Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/MztX9BPwlRcdWJX5exIaRVBiF18.roa
File: MztX9BPwlRcdWJX5exIaRVBiF18.roa (raw, json)
Hash identifier: ewP8UcU64rcqe/qI1rB2CNBoGAB42SKt844R6cW3mU8=
Subject key identifier: 33:3B:57:F4:13:F0:95:17:1D:58:95:F9:7B:12:1A:45:50:62:17:5F
Certificate issuer: /CN=07266adfb18b189f3dc4d3be6dc596254be5c9b1
Certificate serial: 018ACAAEA2D5ACFAB8D61B7B8DC4CDA97360
Authority key identifier: 07:26:6A:DF:B1:8B:18:9F:3D:C4:D3:BE:6D:C5:96:25:4B:E5:C9:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ByZq37GLGJ89xNO-bcWWJUvlybE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/MztX9BPwlRcdWJX5exIaRVBiF18.roa
Signing time: Mon 25 Sep 2023 04:52:37 +0000
ROA not before: Mon 25 Sep 2023 04:52:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204106
IP address blocks: 46.20.203.0/24 maxlen: 24
46.20.202.0/23 maxlen: 23
46.20.202.0/24 maxlen: 24
109.74.72.0/24 maxlen: 24
77.247.198.0/24 maxlen: 24
2a13:1b00:1::/48 maxlen: 48
2a13:1b00::/29 maxlen: 29
2a13:1b00:1000::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ca:ae:a2:d5:ac:fa:b8:d6:1b:7b:8d:c4:cd:a9:73:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07266adfb18b189f3dc4d3be6dc596254be5c9b1
Validity
Not Before: Sep 25 04:52:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=333b57f413f095171d5895f97b121a455062175f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:ee:0d:6f:cb:f7:94:d2:1d:5d:38:1c:6e:31:
54:ab:82:00:c3:b5:f9:12:50:28:d1:15:7a:6e:55:
de:00:6a:34:6b:17:07:7f:be:cc:84:5e:c4:1e:42:
39:7b:2a:92:b5:bd:db:4b:dc:30:32:8f:ea:fd:7e:
ba:ee:f7:e9:68:18:75:8d:f1:eb:ec:0a:f7:6e:68:
d7:77:c0:be:60:6d:47:67:e6:a4:f6:72:25:c8:8a:
46:e2:02:88:a7:c6:ab:19:5f:cc:95:01:ce:86:5f:
36:2f:97:f1:e5:a0:bb:26:d0:f5:b1:00:bb:b6:82:
76:49:3a:14:74:88:2a:46:b7:17:aa:c1:0e:37:7f:
66:d7:50:64:48:59:4a:37:7f:38:87:17:40:b6:e5:
6c:bd:aa:f8:8d:f3:cc:e1:6c:24:5c:ed:30:a3:fb:
47:19:54:1c:3d:88:12:7d:61:d2:ce:8f:4c:7b:5f:
4d:0a:e4:c8:9f:df:be:88:33:0e:0c:af:6c:de:e9:
23:d1:b9:9a:7b:13:e3:7f:ba:ba:4a:cc:21:79:f0:
c6:4d:6f:d2:11:e4:ab:02:ce:11:83:f5:ca:a2:a3:
95:77:fe:88:45:e8:0a:67:0e:f7:ec:77:8e:29:1e:
13:75:88:a3:b9:a1:19:30:8b:68:a5:69:85:ee:d6:
d3:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:3B:57:F4:13:F0:95:17:1D:58:95:F9:7B:12:1A:45:50:62:17:5F
X509v3 Authority Key Identifier:
keyid:07:26:6A:DF:B1:8B:18:9F:3D:C4:D3:BE:6D:C5:96:25:4B:E5:C9:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ByZq37GLGJ89xNO-bcWWJUvlybE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/MztX9BPwlRcdWJX5exIaRVBiF18.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/f57ca3-4ff1-4064-9df7-3da05388e9ae/1/ByZq37GLGJ89xNO-bcWWJUvlybE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.202.0/23
77.247.198.0/24
109.74.72.0/24
IPv6:
2a13:1b00::/29
Signature Algorithm: sha256WithRSAEncryption
9e:fd:94:6b:57:15:58:64:7e:4f:1c:a4:20:b9:82:1c:cb:e1:
37:bb:55:ba:d7:bf:b5:29:a5:27:76:93:67:2e:de:37:85:6c:
9b:fc:1e:fd:c8:5a:d4:98:7e:79:c2:b8:0e:b6:85:b1:99:30:
16:00:f9:e2:fe:95:ae:72:c5:38:20:ab:da:31:03:af:02:19:
9e:70:8d:db:3d:3e:03:25:63:a6:53:71:fa:19:81:44:d6:99:
a3:df:c6:08:51:60:a4:67:94:8d:f8:45:68:08:70:ee:a6:d0:
45:08:05:8a:1d:38:bc:41:da:c5:23:2f:ee:d0:e6:06:ec:a8:
7b:6f:3e:7a:52:5b:e7:bf:46:70:38:f3:d0:c3:b2:57:ef:16:
79:15:81:0c:aa:12:c6:be:26:80:5d:af:ce:ad:b5:fb:6c:5e:
bb:c3:cd:0a:3f:76:1c:b8:b1:1d:0e:ca:01:b6:a5:69:8a:8f:
33:44:b8:07:7b:37:77:82:fb:4d:10:75:bf:48:57:f4:ea:dc:
f1:e7:3b:67:f6:6c:cb:bc:d0:ab:69:a9:2f:21:c4:02:91:2e:
c3:c6:02:c4:6e:0b:cd:10:5b:7e:3b:95:0c:69:4e:9e:73:ef:
7c:76:a1:d4:d8:fa:7b:75:61:e4:97:7e:fd:86:94:30:33:6f:
f5:ed:6c:7d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYrKrqLVrPq41ht7jcTNqXNgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MjY2YWRmYjE4YjE4OWYzZGM0ZDNiZTZkYzU5NjI1NGJl
NWM5YjEwHhcNMjMwOTI1MDQ1MjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzNiNTdmNDEzZjA5NTE3MWQ1ODk1Zjk3YjEyMWE0NTUwNjIxNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+4Nb8v3lNIdXTgcbjFUq4IAw7X5
ElAo0RV6blXeAGo0axcHf77MhF7EHkI5eyqStb3bS9wwMo/q/X667vfpaBh1jfHr
7Ar3bmjXd8C+YG1HZ+ak9nIlyIpG4gKIp8arGV/MlQHOhl82L5fx5aC7JtD1sQC7
toJ2SToUdIgqRrcXqsEON39m11BkSFlKN384hxdAtuVsvar4jfPM4WwkXO0wo/tH
GVQcPYgSfWHSzo9Me19NCuTIn9++iDMODK9s3ukj0bmaexPjf7q6SswhefDGTW/S
EeSrAs4Rg/XKoqOVd/6IRegKZw737HeOKR4TdYijuaEZMItopWmF7tbTpwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDM7V/QT8JUXHViV+XsSGkVQYhdfMB8GA1UdIwQY
MBaAFAcmat+xixifPcTTvm3FliVL5cmxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnlacTM3R0xHSjg5eE5PLWJjV1dKVXZseWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9mNTdjYTMtNGZmMS00MDY0LTlkZjct
M2RhMDUzODhlOWFlLzEvTXp0WDlCUHdsUmNkV0pYNWV4SWFSVkJpRjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9mNTdjYTMtNGZmMS00MDY0LTlkZjctM2RhMDUzODhlOWFl
LzEvQnlacTM3R0xHSjg5eE5PLWJjV1dKVXZseWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBLhTKAwQA
TffGAwQAbUpIMA0EAgACMAcDBQMqExsAMA0GCSqGSIb3DQEBCwUAA4IBAQCe/ZRr
VxVYZH5PHKQguYIcy+E3u1W617+1KaUndpNnLt43hWyb/B79yFrUmH55wrgOtoWx
mTAWAPni/pWucsU4IKvaMQOvAhmecI3bPT4DJWOmU3H6GYFE1pmj38YIUWCkZ5SN
+EVoCHDuptBFCAWKHTi8QdrFIy/u0OYG7Kh7bz56Ulvnv0ZwOPPQw7JX7xZ5FYEM
qhLGviaAXa/OrbX7bF67w80KP3YcuLEdDsoBtqVpio8zRLgHezd3gvtNEHW/SFf0
6tzx5ztn9mzLvNCraakvIcQCkS7DxgLEbgvNEFt+O5UMaU6ec+98dqHU2Pp7dWHk
l379hpQwM2/17Wx9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:43 2024 by rpki-client on console-ams.rpki-client.org