Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/E1TnprGpbwt_9fNRADWHzkf-gCE.roa
File: E1TnprGpbwt_9fNRADWHzkf-gCE.roa (raw, json)
Hash identifier: YEBmtqTUlS9fWSsiKdV4OFCucod+BLR+B7RCh7BzSxE=
Subject key identifier: 13:54:E7:A6:B1:A9:6F:0B:7F:F5:F3:51:00:35:87:CE:47:FE:80:21
Certificate issuer: /CN=07266adfb18b189f3dc4d3be6dc596254be5c9b1
Certificate serial: 018CC56E0BEA995DA2D88E16912764B4B3FA
Authority key identifier: 07:26:6A:DF:B1:8B:18:9F:3D:C4:D3:BE:6D:C5:96:25:4B:E5:C9:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ByZq37GLGJ89xNO-bcWWJUvlybE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/E1TnprGpbwt_9fNRADWHzkf-gCE.roa
Signing time: Mon 01 Jan 2024 14:29:32 +0000
ROA not before: Mon 01 Jan 2024 14:29:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204106
IP address blocks: 46.20.203.0/24 maxlen: 24
46.20.202.0/23 maxlen: 23
46.20.202.0/24 maxlen: 24
109.74.72.0/24 maxlen: 24
77.247.198.0/24 maxlen: 24
2a13:1b00:1::/48 maxlen: 48
2a13:1b00::/29 maxlen: 29
2a13:1b00:1000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:0b:ea:99:5d:a2:d8:8e:16:91:27:64:b4:b3:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07266adfb18b189f3dc4d3be6dc596254be5c9b1
Validity
Not Before: Jan 1 14:29:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1354e7a6b1a96f0b7ff5f351003587ce47fe8021
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:11:77:9e:cc:c8:d5:06:53:52:30:9a:2e:93:
39:f6:85:15:19:19:95:ac:38:b5:90:6e:fb:63:fb:
15:30:8c:09:f6:9a:e7:bc:eb:49:6e:ef:ef:0f:45:
3f:19:27:c7:95:7d:8c:61:d6:dc:91:95:cf:e5:fb:
f9:bd:f3:19:e9:78:8c:cf:03:66:4b:1d:ad:12:49:
12:74:b0:93:4f:77:fd:02:68:e7:66:88:eb:7a:e0:
3b:7a:e1:8d:fd:81:3f:0f:fc:74:40:79:61:35:1e:
e8:a2:d4:2e:3d:20:f7:89:b1:68:d5:33:ab:85:84:
2e:69:01:18:1c:cc:72:ad:a7:69:2b:5a:1d:7e:c1:
b9:a5:07:a3:29:c4:f3:92:52:55:35:f8:db:a7:19:
0b:02:60:9b:55:c5:cd:f0:a3:02:23:ef:fa:74:7e:
1e:f2:88:d9:f2:d7:28:3f:ad:ce:f2:83:28:93:47:
18:e2:98:56:96:65:ec:10:c5:f1:05:27:2f:5a:26:
5b:5b:14:c7:c7:bb:76:57:97:2a:a2:97:7b:08:0d:
30:39:6f:e7:e5:24:68:1a:77:48:45:b8:9f:ce:2a:
fb:0e:8b:01:e2:96:87:68:39:06:ad:ea:96:4c:1c:
b7:09:dc:17:d3:dc:99:e6:22:bd:00:95:dc:f6:03:
f9:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:54:E7:A6:B1:A9:6F:0B:7F:F5:F3:51:00:35:87:CE:47:FE:80:21
X509v3 Authority Key Identifier:
keyid:07:26:6A:DF:B1:8B:18:9F:3D:C4:D3:BE:6D:C5:96:25:4B:E5:C9:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ByZq37GLGJ89xNO-bcWWJUvlybE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/E1TnprGpbwt_9fNRADWHzkf-gCE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/ByZq37GLGJ89xNO-bcWWJUvlybE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.202.0/23
77.247.198.0/24
109.74.72.0/24
IPv6:
2a13:1b00::/29
Signature Algorithm: sha256WithRSAEncryption
96:6e:32:90:3b:f8:d3:0c:56:57:53:24:6d:73:67:f5:8a:f8:
4e:ed:fa:0d:8a:07:d9:43:99:73:47:96:d5:67:d9:ed:9e:b5:
34:a1:59:6a:8b:28:10:19:65:ae:67:af:04:70:8e:79:23:13:
30:3e:e6:4c:a0:8e:fe:e5:fa:64:30:11:03:09:86:c8:d1:5e:
a1:43:75:78:5b:60:bc:d9:28:cd:4c:8e:0c:50:a9:e1:8c:f9:
86:ca:ac:f3:b4:fc:ed:2a:0f:d5:ff:50:8e:97:c5:13:bd:b6:
d5:3a:ff:6b:14:8a:48:af:cb:94:ef:62:c0:e5:d6:f4:32:93:
8d:f2:50:80:9a:c2:d3:00:a3:cc:78:75:e5:4c:99:b5:0e:15:
6a:49:4c:55:87:e9:2e:a2:8d:2b:98:c5:f3:55:65:f1:d3:ce:
53:f1:aa:b9:86:94:d5:29:fc:ef:0f:5a:2a:5f:c2:26:27:b1:
c7:7e:64:51:aa:42:8f:f1:69:c8:c2:09:ff:2f:b6:66:ce:77:
ea:13:1b:34:a5:ef:fc:eb:43:90:89:a7:f5:68:fc:4f:17:4d:
35:a7:f4:56:65:87:6c:63:d5:4c:61:3b:83:13:ad:22:04:cd:
a4:c6:58:25:d1:f1:5f:92:16:d7:b8:2c:bf:78:92:b3:8f:2c:
17:4d:b8:ef
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzFbgvqmV2i2I4WkSdktLP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MjY2YWRmYjE4YjE4OWYzZGM0ZDNiZTZkYzU5NjI1NGJl
NWM5YjEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzU0ZTdhNmIxYTk2ZjBiN2ZmNWYzNTEwMDM1ODdjZTQ3ZmU4MDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxF3nszI1QZTUjCaLpM59oUVGRmV
rDi1kG77Y/sVMIwJ9prnvOtJbu/vD0U/GSfHlX2MYdbckZXP5fv5vfMZ6XiMzwNm
Sx2tEkkSdLCTT3f9AmjnZojreuA7euGN/YE/D/x0QHlhNR7ootQuPSD3ibFo1TOr
hYQuaQEYHMxyradpK1odfsG5pQejKcTzklJVNfjbpxkLAmCbVcXN8KMCI+/6dH4e
8ojZ8tcoP63O8oMok0cY4phWlmXsEMXxBScvWiZbWxTHx7t2V5cqopd7CA0wOW/n
5SRoGndIRbifzir7DosB4paHaDkGreqWTBy3CdwX09yZ5iK9AJXc9gP5iwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBNU56axqW8Lf/XzUQA1h85H/oAhMB8GA1UdIwQY
MBaAFAcmat+xixifPcTTvm3FliVL5cmxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnlacTM3R0xHSjg5eE5PLWJjV1dKVXZseWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9mNTdjYTMtNGZmMS00MDY0LTlkZjct
M2RhMDUzODhlOWFlLzEvRTFUbnByR3Bid3RfOWZOUkFEV0h6a2YtZ0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9mNTdjYTMtNGZmMS00MDY0LTlkZjctM2RhMDUzODhlOWFl
LzEvQnlacTM3R0xHSjg5eE5PLWJjV1dKVXZseWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBLhTKAwQA
TffGAwQAbUpIMA0EAgACMAcDBQMqExsAMA0GCSqGSIb3DQEBCwUAA4IBAQCWbjKQ
O/jTDFZXUyRtc2f1ivhO7foNigfZQ5lzR5bVZ9ntnrU0oVlqiygQGWWuZ68EcI55
IxMwPuZMoI7+5fpkMBEDCYbI0V6hQ3V4W2C82SjNTI4MUKnhjPmGyqzztPztKg/V
/1COl8UTvbbVOv9rFIpIr8uU72LA5db0MpON8lCAmsLTAKPMeHXlTJm1DhVqSUxV
h+kuoo0rmMXzVWXx085T8aq5hpTVKfzvD1oqX8ImJ7HHfmRRqkKP8WnIwgn/L7Zm
znfqExs0pe/860OQiaf1aPxPF001p/RWZYdsY9VMYTuDE60iBM2kxlgl0fFfkhbX
uCy/eJKzjywXTbjv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:43 2024 by rpki-client on console-ams.rpki-client.org