Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/o7tPc14TPOp-YBmY9v86_gTqmFc.roa
File: o7tPc14TPOp-YBmY9v86_gTqmFc.roa (raw, json)
Hash identifier: nQW3Cwku1QlppYDQ4lKQNwcpwJRMy5oX5pED+gXthRI=
Subject key identifier: A3:BB:4F:73:5E:13:3C:EA:7E:60:19:98:F6:FF:3A:FE:04:EA:98:57
Certificate issuer: /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial: 019423D7C9741DC0A0A13883CAE8482E2331
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/o7tPc14TPOp-YBmY9v86_gTqmFc.roa
Signing time: Wed 01 Jan 2025 21:48:51 +0000
ROA not before: Wed 01 Jan 2025 21:48:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210650
IP address blocks: 46.36.111.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:c9:74:1d:c0:a0:a1:38:83:ca:e8:48:2e:23:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Validity
Not Before: Jan 1 21:48:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3bb4f735e133cea7e601998f6ff3afe04ea9857
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e8:bc:c0:ed:2e:e9:de:27:23:fa:05:de:d9:
7f:2b:4a:ce:c3:91:b4:e5:2a:9a:c2:b6:3d:53:40:
f0:f4:4c:3e:6c:ed:69:85:3a:0a:f7:6b:e4:a4:54:
65:65:33:0a:c7:e8:bc:5b:90:2d:b6:73:4d:c2:86:
74:21:2a:50:95:80:c4:32:0c:a7:6b:ea:08:a1:73:
e0:f6:77:80:20:ee:38:27:a2:aa:e5:3f:f6:14:7f:
2e:e9:d6:3e:73:2a:a7:ca:6b:85:40:92:2a:fb:26:
e2:93:5e:85:bc:fb:bd:c7:9b:56:c0:10:c7:3d:7e:
46:69:2c:b0:28:47:e2:b5:dd:ab:11:fa:40:aa:88:
33:7e:6a:21:6c:53:06:5a:3f:df:f4:a9:93:18:d2:
21:98:dd:b3:9a:71:45:ec:c5:fa:19:e2:cd:45:b4:
e3:83:65:42:9c:4e:0e:c4:f9:b2:f1:b5:70:ab:de:
24:f5:5f:ce:ed:77:fb:f6:b5:df:9b:0d:61:d6:78:
fa:64:35:7b:8a:22:5f:75:48:7f:db:5c:4e:2f:db:
7c:3f:42:1a:5e:8b:37:94:d4:6c:ea:28:5d:94:a3:
b2:0f:e0:ea:ec:43:d2:73:73:3d:6a:a6:2d:ed:07:
24:c9:68:c4:db:2d:b8:e8:e3:a8:d3:c8:ed:62:fa:
46:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:BB:4F:73:5E:13:3C:EA:7E:60:19:98:F6:FF:3A:FE:04:EA:98:57
X509v3 Authority Key Identifier:
keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/o7tPc14TPOp-YBmY9v86_gTqmFc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.36.111.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:74:2d:b2:69:35:25:ac:6a:88:b2:62:a8:02:54:b7:78:f7:
60:a7:b4:a9:a3:cb:ae:44:46:70:b9:05:a4:28:63:9c:c5:e9:
61:08:af:60:e4:46:6f:31:e3:c5:0a:5f:0c:69:7c:a8:77:17:
92:e9:2f:c5:d4:d1:b6:60:16:a7:e8:bd:90:ee:a7:e0:7a:0c:
25:c0:a0:26:e9:73:31:c0:0b:e2:45:59:e6:aa:df:68:c3:90:
15:ef:ff:f3:50:8b:46:cd:7b:94:6d:0a:6f:90:12:78:5c:be:
c5:1e:b1:1e:82:5a:ca:88:19:49:b1:6c:f4:41:ef:a3:6f:b8:
63:8c:0a:65:9d:c0:b2:cf:76:ab:ff:68:81:5e:b3:fe:18:53:
1d:f1:b8:d8:b4:35:5f:c1:51:e3:cc:2e:8c:c4:80:29:fe:b2:
2f:a0:78:82:97:b0:f0:e4:c6:11:a5:66:62:6f:23:86:32:ac:
d1:b3:7c:25:f3:38:01:54:50:e9:8a:f7:f7:74:d4:40:dc:a4:
4d:95:b9:97:1e:b8:3d:6c:83:3d:91:1f:f3:64:55:0b:0e:23:
06:ae:fd:c5:f9:f7:85:94:ce:78:ba:85:15:a7:e3:59:c8:88:
d5:15:31:9c:0b:ce:c0:95:99:4e:59:e3:a7:cd:23:7b:d7:93:
7f:1b:d8:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj18l0HcCgoTiDyuhILiMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjUwMTAxMjE0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2JiNGY3MzVlMTMzY2VhN2U2MDE5OThmNmZmM2FmZTA0ZWE5ODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvei8wO0u6d4nI/oF3tl/K0rOw5G0
5SqawrY9U0Dw9Ew+bO1phToK92vkpFRlZTMKx+i8W5AttnNNwoZ0ISpQlYDEMgyn
a+oIoXPg9neAIO44J6Kq5T/2FH8u6dY+cyqnymuFQJIq+ybik16FvPu9x5tWwBDH
PX5GaSywKEfitd2rEfpAqogzfmohbFMGWj/f9KmTGNIhmN2zmnFF7MX6GeLNRbTj
g2VCnE4OxPmy8bVwq94k9V/O7Xf79rXfmw1h1nj6ZDV7iiJfdUh/21xOL9t8P0Ia
Xos3lNRs6ihdlKOyD+Dq7EPSc3M9aqYt7QckyWjE2y246OOo08jtYvpGJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKO7T3NeEzzqfmAZmPb/Ov4E6phXMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvbzd0UGMxNFRQT3AtWUJtWTl2ODZfZ1RxbUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiRvMA0G
CSqGSIb3DQEBCwUAA4IBAQCidC2yaTUlrGqIsmKoAlS3ePdgp7Spo8uuREZwuQWk
KGOcxelhCK9g5EZvMePFCl8MaXyodxeS6S/F1NG2YBan6L2Q7qfgegwlwKAm6XMx
wAviRVnmqt9ow5AV7//zUItGzXuUbQpvkBJ4XL7FHrEeglrKiBlJsWz0Qe+jb7hj
jAplncCyz3ar/2iBXrP+GFMd8bjYtDVfwVHjzC6MxIAp/rIvoHiCl7Dw5MYRpWZi
byOGMqzRs3wl8zgBVFDpivf3dNRA3KRNlbmXHrg9bIM9kR/zZFULDiMGrv3F+feF
lM54uoUVp+NZyIjVFTGcC87AlZlOWeOnzSN715N/G9iI
-----END CERTIFICATE-----
Generated at Tue Apr 22 18:40:25 2025 by rpki-client