Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/cHAjEk4LCyW1LzjpqK7plhQ8yBM.roa
File: cHAjEk4LCyW1LzjpqK7plhQ8yBM.roa (raw, json)
Hash identifier: ErLJB7ogeDxb2rXGzoexAcRYhF1MZp7WixARDS7dJcM=
Subject key identifier: 70:70:23:12:4E:0B:0B:25:B5:2F:38:E9:A8:AE:E9:96:14:3C:C8:13
Certificate issuer: /CN=1d53c2c8bb7364a553242f3f1773362227b30e94
Certificate serial: 0182EEAC8F3465A1E0CA306B85DD9BCC2CDE
Authority key identifier: 1D:53:C2:C8:BB:73:64:A5:53:24:2F:3F:17:73:36:22:27:B3:0E:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HVPCyLtzZKVTJC8_F3M2IiezDpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/cHAjEk4LCyW1LzjpqK7plhQ8yBM.roa
Signing time: Tue 30 Aug 2022 12:14:22 +0000
ROA not before: Tue 30 Aug 2022 12:14:22 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59545
IP address blocks: 109.205.192.0/24 maxlen: 24
109.205.192.0/23 maxlen: 24
109.205.196.0/23 maxlen: 24
109.205.193.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:ee:ac:8f:34:65:a1:e0:ca:30:6b:85:dd:9b:cc:2c:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d53c2c8bb7364a553242f3f1773362227b30e94
Validity
Not Before: Aug 30 12:14:22 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=707023124e0b0b25b52f38e9a8aee996143cc813
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:ab:f4:5e:23:cd:cc:23:a8:66:fd:64:f9:dd:
b5:0a:7f:fe:92:43:a2:c0:e0:d2:33:bd:76:fa:da:
04:37:84:de:95:3d:2f:9b:9f:ee:ff:f8:16:6a:91:
cb:f0:5d:1d:7b:66:f1:13:c9:47:f3:8e:1d:8e:e1:
9b:5f:cb:96:b4:71:eb:4c:dc:21:a3:dd:4e:0e:59:
18:62:e9:f6:cb:b5:09:44:f0:96:19:a5:14:52:94:
e3:fe:27:9a:17:26:e4:ef:78:ef:1e:18:32:ff:c8:
65:50:35:ad:fd:2d:7b:73:e1:17:15:02:f9:5f:ff:
76:9d:dc:82:30:85:a8:a2:86:14:bb:23:6e:b2:73:
0d:e4:6e:2b:21:35:21:13:9f:f4:2d:41:84:bd:fe:
44:e8:19:42:79:3f:fe:63:46:fd:f2:67:b5:bf:66:
17:90:ff:a8:37:e3:36:fd:42:0f:dc:f8:f2:84:da:
a7:21:19:c1:4f:1d:bf:ae:21:c0:ad:1e:18:1c:08:
cf:08:bb:72:40:0c:26:11:81:9a:c7:74:73:2f:37:
84:7d:57:c9:2c:a5:59:db:13:83:5f:36:63:85:78:
ec:aa:03:a2:a0:6f:1e:01:96:c9:df:92:d5:77:bf:
a0:3d:65:93:b3:37:4c:f9:f9:e4:03:6e:0e:02:99:
44:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:70:23:12:4E:0B:0B:25:B5:2F:38:E9:A8:AE:E9:96:14:3C:C8:13
X509v3 Authority Key Identifier:
keyid:1D:53:C2:C8:BB:73:64:A5:53:24:2F:3F:17:73:36:22:27:B3:0E:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HVPCyLtzZKVTJC8_F3M2IiezDpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/cHAjEk4LCyW1LzjpqK7plhQ8yBM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/HVPCyLtzZKVTJC8_F3M2IiezDpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.205.192.0/23
109.205.196.0/23
Signature Algorithm: sha256WithRSAEncryption
14:28:fb:e6:c9:f8:6c:6e:52:78:d6:78:2a:5b:df:82:be:72:
84:f4:02:9e:ed:d9:6f:56:af:e9:90:c3:f7:08:28:11:cc:af:
60:b5:86:9f:77:61:99:68:2b:c0:0a:6d:39:3a:52:3c:05:1c:
d1:c6:62:ca:4e:0b:12:f0:55:90:59:ce:99:57:9e:b0:94:bd:
f7:a2:b8:fd:1f:b3:43:10:6f:c5:cb:aa:c0:e3:97:16:42:2a:
70:a1:84:f7:a7:39:f6:20:e0:c7:e1:bc:06:d2:8a:0a:d9:c0:
35:ac:52:49:04:2f:5a:59:06:27:47:40:b6:57:4b:c8:15:60:
2c:f2:f1:cf:55:4f:9b:a6:da:f6:04:d7:13:bc:fa:4f:36:68:
38:07:ae:d2:ba:f6:54:fc:58:45:73:cc:28:54:c2:89:7e:a7:
8b:b9:1f:fa:28:ff:4b:18:3b:a2:27:6f:5b:fd:35:71:32:e8:
51:36:1b:7c:fe:33:01:08:16:1f:d6:ce:f1:8b:b8:ce:3f:aa:
84:f6:14:72:6c:90:67:1a:31:9f:b5:c2:65:39:9d:3f:97:36:
38:78:a6:44:5f:a1:9b:31:9c:69:e0:19:fe:ed:0f:9c:b4:68:
21:60:98:cf:1a:00:69:f5:ba:ff:c5:34:b4:a6:c4:8f:d8:99:
ac:37:dd:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYLurI80ZaHgyjBrhd2bzCzeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNTNjMmM4YmI3MzY0YTU1MzI0MmYzZjE3NzMzNjIyMjdi
MzBlOTQwHhcNMjIwODMwMTIxNDIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDcwMjMxMjRlMGIwYjI1YjUyZjM4ZTlhOGFlZTk5NjE0M2NjODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKv0XiPNzCOoZv1k+d21Cn/+kkOi
wODSM712+toEN4TelT0vm5/u//gWapHL8F0de2bxE8lH844djuGbX8uWtHHrTNwh
o91ODlkYYun2y7UJRPCWGaUUUpTj/ieaFybk73jvHhgy/8hlUDWt/S17c+EXFQL5
X/92ndyCMIWoooYUuyNusnMN5G4rITUhE5/0LUGEvf5E6BlCeT/+Y0b98me1v2YX
kP+oN+M2/UIP3PjyhNqnIRnBTx2/riHArR4YHAjPCLtyQAwmEYGax3RzLzeEfVfJ
LKVZ2xODXzZjhXjsqgOioG8eAZbJ35LVd7+gPWWTszdM+fnkA24OAplEnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHBwIxJOCwsltS846aiu6ZYUPMgTMB8GA1UdIwQY
MBaAFB1Twsi7c2SlUyQvPxdzNiInsw6UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFZQQ3lMdHpaS1ZUSkM4X0YzTTJJaWV6RHBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xNDdmZTAtZmI1MC00ZTg0LWJjYTQt
MTM1ZjQ5N2MzMjY0LzEvY0hBakVrNExDeVcxTHpqcHFLN3BsaFE4eUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xNDdmZTAtZmI1MC00ZTg0LWJjYTQtMTM1ZjQ5N2MzMjY0
LzEvSFZQQ3lMdHpaS1ZUSkM4X0YzTTJJaWV6RHBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbc3AAwQB
bc3EMA0GCSqGSIb3DQEBCwUAA4IBAQAUKPvmyfhsblJ41ngqW9+CvnKE9AKe7dlv
Vq/pkMP3CCgRzK9gtYafd2GZaCvACm05OlI8BRzRxmLKTgsS8FWQWc6ZV56wlL33
orj9H7NDEG/Fy6rA45cWQipwoYT3pzn2IODH4bwG0ooK2cA1rFJJBC9aWQYnR0C2
V0vIFWAs8vHPVU+bptr2BNcTvPpPNmg4B67SuvZU/FhFc8woVMKJfqeLuR/6KP9L
GDuiJ29b/TVxMuhRNht8/jMBCBYf1s7xi7jOP6qE9hRybJBnGjGftcJlOZ0/lzY4
eKZEX6GbMZxp4Bn+7Q+ctGghYJjPGgBp9br/xTS0psSP2JmsN93f
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:51:51 2024 by rpki-client on console-ams.rpki-client.org