Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/HTRozykJPwvK26y4P5jkiyZLNOM.roa
File: HTRozykJPwvK26y4P5jkiyZLNOM.roa (raw, json)
Hash identifier: jlIBMmTochKfqufiCl93haPDrCa1xxa6QXHjB44PHQ4=
Subject key identifier: 1D:34:68:CF:29:09:3F:0B:CA:DB:AC:B8:3F:98:E4:8B:26:4B:34:E3
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 019193F7B27F90C005E36C9F4FFDDD3A436F
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/HTRozykJPwvK26y4P5jkiyZLNOM.roa
Signing time: Tue 27 Aug 2024 13:12:49 +0000
ROA not before: Tue 27 Aug 2024 13:12:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60707
IP address blocks: 80.253.245.0/24 maxlen: 24
80.253.247.0/24 maxlen: 24
213.142.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:93:f7:b2:7f:90:c0:05:e3:6c:9f:4f:fd:dd:3a:43:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Aug 27 13:12:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1d3468cf29093f0bcadbacb83f98e48b264b34e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:a2:7c:73:37:54:a8:0a:01:ee:ee:4e:28:1b:
c6:1e:5f:23:91:42:d1:64:b0:4a:83:cc:df:d2:30:
f0:9a:e9:f0:7d:d0:3d:5f:de:50:b8:c8:cc:3e:dc:
4e:68:e2:3d:f6:07:61:ac:f8:59:12:d1:b0:d2:63:
16:5e:75:21:5a:31:f4:32:a4:04:7c:2c:5d:44:11:
11:64:35:13:00:0f:6a:70:e9:1f:ee:88:51:07:46:
c2:f4:73:16:b3:07:da:a9:e7:3e:59:11:e9:d4:ac:
ef:31:db:f3:42:bd:f3:ab:65:28:d4:8a:d7:30:21:
ba:62:b7:6b:be:d9:98:e2:85:a1:fd:0e:4b:ec:b7:
bd:b1:a5:21:5d:bf:8d:6b:1a:79:c4:08:7e:8f:4f:
dd:d6:13:41:87:51:33:80:76:34:80:b4:6f:55:cb:
2d:32:76:24:a5:26:0c:58:cb:5d:73:0d:31:a6:e5:
85:20:ed:12:cc:61:a7:11:17:e6:5c:9a:29:8f:04:
b7:dc:30:64:80:b8:2e:ac:c7:43:3d:af:d9:d2:a2:
7e:19:e6:15:95:76:f3:0a:43:be:af:53:da:2e:85:
06:d7:55:69:be:c5:83:76:63:57:8d:35:0a:1f:96:
d4:d1:54:f1:36:13:4d:4f:22:05:c9:97:ca:16:58:
db:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:34:68:CF:29:09:3F:0B:CA:DB:AC:B8:3F:98:E4:8B:26:4B:34:E3
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/HTRozykJPwvK26y4P5jkiyZLNOM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.245.0/24
80.253.247.0/24
213.142.143.0/24
Signature Algorithm: sha256WithRSAEncryption
06:be:60:53:17:22:b8:2f:1d:c5:de:eb:9e:e0:9d:f4:35:0c:
ec:6e:68:71:7c:88:7f:c1:b7:4b:97:95:8d:40:5b:55:32:2a:
38:f7:00:fd:51:32:82:94:7b:76:ca:e7:dc:ac:7c:bc:b8:7b:
ae:2d:4b:9b:72:a0:e0:9c:da:f1:ad:37:ff:99:3f:ad:92:58:
3a:89:31:ea:a1:50:ea:08:42:6d:45:95:93:bc:10:44:29:6b:
e7:db:b1:c0:de:71:a5:74:75:dc:73:f5:ed:38:22:62:f2:3c:
31:bb:b7:79:43:32:e5:cf:2f:87:84:b8:e5:0b:99:f0:00:85:
d0:c6:f4:45:a7:af:1d:82:9b:6c:29:44:71:c6:e8:b7:32:09:
8d:02:9a:3f:d8:e7:da:7c:fc:cb:6a:f2:c3:9d:ad:27:69:bc:
82:32:cb:92:4b:87:84:d8:f5:78:50:fe:ef:98:4e:6a:41:0b:
59:0c:b9:2b:e6:79:71:fe:05:3a:12:33:8c:5f:05:ba:11:9d:
9a:7b:2a:a9:c5:8b:64:fa:27:67:6c:78:80:77:5f:9b:58:99:
e8:f9:65:1e:ea:12:ab:74:67:a4:96:3b:3b:c9:57:9f:8a:eb:
a9:98:a2:a8:5e:51:8d:bb:32:0e:a0:b9:f8:5a:3d:eb:35:72:
6a:9d:a9:6a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZGT97J/kMAF42yfT/3dOkNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwODI3MTMxMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDM0NjhjZjI5MDkzZjBiY2FkYmFjYjgzZjk4ZTQ4YjI2NGIzNGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6J8czdUqAoB7u5OKBvGHl8jkULR
ZLBKg8zf0jDwmunwfdA9X95QuMjMPtxOaOI99gdhrPhZEtGw0mMWXnUhWjH0MqQE
fCxdRBERZDUTAA9qcOkf7ohRB0bC9HMWswfaqec+WRHp1KzvMdvzQr3zq2Uo1IrX
MCG6YrdrvtmY4oWh/Q5L7Le9saUhXb+Naxp5xAh+j0/d1hNBh1EzgHY0gLRvVcst
MnYkpSYMWMtdcw0xpuWFIO0SzGGnERfmXJopjwS33DBkgLgurMdDPa/Z0qJ+GeYV
lXbzCkO+r1PaLoUG11VpvsWDdmNXjTUKH5bU0VTxNhNNTyIFyZfKFljbDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB00aM8pCT8LytusuD+Y5IsmSzTjMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvSFRSb3p5a0pQd3ZLMjZ5NFA1amtpeVpMTk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUP31AwQA
UP33AwQA1Y6PMA0GCSqGSIb3DQEBCwUAA4IBAQAGvmBTFyK4Lx3F3uue4J30NQzs
bmhxfIh/wbdLl5WNQFtVMio49wD9UTKClHt2yufcrHy8uHuuLUubcqDgnNrxrTf/
mT+tklg6iTHqoVDqCEJtRZWTvBBEKWvn27HA3nGldHXcc/XtOCJi8jwxu7d5QzLl
zy+HhLjlC5nwAIXQxvRFp68dgptsKURxxui3MgmNApo/2OfafPzLavLDna0nabyC
MsuSS4eE2PV4UP7vmE5qQQtZDLkr5nlx/gU6EjOMXwW6EZ2aeyqpxYtk+idnbHiA
d1+bWJno+WUe6hKrdGekljs7yVefiuupmKKoXlGNuzIOoLn4Wj3rNXJqnalq
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:09:33 2025 by rpki-client