Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/r9Hi6tBRwELGxapq5GCroehoiOs.roa
File: r9Hi6tBRwELGxapq5GCroehoiOs.roa (raw, json)
Hash identifier: km6ixffFGat+PK5H16VrCBNi4I8iE6EJfBdbusNoa9A=
Subject key identifier: AF:D1:E2:EA:D0:51:C0:42:C6:C5:AA:6A:E4:60:AB:A1:E8:68:88:EB
Certificate issuer: /CN=331e7784f60ac8d969b81cf5231cd9dc087ced32
Certificate serial: 01821ABE258D183803DFC106146C27B399F7
Authority key identifier: 33:1E:77:84:F6:0A:C8:D9:69:B8:1C:F5:23:1C:D9:DC:08:7C:ED:32
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/r9Hi6tBRwELGxapq5GCroehoiOs.roa
Signing time: Wed 20 Jul 2022 08:34:05 +0000
ROA not before: Wed 20 Jul 2022 08:34:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39545
IP address blocks: 46.247.0.0/17 maxlen: 17
2a00:f18::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:1a:be:25:8d:18:38:03:df:c1:06:14:6c:27:b3:99:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=331e7784f60ac8d969b81cf5231cd9dc087ced32
Validity
Not Before: Jul 20 08:34:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=afd1e2ead051c042c6c5aa6ae460aba1e86888eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:c4:09:7a:8c:bc:99:11:67:6d:8d:a7:16:8f:
ea:33:15:5e:ba:6c:da:25:98:ee:b2:76:25:7d:bf:
51:3d:28:f8:9b:35:f4:65:86:4a:f8:75:9d:5e:2b:
34:49:9c:36:f6:e0:e9:b0:0d:0d:7f:9e:c4:9c:38:
ae:c4:42:d5:3e:e8:f3:d5:c7:b9:73:27:2c:01:e9:
a0:8c:d9:61:f5:53:ff:71:98:be:0c:fc:9d:42:f1:
b1:0e:10:40:ee:f7:7b:90:47:ef:1f:a2:5d:8b:17:
fa:da:16:fe:9e:43:ff:4a:91:b1:08:2b:f4:2c:d8:
fa:c8:86:ed:0c:28:15:c3:ae:d9:90:3a:1a:27:6c:
fc:c4:3d:80:18:ab:55:1c:b6:cf:1c:c2:f6:3e:d8:
3d:04:32:7c:d8:36:a3:2d:0a:4e:34:38:70:0f:7c:
63:3a:b6:37:5d:56:f7:d4:16:44:aa:ef:53:eb:04:
3b:67:24:30:21:d4:59:7a:e5:d6:1e:9e:63:de:b0:
94:72:08:dc:24:66:82:eb:04:42:6c:fa:21:0b:19:
7d:b7:7f:a8:9a:b5:c2:a9:15:f4:09:04:30:89:43:
0c:6d:9f:dc:35:6a:57:d0:3a:e0:25:64:66:48:29:
31:91:27:4d:96:4d:d0:b2:72:fc:b4:40:0a:10:c5:
d0:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:D1:E2:EA:D0:51:C0:42:C6:C5:AA:6A:E4:60:AB:A1:E8:68:88:EB
X509v3 Authority Key Identifier:
keyid:33:1E:77:84:F6:0A:C8:D9:69:B8:1C:F5:23:1C:D9:DC:08:7C:ED:32
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/r9Hi6tBRwELGxapq5GCroehoiOs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.247.0.0/17
IPv6:
2a00:f18::/32
Signature Algorithm: sha256WithRSAEncryption
21:5e:a4:75:9b:5c:82:96:a7:30:4e:62:cc:47:da:33:10:13:
3f:65:7d:dd:ca:b0:d6:ce:93:8a:76:e4:fb:be:7c:78:a2:f6:
21:19:9d:30:08:ea:47:f9:b3:d0:85:fb:8f:a7:c0:1c:36:6e:
2a:f4:c8:d6:8a:00:4f:e1:f6:26:70:ec:7f:69:d8:36:f7:7b:
e4:e9:0f:0d:c6:4d:61:e0:d0:30:57:11:76:4f:aa:74:a2:75:
e1:ec:f9:de:c9:e2:c1:7b:c9:44:25:95:4f:1d:a0:01:a5:0b:
f2:2e:7a:91:0e:e6:86:e3:e6:84:3b:47:9e:3b:cc:93:c3:fc:
02:b7:65:77:08:81:63:62:dd:5f:74:d9:ba:d1:b0:d5:d0:08:
cd:b8:73:da:88:da:bc:a2:90:8e:a7:71:f3:4c:b5:4d:06:1d:
9e:76:64:f3:15:65:7e:f9:63:1d:a1:73:3d:d1:99:0f:b8:60:
72:fe:64:de:46:94:6a:07:fe:30:2a:df:de:ea:28:74:2e:d5:
c6:5c:f0:44:db:66:85:c5:93:9c:36:83:b6:9b:1f:f6:3c:97:
ab:f4:85:4b:17:3a:d6:f7:61:70:2d:b4:f6:26:80:08:37:bd:
9d:12:d5:7f:51:c7:b9:56:93:2e:5c:fb:dc:cc:28:0f:4a:fb:
82:44:f6:92
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYIaviWNGDgD38EGFGwns5n3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWU3Nzg0ZjYwYWM4ZDk2OWI4MWNmNTIzMWNkOWRjMDg3
Y2VkMzIwHhcNMjIwNzIwMDgzNDA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQxZTJlYWQwNTFjMDQyYzZjNWFhNmFlNDYwYWJhMWU4Njg4OGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsQJeoy8mRFnbY2nFo/qMxVeumza
JZjusnYlfb9RPSj4mzX0ZYZK+HWdXis0SZw29uDpsA0Nf57EnDiuxELVPujz1ce5
cycsAemgjNlh9VP/cZi+DPydQvGxDhBA7vd7kEfvH6Jdixf62hb+nkP/SpGxCCv0
LNj6yIbtDCgVw67ZkDoaJ2z8xD2AGKtVHLbPHML2Ptg9BDJ82DajLQpONDhwD3xj
OrY3XVb31BZEqu9T6wQ7ZyQwIdRZeuXWHp5j3rCUcgjcJGaC6wRCbPohCxl9t3+o
mrXCqRX0CQQwiUMMbZ/cNWpX0DrgJWRmSCkxkSdNlk3QsnL8tEAKEMXQoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK/R4urQUcBCxsWqauRgq6HoaIjrMB8GA1UdIwQY
MBaAFDMed4T2CsjZabgc9SMc2dwIfO0yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXg1M2hQWUt5TmxwdUJ6MUl4elozQWg4N1RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lMDkyNWUtNDdiZi00OTA3LWJjYmMt
ZmQ5ZjM2YThiYTZlLzEvcjlIaTZ0QlJ3RUxHeGFwcTVHQ3JvZWhvaU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lMDkyNWUtNDdiZi00OTA3LWJjYmMtZmQ5ZjM2YThiYTZl
LzEvTXg1M2hQWUt5TmxwdUJ6MUl4elozQWg4N1RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQHLvcAMA0E
AgACMAcDBQAqAA8YMA0GCSqGSIb3DQEBCwUAA4IBAQAhXqR1m1yClqcwTmLMR9oz
EBM/ZX3dyrDWzpOKduT7vnx4ovYhGZ0wCOpH+bPQhfuPp8AcNm4q9MjWigBP4fYm
cOx/adg293vk6Q8Nxk1h4NAwVxF2T6p0onXh7PneyeLBe8lEJZVPHaABpQvyLnqR
DuaG4+aEO0eeO8yTw/wCt2V3CIFjYt1fdNm60bDV0AjNuHPaiNq8opCOp3HzTLVN
Bh2edmTzFWV++WMdoXM90ZkPuGBy/mTeRpRqB/4wKt/e6ih0LtXGXPBE22aFxZOc
NoO2mx/2PJer9IVLFzrW92FwLbT2JoAIN72dEtV/Uce5VpMuXPvczCgPSvuCRPaS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:06 2024 by rpki-client on console-fra.rpki-client.org