Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/HRX_C3EjbDhrJCLLEBJoTmkWCYs.roa
File: HRX_C3EjbDhrJCLLEBJoTmkWCYs.roa (raw, json)
Hash identifier: v9bsKCrLiKJCxC776NBHCtMhu0jrsL/XGKuTqIe9Dxk=
Subject key identifier: 1D:15:FF:0B:71:23:6C:38:6B:24:22:CB:10:12:68:4E:69:16:09:8B
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018BBDA6F5BDC651EADE6F5BB5D66004D6BC
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/HRX_C3EjbDhrJCLLEBJoTmkWCYs.roa
Signing time: Sat 11 Nov 2023 09:11:57 +0000
ROA not before: Sat 11 Nov 2023 09:11:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 46.249.112.0/22 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:bd:a6:f5:bd:c6:51:ea:de:6f:5b:b5:d6:60:04:d6:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Nov 11 09:11:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1d15ff0b71236c386b2422cb1012684e6916098b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:5e:07:e6:cc:9d:b0:4f:c8:99:7f:16:2e:68:
29:c2:2c:aa:34:82:9f:dd:84:03:47:65:05:c4:f5:
d0:c4:76:da:28:4b:e1:54:69:e9:d0:c0:01:5e:b0:
88:39:4f:0d:b6:cb:6f:2a:41:4c:28:1a:84:a5:1d:
45:65:ae:5f:bb:db:af:7d:9a:88:d5:7b:1f:55:5d:
11:07:3d:b6:de:37:5a:f5:98:df:dc:e9:68:81:df:
67:12:a6:b7:77:5b:8a:63:7e:58:46:f8:33:e0:b2:
c0:5d:7a:ad:80:e9:59:ea:7d:e4:13:e9:c2:7e:15:
69:42:0e:92:65:a1:6d:42:84:9e:e8:9d:48:6f:5f:
cc:fb:b8:bb:73:b2:7a:3d:71:a7:36:f8:a7:3b:e7:
cf:ad:5b:97:7e:d4:08:b6:f8:5d:a8:da:86:f6:ce:
e9:09:2b:6d:c2:5e:ef:a6:84:6c:20:75:2d:8f:4a:
d7:2e:01:ed:46:1a:58:b1:e0:fc:e3:10:64:02:7f:
32:5c:da:ee:76:53:48:87:e8:70:cc:b7:80:c0:a3:
3a:31:24:ad:a9:8d:28:f8:d5:2c:06:e0:27:86:fe:
4e:9a:5a:4c:97:32:5c:80:81:89:41:2c:9f:72:07:
ac:6e:bf:f5:9e:eb:cc:b1:01:37:da:b5:67:ca:a9:
d9:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:15:FF:0B:71:23:6C:38:6B:24:22:CB:10:12:68:4E:69:16:09:8B
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/HRX_C3EjbDhrJCLLEBJoTmkWCYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.249.112.0/22
185.129.108.0/23
Signature Algorithm: sha256WithRSAEncryption
5b:c0:24:66:90:1f:6b:5e:d0:0f:2f:bc:40:ae:b2:2e:db:51:
89:42:3a:4c:66:7a:d6:cf:df:61:6c:c2:a6:1e:80:c1:c8:5b:
60:98:fd:11:a2:a1:aa:f7:26:b0:f1:30:42:48:d6:76:4e:e8:
15:1d:7e:0a:db:6c:db:d5:47:7e:45:e3:1a:e3:ad:d7:b7:05:
cf:c4:53:74:b8:1a:2e:35:0d:f4:fe:17:b3:78:03:95:80:ab:
20:4d:08:69:0a:95:98:7a:d0:a4:9d:be:39:e8:a9:15:68:42:
84:d9:bf:72:c7:9f:27:f5:bd:6b:ab:3f:2d:cd:ef:8b:64:78:
8b:e5:38:fd:e7:74:f0:21:29:cd:af:68:c6:53:0f:b9:1b:18:
74:45:32:bf:87:53:1a:d3:cb:65:54:23:89:05:00:46:0c:2c:
87:ec:23:6f:64:c9:fe:73:d6:ec:6e:1e:ac:60:e0:f3:63:e5:
60:ec:a4:79:57:63:f2:17:fa:51:fc:54:82:38:84:77:d9:98:
f1:2a:6c:b8:76:c8:d8:8f:6c:d9:07:07:ac:14:ca:25:41:30:
d4:f6:a0:24:08:2d:86:3a:58:ab:0c:3b:58:19:6f:fa:40:10:
16:61:b9:f7:5f:ce:94:69:56:c1:11:81:ba:f0:dd:de:f7:8b:
42:f4:38:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYu9pvW9xlHq3m9btdZgBNa8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMxMTExMDkxMTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDE1ZmYwYjcxMjM2YzM4NmIyNDIyY2IxMDEyNjg0ZTY5MTYwOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxF4H5sydsE/ImX8WLmgpwiyqNIKf
3YQDR2UFxPXQxHbaKEvhVGnp0MABXrCIOU8NtstvKkFMKBqEpR1FZa5fu9uvfZqI
1XsfVV0RBz223jda9Zjf3Ologd9nEqa3d1uKY35YRvgz4LLAXXqtgOlZ6n3kE+nC
fhVpQg6SZaFtQoSe6J1Ib1/M+7i7c7J6PXGnNvinO+fPrVuXftQItvhdqNqG9s7p
CSttwl7vpoRsIHUtj0rXLgHtRhpYseD84xBkAn8yXNrudlNIh+hwzLeAwKM6MSSt
qY0o+NUsBuAnhv5OmlpMlzJcgIGJQSyfcgesbr/1nuvMsQE32rVnyqnZ/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB0V/wtxI2w4ayQiyxASaE5pFgmLMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvSFJYX0MzRWpiRGhySkNMTEVCSm9UbWtXQ1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLvlwAwQB
uYFsMA0GCSqGSIb3DQEBCwUAA4IBAQBbwCRmkB9rXtAPL7xArrIu21GJQjpMZnrW
z99hbMKmHoDByFtgmP0RoqGq9yaw8TBCSNZ2TugVHX4K22zb1Ud+ReMa463XtwXP
xFN0uBouNQ30/hezeAOVgKsgTQhpCpWYetCknb456KkVaEKE2b9yx58n9b1rqz8t
ze+LZHiL5Tj953TwISnNr2jGUw+5Gxh0RTK/h1Ma08tlVCOJBQBGDCyH7CNvZMn+
c9bsbh6sYODzY+Vg7KR5V2PyF/pR/FSCOIR32ZjxKmy4dsjYj2zZBwesFMolQTDU
9qAkCC2GOlirDDtYGW/6QBAWYbn3X86UaVbBEYG68N3e94tC9Dgz
-----END CERTIFICATE-----
Generated at Mon Dec 4 15:57:08 2023 by rpki-client on console-ams.rpki-client.org