Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/71Al3acPoNqjOMIsheSlJXEwXjo.roa
File: 71Al3acPoNqjOMIsheSlJXEwXjo.roa (raw, json)
Hash identifier: tXaf/4nwv2sEHRL8iTnWx1861DeOBgVLazKMP+j1m8I=
Subject key identifier: EF:50:25:DD:A7:0F:A0:DA:A3:38:C2:2C:85:E4:A5:25:71:30:5E:3A
Certificate issuer: /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial: 019423D7C81AE84DB5F86E5F019A0C163224
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/71Al3acPoNqjOMIsheSlJXEwXjo.roa
Signing time: Wed 01 Jan 2025 21:48:51 +0000
ROA not before: Wed 01 Jan 2025 21:48:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198154
IP address blocks: 46.36.100.0/24 maxlen: 24
46.36.102.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:c8:1a:e8:4d:b5:f8:6e:5f:01:9a:0c:16:32:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Validity
Not Before: Jan 1 21:48:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ef5025dda70fa0daa338c22c85e4a52571305e3a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:16:8b:1b:8b:c6:a6:96:0d:70:0e:6c:51:3c:
ff:06:b2:32:37:02:de:20:31:f7:fe:88:ea:da:4d:
68:52:e7:11:9f:ce:f4:a9:7b:3a:32:91:6a:c7:5d:
db:08:34:01:49:d6:d2:77:16:82:4b:fb:6e:28:9d:
cf:41:5f:1f:0f:4c:74:9a:c3:fa:50:88:70:e3:d7:
cb:fb:b2:03:df:97:ef:4e:19:9a:16:bc:18:c7:2e:
4c:d5:b5:d5:cf:de:db:e9:ff:0e:aa:62:18:b4:85:
f5:65:96:22:6a:2e:69:af:b6:75:d7:51:ea:53:b7:
f0:61:ef:62:fd:91:ff:6b:fb:9b:9d:d0:85:78:84:
b2:2f:01:1f:1a:70:8e:d2:09:19:6f:f3:85:a1:fb:
42:50:88:23:0e:83:6e:b7:1b:d2:f3:47:5a:20:0c:
27:21:6e:04:b8:b3:8a:05:97:a8:83:81:3b:1a:4f:
cc:9b:99:bb:b6:e9:b5:65:5c:85:01:9d:96:6b:6a:
8b:a9:27:c0:50:db:10:c9:1b:e4:1c:17:bd:84:32:
59:32:8c:74:47:9e:4f:ff:ff:a6:27:06:27:63:c2:
c9:d9:58:42:63:9c:4c:01:25:e8:be:d2:ee:42:ac:
f1:37:8c:d4:e8:c4:7f:40:fd:ed:ce:6c:67:1f:73:
08:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:50:25:DD:A7:0F:A0:DA:A3:38:C2:2C:85:E4:A5:25:71:30:5E:3A
X509v3 Authority Key Identifier:
keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/71Al3acPoNqjOMIsheSlJXEwXjo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.36.100.0/24
46.36.102.0/24
Signature Algorithm: sha256WithRSAEncryption
27:19:1b:64:d0:a7:35:8f:af:4f:bd:a8:20:f7:a0:a1:e8:51:
46:23:45:31:90:9c:f1:0b:f7:42:e2:f5:85:af:d1:a6:02:be:
11:89:d0:4a:64:96:7b:b4:99:e6:c8:a4:45:e9:b1:d8:03:b5:
08:6b:25:78:c7:f1:d8:a9:a9:0e:ad:e3:bc:09:8b:11:8c:d7:
18:f3:ce:84:a5:c7:b4:20:02:f4:4d:9d:b8:95:1f:d2:3c:4b:
08:07:74:8b:71:61:10:0f:c3:91:5b:28:e0:cc:ac:f9:e6:de:
d7:98:ae:ea:d3:06:79:19:33:bc:0b:13:7e:a7:99:08:f0:e4:
f8:39:9f:b2:8a:ca:e4:00:db:dd:f1:03:e3:1b:68:98:e6:4e:
7c:b7:b5:4a:8d:7f:07:ef:c0:78:e3:24:5e:9f:2b:53:64:30:
87:15:d2:5f:cc:bb:41:41:bb:ab:a0:b9:3a:ce:81:95:29:c2:
06:f4:55:70:fe:50:19:1d:6f:92:34:4e:83:32:ee:74:96:ca:
d8:4b:69:a8:36:e7:e3:e1:2a:c0:45:2c:4d:fd:91:4e:f7:37:
7f:9b:cb:e8:ff:c1:f8:38:6f:74:1f:8d:9a:35:46:34:37:b6:
74:ff:48:f7:fa:df:06:2f:9f:6b:1d:47:d0:f6:e7:a7:ac:85:
8d:db:35:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj18ga6E21+G5fAZoMFjIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjUwMTAxMjE0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjUwMjVkZGE3MGZhMGRhYTMzOGMyMmM4NWU0YTUyNTcxMzA1ZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthaLG4vGppYNcA5sUTz/BrIyNwLe
IDH3/ojq2k1oUucRn870qXs6MpFqx13bCDQBSdbSdxaCS/tuKJ3PQV8fD0x0msP6
UIhw49fL+7ID35fvThmaFrwYxy5M1bXVz97b6f8OqmIYtIX1ZZYiai5pr7Z111Hq
U7fwYe9i/ZH/a/ubndCFeISyLwEfGnCO0gkZb/OFoftCUIgjDoNutxvS80daIAwn
IW4EuLOKBZeog4E7Gk/Mm5m7tum1ZVyFAZ2Wa2qLqSfAUNsQyRvkHBe9hDJZMox0
R55P//+mJwYnY8LJ2VhCY5xMASXovtLuQqzxN4zU6MR/QP3tzmxnH3MI4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO9QJd2nD6DaozjCLIXkpSVxMF46MB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvNzFBbDNhY1BvTnFqT01Jc2hlU2xKWEV3WGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiRkAwQA
LiRmMA0GCSqGSIb3DQEBCwUAA4IBAQAnGRtk0Kc1j69Pvagg96Ch6FFGI0UxkJzx
C/dC4vWFr9GmAr4RidBKZJZ7tJnmyKRF6bHYA7UIayV4x/HYqakOreO8CYsRjNcY
886Epce0IAL0TZ24lR/SPEsIB3SLcWEQD8ORWyjgzKz55t7XmK7q0wZ5GTO8CxN+
p5kI8OT4OZ+yisrkANvd8QPjG2iY5k58t7VKjX8H78B44yRenytTZDCHFdJfzLtB
QburoLk6zoGVKcIG9FVw/lAZHW+SNE6DMu50lsrYS2moNufj4SrARSxN/ZFO9zd/
m8vo/8H4OG90H42aNUY0N7Z0/0j3+t8GL59rHUfQ9uenrIWN2zX8
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:18:55 2025 by rpki-client