Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/pgdXx0aoWuF7FUew0mAmKkSEqmw.roa
File: pgdXx0aoWuF7FUew0mAmKkSEqmw.roa (raw, json)
Hash identifier: 6zBWTIfUGdTl6EDA2jzZhaxgWQFb72GhRhwpmcEFF1o=
Subject key identifier: A6:07:57:C7:46:A8:5A:E1:7B:15:47:B0:D2:60:26:2A:44:84:AA:6C
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 11601896
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/pgdXx0aoWuF7FUew0mAmKkSEqmw.roa
Signing time: Sat 01 Jan 2022 05:57:05 +0000
ROA not before: Sat 01 Jan 2022 05:57:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 212.60.23.0/24 maxlen: 24
45.66.117.0/24 maxlen: 24
45.129.187.0/24 maxlen: 24
46.16.12.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 291510422 (0x11601896)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 1 05:57:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a60757c746a85ae17b1547b0d260262a4484aa6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:2f:a2:fd:2c:c4:e6:35:1b:ea:e4:30:db:c2:
03:0c:95:6c:dc:c5:86:dd:f6:49:f6:8a:39:1a:03:
82:d5:37:64:c9:38:43:4f:7d:a4:94:36:d3:08:04:
c1:eb:60:98:d7:60:dd:6f:26:c7:41:2a:1e:4a:9d:
49:f4:b4:59:10:5b:a0:b3:24:3c:63:73:fe:90:fd:
43:2f:ef:09:75:ba:d4:d0:2a:d1:af:f8:e5:ef:a7:
6c:38:fe:a2:06:41:16:8a:e4:97:4b:cc:7c:30:6c:
08:8f:07:08:16:43:25:06:97:53:6a:52:1e:f7:cb:
de:05:93:3f:6d:44:de:24:ba:c4:62:d0:d5:85:a6:
94:76:b2:7c:ac:10:a7:8b:62:df:60:a9:5a:e9:d2:
de:88:8f:c8:a9:47:0a:a6:68:79:36:9c:bc:0c:1a:
03:6a:cb:02:99:8b:06:bd:28:68:10:93:f1:cb:a9:
6b:14:38:7c:62:b5:89:ce:60:73:ea:bc:84:56:ee:
bc:59:b8:61:26:b6:b2:d8:0d:d4:b7:58:15:31:77:
4c:01:96:1a:67:eb:96:3a:57:c9:3f:0a:bf:af:0a:
ac:fe:5c:37:36:54:fe:99:d1:93:38:ab:47:df:c8:
04:b5:71:11:47:8d:84:ef:54:77:ab:89:22:a7:79:
f9:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:07:57:C7:46:A8:5A:E1:7B:15:47:B0:D2:60:26:2A:44:84:AA:6C
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/pgdXx0aoWuF7FUew0mAmKkSEqmw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.117.0/24
45.129.187.0/24
46.16.12.0/24
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
6c:b7:3f:2b:56:b1:ed:68:a9:f3:d4:83:45:dc:c7:62:be:3e:
f5:13:04:37:23:ed:4c:9c:b7:d9:f1:04:c0:bd:b0:08:02:97:
73:60:0d:29:3a:7c:cc:ef:23:43:74:48:77:0a:ce:30:21:40:
1a:a7:54:c5:36:a2:c6:12:37:60:e5:4e:54:c7:82:32:ee:41:
a2:e1:57:92:06:b4:5f:2f:fd:cf:ad:90:14:1b:f7:9b:d6:91:
1c:61:d2:7e:6d:dc:fe:b0:06:27:08:60:6a:96:fe:1a:fa:41:
75:87:7a:44:b6:f4:89:62:da:3a:7b:52:8c:de:21:38:8c:30:
c0:4f:fc:4c:c8:1d:30:b0:e1:7c:d3:3c:4d:b3:22:b1:eb:b6:
14:5a:42:48:18:14:e9:f4:d9:9c:fe:8b:25:7d:9a:d6:25:62:
99:4a:ff:be:0d:f2:76:f3:ea:98:83:76:69:a5:59:b2:7b:67:
6b:0a:f8:7f:d6:52:ff:2a:be:d6:e7:fc:f0:61:ec:c4:aa:70:
af:db:34:37:2b:f1:e0:91:67:f2:8c:19:0d:f6:1c:fa:39:17:
e1:64:ea:cc:bf:a5:74:61:0d:19:ac:65:6a:d3:3f:8c:73:32:
ea:be:8e:eb:c5:9d:1b:08:38:17:d4:93:25:bc:75:11:1a:34:
5e:72:9d:e9
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEEWAYljANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NWIxZDEzYzJlMjZlMTI3ODYyNDZhNWVjNGM1YmVhNjk4NjRiMjBmMB4XDTIyMDEw
MTA1NTcwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTYwNzU3Yzc0NmE4
NWFlMTdiMTU0N2IwZDI2MDI2MmE0NDg0YWE2YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMwvov0sxOY1G+rkMNvCAwyVbNzFht32SfaKORoDgtU3ZMk4
Q099pJQ20wgEwetgmNdg3W8mx0EqHkqdSfS0WRBboLMkPGNz/pD9Qy/vCXW61NAq
0a/45e+nbDj+ogZBForkl0vMfDBsCI8HCBZDJQaXU2pSHvfL3gWTP21E3iS6xGLQ
1YWmlHayfKwQp4ti32CpWunS3oiPyKlHCqZoeTacvAwaA2rLApmLBr0oaBCT8cup
axQ4fGK1ic5gc+q8hFbuvFm4YSa2stgN1LdYFTF3TAGWGmfrljpXyT8Kv68KrP5c
NzZU/pnRkzirR9/IBLVxEUeNhO9Ud6uJIqd5+W0CAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSmB1fHRqha4XsVR7DSYCYqRISqbDAfBgNVHSMEGDAWgBQFsdE8LibhJ4Yk
al7Exb6mmGSyDzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JiSFJQQzRtNFNlR0pHcGV4TVctcHBoa3NnOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTgvYzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8x
L3BnZFh4MGFvV3VGN0ZVZXcwbUFtS2tTRXFtdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgv
YzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8xL0JiSFJQQzRtNFNl
R0pHcGV4TVctcHBoa3NnOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAC1CdQMEAC2BuwMEAC4QDAMEANQ8
FzANBgkqhkiG9w0BAQsFAAOCAQEAbLc/K1ax7Wip89SDRdzHYr4+9RMENyPtTJy3
2fEEwL2wCAKXc2ANKTp8zO8jQ3RIdwrOMCFAGqdUxTaixhI3YOVOVMeCMu5BouFX
kga0Xy/9z62QFBv3m9aRHGHSfm3c/rAGJwhgapb+GvpBdYd6RLb0iWLaOntSjN4h
OIwwwE/8TMgdMLDhfNM8TbMiseu2FFpCSBgU6fTZnP6LJX2a1iVimUr/vg3ydvPq
mIN2aaVZsntnawr4f9ZS/yq+1uf88GHsxKpwr9s0Nyvx4JFn8owZDfYc+jkX4WTq
zL+ldGENGaxlatM/jHMy6r6O68WdGwg4F9STJbx1ERo0XnKd6Q==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:47 2023 by rpki-client on console-ams.rpki-client.org