Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/HbdTij79MT-CpAwrtRzdEBukgTI.roa
File: HbdTij79MT-CpAwrtRzdEBukgTI.roa (raw, json)
Hash identifier: wez7DMkaS9SvXyFophUrdGKLNOzpxuczQ6fuDLkheI8=
Subject key identifier: 1D:B7:53:8A:3E:FD:31:3F:82:A4:0C:2B:B5:1C:DD:10:1B:A4:81:32
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0189D32FE589C21E2C458442E3CEF95C874E
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/HbdTij79MT-CpAwrtRzdEBukgTI.roa
Signing time: Tue 08 Aug 2023 03:27:58 +0000
ROA not before: Tue 08 Aug 2023 03:27:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 37.153.132.0/24 maxlen: 24
188.240.83.0/24 maxlen: 24
84.247.20.0/24 maxlen: 24
89.37.106.0/24 maxlen: 24
91.250.244.0/24 maxlen: 24
62.112.30.0/24 maxlen: 24
89.44.210.0/24 maxlen: 24
89.36.231.0/24 maxlen: 24
46.102.174.0/24 maxlen: 24
89.37.128.0/24 maxlen: 24
93.114.69.0/24 maxlen: 24
89.40.43.0/24 maxlen: 24
176.223.190.0/24 maxlen: 24
188.211.249.0/24 maxlen: 24
94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d3:2f:e5:89:c2:1e:2c:45:84:42:e3:ce:f9:5c:87:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Aug 8 03:27:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1db7538a3efd313f82a40c2bb51cdd101ba48132
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:73:e0:b5:9a:13:20:df:87:a9:4f:42:85:2f:
01:c6:51:0b:02:74:3f:7e:35:84:e8:b0:d5:e5:9c:
9b:2a:a7:6f:76:cd:33:e4:ec:13:94:eb:6b:f5:ac:
de:bd:f2:79:e7:16:0c:c3:94:00:ae:ae:05:76:c7:
76:92:bb:58:3b:a9:02:a0:96:b8:a1:6b:8a:0c:c4:
9c:0a:3e:5f:62:aa:8a:21:71:f7:ce:e8:0e:c3:e9:
fb:9d:9e:10:58:95:ef:a3:ba:03:68:da:ab:29:68:
ba:7e:b0:ce:1c:90:92:b6:d7:8b:78:43:ba:5e:c8:
d2:83:c7:29:d2:a0:79:67:fd:d2:b8:e7:99:37:1b:
dc:a0:60:84:fc:69:68:62:8b:91:18:37:b8:8b:7b:
7c:1b:18:55:3f:fd:28:ce:6a:6b:59:e9:b5:a1:ca:
38:b5:35:5a:b4:cd:59:bc:e2:95:f8:df:f3:9e:04:
0a:a2:1c:6f:4e:8d:93:25:87:72:b1:42:e0:23:80:
ce:7d:ef:a8:4a:fe:80:82:ca:27:c3:c2:b8:f1:b8:
b9:78:9f:88:41:ee:92:e6:e5:91:96:9a:b4:eb:2c:
c3:3f:48:15:7a:75:b7:50:74:ee:08:cd:b6:00:3d:
e4:97:7e:6b:b5:4e:4a:f4:37:ce:02:b6:cf:bb:4b:
af:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:B7:53:8A:3E:FD:31:3F:82:A4:0C:2B:B5:1C:DD:10:1B:A4:81:32
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/HbdTij79MT-CpAwrtRzdEBukgTI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.153.132.0/24
46.102.174.0/24
62.112.30.0/24
84.247.20.0/24
89.36.231.0/24
89.37.106.0/24
89.37.128.0/24
89.40.43.0/24
89.44.210.0/24
91.250.244.0/24
93.114.69.0/24
94.177.113.0/24
94.177.118.0/24
176.223.190.0/24
188.211.249.0/24
188.240.83.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:09:e5:3f:a0:de:3f:3b:66:52:c8:78:8f:29:51:e1:27:3a:
b3:7a:fb:cd:99:c6:53:41:12:41:c8:fe:85:ef:e8:4a:bf:db:
6d:af:b0:b3:f9:02:5e:e7:79:c4:d5:4a:56:a1:23:64:03:7d:
b5:88:fb:00:da:b4:cf:97:be:a6:34:68:97:69:e6:a7:a1:4c:
29:cc:6a:3b:70:fe:69:84:a7:93:e4:a6:46:a9:96:a8:c0:5b:
7f:e5:00:c4:d0:52:d9:d8:37:47:91:29:b6:f0:d2:86:67:cc:
d7:fd:b4:46:3e:cf:a5:c6:bf:44:88:d3:9d:e9:93:c5:a7:76:
96:35:fa:92:3d:dc:f2:eb:71:12:a1:37:6c:d8:bc:f0:8a:d3:
d7:23:d8:29:97:a2:3a:eb:3e:14:e7:ba:b6:d8:4c:79:b4:ae:
48:6b:b6:55:00:7f:da:bf:e7:33:1d:62:99:81:fd:e8:6e:a4:
2c:d4:be:dd:2f:19:31:fd:6a:9b:11:cd:a1:d0:67:f6:f2:31:
4f:48:ca:11:8c:d0:97:fa:35:3a:a2:66:e2:4e:b2:86:61:53:
a4:bb:bc:e2:91:4d:9f:6b:5d:8d:e2:1f:14:ec:51:23:96:bc:
38:f0:68:4d:b6:af:16:11:2b:91:c3:e0:b4:83:24:ff:c4:0b:
25:90:b1:aa
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYnTL+WJwh4sRYRC4875XIdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwODA4MDMyNzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI3NTM4YTNlZmQzMTNmODJhNDBjMmJiNTFjZGQxMDFiYTQ4MTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3PgtZoTIN+HqU9ChS8BxlELAnQ/
fjWE6LDV5ZybKqdvds0z5OwTlOtr9azevfJ55xYMw5QArq4Fdsd2krtYO6kCoJa4
oWuKDMScCj5fYqqKIXH3zugOw+n7nZ4QWJXvo7oDaNqrKWi6frDOHJCStteLeEO6
XsjSg8cp0qB5Z/3SuOeZNxvcoGCE/GloYouRGDe4i3t8GxhVP/0ozmprWem1oco4
tTVatM1ZvOKV+N/zngQKohxvTo2TJYdysULgI4DOfe+oSv6Agsonw8K48bi5eJ+I
Qe6S5uWRlpq06yzDP0gVenW3UHTuCM22AD3kl35rtU5K9DfOArbPu0uvgwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFB23U4o+/TE/gqQMK7Uc3RAbpIEyMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvSGJkVGlqNzlNVC1DcEF3cnRSemRFQnVrZ1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQAJZmEAwQA
LmauAwQAPnAeAwQAVPcUAwQAWSTnAwQAWSVqAwQAWSWAAwQAWSgrAwQAWSzSAwQA
W/r0AwQAXXJFAwQAXrFxAwQAXrF2AwQAsN++AwQAvNP5AwQAvPBTMA0GCSqGSIb3
DQEBCwUAA4IBAQAOCeU/oN4/O2ZSyHiPKVHhJzqzevvNmcZTQRJByP6F7+hKv9tt
r7Cz+QJe53nE1UpWoSNkA321iPsA2rTPl76mNGiXaeanoUwpzGo7cP5phKeT5KZG
qZaowFt/5QDE0FLZ2DdHkSm28NKGZ8zX/bRGPs+lxr9EiNOd6ZPFp3aWNfqSPdzy
63ESoTds2LzwitPXI9gpl6I66z4U57q22Ex5tK5Ia7ZVAH/av+czHWKZgf3obqQs
1L7dLxkx/WqbEc2h0Gf28jFPSMoRjNCX+jU6ombiTrKGYVOku7zikU2fa12N4h8U
7FEjlrw48GhNtq8WESuRw+C0gyT/xAslkLGq
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org