Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/AcQ89aPrB4qhEYUf-fLpRK3RfkM.roa
File: AcQ89aPrB4qhEYUf-fLpRK3RfkM.roa (raw, json)
Hash identifier: nxKJnAQZgHRince4XAs2HUQVcixzZEPHmOeAQZ/c23c=
Subject key identifier: 01:C4:3C:F5:A3:EB:07:8A:A1:11:85:1F:F9:F2:E9:44:AD:D1:7E:43
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 018404BE0355E53DE31BEDBA8349360DA4BD
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/AcQ89aPrB4qhEYUf-fLpRK3RfkM.roa
Signing time: Sun 23 Oct 2022 12:07:52 +0000
ROA not before: Sun 23 Oct 2022 12:07:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 212.60.23.0/24 maxlen: 24
45.66.117.0/24 maxlen: 24
45.129.187.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:04:be:03:55:e5:3d:e3:1b:ed:ba:83:49:36:0d:a4:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Oct 23 12:07:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=01c43cf5a3eb078aa111851ff9f2e944add17e43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:72:82:1c:f1:ac:0f:4f:da:a3:8c:dd:8a:fe:
01:82:9d:af:bc:4c:11:62:c7:3e:65:93:45:73:9a:
7c:70:50:1d:be:47:4b:80:6b:fa:a3:b8:40:10:90:
52:cb:a1:eb:2b:db:7b:f1:4d:6a:5c:c7:20:4c:e8:
fd:0e:92:0c:1a:ca:8d:fb:07:44:75:cb:e2:34:cc:
98:c4:95:d0:cc:09:07:8c:ea:2f:3a:d6:66:6c:42:
60:ad:ac:fe:cf:d7:5b:a0:93:56:41:6b:99:5a:34:
e1:bb:ac:dc:12:50:22:89:72:70:31:75:01:bf:b4:
2a:b9:68:16:09:52:82:fb:6e:37:96:5e:fb:d1:d9:
63:6a:66:4a:d9:6e:f5:88:0d:16:cd:e2:94:69:e3:
d0:fc:d5:3f:e6:5d:4e:1e:15:0e:ca:9e:fe:39:93:
01:30:82:1f:b9:a4:88:b7:21:78:a4:a3:c0:75:73:
78:71:ad:c2:e1:ee:b0:da:4e:b1:28:25:38:f9:e4:
cb:f4:7b:2d:c9:f7:b5:90:85:0f:4b:12:96:88:af:
2f:58:1b:21:90:57:4a:8e:66:b7:7d:7c:bd:9a:75:
01:0e:f3:11:e0:3d:66:12:15:5c:77:a4:26:9e:1a:
09:e8:d4:95:07:d0:8a:b9:73:e9:87:bd:06:78:a5:
3b:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:C4:3C:F5:A3:EB:07:8A:A1:11:85:1F:F9:F2:E9:44:AD:D1:7E:43
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/AcQ89aPrB4qhEYUf-fLpRK3RfkM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.117.0/24
45.129.187.0/24
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:6b:0a:c5:e9:64:c9:b3:bd:5a:75:ff:86:7a:69:81:e5:25:
e3:77:dd:82:9a:f3:ee:73:99:4f:c8:82:a5:b6:c8:38:fd:75:
5a:a8:a3:49:e2:c0:78:90:b3:eb:fb:e2:23:0a:85:53:92:51:
5a:cb:1b:18:dc:a0:35:65:60:10:a0:36:1a:32:ea:58:aa:53:
db:6b:18:56:73:bb:12:1f:af:e0:47:1e:64:80:9a:bb:e9:3c:
bc:66:4e:6e:eb:62:84:02:a4:0c:d6:27:4a:a0:30:78:3c:c4:
68:13:eb:bf:36:d2:94:d2:5b:2e:78:8b:54:f5:a2:fa:75:72:
8b:c3:c3:38:57:20:5b:ec:fc:f8:f4:21:27:ac:a7:8c:79:5c:
9c:a6:9f:cc:37:2b:2b:b3:0d:a7:f3:57:00:96:61:8b:32:42:
85:91:b6:60:ad:32:79:b2:f7:3c:a9:2a:6a:4e:38:17:43:a4:
87:ee:dd:cc:33:81:83:8a:b4:28:2c:10:fe:f1:30:1c:80:55:
25:32:6b:38:4b:ca:32:90:b1:87:78:b1:47:28:45:d0:95:bf:
3b:ca:4f:fc:73:62:1e:4d:f4:fe:41:75:7c:7b:47:ee:b8:1a:
1c:40:da:49:67:42:96:66:04:35:18:36:f6:06:f5:33:f2:5b:
a6:52:e2:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYQEvgNV5T3jG+26g0k2DaS9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMDIzMTIwNzUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWM0M2NmNWEzZWIwNzhhYTExMTg1MWZmOWYyZTk0NGFkZDE3ZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnKCHPGsD0/ao4zdiv4Bgp2vvEwR
Ysc+ZZNFc5p8cFAdvkdLgGv6o7hAEJBSy6HrK9t78U1qXMcgTOj9DpIMGsqN+wdE
dcviNMyYxJXQzAkHjOovOtZmbEJgraz+z9dboJNWQWuZWjThu6zcElAiiXJwMXUB
v7QquWgWCVKC+243ll770dljamZK2W71iA0WzeKUaePQ/NU/5l1OHhUOyp7+OZMB
MIIfuaSItyF4pKPAdXN4ca3C4e6w2k6xKCU4+eTL9Hstyfe1kIUPSxKWiK8vWBsh
kFdKjma3fXy9mnUBDvMR4D1mEhVcd6QmnhoJ6NSVB9CKuXPph70GeKU72wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAHEPPWj6weKoRGFH/ny6USt0X5DMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvQWNRODlhUHJCNHFoRVlVZi1mTHBSSzNSZmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALUJ1AwQA
LYG7AwQA1DwXMA0GCSqGSIb3DQEBCwUAA4IBAQAOawrF6WTJs71adf+GemmB5SXj
d92CmvPuc5lPyIKltsg4/XVaqKNJ4sB4kLPr++IjCoVTklFayxsY3KA1ZWAQoDYa
MupYqlPbaxhWc7sSH6/gRx5kgJq76Ty8Zk5u62KEAqQM1idKoDB4PMRoE+u/NtKU
0lsueItU9aL6dXKLw8M4VyBb7Pz49CEnrKeMeVycpp/MNysrsw2n81cAlmGLMkKF
kbZgrTJ5svc8qSpqTjgXQ6SH7t3MM4GDirQoLBD+8TAcgFUlMms4S8oykLGHeLFH
KEXQlb87yk/8c2IeTfT+QXV8e0fuuBocQNpJZ0KWZgQ1GDb2BvUz8lumUuIZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org