Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/4AbR29iqe-HSU-ziCTO2Lg2lRkg.roa
File: 4AbR29iqe-HSU-ziCTO2Lg2lRkg.roa (raw, json)
Hash identifier: vWn0C0RkuCtitUKQIOJwcNGwGqF4kE8aJHKH1J/xgG4=
Subject key identifier: E0:06:D1:DB:D8:AA:7B:E1:D2:53:EC:E2:09:33:B6:2E:0D:A5:46:48
Certificate issuer: /CN=8e1feb6b044bbf6111775bca038d65e6d2230f14
Certificate serial: 01938C9EFD7DFFB63A604EF8B3C90A328916
Authority key identifier: 8E:1F:EB:6B:04:4B:BF:61:11:77:5B:CA:03:8D:65:E6:D2:23:0F:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jh_rawRLv2ERd1vKA41l5tIjDxQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/4AbR29iqe-HSU-ziCTO2Lg2lRkg.roa
Signing time: Tue 03 Dec 2024 13:04:09 +0000
ROA not before: Tue 03 Dec 2024 13:04:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25308
IP address blocks: 212.118.44.0/24 maxlen: 24
212.118.45.0/24 maxlen: 24
212.118.46.0/23 maxlen: 23
212.118.46.0/24 maxlen: 24
212.118.47.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:8c:9e:fd:7d:ff:b6:3a:60:4e:f8:b3:c9:0a:32:89:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e1feb6b044bbf6111775bca038d65e6d2230f14
Validity
Not Before: Dec 3 13:04:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e006d1dbd8aa7be1d253ece20933b62e0da54648
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:d9:47:fe:22:d9:43:90:21:7d:ce:1c:d0:5e:
76:be:6f:72:e2:73:7c:ef:ed:78:2c:73:42:6b:7c:
4c:05:76:f6:cf:08:4b:18:7e:dc:d1:5a:80:bd:f2:
f5:7e:c8:fd:e5:db:45:60:de:83:23:74:52:a4:1e:
26:e3:da:2b:46:d8:bc:76:14:eb:e5:86:9d:6b:67:
c4:f6:fc:12:47:ef:b2:06:8a:71:11:47:fe:0b:c6:
17:00:fe:00:55:57:8a:d3:c1:5e:62:18:19:27:55:
db:60:51:b6:bd:cf:a1:7a:01:10:26:d1:e6:5e:28:
c5:42:cd:99:ef:c1:b4:77:2c:7f:96:60:69:c9:34:
0a:ab:1c:a2:7f:a1:0d:0b:35:52:0f:18:8a:da:32:
e4:04:33:41:66:9a:26:63:d6:2d:94:3e:90:4a:82:
6a:d5:89:78:47:96:b1:83:57:28:b4:02:b2:5c:f4:
5a:ae:d7:5e:b3:b7:67:3b:e5:1c:93:7e:30:f2:aa:
23:96:c2:32:d1:80:c2:7e:ec:01:08:07:5c:be:66:
46:7d:ae:17:18:33:9f:30:76:41:03:cd:67:55:4b:
19:20:e1:dd:d4:e0:53:26:c8:ee:5b:01:0f:4f:2b:
db:b7:c3:41:15:8b:00:fe:77:ee:6f:3f:6d:c6:5f:
51:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:06:D1:DB:D8:AA:7B:E1:D2:53:EC:E2:09:33:B6:2E:0D:A5:46:48
X509v3 Authority Key Identifier:
keyid:8E:1F:EB:6B:04:4B:BF:61:11:77:5B:CA:03:8D:65:E6:D2:23:0F:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jh_rawRLv2ERd1vKA41l5tIjDxQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/4AbR29iqe-HSU-ziCTO2Lg2lRkg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/7f1f29-1242-41f4-a090-0d8fce3ebfbb/1/jh_rawRLv2ERd1vKA41l5tIjDxQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.118.44.0/22
Signature Algorithm: sha256WithRSAEncryption
23:4d:27:01:b1:9b:fe:fa:86:7c:ef:4d:90:01:7b:c1:b2:04:
03:32:b6:8e:63:52:4b:ad:0e:55:c1:3c:2e:f7:05:ca:c9:e5:
c8:cb:d0:65:31:6c:fa:53:0a:09:16:31:4b:d9:99:bf:80:54:
83:1a:72:29:06:94:8d:23:7d:a1:34:ba:87:4d:e5:22:b9:54:
eb:b5:e5:b2:06:e1:db:84:d8:c1:f8:6d:9d:0c:52:2e:82:12:
16:de:73:03:7a:f9:ee:0d:07:f9:37:84:88:0f:18:c9:62:09:
d9:d1:90:9b:27:7b:56:df:10:e4:27:a7:61:b5:d7:d4:d3:5b:
0b:5c:23:38:59:36:7c:91:00:b3:de:93:0c:b4:00:6b:bc:f5:
c9:0a:38:9a:ac:98:ac:14:41:42:af:cb:bb:6b:cc:ef:84:14:
75:d1:1a:1f:56:65:64:6f:c4:60:d6:02:41:f8:fc:27:e8:33:
eb:4e:4c:24:9e:8a:d5:7a:26:d8:c9:33:ab:4d:e8:fb:c7:e0:
4d:4e:01:9f:b3:00:7b:07:61:19:70:9d:c0:e6:70:96:ba:3b:
0a:a8:69:37:88:75:17:81:47:8a:0b:64:2a:d6:54:49:fb:96:
35:1f:df:8b:3b:54:bb:96:14:91:1d:69:d7:df:13:99:fe:70:
55:92:e1:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZOMnv19/7Y6YE74s8kKMokWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWZlYjZiMDQ0YmJmNjExMTc3NWJjYTAzOGQ2NWU2ZDIy
MzBmMTQwHhcNMjQxMjAzMTMwNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDA2ZDFkYmQ4YWE3YmUxZDI1M2VjZTIwOTMzYjYyZTBkYTU0NjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9lH/iLZQ5Ahfc4c0F52vm9y4nN8
7+14LHNCa3xMBXb2zwhLGH7c0VqAvfL1fsj95dtFYN6DI3RSpB4m49orRti8dhTr
5Yada2fE9vwSR++yBopxEUf+C8YXAP4AVVeK08FeYhgZJ1XbYFG2vc+hegEQJtHm
XijFQs2Z78G0dyx/lmBpyTQKqxyif6ENCzVSDxiK2jLkBDNBZpomY9YtlD6QSoJq
1Yl4R5axg1cotAKyXPRartdes7dnO+Uck34w8qojlsIy0YDCfuwBCAdcvmZGfa4X
GDOfMHZBA81nVUsZIOHd1OBTJsjuWwEPTyvbt8NBFYsA/nfubz9txl9RwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAG0dvYqnvh0lPs4gkzti4NpUZIMB8GA1UdIwQY
MBaAFI4f62sES79hEXdbygONZebSIw8UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamhfcmF3Ukx2MkVSZDF2S0E0MWw1dElqRHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi83ZjFmMjktMTI0Mi00MWY0LWEwOTAt
MGQ4ZmNlM2ViZmJiLzEvNEFiUjI5aXFlLUhTVS16aUNUTzJMZzJsUmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi83ZjFmMjktMTI0Mi00MWY0LWEwOTAtMGQ4ZmNlM2ViZmJi
LzEvamhfcmF3Ukx2MkVSZDF2S0E0MWw1dElqRHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HYsMA0G
CSqGSIb3DQEBCwUAA4IBAQAjTScBsZv++oZ8702QAXvBsgQDMraOY1JLrQ5VwTwu
9wXKyeXIy9BlMWz6UwoJFjFL2Zm/gFSDGnIpBpSNI32hNLqHTeUiuVTrteWyBuHb
hNjB+G2dDFIughIW3nMDevnuDQf5N4SIDxjJYgnZ0ZCbJ3tW3xDkJ6dhtdfU01sL
XCM4WTZ8kQCz3pMMtABrvPXJCjiarJisFEFCr8u7a8zvhBR10RofVmVkb8Rg1gJB
+Pwn6DPrTkwknorVeibYyTOrTej7x+BNTgGfswB7B2EZcJ3A5nCWujsKqGk3iHUX
gUeKC2Qq1lRJ+5Y1H9+LO1S7lhSRHWnX3xOZ/nBVkuHm
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:53:42 2025 by rpki-client