlUyQvPxdzNiInsw6UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFZQQ3lMdHpaS1ZUSkM4X0YzTTJJaWV6RHBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xNDdmZTAtZmI1MC00ZTg0LWJjYTQt
MTM1ZjQ5N2MzMjY0LzEvN3Y3Z1RxNU0tZ1dBblhNdTk4SWJPWDIzUXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xNDdmZTAtZmI1MC00ZTg0LWJjYTQtMTM1ZjQ5N2MzMjY0
LzEvSFZQQ3lMdHpaS1ZUSkM4X0YzTTJJaWV6RHBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbc3AAwQB
bc3EMA0GCSqGSIb3DQEBCwUAA4IBAQBDy9WRw++qBZF9y3FnulFVmipXeJfVteUi
HE5hNgLRzOLpw7IYZ7UiLGV5E62yIuHbjsUKO0DhzhFM+WSa5kA9dTLlH7C2jyPc
b+uueM2Yk4t9Hu8SjnvxlPP8dxtCx7iv3HcIbWypBCi0pdWulEH5dEARPVpFJgJ3
1zqas4FKMhqdhGR1dVehJEHA85qiBzn3QPt99uw0NCU8iASBrO3e7EbQw7OwflbL
hz8D2Y7na7ydd+q0+16OIQRhM9cOivBLDcbW6ratIiINy0KoMUICa4IszGIWM6gV
W+G6/gIwh6YyRi1sz2dzrhE5hQ3L7YhtF8zVGLCE0yVMiuvIMpZX
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:12:54 2025 by rpki-client