Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/yIyb-jcrZ5av4gcQwcakRkw6JYs.roa
File: yIyb-jcrZ5av4gcQwcakRkw6JYs.roa (raw, json)
Hash identifier: bPOAQtqKggNKclyo7eR+vLol1zheC9cbE6FKDTcGO4k=
Subject key identifier: C8:8C:9B:FA:37:2B:67:96:AF:E2:07:10:C1:C6:A4:46:4C:3A:25:8B
Certificate issuer: /CN=64ded85d9a05b1df689a8b6c313f8128c7a00b67
Certificate serial: 01856F3925B2ACF4359A8B5A0432554A952B
Authority key identifier: 64:DE:D8:5D:9A:05:B1:DF:68:9A:8B:6C:31:3F:81:28:C7:A0:0B:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZN7YXZoFsd9omotsMT-BKMegC2c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/yIyb-jcrZ5av4gcQwcakRkw6JYs.roa
Signing time: Sun 01 Jan 2023 21:24:54 +0000
ROA not before: Sun 01 Jan 2023 21:24:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202048
IP address blocks: 46.28.232.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:39:25:b2:ac:f4:35:9a:8b:5a:04:32:55:4a:95:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=64ded85d9a05b1df689a8b6c313f8128c7a00b67
Validity
Not Before: Jan 1 21:24:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c88c9bfa372b6796afe20710c1c6a4464c3a258b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:72:8f:69:ee:f1:f1:1e:aa:03:f6:4d:af:f1:
57:1f:3b:74:e7:41:43:8b:82:d2:7f:5f:9e:0e:ff:
3b:9d:ff:43:1a:31:a5:c3:86:ac:3e:5a:f4:4e:8f:
e0:fd:fc:3b:95:db:e6:26:7f:58:bb:e8:8b:cf:70:
06:fc:b6:e6:cd:20:dc:59:27:fc:12:95:aa:29:eb:
79:9e:3c:bd:d7:8c:a7:9f:2a:6d:bd:06:23:67:ac:
94:62:98:b1:55:98:a8:cf:c5:16:92:ed:f9:e4:8c:
b1:09:ab:70:5e:e6:55:48:9f:80:bc:7b:f1:28:5a:
19:4f:41:19:56:81:f0:30:7c:6f:5a:4e:5c:85:90:
63:85:ca:c9:e9:1b:67:fd:38:69:82:45:50:75:7e:
4e:ea:12:68:b5:ae:69:30:a2:0c:2f:9a:a6:32:4c:
ed:03:81:77:65:54:2b:ed:84:c4:c7:dd:64:19:6e:
71:e3:94:ac:2f:51:68:25:a6:c2:2d:e4:f1:b0:7a:
72:a2:a5:19:a5:a2:35:2e:ff:b2:ee:5b:2a:a3:e6:
2e:cf:fb:31:79:ba:03:23:eb:58:a9:c7:36:ac:84:
30:af:4e:dc:81:ad:d2:c1:f2:93:f0:2d:83:52:f8:
76:7d:8d:e0:50:58:a3:aa:af:55:14:34:b8:ee:24:
b4:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:8C:9B:FA:37:2B:67:96:AF:E2:07:10:C1:C6:A4:46:4C:3A:25:8B
X509v3 Authority Key Identifier:
keyid:64:DE:D8:5D:9A:05:B1:DF:68:9A:8B:6C:31:3F:81:28:C7:A0:0B:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZN7YXZoFsd9omotsMT-BKMegC2c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/yIyb-jcrZ5av4gcQwcakRkw6JYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/ZN7YXZoFsd9omotsMT-BKMegC2c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.28.232.0/21
Signature Algorithm: sha256WithRSAEncryption
37:c8:3c:28:cd:07:42:b4:3f:c0:5f:7d:1a:98:2e:95:47:53:
af:77:d3:5b:68:d0:75:ca:81:ca:a7:90:5d:4b:a7:da:c1:ce:
e4:ae:60:d7:22:ff:3b:17:db:59:11:bf:36:5b:c0:1f:65:5a:
93:43:9f:65:53:7f:49:37:a4:89:bb:b0:c4:fa:00:92:f3:4e:
5e:05:26:7f:e5:27:92:d7:52:ac:b3:52:58:08:4e:4a:8b:b4:
8e:c6:78:20:a8:4a:49:52:33:6c:91:33:9b:b7:9a:8e:36:6b:
3b:1a:04:b9:32:f7:83:31:34:5c:36:16:c4:0a:21:8a:8b:d3:
c9:5f:2c:3d:21:9c:82:97:f9:b9:4b:b6:07:da:e6:53:11:f0:
68:a9:7b:89:f7:3d:51:18:92:4a:19:de:92:7a:f8:d2:9f:94:
8d:d3:06:65:d9:5d:8e:b1:37:fd:e0:b8:98:bb:db:db:ed:38:
9c:4d:fe:e3:c0:b4:5f:80:42:81:2b:b2:8a:2e:91:ff:5d:6e:
13:31:8a:5b:a5:d5:1a:1f:fd:c1:7c:3c:ef:e3:64:6e:cf:16:
4e:b6:b4:a3:6e:bd:36:d5:3f:27:2b:94:e5:53:82:c7:19:ed:
dd:b8:a5:72:c5:dc:dd:57:b6:87:9f:38:c3:24:3e:62:65:2e:
ff:0e:32:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvOSWyrPQ1motaBDJVSpUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZGVkODVkOWEwNWIxZGY2ODlhOGI2YzMxM2Y4MTI4Yzdh
MDBiNjcwHhcNMjMwMTAxMjEyNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODhjOWJmYTM3MmI2Nzk2YWZlMjA3MTBjMWM2YTQ0NjRjM2EyNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03KPae7x8R6qA/ZNr/FXHzt050FD
i4LSf1+eDv87nf9DGjGlw4asPlr0To/g/fw7ldvmJn9Yu+iLz3AG/LbmzSDcWSf8
EpWqKet5njy914ynnyptvQYjZ6yUYpixVZioz8UWku355IyxCatwXuZVSJ+AvHvx
KFoZT0EZVoHwMHxvWk5chZBjhcrJ6Rtn/ThpgkVQdX5O6hJota5pMKIML5qmMkzt
A4F3ZVQr7YTEx91kGW5x45SsL1FoJabCLeTxsHpyoqUZpaI1Lv+y7lsqo+Yuz/sx
eboDI+tYqcc2rIQwr07cga3SwfKT8C2DUvh2fY3gUFijqq9VFDS47iS0QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiMm/o3K2eWr+IHEMHGpEZMOiWLMB8GA1UdIwQY
MBaAFGTe2F2aBbHfaJqLbDE/gSjHoAtnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk43WVhab0ZzZDlvbW90c01ULUJLTWVnQzJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81NDZhZGUtZGFhMS00OWYxLThiYmUt
YjllYjg3MWY2ZDk2LzEveUl5Yi1qY3JaNWF2NGdjUXdjYWtSa3c2SllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81NDZhZGUtZGFhMS00OWYxLThiYmUtYjllYjg3MWY2ZDk2
LzEvWk43WVhab0ZzZDlvbW90c01ULUJLTWVnQzJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhzoMA0G
CSqGSIb3DQEBCwUAA4IBAQA3yDwozQdCtD/AX30amC6VR1Ovd9NbaNB1yoHKp5Bd
S6fawc7krmDXIv87F9tZEb82W8AfZVqTQ59lU39JN6SJu7DE+gCS805eBSZ/5SeS
11Kss1JYCE5Ki7SOxnggqEpJUjNskTObt5qONms7GgS5MveDMTRcNhbECiGKi9PJ
Xyw9IZyCl/m5S7YH2uZTEfBoqXuJ9z1RGJJKGd6SevjSn5SN0wZl2V2OsTf94LiY
u9vb7TicTf7jwLRfgEKBK7KKLpH/XW4TMYpbpdUaH/3BfDzv42RuzxZOtrSjbr02
1T8nK5TlU4LHGe3duKVyxdzdV7aHnzjDJD5iZS7/DjIl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:40 2024 by rpki-client on console-ams.rpki-client.org