Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UvNUi5syTPfin0VCKsycmQO2QTo.roa
File: UvNUi5syTPfin0VCKsycmQO2QTo.roa (raw, json)
Hash identifier: uec1/g9G8hCzQv5Va3/5NwWQ7c6AEB78daVJA7tUHFk=
Subject key identifier: 52:F3:54:8B:9B:32:4C:F7:E2:9F:45:42:2A:CC:9C:99:03:B6:41:3A
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018824A69805BD0DB9A350DB0E04FC0B8169
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UvNUi5syTPfin0VCKsycmQO2QTo.roa
Signing time: Tue 16 May 2023 13:01:17 +0000
ROA not before: Tue 16 May 2023 13:01:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 46.249.104.0/22 maxlen: 22
46.249.108.0/22 maxlen: 24
46.249.112.0/22 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:24:a6:98:05:bd:0d:b9:a3:50:db:0e:04:fc:0b:81:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: May 16 13:01:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=52f3548b9b324cf7e29f45422acc9c9903b6413a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:b6:b4:d0:68:8f:d5:ee:c5:1d:1a:7d:8e:ca:
ca:15:b0:3f:7b:fa:9a:d3:69:9f:7a:d7:f8:c5:30:
aa:97:f8:60:ab:bc:da:10:03:f0:79:e6:6f:50:d1:
9b:00:cb:80:93:88:44:15:36:f3:f3:77:dd:73:f0:
6d:3e:2d:83:45:17:44:15:1e:88:61:e0:12:4a:78:
f4:63:f3:07:66:cc:f9:ff:38:7c:61:62:ad:7a:e0:
1a:6b:2f:08:2e:b6:0f:9c:3a:84:67:25:f0:49:1f:
5a:48:d6:f5:49:23:ef:b0:f6:df:e0:e0:11:af:44:
98:e5:c6:5a:85:a8:7a:dc:c1:b4:82:a4:87:d6:fd:
3d:60:79:67:b9:c8:f6:57:fa:05:97:d7:99:41:56:
fa:9f:a8:66:c0:5e:31:83:7f:1d:6d:5a:c7:c0:c9:
4d:96:81:45:3b:9f:f7:85:4d:11:40:19:d0:5a:1c:
94:0c:b1:27:a7:75:54:d2:d4:0b:a9:1b:8e:1d:aa:
cb:91:e0:cb:3c:af:98:ec:0d:21:52:25:0b:6c:ab:
c3:26:52:2e:37:5b:e7:89:f0:6e:60:7d:33:3b:f3:
e7:d7:ec:eb:93:22:ad:52:1e:fa:86:61:4a:17:53:
3f:48:8e:8d:0e:e1:ce:77:90:80:4e:b0:e7:85:e0:
cf:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:F3:54:8B:9B:32:4C:F7:E2:9F:45:42:2A:CC:9C:99:03:B6:41:3A
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UvNUi5syTPfin0VCKsycmQO2QTo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.249.104.0-46.249.115.255
185.129.108.0/23
Signature Algorithm: sha256WithRSAEncryption
a3:a5:fa:12:12:16:eb:e5:24:6a:f4:b3:18:d6:6a:7f:cb:64:
69:6e:8b:56:5b:ce:a9:93:e8:f3:4f:72:8b:d4:8b:9d:91:b0:
b6:26:72:23:60:1d:b2:42:62:8f:4e:c6:20:24:76:15:33:8f:
2b:b5:0e:2f:2b:48:b7:60:6f:40:13:3f:5f:76:bf:7d:6e:6f:
fc:35:00:4c:52:de:46:bf:bd:cb:cd:fa:2a:5f:f6:cc:d6:28:
2b:85:fe:9c:d8:06:08:ba:3b:ac:ad:31:24:c8:f7:b7:72:fb:
b4:cf:d7:e8:5a:b3:6f:b1:92:39:ac:08:ba:42:b6:3a:d0:bb:
16:68:ab:3d:0a:1b:34:36:dc:f1:7b:3b:70:7d:ad:db:8f:17:
27:6b:e2:2c:82:0e:74:4e:9c:27:ac:c1:38:3d:4d:a1:bb:14:
fe:fa:df:1b:a6:86:06:85:72:53:ac:b9:56:f0:67:2f:3d:85:
02:8b:a3:40:97:e9:c6:18:b7:e6:c0:d7:9c:5a:47:e3:54:4f:
f0:14:ca:52:25:db:10:52:f8:e2:88:0a:f1:5d:65:a4:81:bf:
54:89:1d:2b:ec:e3:f3:64:ed:b6:e4:7d:97:04:ec:cd:f1:53:
aa:82:02:be:12:2c:8c:66:b2:d1:68:60:00:73:d9:15:0c:5c:
09:76:8c:81
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYgkppgFvQ25o1DbDgT8C4FpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwNTE2MTMwMTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmYzNTQ4YjliMzI0Y2Y3ZTI5ZjQ1NDIyYWNjOWM5OTAzYjY0MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLa00GiP1e7FHRp9jsrKFbA/e/qa
02mfetf4xTCql/hgq7zaEAPweeZvUNGbAMuAk4hEFTbz83fdc/BtPi2DRRdEFR6I
YeASSnj0Y/MHZsz5/zh8YWKteuAaay8ILrYPnDqEZyXwSR9aSNb1SSPvsPbf4OAR
r0SY5cZahah63MG0gqSH1v09YHlnucj2V/oFl9eZQVb6n6hmwF4xg38dbVrHwMlN
loFFO5/3hU0RQBnQWhyUDLEnp3VU0tQLqRuOHarLkeDLPK+Y7A0hUiULbKvDJlIu
N1vnifBuYH0zO/Pn1+zrkyKtUh76hmFKF1M/SI6NDuHOd5CATrDnheDPRwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFLzVIubMkz34p9FQirMnJkDtkE6MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVXZOVWk1c3lUUGZpbjBWQ0tzeWNtUU8yUVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAMu+WgD
BAIu+XADBAG5gWwwDQYJKoZIhvcNAQELBQADggEBAKOl+hISFuvlJGr0sxjWan/L
ZGlui1ZbzqmT6PNPcovUi52RsLYmciNgHbJCYo9OxiAkdhUzjyu1Di8rSLdgb0AT
P192v31ub/w1AExS3ka/vcvN+ipf9szWKCuF/pzYBgi6O6ytMSTI97dy+7TP1+ha
s2+xkjmsCLpCtjrQuxZoqz0KGzQ23PF7O3B9rduPFydr4iyCDnROnCeswTg9TaG7
FP763xumhgaFclOsuVbwZy89hQKLo0CX6cYYt+bA15xaR+NUT/AUylIl2xBS+OKI
CvFdZaSBv1SJHSvs4/Nk7bbkfZcE7M3xU6qCAr4SLIxmstFoYABz2RUMXAl2jIE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org