Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/HFPBEevNVQ-gLtULBtJASpWMYU0.roa
File: HFPBEevNVQ-gLtULBtJASpWMYU0.roa (raw, json)
Hash identifier: xSzgpjHZtDTORz6NNZoiacU2DIr0I2THY3LboUnnpo4=
Subject key identifier: 1C:53:C1:11:EB:CD:55:0F:A0:2E:D5:0B:06:D2:40:4A:95:8C:61:4D
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 01852F4DCEE2729527BB37DBC20730563A85
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/HFPBEevNVQ-gLtULBtJASpWMYU0.roa
Signing time: Tue 20 Dec 2022 11:31:46 +0000
ROA not before: Tue 20 Dec 2022 11:31:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 63023
IP address blocks: 91.243.179.0/24 maxlen: 24
195.242.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2f:4d:ce:e2:72:95:27:bb:37:db:c2:07:30:56:3a:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Dec 20 11:31:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1c53c111ebcd550fa02ed50b06d2404a958c614d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:a1:76:58:4a:32:26:42:97:55:da:4d:76:6a:
aa:02:b5:4a:c3:98:2d:24:c4:7b:e8:e2:40:57:2e:
73:3e:70:89:24:b7:ed:e0:66:6c:e1:d4:b8:00:48:
63:63:f8:44:2a:77:d4:b9:17:02:9c:c0:73:e3:50:
2e:72:01:63:ea:bf:45:38:e3:b9:73:83:4f:91:ae:
18:2b:f4:b5:2b:ae:67:3c:6c:59:39:0c:d8:78:51:
9e:f3:9f:b7:88:7c:c4:8d:bd:c3:04:f6:74:a7:a5:
29:05:07:48:a6:97:6b:04:42:be:6a:2b:00:05:a3:
e5:38:d0:4b:2a:5e:f7:d1:4d:ca:56:c6:57:e1:f4:
96:5b:c1:78:93:be:5b:cb:60:4c:b9:46:46:87:b9:
e1:0b:97:2b:14:40:67:b5:79:6e:90:58:f2:41:4d:
06:b5:87:6b:53:72:a8:31:3e:4b:5b:4d:51:c7:11:
f2:b2:81:dc:47:a3:1b:bf:f6:86:e2:8f:f2:bf:c7:
b8:de:a8:4b:0e:aa:d8:62:62:5a:ea:8c:e2:07:a0:
d9:78:c9:b7:f3:7b:06:62:7c:86:05:07:8b:5e:5f:
d8:71:86:8b:4c:0f:2b:24:63:85:7f:4e:7d:7f:b9:
fa:9d:24:88:f8:ad:00:05:21:a8:3a:80:cd:1a:82:
bb:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:53:C1:11:EB:CD:55:0F:A0:2E:D5:0B:06:D2:40:4A:95:8C:61:4D
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/HFPBEevNVQ-gLtULBtJASpWMYU0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.243.179.0/24
195.242.242.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:4b:58:31:d3:f6:a2:0c:0a:cb:09:94:30:56:0d:bc:d0:0e:
cc:de:72:44:ac:13:3a:92:ec:43:18:fe:d0:47:2d:2c:5e:ce:
30:2e:b7:41:29:22:b3:bc:3a:35:53:18:99:37:bd:cc:e0:4b:
c0:fe:63:b1:40:04:d3:c2:42:d3:36:e5:e3:93:ac:e5:bd:d5:
66:a5:8c:7f:d3:16:e2:de:e5:95:f9:8c:93:ae:30:0a:6b:b6:
a7:5e:1a:0d:44:10:04:b0:b2:4f:5d:9a:62:4d:4f:3f:3d:bd:
8d:2b:78:20:ea:c8:53:69:dd:d5:ad:83:5c:64:da:6a:bc:ba:
7a:77:93:7d:20:ed:fa:43:5f:68:48:40:4c:ff:50:aa:b9:ab:
2c:22:0e:54:fb:c8:62:16:88:64:ae:51:43:9c:33:0c:57:45:
e2:7a:85:ed:d0:a5:d1:63:0e:ab:d1:28:5b:d5:96:b6:c5:a4:
1e:96:c4:fd:5f:e7:d0:eb:0f:67:ae:4f:f7:1e:d5:b1:73:b9:
c6:9c:f0:75:ad:41:90:7b:e2:37:a2:25:85:4e:c1:dc:72:50:
f6:88:b1:98:c8:cc:d3:31:46:d9:30:f7:60:d3:f7:20:63:9a:
21:0e:d2:ac:ab:1b:fc:82:05:9b:11:9a:d5:cf:b5:00:85:f7:
5e:7d:a4:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYUvTc7icpUnuzfbwgcwVjqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjIxMjIwMTEzMTQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzUzYzExMWViY2Q1NTBmYTAyZWQ1MGIwNmQyNDA0YTk1OGM2MTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaF2WEoyJkKXVdpNdmqqArVKw5gt
JMR76OJAVy5zPnCJJLft4GZs4dS4AEhjY/hEKnfUuRcCnMBz41AucgFj6r9FOOO5
c4NPka4YK/S1K65nPGxZOQzYeFGe85+3iHzEjb3DBPZ0p6UpBQdIppdrBEK+aisA
BaPlONBLKl730U3KVsZX4fSWW8F4k75by2BMuUZGh7nhC5crFEBntXlukFjyQU0G
tYdrU3KoMT5LW01RxxHysoHcR6Mbv/aG4o/yv8e43qhLDqrYYmJa6oziB6DZeMm3
83sGYnyGBQeLXl/YcYaLTA8rJGOFf059f7n6nSSI+K0ABSGoOoDNGoK7pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBxTwRHrzVUPoC7VCwbSQEqVjGFNMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvSEZQQkVldk5WUS1nTHRVTEJ0SkFTcFdNWVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/OzAwQA
w/LyMA0GCSqGSIb3DQEBCwUAA4IBAQBcS1gx0/aiDArLCZQwVg280A7M3nJErBM6
kuxDGP7QRy0sXs4wLrdBKSKzvDo1UxiZN73M4EvA/mOxQATTwkLTNuXjk6zlvdVm
pYx/0xbi3uWV+YyTrjAKa7anXhoNRBAEsLJPXZpiTU8/Pb2NK3gg6shTad3VrYNc
ZNpqvLp6d5N9IO36Q19oSEBM/1CquassIg5U+8hiFohkrlFDnDMMV0XieoXt0KXR
Yw6r0Shb1Za2xaQelsT9X+fQ6w9nrk/3HtWxc7nGnPB1rUGQe+I3oiWFTsHcclD2
iLGYyMzTMUbZMPdg0/cgY5ohDtKsqxv8ggWbEZrVz7UAhfdefaR/
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:49:11 2025 by rpki-client