Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/VTEnhBZ1ExXWd3aFEivTqif2LFY.roa
File: VTEnhBZ1ExXWd3aFEivTqif2LFY.roa (raw, json)
Hash identifier: 39e7yqVHPiJ+IVFfOhQWE2LQQzyZYwkAqVhnoaI+fAQ=
Subject key identifier: 55:31:27:84:16:75:13:15:D6:77:76:85:12:2B:D3:AA:27:F6:2C:56
Certificate issuer: /CN=64ded85d9a05b1df689a8b6c313f8128c7a00b67
Certificate serial: 01860E2F1736186BC09CF24FA35E4B898B24
Authority key identifier: 64:DE:D8:5D:9A:05:B1:DF:68:9A:8B:6C:31:3F:81:28:C7:A0:0B:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZN7YXZoFsd9omotsMT-BKMegC2c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/VTEnhBZ1ExXWd3aFEivTqif2LFY.roa
Signing time: Wed 01 Feb 2023 18:13:32 +0000
ROA not before: Wed 01 Feb 2023 18:13:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42910
IP address blocks: 46.28.232.0/24 maxlen: 24
46.28.238.0/24 maxlen: 24
46.28.237.0/24 maxlen: 24
46.28.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:0e:2f:17:36:18:6b:c0:9c:f2:4f:a3:5e:4b:89:8b:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=64ded85d9a05b1df689a8b6c313f8128c7a00b67
Validity
Not Before: Feb 1 18:13:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5531278416751315d6777685122bd3aa27f62c56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:27:22:8f:8d:ed:01:a3:a9:17:ca:7c:0b:c4:
b5:1a:ff:32:2e:bb:7d:32:44:9b:86:fc:95:41:d2:
3f:e3:73:e3:59:7f:df:e1:35:24:a5:af:04:f2:e0:
42:65:65:aa:ec:16:02:12:ae:d7:0f:9f:d5:7d:b5:
ea:69:2d:0f:c2:07:bc:91:b8:53:cf:4e:20:67:d8:
52:c1:d3:3d:8c:00:a4:ba:1e:f6:98:8b:9b:2c:9c:
af:e2:7e:ee:b5:a5:f7:c5:b8:19:3a:26:26:99:05:
ae:a4:df:cc:28:e6:33:18:bc:13:29:91:5a:2e:0f:
fc:bb:c7:45:c5:3c:37:c3:04:3b:42:d0:17:c5:6a:
c0:b2:1c:9b:22:05:b2:6e:e4:15:7f:15:a4:22:ee:
ed:40:8d:b1:8f:53:a3:f0:f1:09:02:2d:34:c1:03:
b1:6a:fb:1b:b5:aa:dd:4d:56:13:cf:3b:60:9f:04:
2e:fb:1b:a6:d4:20:d9:92:a9:78:d5:da:33:f2:d3:
9a:71:c0:2a:28:f2:c0:04:1e:8d:2f:33:4c:56:ab:
64:81:9f:22:1f:d0:5f:bc:01:6e:47:48:cc:06:c9:
bf:f5:be:15:08:db:d8:60:5d:8f:64:5f:5b:51:a7:
9f:7a:bf:5a:89:6a:f1:0f:ea:e9:88:7f:a6:7d:36:
fe:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:31:27:84:16:75:13:15:D6:77:76:85:12:2B:D3:AA:27:F6:2C:56
X509v3 Authority Key Identifier:
keyid:64:DE:D8:5D:9A:05:B1:DF:68:9A:8B:6C:31:3F:81:28:C7:A0:0B:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZN7YXZoFsd9omotsMT-BKMegC2c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/VTEnhBZ1ExXWd3aFEivTqif2LFY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/546ade-daa1-49f1-8bbe-b9eb871f6d96/1/ZN7YXZoFsd9omotsMT-BKMegC2c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.28.232.0/24
46.28.237.0-46.28.239.255
Signature Algorithm: sha256WithRSAEncryption
8a:ae:fd:57:e5:b7:2c:97:b8:9d:24:70:8a:89:bd:b3:cc:f0:
5d:6f:7c:54:ae:42:f9:76:7d:0a:3e:97:48:fb:69:ec:d0:c0:
2d:fb:d3:20:bf:82:c4:f7:98:15:bb:49:96:c6:76:18:28:92:
4f:b5:34:d6:55:69:8c:d3:e2:7d:73:af:68:58:04:14:fb:42:
f4:7f:32:5c:18:a7:0b:20:46:0a:55:c8:27:b2:b4:ee:c1:3a:
49:e7:10:33:e7:9d:6f:f5:4c:8d:a7:99:09:b0:c9:ee:bf:a0:
00:2b:52:ce:01:02:c5:ea:9f:b0:d6:3a:8c:d8:bc:b0:26:b5:
10:8a:64:53:1e:a7:12:84:4f:b3:e7:cb:f2:8f:64:82:d0:93:
30:ae:07:a1:d7:a3:34:44:e3:3f:29:98:c5:32:59:73:15:ae:
a1:00:b4:3a:7e:ee:67:50:8c:92:75:be:f9:6a:2d:fb:7d:ed:
be:2b:06:1f:a2:b9:ab:22:08:8d:4b:e6:7f:6c:23:aa:a4:90:
62:ee:d7:f6:2b:da:cd:bf:d1:e6:ef:6b:b9:2f:22:67:aa:5a:
6d:10:8e:e2:2f:2c:8a:d9:51:fa:1b:b4:a4:52:f5:8d:e4:56:
a8:45:e3:c0:30:38:ec:dc:da:cf:c2:3c:dc:bd:54:e2:36:39:
df:2a:08:05
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYYOLxc2GGvAnPJPo15LiYskMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZGVkODVkOWEwNWIxZGY2ODlhOGI2YzMxM2Y4MTI4Yzdh
MDBiNjcwHhcNMjMwMjAxMTgxMzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTMxMjc4NDE2NzUxMzE1ZDY3Nzc2ODUxMjJiZDNhYTI3ZjYyYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkScij43tAaOpF8p8C8S1Gv8yLrt9
MkSbhvyVQdI/43PjWX/f4TUkpa8E8uBCZWWq7BYCEq7XD5/VfbXqaS0Pwge8kbhT
z04gZ9hSwdM9jACkuh72mIubLJyv4n7utaX3xbgZOiYmmQWupN/MKOYzGLwTKZFa
Lg/8u8dFxTw3wwQ7QtAXxWrAshybIgWybuQVfxWkIu7tQI2xj1Oj8PEJAi00wQOx
avsbtardTVYTzztgnwQu+xum1CDZkql41doz8tOaccAqKPLABB6NLzNMVqtkgZ8i
H9BfvAFuR0jMBsm/9b4VCNvYYF2PZF9bUaefer9aiWrxD+rpiH+mfTb+xQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFUxJ4QWdRMV1nd2hRIr06on9ixWMB8GA1UdIwQY
MBaAFGTe2F2aBbHfaJqLbDE/gSjHoAtnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk43WVhab0ZzZDlvbW90c01ULUJLTWVnQzJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81NDZhZGUtZGFhMS00OWYxLThiYmUt
YjllYjg3MWY2ZDk2LzEvVlRFbmhCWjFFeFhXZDNhRkVpdlRxaWYyTEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81NDZhZGUtZGFhMS00OWYxLThiYmUtYjllYjg3MWY2ZDk2
LzEvWk43WVhab0ZzZDlvbW90c01ULUJLTWVnQzJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQALhzoMAwD
BAAuHO0DBAQuHOAwDQYJKoZIhvcNAQELBQADggEBAIqu/VfltyyXuJ0kcIqJvbPM
8F1vfFSuQvl2fQo+l0j7aezQwC370yC/gsT3mBW7SZbGdhgokk+1NNZVaYzT4n1z
r2hYBBT7QvR/MlwYpwsgRgpVyCeytO7BOknnEDPnnW/1TI2nmQmwye6/oAArUs4B
AsXqn7DWOozYvLAmtRCKZFMepxKET7Pny/KPZILQkzCuB6HXozRE4z8pmMUyWXMV
rqEAtDp+7mdQjJJ1vvlqLft97b4rBh+iuasiCI1L5n9sI6qkkGLu1/Yr2s2/0ebv
a7kvImeqWm0QjuIvLIrZUfobtKRS9Y3kVqhF48AwOOzc2s/CPNy9VOI2Od8qCAU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:29 2024 by rpki-client on console-fra.rpki-client.org