Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/JMFEsNttwVyWmGmA9toW44r6oUw.roa
File: JMFEsNttwVyWmGmA9toW44r6oUw.roa (raw, json)
Hash identifier: VFxwlJvBqlDgZVs0ri6LndsxrhecQUhoaYcsoeAyxu8=
Subject key identifier: 24:C1:44:B0:DB:6D:C1:5C:96:98:69:80:F6:DA:16:E3:8A:FA:A1:4C
Certificate issuer: /CN=a0a8631e6e5a7ac66da4fb160fd5b4fca9378805
Certificate serial: 01825B0B9A003046CFCAA56E8E96DDC6DBD0
Authority key identifier: A0:A8:63:1E:6E:5A:7A:C6:6D:A4:FB:16:0F:D5:B4:FC:A9:37:88:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oKhjHm5aesZtpPsWD9W0_Kk3iAU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/JMFEsNttwVyWmGmA9toW44r6oUw.roa
Signing time: Mon 01 Aug 2022 20:14:23 +0000
ROA not before: Mon 01 Aug 2022 20:14:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60198
IP address blocks: 46.17.216.0/21 maxlen: 21
2a02:4f63::/32 maxlen: 32
2a02:4f61::/32 maxlen: 32
2a02:4f64::/32 maxlen: 32
2a02:4f67::/32 maxlen: 32
2a02:4f60::/32 maxlen: 32
2a02:4f66::/32 maxlen: 32
2a02:4f65::/32 maxlen: 32
2a02:4f62::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:5b:0b:9a:00:30:46:cf:ca:a5:6e:8e:96:dd:c6:db:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0a8631e6e5a7ac66da4fb160fd5b4fca9378805
Validity
Not Before: Aug 1 20:14:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=24c144b0db6dc15c96986980f6da16e38afaa14c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:03:71:77:2a:d1:cc:e0:f0:0f:60:a9:54:57:
e9:7f:0d:28:db:ab:08:b3:db:9e:b5:ae:c7:eb:64:
fd:f1:3e:fe:d8:35:75:70:28:fa:e4:e0:a5:83:55:
7b:9e:b6:09:b7:76:51:a0:b5:6f:de:5d:cd:40:fb:
41:8d:f5:f2:e6:35:2d:80:51:91:60:aa:3e:f9:01:
da:11:3a:9d:66:ca:26:bf:0e:6b:71:5a:89:86:dc:
f6:e0:32:5c:96:a5:20:72:e5:1a:30:75:71:b4:04:
c9:3e:e4:0e:cc:30:dc:f7:5a:83:d4:35:9c:37:26:
cd:fd:04:66:9a:bb:16:c1:32:80:05:e5:5e:1f:f0:
98:a4:16:78:47:46:aa:9f:95:09:e0:53:2b:0b:1e:
ad:c5:d8:32:a3:ca:c1:c3:f6:9c:ff:7e:5b:36:b2:
60:12:d7:44:1f:e8:d4:9f:66:07:3c:6d:a6:15:fa:
c0:51:2d:fa:05:8f:fd:12:5d:5f:05:53:d4:2f:09:
be:b4:8a:41:25:e3:d9:be:48:82:fc:e1:c1:33:9a:
6e:8a:2a:71:88:39:d9:81:de:22:c7:e9:8a:d9:ab:
f3:2b:7f:b9:6d:8b:1c:b5:1c:6a:92:2a:7e:2d:9a:
42:f5:7f:2d:46:16:ff:b4:42:53:23:b6:c6:ba:8b:
f3:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:C1:44:B0:DB:6D:C1:5C:96:98:69:80:F6:DA:16:E3:8A:FA:A1:4C
X509v3 Authority Key Identifier:
keyid:A0:A8:63:1E:6E:5A:7A:C6:6D:A4:FB:16:0F:D5:B4:FC:A9:37:88:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKhjHm5aesZtpPsWD9W0_Kk3iAU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/JMFEsNttwVyWmGmA9toW44r6oUw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/oKhjHm5aesZtpPsWD9W0_Kk3iAU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.17.216.0/21
IPv6:
2a02:4f60::/29
Signature Algorithm: sha256WithRSAEncryption
3d:33:62:07:e4:a4:81:d2:20:8c:97:cc:52:16:95:1a:29:42:
7e:47:1b:c4:e3:4f:a0:19:ab:bb:3d:64:f3:4b:6c:49:40:56:
32:69:b1:f1:84:c2:f3:d5:4d:47:b8:15:d4:5b:29:0b:99:aa:
fd:1f:1b:fd:c1:cc:97:44:3c:7e:4d:95:fa:f5:2d:81:f8:9b:
31:5d:ad:85:59:25:6f:68:5b:0e:f8:63:8c:b5:9b:a9:5e:f4:
d6:8f:f0:af:3c:f2:0d:ba:6c:44:94:84:89:13:2c:38:55:ae:
df:3e:69:13:88:02:62:ad:71:2f:68:8e:f3:a1:d5:ea:0f:83:
09:47:02:d1:36:a0:db:6e:22:aa:eb:4c:f0:c7:0a:65:de:66:
d7:c6:45:ae:af:8d:6a:3d:cb:26:14:b7:23:02:ff:ef:37:2f:
99:09:bd:db:1c:6d:93:b8:b8:e8:4c:c8:8f:80:3b:64:88:26:
88:1b:c1:f5:33:cd:e6:7c:d6:f1:2d:2d:e2:63:54:34:ff:bc:
af:4d:7c:c3:51:2f:5f:88:d6:41:09:95:0f:61:8a:88:f0:7f:
4c:3b:a3:15:b3:a1:75:2f:7b:54:68:73:e5:84:20:f1:d7:8d:
56:8d:5b:69:74:f8:4d:65:6b:6b:b5:b2:aa:ec:ad:93:7f:b9:
7c:9b:a4:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYJbC5oAMEbPyqVujpbdxtvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYTg2MzFlNmU1YTdhYzY2ZGE0ZmIxNjBmZDViNGZjYTkz
Nzg4MDUwHhcNMjIwODAxMjAxNDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGMxNDRiMGRiNmRjMTVjOTY5ODY5ODBmNmRhMTZlMzhhZmFhMTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjANxdyrRzODwD2CpVFfpfw0o26sI
s9ueta7H62T98T7+2DV1cCj65OClg1V7nrYJt3ZRoLVv3l3NQPtBjfXy5jUtgFGR
YKo++QHaETqdZsomvw5rcVqJhtz24DJclqUgcuUaMHVxtATJPuQOzDDc91qD1DWc
NybN/QRmmrsWwTKABeVeH/CYpBZ4R0aqn5UJ4FMrCx6txdgyo8rBw/ac/35bNrJg
EtdEH+jUn2YHPG2mFfrAUS36BY/9El1fBVPULwm+tIpBJePZvkiC/OHBM5puiipx
iDnZgd4ix+mK2avzK3+5bYsctRxqkip+LZpC9X8tRhb/tEJTI7bGuovzEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCTBRLDbbcFclphpgPbaFuOK+qFMMB8GA1UdIwQY
MBaAFKCoYx5uWnrGbaT7Fg/VtPypN4gFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0toakhtNWFlc1p0cFBzV0Q5VzBfS2szaUFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kZmZhOWItMWQ2OS00ODY5LTlkYzQt
ODY3ZDFkODc3MTQwLzEvSk1GRXNOdHR3VnlXbUdtQTl0b1c0NHI2b1V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kZmZhOWItMWQ2OS00ODY5LTlkYzQtODY3ZDFkODc3MTQw
LzEvb0toakhtNWFlc1p0cFBzV0Q5VzBfS2szaUFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLhHYMA0E
AgACMAcDBQMqAk9gMA0GCSqGSIb3DQEBCwUAA4IBAQA9M2IH5KSB0iCMl8xSFpUa
KUJ+RxvE40+gGau7PWTzS2xJQFYyabHxhMLz1U1HuBXUWykLmar9Hxv9wcyXRDx+
TZX69S2B+JsxXa2FWSVvaFsO+GOMtZupXvTWj/CvPPINumxElISJEyw4Va7fPmkT
iAJirXEvaI7zodXqD4MJRwLRNqDbbiKq60zwxwpl3mbXxkWur41qPcsmFLcjAv/v
Ny+ZCb3bHG2TuLjoTMiPgDtkiCaIG8H1M83mfNbxLS3iY1Q0/7yvTXzDUS9fiNZB
CZUPYYqI8H9MO6MVs6F1L3tUaHPlhCDx141WjVtpdPhNZWtrtbKq7K2Tf7l8m6Sm
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:15 2024 by rpki-client on console-fra.rpki-client.org