Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/a183ef-ab60-4d59-b5dd-9ae5db28c7e2/1/H7gexscvPqnE1WImcGvr41ideAo.roa
File: H7gexscvPqnE1WImcGvr41ideAo.roa (raw, json)
Hash identifier: n0nf18IKIln/6lXMkWT5IECsxvkjoOkIQew3S9Tq4M8=
Subject key identifier: 1F:B8:1E:C6:C7:2F:3E:A9:C4:D5:62:26:70:6B:EB:E3:58:9D:78:0A
Certificate issuer: /CN=9fe8f68fd828704e8d70796c783327dcde9b0c8e
Certificate serial: 01853A3A4291DFB4DA5431BEAD30B2D47EBA
Authority key identifier: 9F:E8:F6:8F:D8:28:70:4E:8D:70:79:6C:78:33:27:DC:DE:9B:0C:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/n-j2j9gocE6NcHlseDMn3N6bDI4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/a183ef-ab60-4d59-b5dd-9ae5db28c7e2/1/H7gexscvPqnE1WImcGvr41ideAo.roa
Signing time: Thu 22 Dec 2022 14:26:14 +0000
ROA not before: Thu 22 Dec 2022 14:26:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 56681
IP address blocks: 46.229.240.0/24 maxlen: 24
46.229.246.0/24 maxlen: 24
46.229.241.0/24 maxlen: 24
46.229.242.0/24 maxlen: 24
46.229.253.0/24 maxlen: 24
46.229.250.0/24 maxlen: 24
46.229.247.0/24 maxlen: 24
46.229.251.0/24 maxlen: 24
46.229.252.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:3a:3a:42:91:df:b4:da:54:31:be:ad:30:b2:d4:7e:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9fe8f68fd828704e8d70796c783327dcde9b0c8e
Validity
Not Before: Dec 22 14:26:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1fb81ec6c72f3ea9c4d56226706bebe3589d780a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:8e:b9:2f:64:61:b8:74:36:df:a4:39:67:39:
51:fc:da:f2:19:06:18:64:74:99:cf:a7:8e:62:99:
6d:6d:29:c1:f8:be:d2:e3:10:aa:0e:f7:99:50:bf:
4a:5d:67:af:1c:ce:11:28:ca:02:7d:a6:11:04:2d:
72:b2:c6:ee:8b:d3:ea:24:a1:25:46:c4:01:46:b5:
63:db:47:3c:c8:c8:a4:7b:33:1a:3a:68:2a:61:cc:
59:1e:fe:fa:b5:a9:c0:c9:f6:4c:07:b4:9a:fa:0f:
99:60:03:df:a9:2e:02:29:b2:44:d3:0b:9b:28:0c:
da:cb:af:f0:a6:b8:76:39:fc:75:52:24:e0:25:72:
64:3f:b9:ec:64:00:02:f9:e1:53:9d:72:df:be:d7:
c6:08:b5:72:47:2a:f4:9c:4b:ae:a1:8e:22:2f:e9:
52:fb:3f:5e:9a:35:9c:fd:60:b9:be:71:d3:a6:e5:
4a:c2:01:d4:a5:57:c6:a5:79:b6:60:00:49:b6:e0:
d3:ae:c2:58:e0:78:94:32:f5:74:85:bb:01:cb:0e:
8a:07:d2:b7:cd:2d:fc:df:46:e2:be:ac:36:20:e6:
0a:09:71:fb:9a:9e:81:eb:e9:16:fe:43:ea:0c:1c:
c8:3f:47:3d:4f:e1:77:98:74:30:4c:68:92:31:03:
25:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:B8:1E:C6:C7:2F:3E:A9:C4:D5:62:26:70:6B:EB:E3:58:9D:78:0A
X509v3 Authority Key Identifier:
keyid:9F:E8:F6:8F:D8:28:70:4E:8D:70:79:6C:78:33:27:DC:DE:9B:0C:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n-j2j9gocE6NcHlseDMn3N6bDI4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/a183ef-ab60-4d59-b5dd-9ae5db28c7e2/1/H7gexscvPqnE1WImcGvr41ideAo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/a183ef-ab60-4d59-b5dd-9ae5db28c7e2/1/n-j2j9gocE6NcHlseDMn3N6bDI4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.229.240.0-46.229.242.255
46.229.246.0/23
46.229.250.0-46.229.253.255
Signature Algorithm: sha256WithRSAEncryption
68:98:5b:6a:c3:56:85:aa:68:c0:df:31:06:7e:34:d2:7e:07:
5d:a1:ef:fc:6c:5b:5e:34:f0:f2:28:88:2b:5d:4d:ce:c1:73:
b1:84:30:b8:4d:4d:6b:e8:2b:d0:f7:8f:dd:56:38:07:85:25:
aa:2d:04:c2:66:76:f3:fd:f1:3a:53:2a:73:92:3e:ee:20:07:
38:f2:46:01:8a:50:03:78:e5:de:aa:3e:cd:11:f7:aa:39:25:
5b:9a:e4:1c:3f:96:49:46:3f:af:9e:cf:c9:35:c8:36:90:33:
d5:a6:8d:c3:9d:ba:f8:3a:ad:a7:03:7c:ff:eb:df:fa:a2:ed:
bf:e6:1d:b5:c5:57:39:15:6e:09:62:b3:7b:e7:61:95:21:e9:
71:86:92:e5:e6:91:5c:27:69:59:27:33:8c:2c:2d:62:c4:13:
fa:72:ef:60:a8:44:4c:8a:9b:a4:a3:24:07:bd:4e:29:45:29:
75:c5:6f:b6:f9:c9:02:b0:c5:d1:e5:ed:bd:bc:09:cb:a6:b8:
07:9f:35:02:90:1d:6d:b3:3f:cf:cb:a8:45:78:77:10:3c:c0:
df:8a:97:b9:f8:dc:eb:19:45:87:82:60:77:af:c0:dd:0e:3e:
c8:e3:09:33:3e:61:c1:17:60:15:fa:d5:2a:8f:ba:c1:bf:06:
11:96:6a:ba
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYU6OkKR37TaVDG+rTCy1H66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZThmNjhmZDgyODcwNGU4ZDcwNzk2Yzc4MzMyN2RjZGU5
YjBjOGUwHhcNMjIxMjIyMTQyNjE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmI4MWVjNmM3MmYzZWE5YzRkNTYyMjY3MDZiZWJlMzU4OWQ3ODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwo65L2RhuHQ236Q5ZzlR/NryGQYY
ZHSZz6eOYpltbSnB+L7S4xCqDveZUL9KXWevHM4RKMoCfaYRBC1yssbui9PqJKEl
RsQBRrVj20c8yMikezMaOmgqYcxZHv76tanAyfZMB7Sa+g+ZYAPfqS4CKbJE0wub
KAzay6/wprh2Ofx1UiTgJXJkP7nsZAAC+eFTnXLfvtfGCLVyRyr0nEuuoY4iL+lS
+z9emjWc/WC5vnHTpuVKwgHUpVfGpXm2YABJtuDTrsJY4HiUMvV0hbsByw6KB9K3
zS3830bivqw2IOYKCXH7mp6B6+kW/kPqDBzIP0c9T+F3mHQwTGiSMQMlaQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFB+4HsbHLz6pxNViJnBr6+NYnXgKMB8GA1UdIwQY
MBaAFJ/o9o/YKHBOjXB5bHgzJ9zemwyOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbi1qMmo5Z29jRTZOY0hsc2VETW4zTjZiREk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hMTgzZWYtYWI2MC00ZDU5LWI1ZGQt
OWFlNWRiMjhjN2UyLzEvSDdnZXhzY3ZQcW5FMVdJbWNHdnI0MWlkZUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hMTgzZWYtYWI2MC00ZDU5LWI1ZGQtOWFlNWRiMjhjN2Uy
LzEvbi1qMmo5Z29jRTZOY0hsc2VETW4zTjZiREk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAQu5fAD
BAAu5fIDBAEu5fYwDAMEAS7l+gMEAS7l/DANBgkqhkiG9w0BAQsFAAOCAQEAaJhb
asNWhapowN8xBn400n4HXaHv/GxbXjTw8iiIK11NzsFzsYQwuE1Na+gr0PeP3VY4
B4Ulqi0EwmZ28/3xOlMqc5I+7iAHOPJGAYpQA3jl3qo+zRH3qjklW5rkHD+WSUY/
r57PyTXINpAz1aaNw526+DqtpwN8/+vf+qLtv+YdtcVXORVuCWKze+dhlSHpcYaS
5eaRXCdpWSczjCwtYsQT+nLvYKhETIqbpKMkB71OKUUpdcVvtvnJArDF0eXtvbwJ
y6a4B581ApAdbbM/z8uoRXh3EDzA34qXufjc6xlFh4Jgd6/A3Q4+yOMJMz5hwRdg
FfrVKo+6wb8GEZZqug==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:38 2024 by rpki-client on console-fra.rpki-client.org