Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/a183ef-ab60-4d59-b5dd-9ae5db28c7e2/1/diT7vtWD9iAqRlCM9kQiAWAPojQ.roa
File: diT7vtWD9iAqRlCM9kQiAWAPojQ.roa (raw, json)
Hash identifier: 4ig0rn3a2FcWCbBTGfWA8KOqVt6UjPcWInHNIJXiUdo=
Subject key identifier: 76:24:FB:BE:D5:83:F6:20:2A:46:50:8C:F6:44:22:01:60:0F:A2:34
Certificate issuer: /CN=9fe8f68fd828704e8d70796c783327dcde9b0c8e
Certificate serial: 0187517CF0A3ABFD8C6DD3648F2653DE1A14
Authority key identifier: 9F:E8:F6:8F:D8:28:70:4E:8D:70:79:6C:78:33:27:DC:DE:9B:0C:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/n-j2j9gocE6NcHlseDMn3N6bDI4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/a183ef-ab60-4d59-b5dd-9ae5db28c7e2/1/diT7vtWD9iAqRlCM9kQiAWAPojQ.roa
Signing time: Wed 05 Apr 2023 12:55:55 +0000
ROA not before: Wed 05 Apr 2023 12:55:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199565
IP address blocks: 46.229.242.0/24 maxlen: 24
46.229.247.0/24 maxlen: 24
46.229.251.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:51:7c:f0:a3:ab:fd:8c:6d:d3:64:8f:26:53:de:1a:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9fe8f68fd828704e8d70796c783327dcde9b0c8e
Validity
Not Before: Apr 5 12:55:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7624fbbed583f6202a46508cf6442201600fa234
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:03:ea:a2:46:36:fe:69:9f:af:a7:f4:ee:91:
15:a3:a6:bd:36:be:81:cb:d7:dd:36:c4:0d:c5:da:
67:45:20:ec:c8:94:96:e7:d7:d2:6f:40:7f:ab:9c:
26:4c:d5:5b:4a:21:1a:ec:65:f0:1f:ad:a3:a2:4f:
2e:e4:c7:80:3a:d5:09:76:81:cd:81:67:32:45:f4:
68:13:a0:14:0a:93:da:12:b4:bc:db:e0:74:79:ba:
0d:b4:ac:39:1c:fd:74:15:60:1f:d8:69:cb:1e:55:
d8:a4:e5:17:65:20:c2:e6:cb:c8:0a:8a:45:73:45:
20:c0:e8:9e:ab:0e:43:89:7a:2c:c7:c5:15:1c:2c:
84:bc:cb:3a:9e:44:9d:19:2e:e7:f7:41:e5:ed:f5:
5b:d6:93:cf:d1:2a:77:d4:b7:f8:37:f6:c2:01:3b:
bb:f5:9c:d0:99:b9:51:de:86:b7:f9:b3:1f:05:87:
aa:3b:4a:3d:8f:f6:ca:87:35:2a:b4:f2:ec:69:dc:
95:bf:9f:f9:10:b7:f7:1d:39:dc:9f:48:40:09:a0:
8f:b9:47:7f:c6:0a:6e:39:a5:41:e2:98:8e:d5:de:
71:db:89:18:18:3f:42:a7:10:16:c4:2d:5e:10:7f:
69:b3:db:70:a1:af:ff:e0:c0:64:72:92:b9:db:4c:
94:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:24:FB:BE:D5:83:F6:20:2A:46:50:8C:F6:44:22:01:60:0F:A2:34
X509v3 Authority Key Identifier:
keyid:9F:E8:F6:8F:D8:28:70:4E:8D:70:79:6C:78:33:27:DC:DE:9B:0C:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n-j2j9gocE6NcHlseDMn3N6bDI4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/a183ef-ab60-4d59-b5dd-9ae5db28c7e2/1/diT7vtWD9iAqRlCM9kQiAWAPojQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/a183ef-ab60-4d59-b5dd-9ae5db28c7e2/1/n-j2j9gocE6NcHlseDMn3N6bDI4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.229.242.0/24
46.229.247.0/24
46.229.251.0/24
Signature Algorithm: sha256WithRSAEncryption
43:c2:7e:f7:2d:5c:1f:bb:30:7f:2c:e9:a0:76:e0:e7:b3:92:
d3:7d:ad:fd:7d:2d:0f:c6:63:0c:bf:27:57:bf:7e:f4:ae:db:
9f:2b:c1:7e:e9:e2:82:2a:1b:79:60:8a:cb:aa:9c:65:2d:1c:
6a:03:f0:2f:69:e6:0f:f6:bc:1a:b9:42:37:2d:c1:db:1a:38:
57:a6:25:49:5d:1f:ab:fb:0b:ca:71:14:8f:b4:ef:e8:20:b8:
3b:ed:6c:ab:d4:76:5e:e1:47:17:4a:49:e0:cd:fd:7d:bb:26:
82:79:c9:70:fd:47:23:80:0a:c0:2e:e6:69:20:a1:47:b4:43:
74:b7:6d:5c:41:8c:7a:4e:3d:0d:61:86:8c:0c:32:a8:59:db:
15:21:a5:2f:05:b0:53:09:0f:07:a7:f0:0c:3c:83:1c:b0:5d:
15:56:5a:3b:d3:da:f3:b4:01:3b:ec:fc:92:48:e4:f8:e1:ff:
ed:9b:0d:6d:bb:4e:c8:f7:d9:fe:0d:07:19:ed:62:f5:12:3f:
b3:9f:5b:b6:69:56:e7:4d:70:43:c1:63:ff:36:ef:85:6b:36:
9e:ba:4c:ec:70:2f:ea:55:e1:03:f2:c6:49:97:52:76:63:a4:
16:3f:54:f5:2a:d2:94:6a:49:9a:14:5e:d2:7f:f9:d1:35:44:
7f:a8:89:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYdRfPCjq/2MbdNkjyZT3hoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZThmNjhmZDgyODcwNGU4ZDcwNzk2Yzc4MzMyN2RjZGU5
YjBjOGUwHhcNMjMwNDA1MTI1NTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjI0ZmJiZWQ1ODNmNjIwMmE0NjUwOGNmNjQ0MjIwMTYwMGZhMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAPqokY2/mmfr6f07pEVo6a9Nr6B
y9fdNsQNxdpnRSDsyJSW59fSb0B/q5wmTNVbSiEa7GXwH62jok8u5MeAOtUJdoHN
gWcyRfRoE6AUCpPaErS82+B0eboNtKw5HP10FWAf2GnLHlXYpOUXZSDC5svICopF
c0UgwOieqw5DiXosx8UVHCyEvMs6nkSdGS7n90Hl7fVb1pPP0Sp31Lf4N/bCATu7
9ZzQmblR3oa3+bMfBYeqO0o9j/bKhzUqtPLsadyVv5/5ELf3HTncn0hACaCPuUd/
xgpuOaVB4piO1d5x24kYGD9CpxAWxC1eEH9ps9twoa//4MBkcpK520yUkQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHYk+77Vg/YgKkZQjPZEIgFgD6I0MB8GA1UdIwQY
MBaAFJ/o9o/YKHBOjXB5bHgzJ9zemwyOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbi1qMmo5Z29jRTZOY0hsc2VETW4zTjZiREk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hMTgzZWYtYWI2MC00ZDU5LWI1ZGQt
OWFlNWRiMjhjN2UyLzEvZGlUN3Z0V0Q5aUFxUmxDTTlrUWlBV0FQb2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hMTgzZWYtYWI2MC00ZDU5LWI1ZGQtOWFlNWRiMjhjN2Uy
LzEvbi1qMmo5Z29jRTZOY0hsc2VETW4zTjZiREk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALuXyAwQA
LuX3AwQALuX7MA0GCSqGSIb3DQEBCwUAA4IBAQBDwn73LVwfuzB/LOmgduDns5LT
fa39fS0PxmMMvydXv370rtufK8F+6eKCKht5YIrLqpxlLRxqA/AvaeYP9rwauUI3
LcHbGjhXpiVJXR+r+wvKcRSPtO/oILg77Wyr1HZe4UcXSkngzf19uyaCeclw/Ucj
gArALuZpIKFHtEN0t21cQYx6Tj0NYYaMDDKoWdsVIaUvBbBTCQ8Hp/AMPIMcsF0V
Vlo709rztAE77PySSOT44f/tmw1tu07I99n+DQcZ7WL1Ej+zn1u2aVbnTXBDwWP/
Nu+FazaeukzscC/qVeED8sZJl1J2Y6QWP1T1KtKUakmaFF7Sf/nRNUR/qImA
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:31 2024 by rpki-client on console-ams.rpki-client.org