Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/S4qUmmKZyWX2IINbKFRzYl9v3zU.roa
File: S4qUmmKZyWX2IINbKFRzYl9v3zU.roa (raw, json)
Hash identifier: u/5xkXdZfVJ/aPsl3YYrP5Zbmn1T50MxgHgW2uhLXdA=
Subject key identifier: 4B:8A:94:9A:62:99:C9:65:F6:20:83:5B:28:54:73:62:5F:6F:DF:35
Certificate issuer: /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial: 019423D7C921A0CAC0D61C1E0E2A75562EAB
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/S4qUmmKZyWX2IINbKFRzYl9v3zU.roa
Signing time: Wed 01 Jan 2025 21:48:51 +0000
ROA not before: Wed 01 Jan 2025 21:48:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204079
IP address blocks: 46.36.98.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:c9:21:a0:ca:c0:d6:1c:1e:0e:2a:75:56:2e:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Validity
Not Before: Jan 1 21:48:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b8a949a6299c965f620835b285473625f6fdf35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:e5:af:dd:a8:73:47:51:5a:9a:b1:9e:43:62:
58:08:81:73:a3:58:3e:92:8d:94:ca:c4:9b:58:16:
36:a3:aa:91:37:c6:51:5b:09:f4:1b:47:1e:09:49:
25:de:d0:53:12:69:89:a8:73:aa:ea:c4:e7:94:c2:
e7:f2:be:90:32:3d:69:ff:0f:2c:79:cb:bb:1c:69:
80:5f:9f:2a:7f:cc:5a:46:ce:86:69:c1:be:5d:b7:
ae:ec:b5:3d:af:92:23:57:41:20:13:ff:49:6e:0e:
db:bc:de:37:22:db:28:78:b5:f6:8c:e0:1b:28:c3:
5e:df:a2:50:44:b9:1e:09:a5:6a:cd:26:37:94:2d:
c9:e5:ff:56:4e:fe:27:a6:5c:cc:f7:a7:05:2e:4c:
26:5b:6e:d0:eb:13:4d:89:dd:98:72:f6:e0:4d:4a:
70:36:b6:1f:4d:21:00:72:29:e5:1b:9c:10:ed:6e:
cd:f5:fd:d1:61:c3:c8:ab:1e:55:f8:2f:c9:e7:b7:
45:3b:a5:a4:72:29:c0:02:9a:dc:ce:b8:4a:65:e5:
78:1b:ab:9a:4b:7c:81:0a:f7:90:32:66:97:3e:af:
24:e9:73:fd:5c:d7:01:8b:2f:85:04:64:e0:ae:e7:
b5:84:72:c2:52:b9:f3:d5:2f:13:3e:96:37:58:e8:
f3:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:8A:94:9A:62:99:C9:65:F6:20:83:5B:28:54:73:62:5F:6F:DF:35
X509v3 Authority Key Identifier:
keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/S4qUmmKZyWX2IINbKFRzYl9v3zU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.36.98.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:d7:53:57:c9:b6:e5:22:b3:44:47:0b:81:f3:03:a3:cb:15:
73:c6:2b:f9:2f:2d:ae:17:2e:db:79:13:f6:15:d9:98:be:69:
83:b5:3e:b8:cd:ef:f3:7c:85:b7:ec:be:02:54:3a:c9:80:55:
8b:ef:04:59:ff:32:b0:80:b6:0f:3c:81:fa:80:75:6c:90:22:
82:e3:ea:ea:32:ea:06:f9:fa:13:16:2d:b5:a7:17:be:d2:fe:
fb:d2:fa:37:0b:77:f1:d6:da:f0:b7:2f:55:73:c2:a0:8f:8d:
6a:d1:89:0c:47:07:b3:b0:7c:21:92:21:2c:1d:1b:e7:3e:c7:
fe:c8:a8:a3:ba:72:85:16:3e:1b:75:f5:c1:72:0c:5b:13:0c:
69:3c:fd:9d:57:09:75:de:43:29:7c:31:cb:4c:9a:78:c6:f0:
b5:93:b9:c6:86:5e:44:ee:3d:5e:63:f0:27:4b:87:93:1e:82:
33:54:67:b0:dc:b6:81:76:b0:38:9e:10:2c:99:a5:d7:30:86:
14:6e:e7:e7:71:6f:1f:f6:61:99:f0:78:2f:f7:7d:5b:13:6c:
71:40:33:48:7c:3d:88:2b:29:e4:4d:5a:74:fe:9a:cd:68:6f:
c9:11:f3:27:33:40:35:6a:b4:4f:f1:65:ff:79:7d:66:0f:37:
6b:a2:54:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj18khoMrA1hweDip1Vi6rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjUwMTAxMjE0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjhhOTQ5YTYyOTljOTY1ZjYyMDgzNWIyODU0NzM2MjVmNmZkZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9+Wv3ahzR1FamrGeQ2JYCIFzo1g+
ko2UysSbWBY2o6qRN8ZRWwn0G0ceCUkl3tBTEmmJqHOq6sTnlMLn8r6QMj1p/w8s
ecu7HGmAX58qf8xaRs6GacG+Xbeu7LU9r5IjV0EgE/9Jbg7bvN43ItsoeLX2jOAb
KMNe36JQRLkeCaVqzSY3lC3J5f9WTv4nplzM96cFLkwmW27Q6xNNid2YcvbgTUpw
NrYfTSEAcinlG5wQ7W7N9f3RYcPIqx5V+C/J57dFO6WkcinAAprczrhKZeV4G6ua
S3yBCveQMmaXPq8k6XP9XNcBiy+FBGTgrue1hHLCUrnz1S8TPpY3WOjzlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuKlJpimcll9iCDWyhUc2Jfb981MB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvUzRxVW1tS1p5V1gySUlOYktGUnpZbDl2M3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiRiMA0G
CSqGSIb3DQEBCwUAA4IBAQCL11NXybblIrNERwuB8wOjyxVzxiv5Ly2uFy7beRP2
FdmYvmmDtT64ze/zfIW37L4CVDrJgFWL7wRZ/zKwgLYPPIH6gHVskCKC4+rqMuoG
+foTFi21pxe+0v770vo3C3fx1trwty9Vc8Kgj41q0YkMRwezsHwhkiEsHRvnPsf+
yKijunKFFj4bdfXBcgxbEwxpPP2dVwl13kMpfDHLTJp4xvC1k7nGhl5E7j1eY/An
S4eTHoIzVGew3LaBdrA4nhAsmaXXMIYUbufncW8f9mGZ8Hgv931bE2xxQDNIfD2I
KynkTVp0/prNaG/JEfMnM0A1arRP8WX/eX1mDzdrolRl
-----END CERTIFICATE-----
Generated at Wed Apr 23 05:10:56 2025 by rpki-client