Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/M50JqTUXDiqW4Q8nitudDET7pcU.roa
File: M50JqTUXDiqW4Q8nitudDET7pcU.roa (raw, json)
Hash identifier: QgmPrlYLk+HzP2ROw1tQORS7bCsgVrRahO5TLiyhmuY=
Subject key identifier: 33:9D:09:A9:35:17:0E:2A:96:E1:0F:27:8A:DB:9D:0C:44:FB:A5:C5
Certificate issuer: /CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Certificate serial: 0194221F6EE33E5ADDB0CA3612D5848E76B2
Authority key identifier: 59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/M50JqTUXDiqW4Q8nitudDET7pcU.roa
Signing time: Wed 01 Jan 2025 13:47:52 +0000
ROA not before: Wed 01 Jan 2025 13:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199366
IP address blocks: 46.20.10.0/24 maxlen: 24
46.20.12.0/24 maxlen: 24
46.20.13.0/24 maxlen: 24
95.130.174.0/24 maxlen: 24
109.235.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:6e:e3:3e:5a:dd:b0:ca:36:12:d5:84:8e:76:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=592e7c1f2394c3e3aaa8ccb647fd83671d6098b7
Validity
Not Before: Jan 1 13:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=339d09a935170e2a96e10f278adb9d0c44fba5c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:e9:c3:ce:eb:ec:49:83:d0:42:aa:da:e6:0b:
8d:66:d6:55:57:4c:09:7f:77:49:f2:45:53:27:19:
87:01:0f:77:c7:92:ab:d9:29:cc:66:ca:e7:47:55:
28:37:be:6c:db:9d:4c:bc:a6:a8:03:32:07:0a:d6:
89:af:f4:91:5e:d5:64:1d:45:8a:57:17:8c:e4:54:
00:9f:65:58:51:84:1a:9d:48:ac:9c:1f:de:d8:67:
c4:7d:74:f6:a3:ff:a4:af:1f:b1:51:e9:0f:c2:43:
b2:6c:db:b5:78:45:03:70:f5:e7:c7:ee:cb:fd:e9:
30:87:a0:df:23:a5:2e:2c:7f:aa:83:63:c2:fd:b8:
f0:68:c0:d0:40:cd:2e:75:42:9b:bb:42:5a:d4:fb:
d7:47:b9:1a:fb:d0:d1:0b:69:62:9e:6c:c3:40:32:
8c:1f:24:cb:b5:c6:a4:67:cf:af:26:eb:89:32:63:
c7:d0:7e:b0:45:a9:ca:57:93:9a:23:31:23:21:41:
2b:09:4c:b6:9c:2f:18:c3:a0:95:37:7c:2e:e7:b8:
a0:71:94:54:5f:00:94:9d:57:7d:d8:86:3a:29:d5:
ac:f3:05:6c:1b:f9:e5:61:ac:ab:e4:d6:b2:5e:56:
16:69:db:f7:b5:f8:1e:a2:d8:13:f8:4f:7b:c0:f4:
d4:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:9D:09:A9:35:17:0E:2A:96:E1:0F:27:8A:DB:9D:0C:44:FB:A5:C5
X509v3 Authority Key Identifier:
keyid:59:2E:7C:1F:23:94:C3:E3:AA:A8:CC:B6:47:FD:83:67:1D:60:98:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WS58HyOUw-OqqMy2R_2DZx1gmLc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/M50JqTUXDiqW4Q8nitudDET7pcU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9571d6-974f-4327-b9e0-443be63fc123/1/WS58HyOUw-OqqMy2R_2DZx1gmLc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.10.0/24
46.20.12.0/23
95.130.174.0/24
109.235.253.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:d3:15:69:2c:e7:8c:ae:30:9e:09:30:f0:01:ab:7d:42:44:
37:0c:92:74:b7:e8:9a:45:3d:36:3e:b0:04:1a:73:a8:08:49:
d6:8a:2c:f0:04:50:87:3e:c3:05:1f:5d:a9:4c:22:1f:4e:9f:
33:9d:3d:12:49:0e:59:b8:04:4a:fb:63:5c:e0:1a:38:06:19:
75:ee:fb:a9:4c:ba:22:58:22:b5:6c:75:23:70:f1:9e:d5:27:
4f:25:79:0c:05:60:93:b3:e4:aa:b3:ef:2d:48:cf:70:9d:67:
6c:d3:ca:9d:ad:9d:0e:fa:fd:29:32:39:3d:e7:44:c8:30:27:
fe:c5:5a:14:ba:d1:19:5b:a7:f4:b9:3e:ed:1d:93:9a:60:c7:
43:89:bd:0c:bd:45:44:b3:61:28:fa:98:ba:f7:f1:af:60:91:
45:be:e8:53:04:97:f9:a1:e8:8b:21:2a:04:bd:04:eb:31:b3:
46:86:f3:4d:77:c1:2b:bb:32:e7:4a:87:af:c8:f1:24:d9:02:
2a:9a:e3:8b:44:b8:50:f9:5f:30:4e:1c:48:bf:31:8d:69:2b:
1b:89:07:99:a7:26:35:4d:4c:f7:e3:fa:74:77:07:c6:7b:eb:
36:77:9f:2a:71:08:d9:1e:ba:4f:12:62:71:08:0a:9b:25:c8:
e6:44:a7:6d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQiH27jPlrdsMo2EtWEjnayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmU3YzFmMjM5NGMzZTNhYWE4Y2NiNjQ3ZmQ4MzY3MWQ2
MDk4YjcwHhcNMjUwMTAxMTM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzlkMDlhOTM1MTcwZTJhOTZlMTBmMjc4YWRiOWQwYzQ0ZmJhNWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyunDzuvsSYPQQqra5guNZtZVV0wJ
f3dJ8kVTJxmHAQ93x5Kr2SnMZsrnR1UoN75s251MvKaoAzIHCtaJr/SRXtVkHUWK
VxeM5FQAn2VYUYQanUisnB/e2GfEfXT2o/+krx+xUekPwkOybNu1eEUDcPXnx+7L
/ekwh6DfI6UuLH+qg2PC/bjwaMDQQM0udUKbu0Ja1PvXR7ka+9DRC2linmzDQDKM
HyTLtcakZ8+vJuuJMmPH0H6wRanKV5OaIzEjIUErCUy2nC8Yw6CVN3wu57igcZRU
XwCUnVd92IY6KdWs8wVsG/nlYayr5NayXlYWadv3tfgeotgT+E97wPTUawIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDOdCak1Fw4qluEPJ4rbnQxE+6XFMB8GA1UdIwQY
MBaAFFkufB8jlMPjqqjMtkf9g2cdYJi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAt
NDQzYmU2M2ZjMTIzLzEvTTUwSnFUVVhEaXFXNFE4bml0dWRERVQ3cGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85NTcxZDYtOTc0Zi00MzI3LWI5ZTAtNDQzYmU2M2ZjMTIz
LzEvV1M1OEh5T1V3LU9xcU15MlJfMkRaeDFnbUxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALhQKAwQB
LhQMAwQAX4KuAwQAbev9MA0GCSqGSIb3DQEBCwUAA4IBAQCb0xVpLOeMrjCeCTDw
Aat9QkQ3DJJ0t+iaRT02PrAEGnOoCEnWiizwBFCHPsMFH12pTCIfTp8znT0SSQ5Z
uARK+2Nc4Bo4Bhl17vupTLoiWCK1bHUjcPGe1SdPJXkMBWCTs+Sqs+8tSM9wnWds
08qdrZ0O+v0pMjk950TIMCf+xVoUutEZW6f0uT7tHZOaYMdDib0MvUVEs2Eo+pi6
9/GvYJFFvuhTBJf5oeiLISoEvQTrMbNGhvNNd8EruzLnSoevyPEk2QIqmuOLRLhQ
+V8wThxIvzGNaSsbiQeZpyY1TUz34/p0dwfGe+s2d58qcQjZHrpPEmJxCAqbJcjm
RKdt
-----END CERTIFICATE-----
Generated at Sat Apr 19 08:16:56 2025 by rpki-client