Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b0c402-e09e-4c69-acc9-84da62066e8a/1/HjnVjh38Nf13M3M2xg_k2IajHcA.roa
File: HjnVjh38Nf13M3M2xg_k2IajHcA.roa (raw, json)
Hash identifier: GR/6Q0JcFQEJdMWXLjdOu4Chjs6XiGlq94jdvQiXOF0=
Subject key identifier: 1E:39:D5:8E:1D:FC:35:FD:77:33:73:36:C6:0F:E4:D8:86:A3:1D:C0
Certificate issuer: /CN=026d511ce3af90c4d601c7ccf8360523713e2c90
Certificate serial: 01938C0702C0086A26D2E1BEA4C0739B4FE9
Authority key identifier: 02:6D:51:1C:E3:AF:90:C4:D6:01:C7:CC:F8:36:05:23:71:3E:2C:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Am1RHOOvkMTWAcfM-DYFI3E-LJA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/b0c402-e09e-4c69-acc9-84da62066e8a/1/HjnVjh38Nf13M3M2xg_k2IajHcA.roa
Signing time: Tue 03 Dec 2024 10:18:09 +0000
ROA not before: Tue 03 Dec 2024 10:18:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43885
IP address blocks: 46.232.170.0/24 maxlen: 24
46.232.171.0/24 maxlen: 24
46.232.174.0/24 maxlen: 24
46.232.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:8c:07:02:c0:08:6a:26:d2:e1:be:a4:c0:73:9b:4f:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=026d511ce3af90c4d601c7ccf8360523713e2c90
Validity
Not Before: Dec 3 10:18:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1e39d58e1dfc35fd77337336c60fe4d886a31dc0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:13:6f:3d:7a:2c:e5:98:cf:32:c0:65:8e:29:
ae:f5:1a:38:f3:c5:b5:4a:22:66:9d:f1:43:23:55:
3f:2d:88:90:6b:ea:29:7d:c5:20:90:ca:ba:3f:5e:
3c:ac:39:ed:58:f8:6d:9e:cd:f6:ff:e6:ba:cb:f1:
ca:90:0a:33:a1:f7:0e:31:54:42:76:f6:9c:c3:30:
0a:00:94:9e:4e:5a:9f:21:53:2f:93:44:40:b5:c7:
a2:c5:13:69:5f:ec:ad:b1:8c:9f:4c:f1:ab:92:41:
e0:16:5b:f8:69:a3:ed:88:2d:f8:85:b3:f2:11:b3:
ae:63:86:b4:58:71:1c:8e:1a:5f:1f:8e:b4:05:a5:
8b:9d:ce:69:70:b7:8a:1d:33:0e:3b:69:2f:0c:50:
79:bc:3b:f0:5f:6b:59:ec:3e:bc:c4:b0:f3:f0:99:
fd:2a:1b:46:d3:b1:f5:29:76:35:4a:dd:88:82:7a:
06:6d:c2:db:c3:a8:15:28:a8:0f:d3:d1:6e:7f:4c:
af:d1:f8:47:1d:9c:96:dc:76:07:e8:79:8c:f8:50:
32:e8:df:64:22:99:3c:4e:56:cb:a5:49:e4:f5:c3:
64:36:94:75:18:b4:ce:32:bd:ed:e6:22:cf:0a:29:
1c:e6:06:86:69:7d:99:2a:37:fd:2d:07:a0:c8:5a:
8b:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:39:D5:8E:1D:FC:35:FD:77:33:73:36:C6:0F:E4:D8:86:A3:1D:C0
X509v3 Authority Key Identifier:
keyid:02:6D:51:1C:E3:AF:90:C4:D6:01:C7:CC:F8:36:05:23:71:3E:2C:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Am1RHOOvkMTWAcfM-DYFI3E-LJA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b0c402-e09e-4c69-acc9-84da62066e8a/1/HjnVjh38Nf13M3M2xg_k2IajHcA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b0c402-e09e-4c69-acc9-84da62066e8a/1/Am1RHOOvkMTWAcfM-DYFI3E-LJA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.232.170.0/23
46.232.174.0/23
Signature Algorithm: sha256WithRSAEncryption
ae:5e:b9:74:39:8f:3d:94:89:85:6d:92:11:ac:94:88:27:de:
67:00:de:20:b9:bf:9c:b2:fc:93:23:cb:eb:35:63:42:03:92:
ba:66:a2:8d:29:88:1b:7a:dc:99:80:85:76:1e:b8:9f:08:e0:
eb:96:3f:f1:c5:6e:a3:4d:f3:48:e8:fa:d7:26:a9:1a:26:93:
1a:4d:d1:68:0f:16:61:5f:e2:91:4e:3f:a4:79:32:bc:4d:4c:
dd:f7:5a:99:9b:3d:c8:1d:88:f3:73:f3:7a:25:15:d7:d7:7f:
4b:81:82:47:93:d9:ff:9f:43:94:28:45:19:14:7b:68:08:8e:
d6:72:de:af:f0:ba:b6:4a:70:23:cd:b2:af:d6:00:16:b8:0b:
e8:03:df:4f:51:32:b5:4a:5b:0e:68:53:ca:cd:25:17:47:e4:
19:8a:be:8b:5c:d1:59:2b:95:f6:0d:75:ca:ee:22:a7:91:1b:
39:4f:98:4b:47:c5:88:c3:4f:ad:c0:c7:94:81:db:8e:79:69:
52:07:27:fa:f0:da:e7:d4:06:a7:50:21:b6:f3:51:44:0a:0d:
65:81:d5:04:2e:cc:60:c6:b7:9a:19:5d:29:01:e5:6c:7a:14:
9c:98:e3:eb:19:1c:68:ee:4d:63:98:35:92:7a:e5:65:a0:1d:
a5:09:2a:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZOMBwLACGom0uG+pMBzm0/pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNmQ1MTFjZTNhZjkwYzRkNjAxYzdjY2Y4MzYwNTIzNzEz
ZTJjOTAwHhcNMjQxMjAzMTAxODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTM5ZDU4ZTFkZmMzNWZkNzczMzczMzZjNjBmZTRkODg2YTMxZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBNvPXos5ZjPMsBljimu9Ro488W1
SiJmnfFDI1U/LYiQa+opfcUgkMq6P148rDntWPhtns32/+a6y/HKkAozofcOMVRC
dvacwzAKAJSeTlqfIVMvk0RAtceixRNpX+ytsYyfTPGrkkHgFlv4aaPtiC34hbPy
EbOuY4a0WHEcjhpfH460BaWLnc5pcLeKHTMOO2kvDFB5vDvwX2tZ7D68xLDz8Jn9
KhtG07H1KXY1St2IgnoGbcLbw6gVKKgP09Fuf0yv0fhHHZyW3HYH6HmM+FAy6N9k
Ipk8TlbLpUnk9cNkNpR1GLTOMr3t5iLPCikc5gaGaX2ZKjf9LQegyFqLpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB451Y4d/DX9dzNzNsYP5NiGox3AMB8GA1UdIwQY
MBaAFAJtURzjr5DE1gHHzPg2BSNxPiyQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW0xUkhPT3ZrTVRXQWNmTS1EWUZJM0UtTEpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMGM0MDItZTA5ZS00YzY5LWFjYzkt
ODRkYTYyMDY2ZThhLzEvSGpuVmpoMzhOZjEzTTNNMnhnX2sySWFqSGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMGM0MDItZTA5ZS00YzY5LWFjYzktODRkYTYyMDY2ZThh
LzEvQW0xUkhPT3ZrTVRXQWNmTS1EWUZJM0UtTEpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLuiqAwQB
LuiuMA0GCSqGSIb3DQEBCwUAA4IBAQCuXrl0OY89lImFbZIRrJSIJ95nAN4gub+c
svyTI8vrNWNCA5K6ZqKNKYgbetyZgIV2HrifCODrlj/xxW6jTfNI6PrXJqkaJpMa
TdFoDxZhX+KRTj+keTK8TUzd91qZmz3IHYjzc/N6JRXX139LgYJHk9n/n0OUKEUZ
FHtoCI7Wct6v8Lq2SnAjzbKv1gAWuAvoA99PUTK1SlsOaFPKzSUXR+QZir6LXNFZ
K5X2DXXK7iKnkRs5T5hLR8WIw0+twMeUgduOeWlSByf68Nrn1AanUCG281FECg1l
gdUELsxgxreaGV0pAeVsehScmOPrGRxo7k1jmDWSeuVloB2lCSqS
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:25:32 2025 by rpki-client