Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/HtXjiO4xTrcHizJuREnL3OynLQc.roa
File: HtXjiO4xTrcHizJuREnL3OynLQc.roa (raw, json)
Hash identifier: xU6FbIavLIgIahwwjW1a891lQGKCverbKyIK4LKThy4=
Subject key identifier: 1E:D5:E3:88:EE:31:4E:B7:07:8B:32:6E:44:49:CB:DC:EC:A7:2D:07
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01859640113ABA9DAF91C4B19203C2407633
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/HtXjiO4xTrcHizJuREnL3OynLQc.roa
Signing time: Mon 09 Jan 2023 11:17:39 +0000
ROA not before: Mon 09 Jan 2023 11:17:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 212.60.23.0/24 maxlen: 24
45.129.187.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:96:40:11:3a:ba:9d:af:91:c4:b1:92:03:c2:40:76:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 9 11:17:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1ed5e388ee314eb7078b326e4449cbdceca72d07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:4a:5a:30:1c:a7:99:be:07:f2:e0:bc:71:8c:
7c:2b:18:8f:4f:b8:dc:0e:d9:fd:92:50:af:29:22:
bf:22:77:1b:a2:0a:4b:64:f5:03:73:38:57:f3:bb:
cd:a9:ec:ec:48:f2:c2:e4:e0:a3:69:6b:a7:83:6d:
58:0c:c9:ba:f4:f0:1b:44:72:d1:bc:b4:d9:df:37:
37:80:62:d1:c3:50:0d:4f:78:dc:58:a2:70:30:9b:
5e:6f:ae:02:95:bc:ec:39:9d:6e:d0:9b:7e:42:8c:
93:18:b8:a5:92:2e:06:cb:cf:3c:0d:07:6b:3a:a6:
ad:8b:99:5f:1d:36:a1:d8:3a:d2:e2:1d:b8:2d:16:
a3:c2:ed:c2:34:ce:f5:4b:69:ec:78:8d:c7:8c:00:
dd:60:01:38:73:ac:ad:f5:ee:08:2d:32:eb:f4:ec:
0f:77:c7:ce:04:d7:63:41:89:b6:ea:5b:2a:37:04:
fe:0c:67:81:7a:36:cf:5b:6c:f3:b3:70:95:e5:ca:
b2:4e:3a:2b:e4:d8:c7:69:7b:04:c5:a6:ab:92:b6:
40:c0:76:5f:a9:ee:07:6c:b1:3d:b1:68:10:ce:63:
d6:85:07:2b:4f:27:48:6d:e9:f4:de:7e:be:0a:4e:
47:40:dd:02:87:2b:30:85:82:3b:6c:04:57:0e:ba:
76:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:D5:E3:88:EE:31:4E:B7:07:8B:32:6E:44:49:CB:DC:EC:A7:2D:07
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/HtXjiO4xTrcHizJuREnL3OynLQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.187.0/24
212.60.23.0/24
Signature Algorithm: sha256WithRSAEncryption
85:d9:6b:6e:16:c9:e5:ae:53:52:91:8e:bd:5b:db:e6:6d:05:
f4:c0:69:b6:81:d9:03:84:3e:47:b1:73:2b:6a:1a:5d:e9:ca:
d0:db:37:0f:25:75:c4:6c:52:b7:8c:c1:2e:05:5a:bf:9c:62:
74:14:a6:ad:62:9b:d9:6b:1a:0f:f1:85:ff:eb:54:07:0a:75:
81:69:fb:d7:da:43:5b:32:f3:a3:ab:af:e5:e0:9c:df:7d:e7:
61:68:25:38:6c:b5:61:43:ed:10:bd:be:90:f0:71:4e:57:51:
04:c2:e4:e3:c4:a7:4d:da:72:8f:f0:91:9a:47:b7:a5:13:45:
2e:15:3e:fb:e6:45:b7:61:db:b8:7a:7d:f6:a0:3a:33:94:fc:
4b:17:61:e4:19:13:d2:6f:1b:8d:51:2a:21:69:3b:78:f6:64:
7e:fc:ba:ed:2a:ae:16:d0:12:b2:d1:7b:41:6f:4b:82:e3:4c:
d0:34:49:60:47:30:4d:a6:d5:b6:c9:43:b3:e1:8b:c1:0c:a1:
aa:4d:f3:74:39:2b:3c:68:12:48:05:a2:9a:4b:e9:55:9a:40:
be:8b:0e:27:ab:84:1e:dd:37:9b:95:5f:4a:f0:91:68:8f:c3:
7c:f5:03:88:2f:7d:e1:20:ac:b1:bc:7a:41:64:fe:5d:cc:2a:
30:a6:c9:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYWWQBE6up2vkcSxkgPCQHYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTA5MTExNzM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWQ1ZTM4OGVlMzE0ZWI3MDc4YjMyNmU0NDQ5Y2JkY2VjYTcyZDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEpaMBynmb4H8uC8cYx8KxiPT7jc
Dtn9klCvKSK/IncbogpLZPUDczhX87vNqezsSPLC5OCjaWung21YDMm69PAbRHLR
vLTZ3zc3gGLRw1ANT3jcWKJwMJteb64ClbzsOZ1u0Jt+QoyTGLilki4Gy888DQdr
Oqati5lfHTah2DrS4h24LRajwu3CNM71S2nseI3HjADdYAE4c6yt9e4ILTLr9OwP
d8fOBNdjQYm26lsqNwT+DGeBejbPW2zzs3CV5cqyTjor5NjHaXsExaarkrZAwHZf
qe4HbLE9sWgQzmPWhQcrTydIben03n6+Ck5HQN0ChyswhYI7bARXDrp2wQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB7V44juMU63B4sybkRJy9zspy0HMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvSHRYamlPNHhUcmNIaXpKdVJFbkwzT3luTFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYG7AwQA
1DwXMA0GCSqGSIb3DQEBCwUAA4IBAQCF2WtuFsnlrlNSkY69W9vmbQX0wGm2gdkD
hD5HsXMrahpd6crQ2zcPJXXEbFK3jMEuBVq/nGJ0FKatYpvZaxoP8YX/61QHCnWB
afvX2kNbMvOjq6/l4JzffedhaCU4bLVhQ+0Qvb6Q8HFOV1EEwuTjxKdN2nKP8JGa
R7elE0UuFT775kW3Ydu4en32oDozlPxLF2HkGRPSbxuNUSohaTt49mR+/LrtKq4W
0BKy0XtBb0uC40zQNElgRzBNptW2yUOz4YvBDKGqTfN0OSs8aBJIBaKaS+lVmkC+
iw4nq4Qe3TeblV9K8JFoj8N89QOIL33hIKyxvHpBZP5dzCowpskc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org