Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/6JDWGnjkIYik2R3Z4vi2n1STpvg.roa
File: 6JDWGnjkIYik2R3Z4vi2n1STpvg.roa (raw, json)
Hash identifier: fp5eGG2TX4HOdk2pblwmCuG1GuH5PVP45FFUG4ZD8Ts=
Subject key identifier: E8:90:D6:1A:78:E4:21:88:A4:D9:1D:D9:E2:F8:B6:9F:54:93:A6:F8
Certificate issuer: /CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Certificate serial: 018625238360CD20D21167131935039AB487
Authority key identifier: 59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/6JDWGnjkIYik2R3Z4vi2n1STpvg.roa
Signing time: Mon 06 Feb 2023 05:12:09 +0000
ROA not before: Mon 06 Feb 2023 05:12:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199366
IP address blocks: 46.20.10.0/24 maxlen: 24
46.20.12.0/24 maxlen: 24
46.20.13.0/24 maxlen: 24
95.130.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:25:23:83:60:cd:20:d2:11:67:13:19:35:03:9a:b4:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Validity
Not Before: Feb 6 05:12:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e890d61a78e42188a4d91dd9e2f8b69f5493a6f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:bf:46:b7:6f:9d:a3:08:5d:38:83:3e:fa:93:
dc:10:d2:c4:9d:69:15:ab:f7:e8:30:f7:82:9a:1a:
28:74:b8:ef:7a:99:b9:f0:ea:02:c0:02:c1:a6:0f:
b0:a3:79:11:3c:62:aa:20:f3:5a:4b:ba:4f:51:1a:
00:c8:ff:28:36:3f:55:1b:ea:3b:2c:c0:a0:82:65:
1e:e5:29:18:1f:f8:9a:0d:69:b7:ba:b3:af:d4:bc:
7d:e1:8a:c8:ba:d6:8b:2e:ed:08:80:95:45:60:44:
d2:03:26:86:2b:d7:9f:cc:d3:f0:0a:f0:9d:61:47:
c2:a7:78:ea:fe:1f:3d:2b:2c:4a:ae:cc:ff:41:c4:
c9:22:c2:fa:19:e9:9b:04:de:a7:7d:6d:a0:57:cb:
63:b3:eb:69:e2:d9:ec:ba:54:1c:eb:95:ca:04:c5:
cd:36:e8:0c:19:85:ad:29:8f:e3:5c:f9:54:22:a3:
d1:89:1f:db:ee:4e:f3:1b:35:b2:15:43:2b:fc:b9:
11:4e:ed:4d:d0:19:0b:d5:f1:f9:75:fd:c8:03:30:
43:a7:a5:5e:5c:75:78:9f:e8:f7:88:28:6c:a8:75:
d6:41:99:6b:89:1e:c4:6a:e2:ab:b3:d0:23:64:dc:
46:f4:c9:22:1b:58:0c:59:93:ba:bb:96:de:ac:de:
72:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:90:D6:1A:78:E4:21:88:A4:D9:1D:D9:E2:F8:B6:9F:54:93:A6:F8
X509v3 Authority Key Identifier:
keyid:59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/6JDWGnjkIYik2R3Z4vi2n1STpvg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.10.0/24
46.20.12.0/23
95.130.174.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:af:27:82:b4:93:30:dd:dd:1c:c1:17:d5:cf:a6:2b:d9:a8:
f9:eb:5b:9f:8c:41:4d:f2:a8:6a:b6:97:54:b3:7a:0d:ab:4f:
80:67:2f:1a:8e:0c:51:e6:8c:a5:4f:8d:30:b0:a4:88:ca:6d:
10:0e:e4:86:44:ed:c2:04:be:ae:6d:28:be:ba:0b:90:a8:64:
bb:15:56:98:f1:66:f7:48:c3:5f:74:a9:9d:f4:64:7c:c0:05:
c2:4c:77:96:e3:a0:f0:bb:6f:2a:79:0f:b2:27:7c:d0:93:21:
f3:a3:a0:31:38:d6:fe:54:d3:5c:a7:dc:d4:ce:fb:0f:55:a9:
28:91:6b:6e:f3:a2:8a:98:7a:22:fe:5e:1e:c5:19:b1:62:21:
a9:a3:d4:db:ee:94:9c:b6:21:b9:76:c7:74:d4:79:8f:94:53:
d7:11:7d:b0:25:47:1b:7c:8d:38:45:59:6d:ea:1c:77:a0:8d:
dc:a8:94:6b:8d:12:83:12:0e:0d:bc:d3:63:69:6f:29:43:d1:
2e:57:43:6c:86:f5:da:ab:bd:51:6a:26:0b:17:94:85:19:25:
58:f8:42:32:49:42:63:0b:26:ae:03:71:b1:7e:ee:d2:ab:a6:
ef:63:4c:59:4c:83:29:11:18:d3:d6:d1:ad:ca:88:93:67:0b:
11:b9:48:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYYlI4NgzSDSEWcTGTUDmrSHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmU3YzFmMjM5NGMzZTNhYWE4Y2NiNjQ3ZmQ4MzY3MWQ2
MDk4YjcwHhcNMjMwMjA2MDUxMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODkwZDYxYTc4ZTQyMTg4YTRkOTFkZDllMmY4YjY5ZjU0OTNhNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq79Gt2+dowhdOIM++pPcENLEnWkV
q/foMPeCmhoodLjvepm58OoCwALBpg+wo3kRPGKqIPNaS7pPURoAyP8oNj9VG+o7
LMCggmUe5SkYH/iaDWm3urOv1Lx94YrIutaLLu0IgJVFYETSAyaGK9efzNPwCvCd
YUfCp3jq/h89KyxKrsz/QcTJIsL6GembBN6nfW2gV8tjs+tp4tnsulQc65XKBMXN
NugMGYWtKY/jXPlUIqPRiR/b7k7zGzWyFUMr/LkRTu1N0BkL1fH5df3IAzBDp6Ve
XHV4n+j3iChsqHXWQZlriR7EauKrs9AjZNxG9MkiG1gMWZO6u5berN5y8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOiQ1hp45CGIpNkd2eL4tp9Uk6b4MB8GA1UdIwQY
MBaAFFkufB8jlMPjqqjMtkf9g2cdYJi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAt
NDQzYmU2M2ZjMTIzLzEvNkpEV0duamtJWWlrMlIzWjR2aTJuMVNUcHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAtNDQzYmU2M2ZjMTIz
LzEvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALhQKAwQB
LhQMAwQAX4KuMA0GCSqGSIb3DQEBCwUAA4IBAQBeryeCtJMw3d0cwRfVz6Yr2aj5
61ufjEFN8qhqtpdUs3oNq0+AZy8ajgxR5oylT40wsKSIym0QDuSGRO3CBL6ubSi+
uguQqGS7FVaY8Wb3SMNfdKmd9GR8wAXCTHeW46Dwu28qeQ+yJ3zQkyHzo6AxONb+
VNNcp9zUzvsPVakokWtu86KKmHoi/l4exRmxYiGpo9Tb7pSctiG5dsd01HmPlFPX
EX2wJUcbfI04RVlt6hx3oI3cqJRrjRKDEg4NvNNjaW8pQ9EuV0NshvXaq71RaiYL
F5SFGSVY+EIySUJjCyauA3Gxfu7Sq6bvY0xZTIMpERjT1tGtyoiTZwsRuUh1
-----END CERTIFICATE-----
Generated at Sat Apr 19 08:23:02 2025 by rpki-client