Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/9TWhGbu13XIOQuZy_fF9134me5k.roa
File: 9TWhGbu13XIOQuZy_fF9134me5k.roa (raw, json)
Hash identifier: LwCOdiilsHWN2dGQzxgrElayVWBAnTZpdwU8EJl5bpc=
Subject key identifier: F5:35:A1:19:BB:B5:DD:72:0E:42:E6:72:FD:F1:7D:D7:7E:26:7B:99
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01856E2FBB01692D1FBC906C9073C72D11FE
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/9TWhGbu13XIOQuZy_fF9134me5k.roa
Signing time: Sun 01 Jan 2023 16:34:59 +0000
ROA not before: Sun 01 Jan 2023 16:34:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3356
IP address blocks: 212.60.23.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:2f:bb:01:69:2d:1f:bc:90:6c:90:73:c7:2d:11:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 1 16:34:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f535a119bbb5dd720e42e672fdf17dd77e267b99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:9e:9c:c9:d8:15:04:68:85:04:19:43:a0:78:
ef:44:a5:f5:09:45:11:2b:6f:fe:b8:fc:d5:a3:4e:
b3:16:38:c6:42:00:7d:29:60:86:0f:4c:35:27:a2:
82:c8:20:98:b5:f0:6d:1a:84:95:4d:2b:ca:8a:56:
08:19:4b:c9:84:15:45:ba:bd:56:32:cc:01:9f:62:
4e:be:fa:90:2f:52:cc:e9:64:80:f2:df:ab:c6:38:
b8:ff:ff:bb:ee:9a:84:4b:69:bb:43:3f:cc:04:80:
7b:8f:95:90:97:c0:e1:e8:4f:4a:e8:99:b5:50:53:
f7:c9:b9:5a:64:b0:20:8c:ba:b1:3a:e2:62:6f:da:
b8:a9:5f:1d:8a:5c:37:d1:1d:1b:ad:97:a9:ba:b1:
62:7f:86:c4:13:ff:1d:82:95:b7:a3:cf:9b:67:65:
2b:65:9f:a1:9d:aa:e8:09:b8:b7:83:60:9a:e0:8f:
9e:1b:24:4c:11:e8:9d:da:f1:55:bd:69:58:81:31:
f6:a7:95:48:97:c4:88:66:10:87:c1:08:e2:79:d7:
89:87:1e:10:43:13:c9:13:5e:12:9a:e0:3a:21:cd:
47:00:f5:21:7f:35:0b:12:c4:5a:45:6e:99:32:2a:
e4:3d:40:92:26:be:d9:02:37:ab:d8:5b:b2:18:71:
f4:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:35:A1:19:BB:B5:DD:72:0E:42:E6:72:FD:F1:7D:D7:7E:26:7B:99
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/9TWhGbu13XIOQuZy_fF9134me5k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
75:d3:e4:4a:07:de:91:40:13:3c:d3:20:ac:fc:21:72:83:3f:
bc:95:a1:4a:ba:14:05:4c:db:62:2b:06:58:2f:3e:5f:8b:5d:
d6:ea:63:c4:1a:e5:69:6b:c4:fe:4b:61:be:9b:ad:14:15:f4:
7c:2e:8b:30:bf:0b:ed:94:4d:0d:04:ef:32:cf:cc:c3:03:3c:
37:e4:9a:cf:45:04:27:d0:ac:d1:45:8d:65:22:f5:83:93:94:
2e:8b:a1:4a:d9:e9:4a:f4:8d:b4:b3:88:01:c5:35:8a:3e:e3:
8f:a9:12:f3:c3:42:50:4b:5d:89:df:89:54:3e:76:c4:62:89:
c7:77:3e:39:02:da:36:2e:65:88:95:b5:96:ad:1d:7f:c0:b4:
7c:53:90:da:43:f2:20:87:61:5f:d3:c8:58:94:19:e5:a7:bf:
87:3e:98:1e:27:84:88:ff:4f:6a:06:81:cf:2b:b0:40:cd:81:
57:19:e3:55:35:45:bd:84:c5:f1:fd:20:c0:24:09:1d:08:85:
12:5f:46:5f:6c:d2:b9:a7:36:64:8f:a6:a4:34:5b:f7:0b:27:
c8:a6:31:e2:d3:f8:7e:ec:e9:72:ca:96:d5:6d:cd:5a:f2:2c:
d1:6e:45:cf:9c:0b:f3:f6:ea:e7:72:d7:82:86:a3:fb:b8:c4:
17:03:0f:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuL7sBaS0fvJBskHPHLRH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTAxMTYzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTM1YTExOWJiYjVkZDcyMGU0MmU2NzJmZGYxN2RkNzdlMjY3Yjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJ6cydgVBGiFBBlDoHjvRKX1CUUR
K2/+uPzVo06zFjjGQgB9KWCGD0w1J6KCyCCYtfBtGoSVTSvKilYIGUvJhBVFur1W
MswBn2JOvvqQL1LM6WSA8t+rxji4//+77pqES2m7Qz/MBIB7j5WQl8Dh6E9K6Jm1
UFP3yblaZLAgjLqxOuJib9q4qV8dilw30R0brZepurFif4bEE/8dgpW3o8+bZ2Ur
ZZ+hnaroCbi3g2Ca4I+eGyRMEeid2vFVvWlYgTH2p5VIl8SIZhCHwQjiedeJhx4Q
QxPJE14SmuA6Ic1HAPUhfzULEsRaRW6ZMirkPUCSJr7ZAjer2FuyGHH0uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPU1oRm7td1yDkLmcv3xfdd+JnuZMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvOVRXaEdidTEzWElPUXVaeV9mRjkxMzRtZTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DwXMA0G
CSqGSIb3DQEBCwUAA4IBAQB10+RKB96RQBM80yCs/CFygz+8laFKuhQFTNtiKwZY
Lz5fi13W6mPEGuVpa8T+S2G+m60UFfR8LoswvwvtlE0NBO8yz8zDAzw35JrPRQQn
0KzRRY1lIvWDk5Qui6FK2elK9I20s4gBxTWKPuOPqRLzw0JQS12J34lUPnbEYonH
dz45Ato2LmWIlbWWrR1/wLR8U5DaQ/Igh2Ff08hYlBnlp7+HPpgeJ4SI/09qBoHP
K7BAzYFXGeNVNUW9hMXx/SDAJAkdCIUSX0ZfbNK5pzZkj6akNFv3CyfIpjHi0/h+
7OlyypbVbc1a8izRbkXPnAvz9urncteChqP7uMQXAw/x
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org