Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/TJu1aM3g1VSnNoMndbrS4g4fMzs.roa
File: TJu1aM3g1VSnNoMndbrS4g4fMzs.roa (raw, json)
Hash identifier: IOLgbFXViflTOD5eKKpzpT9961OgtcKzUqymgmUodyw=
Subject key identifier: 4C:9B:B5:68:CD:E0:D5:54:A7:36:83:27:75:BA:D2:E2:0E:1F:33:3B
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01881BFD0F47B4DB9A2EA4AD673BA4D0330E
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/TJu1aM3g1VSnNoMndbrS4g4fMzs.roa
Signing time: Sun 14 May 2023 20:39:09 +0000
ROA not before: Sun 14 May 2023 20:39:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 46.249.104.0/22 maxlen: 22
46.249.112.0/22 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1b:fd:0f:47:b4:db:9a:2e:a4:ad:67:3b:a4:d0:33:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: May 14 20:39:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4c9bb568cde0d554a736832775bad2e20e1f333b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:88:76:87:9a:c9:b3:22:73:ed:72:a9:63:d6:
45:87:82:d8:76:ca:c6:9e:9e:e7:55:6d:24:8e:f3:
53:b6:9f:68:28:4b:73:14:fe:3f:47:f1:ef:7f:85:
67:b3:79:e5:0f:0e:ae:cc:58:50:7e:f0:a7:25:04:
44:17:5e:7d:d8:e0:da:f3:e3:05:b7:a2:95:90:e5:
e2:3a:43:f7:da:fd:b3:95:90:54:fe:19:44:a0:9b:
be:f3:ca:f0:fb:ef:3e:48:08:cc:93:00:ab:4c:52:
9b:07:f0:64:cc:1d:1e:3b:02:e4:a2:1e:8a:b2:61:
a8:24:07:52:aa:77:83:d0:1f:4b:e3:5c:0a:da:76:
27:79:9e:68:14:4e:56:2f:00:59:f2:2a:09:fe:45:
9b:89:64:e8:cf:c7:2c:2b:c1:6d:c8:7c:1d:c3:a5:
2e:f6:36:9f:55:d0:c6:75:41:ef:e4:05:70:a8:0c:
c6:9d:2d:68:9a:1c:c2:fe:92:59:2c:d5:68:30:c4:
92:9e:ae:00:fe:07:bb:c1:73:d1:27:33:65:11:bb:
82:a8:e0:eb:2d:0f:64:8b:a0:bc:af:21:15:95:39:
e8:a8:43:6e:48:4f:5a:8d:21:6d:64:c6:52:dc:f0:
4a:72:4e:87:19:9a:5e:47:80:86:cd:d2:f8:80:97:
bd:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:9B:B5:68:CD:E0:D5:54:A7:36:83:27:75:BA:D2:E2:0E:1F:33:3B
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/TJu1aM3g1VSnNoMndbrS4g4fMzs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.249.104.0/22
46.249.112.0/22
185.129.108.0/23
Signature Algorithm: sha256WithRSAEncryption
69:a7:89:97:fc:1e:b0:fc:91:39:3b:85:6f:2e:0a:a7:2e:0f:
be:49:52:07:4b:97:ef:44:aa:9e:d1:24:3e:dd:f3:ad:6f:33:
e1:bc:59:80:5d:d1:41:54:ab:a8:2d:92:2a:0f:bf:ba:93:3c:
ae:a8:27:96:9b:85:b8:1f:11:d8:84:b2:aa:0d:87:18:03:3f:
8b:8c:15:29:e5:66:ba:19:c4:b1:18:60:bb:5f:82:fa:46:0f:
6d:fc:2a:17:73:89:b3:eb:5f:b8:d8:44:76:26:25:6e:e4:45:
03:63:73:46:d0:eb:66:3a:9a:6d:95:ee:fc:90:31:32:02:b2:
30:25:31:00:22:4e:a7:e2:92:5a:b6:75:cc:1a:b8:41:17:00:
21:ae:72:21:a6:e0:ca:3d:32:15:22:b1:e2:e4:e3:f0:5e:01:
82:be:ec:ee:18:5c:04:b5:98:c1:e3:94:37:b1:7f:b8:c5:da:
1a:fc:85:a9:cf:86:00:51:e7:e0:b2:85:2f:17:ca:98:d2:38:
5a:99:3b:73:04:c8:5d:68:df:f8:f1:81:03:d0:bf:29:64:9d:
ca:5c:d9:65:55:f0:65:73:49:ae:63:16:0e:3b:a7:56:47:c3:
b5:04:04:a5:51:20:4d:c9:e6:9c:0d:da:98:c7:27:26:ec:ea:
be:13:f9:78
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYgb/Q9HtNuaLqStZzuk0DMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwNTE0MjAzOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzliYjU2OGNkZTBkNTU0YTczNjgzMjc3NWJhZDJlMjBlMWYzMzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4h2h5rJsyJz7XKpY9ZFh4LYdsrG
np7nVW0kjvNTtp9oKEtzFP4/R/Hvf4Vns3nlDw6uzFhQfvCnJQREF1592ODa8+MF
t6KVkOXiOkP32v2zlZBU/hlEoJu+88rw++8+SAjMkwCrTFKbB/BkzB0eOwLkoh6K
smGoJAdSqneD0B9L41wK2nYneZ5oFE5WLwBZ8ioJ/kWbiWToz8csK8FtyHwdw6Uu
9jafVdDGdUHv5AVwqAzGnS1omhzC/pJZLNVoMMSSnq4A/ge7wXPRJzNlEbuCqODr
LQ9ki6C8ryEVlTnoqENuSE9ajSFtZMZS3PBKck6HGZpeR4CGzdL4gJe95QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEybtWjN4NVUpzaDJ3W60uIOHzM7MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVEp1MWFNM2cxVlNuTm9NbmRiclM0ZzRmTXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLvloAwQC
LvlwAwQBuYFsMA0GCSqGSIb3DQEBCwUAA4IBAQBpp4mX/B6w/JE5O4VvLgqnLg++
SVIHS5fvRKqe0SQ+3fOtbzPhvFmAXdFBVKuoLZIqD7+6kzyuqCeWm4W4HxHYhLKq
DYcYAz+LjBUp5Wa6GcSxGGC7X4L6Rg9t/CoXc4mz61+42ER2JiVu5EUDY3NG0Otm
Opptle78kDEyArIwJTEAIk6n4pJatnXMGrhBFwAhrnIhpuDKPTIVIrHi5OPwXgGC
vuzuGFwEtZjB45Q3sX+4xdoa/IWpz4YAUefgsoUvF8qY0jhamTtzBMhdaN/48YED
0L8pZJ3KXNllVfBlc0muYxYOO6dWR8O1BASlUSBNyeacDdqYxycm7Oq+E/l4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org