Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/tLdD4ZP6boDdtHsEhzDe85d64Zo.roa
File: tLdD4ZP6boDdtHsEhzDe85d64Zo.roa (raw, json)
Hash identifier: 0WXj+oKopsE7flQOQJ+TmUXV8V8+0UbSHZhxIRF5ogQ=
Subject key identifier: B4:B7:43:E1:93:FA:6E:80:DD:B4:7B:04:87:30:DE:F3:97:7A:E1:9A
Certificate issuer: /CN=1d53c2c8bb7364a553242f3f1773362227b30e94
Certificate serial: 02DBF2
Authority key identifier: 1D:53:C2:C8:BB:73:64:A5:53:24:2F:3F:17:73:36:22:27:B3:0E:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HVPCyLtzZKVTJC8_F3M2IiezDpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/tLdD4ZP6boDdtHsEhzDe85d64Zo.roa
Signing time: Mon 30 May 2022 13:13:14 +0000
ROA not before: Mon 30 May 2022 13:13:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59545
IP address blocks: 109.205.192.0/24 maxlen: 24
109.205.192.0/21 maxlen: 24
109.205.193.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 187378 (0x2dbf2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d53c2c8bb7364a553242f3f1773362227b30e94
Validity
Not Before: May 30 13:13:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b4b743e193fa6e80ddb47b048730def3977ae19a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:8d:9f:fc:64:e9:59:af:63:8e:fa:16:cc:ec:
d8:52:e1:4d:6c:79:b3:38:07:cd:77:e7:26:57:a2:
6a:6a:94:e1:7e:55:2e:22:65:d2:b6:32:8c:56:7c:
a6:d6:b6:cd:22:1a:05:cc:a1:81:b0:b1:a8:dc:19:
6e:45:35:c3:0f:32:e5:ac:0e:12:57:2c:19:d9:ba:
f3:b7:ba:0e:a7:fa:4e:e0:05:9d:e4:72:23:72:ab:
c8:f9:03:0a:ca:b5:c5:34:6a:90:d6:96:77:1f:16:
d5:61:c8:4c:8e:c1:dd:85:b2:43:2c:2a:e1:22:bb:
68:c4:7c:6e:da:b3:d8:7c:cb:55:ae:98:83:2a:97:
94:e2:68:6a:a6:eb:9c:50:21:07:64:0a:97:30:a7:
66:74:14:af:f9:30:f5:e1:66:74:c9:21:ca:07:f3:
63:92:fb:80:45:db:b5:1e:75:8a:32:e1:c7:39:b1:
d8:d2:fe:29:a0:17:95:4f:eb:d3:a0:26:f8:5a:71:
66:97:a3:8d:84:df:35:b2:aa:eb:1b:60:84:b5:5f:
12:ec:25:7e:e6:1f:7f:f5:2b:1d:35:99:ac:3e:03:
dd:f2:46:96:22:3c:d0:77:96:0d:67:ce:90:41:40:
a3:b7:29:66:27:1e:e7:02:d0:16:b1:22:ab:6a:7e:
b1:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:B7:43:E1:93:FA:6E:80:DD:B4:7B:04:87:30:DE:F3:97:7A:E1:9A
X509v3 Authority Key Identifier:
keyid:1D:53:C2:C8:BB:73:64:A5:53:24:2F:3F:17:73:36:22:27:B3:0E:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HVPCyLtzZKVTJC8_F3M2IiezDpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/tLdD4ZP6boDdtHsEhzDe85d64Zo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/147fe0-fb50-4e84-bca4-135f497c3264/1/HVPCyLtzZKVTJC8_F3M2IiezDpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.205.192.0/21
Signature Algorithm: sha256WithRSAEncryption
1f:2a:14:61:2c:e7:1b:19:a5:57:a0:b2:cb:4f:ca:87:cc:a5:
42:22:e2:b5:78:59:dd:95:b0:13:32:e3:15:fa:6c:fd:22:d1:
6e:6c:93:a9:e0:bd:cd:73:0f:f9:a9:5c:a9:2c:89:9a:a8:9d:
2f:50:e2:5d:7d:af:88:62:a3:23:8a:34:98:c8:b9:e3:68:f0:
87:66:f5:70:24:6a:26:33:d8:0c:2a:b1:b9:34:b6:c8:9b:c3:
97:de:36:3b:9e:63:dc:03:3c:21:c1:30:11:8f:c6:76:c4:a7:
27:04:61:3a:26:02:29:ad:9a:7b:b9:c2:f6:96:49:10:97:2d:
af:bc:fe:9c:c6:4f:33:30:37:13:b5:7d:1d:bd:f8:9c:11:95:
0b:ed:fc:25:72:8a:9f:fb:9a:70:e2:e9:cb:06:e5:ae:f3:06:
08:5c:26:fa:e3:16:67:76:ab:c4:36:bc:06:79:93:89:df:c1:
19:c9:37:86:db:70:7f:c0:07:02:99:68:56:38:6b:6b:54:39:
01:ec:40:74:6f:49:1d:9a:c2:a8:ff:a2:bd:36:80:23:95:8d:
3b:d0:01:b3:21:75:82:42:02:5b:c3:51:5d:4b:5b:72:c2:e8:
40:41:38:42:ac:df:8b:f3:ba:ec:f3:57:39:c7:4b:42:9c:25:
9c:8f:9c:c4
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIDAtvyMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDFk
NTNjMmM4YmI3MzY0YTU1MzI0MmYzZjE3NzMzNjIyMjdiMzBlOTQwHhcNMjIwNTMw
MTMxMzE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiNGI3NDNlMTkzZmE2
ZTgwZGRiNDdiMDQ4NzMwZGVmMzk3N2FlMTlhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAt42f/GTpWa9jjvoWzOzYUuFNbHmzOAfNd+cmV6JqapThflUu
ImXStjKMVnym1rbNIhoFzKGBsLGo3BluRTXDDzLlrA4SVywZ2brzt7oOp/pO4AWd
5HIjcqvI+QMKyrXFNGqQ1pZ3HxbVYchMjsHdhbJDLCrhIrtoxHxu2rPYfMtVrpiD
KpeU4mhqpuucUCEHZAqXMKdmdBSv+TD14WZ0ySHKB/NjkvuARdu1HnWKMuHHObHY
0v4poBeVT+vToCb4WnFml6ONhN81sqrrG2CEtV8S7CV+5h9/9SsdNZmsPgPd8kaW
IjzQd5YNZ86QQUCjtylmJx7nAtAWsSKran6x2QIDAQABo4ICCTCCAgUwHQYDVR0O
BBYEFLS3Q+GT+m6A3bR7BIcw3vOXeuGaMB8GA1UdIwQYMBaAFB1Twsi7c2SlUyQv
PxdzNiInsw6UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
SFZQQ3lMdHpaS1ZUSkM4X0YzTTJJaWV6RHBRLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9mMC8xNDdmZTAtZmI1MC00ZTg0LWJjYTQtMTM1ZjQ5N2MzMjY0LzEv
dExkRDRaUDZib0RkdEhzRWh6RGU4NWQ2NFpvLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8x
NDdmZTAtZmI1MC00ZTg0LWJjYTQtMTM1ZjQ5N2MzMjY0LzEvSFZQQ3lMdHpaS1ZU
SkM4X0YzTTJJaWV6RHBRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbc3AMA0GCSqGSIb3DQEBCwUAA4IB
AQAfKhRhLOcbGaVXoLLLT8qHzKVCIuK1eFndlbATMuMV+mz9ItFubJOp4L3Ncw/5
qVypLImaqJ0vUOJdfa+IYqMjijSYyLnjaPCHZvVwJGomM9gMKrG5NLbIm8OX3jY7
nmPcAzwhwTARj8Z2xKcnBGE6JgIprZp7ucL2lkkQly2vvP6cxk8zMDcTtX0dvfic
EZUL7fwlcoqf+5pw4unLBuWu8wYIXCb64xZndqvENrwGeZOJ38EZyTeG23B/wAcC
mWhWOGtrVDkB7EB0b0kdmsKo/6K9NoAjlY070AGzIXWCQgJbw1FdS1tywuhAQThC
rN+L87rs81c5x0tCnCWcj5zE
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:35:36 2025 by rpki-client