Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/TIH-y61sREcbmf6zd23JHpYTj20.roa
File: TIH-y61sREcbmf6zd23JHpYTj20.roa (raw, json)
Hash identifier: UUQia2a5Mg/OKyVya+2Ikkn+6MMfKNV14JmCcxeavDo=
Subject key identifier: 4C:81:FE:CB:AD:6C:44:47:1B:99:FE:B3:77:6D:C9:1E:96:13:8F:6D
Certificate issuer: /CN=61b195d13050ff3c468a149778710b53582251d9
Certificate serial: 0187BAF1D0823D9412B3AC158AEB3EA9C5C1
Authority key identifier: 61:B1:95:D1:30:50:FF:3C:46:8A:14:97:78:71:0B:53:58:22:51:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/TIH-y61sREcbmf6zd23JHpYTj20.roa
Signing time: Wed 26 Apr 2023 00:23:42 +0000
ROA not before: Wed 26 Apr 2023 00:23:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15925
IP address blocks: 46.21.0.0/20 maxlen: 20
87.253.240.0/21 maxlen: 21
87.253.248.0/21 maxlen: 21
213.135.192.0/19 maxlen: 19
2a01:7f8::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ba:f1:d0:82:3d:94:12:b3:ac:15:8a:eb:3e:a9:c5:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b195d13050ff3c468a149778710b53582251d9
Validity
Not Before: Apr 26 00:23:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4c81fecbad6c44471b99feb3776dc91e96138f6d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:e1:7d:de:8b:e4:a7:a2:3e:18:51:18:5a:94:
37:3f:46:dd:e7:0f:d1:b8:aa:53:30:e9:e7:cb:ca:
11:0f:aa:da:63:07:78:9e:2d:9e:49:cd:f5:e3:04:
e1:c4:d0:16:dd:a8:16:f5:56:61:2a:dc:08:66:ca:
6a:78:7a:40:16:c5:09:63:4c:05:c8:a6:48:c5:83:
24:46:68:2f:1f:c9:56:92:a0:0e:d6:6c:1d:2b:a9:
57:1d:e3:aa:be:bc:53:93:89:d2:ce:f4:5a:c0:21:
fe:c9:4e:46:3b:2b:9d:52:89:08:ad:9c:92:0a:b4:
6b:10:7b:0b:bb:a4:b9:95:ce:ca:c0:57:bd:8e:2d:
82:5a:5f:fe:65:8d:76:5f:72:c0:3a:19:cc:ff:f9:
72:5b:af:89:48:ff:98:2d:8a:ba:85:6b:da:fb:7e:
23:37:58:e1:f5:8d:9d:17:51:8d:f5:a4:c5:0f:8a:
5f:1f:fc:2f:b6:3f:a3:6b:b5:ff:99:12:d4:5d:32:
62:6d:59:ae:78:de:a9:21:51:a0:9e:27:93:7b:72:
1b:79:95:89:ac:8e:f7:98:38:77:d4:bb:c3:a8:52:
33:ed:0a:d1:2d:16:ad:4e:1d:f2:bc:fa:cf:c9:d4:
59:b9:d8:1a:e4:2a:f4:a4:ee:1d:04:d6:0e:12:5c:
87:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:81:FE:CB:AD:6C:44:47:1B:99:FE:B3:77:6D:C9:1E:96:13:8F:6D
X509v3 Authority Key Identifier:
keyid:61:B1:95:D1:30:50:FF:3C:46:8A:14:97:78:71:0B:53:58:22:51:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/TIH-y61sREcbmf6zd23JHpYTj20.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/YbGV0TBQ_zxGihSXeHELU1giUdk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.0.0/20
87.253.240.0/20
213.135.192.0/19
IPv6:
2a01:7f8::/29
Signature Algorithm: sha256WithRSAEncryption
3b:aa:bf:78:5a:80:29:11:8c:88:52:5b:66:bc:1c:b9:2e:22:
8b:fe:df:7e:d2:3b:eb:73:03:26:a5:00:43:ab:81:43:e4:1b:
df:0a:b7:02:45:c8:d7:a7:ea:5d:1b:6e:4b:98:72:1e:32:42:
5c:3d:5a:db:b6:8c:bf:21:89:b2:9f:5b:e3:3f:3f:cc:5a:89:
03:41:f1:06:db:08:e6:1b:b8:4e:d0:9d:4b:13:f3:65:b1:63:
1f:f5:72:45:81:a7:00:62:c8:35:f6:b0:0c:3b:9d:a0:9f:e9:
d2:a5:5b:20:b7:5b:ac:49:ce:ad:97:da:61:79:9e:ed:a8:4d:
58:3c:34:fd:78:26:a3:0f:09:fa:e2:a2:ab:b6:b7:c4:ad:4e:
5d:ca:0d:e6:bd:0d:3b:ef:39:3d:83:de:a2:a4:1a:dc:64:0b:
eb:fb:96:a7:d7:d6:df:f3:81:d8:8d:6c:9b:76:8c:4a:d4:ac:
84:75:d4:c8:57:ba:15:dd:a2:d8:77:46:2e:d3:5c:12:e9:0b:
7c:1c:2a:25:9e:7b:ed:b8:70:a0:4e:37:c6:31:0b:27:6c:09:
dd:15:39:91:c6:f4:fc:43:bf:ad:65:12:c3:03:16:cc:5e:c2:
b3:1f:fb:11:ab:d3:cd:e1:24:93:9c:c9:77:8b:d2:d9:1c:07:
03:5e:47:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYe68dCCPZQSs6wVius+qcXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjE5NWQxMzA1MGZmM2M0NjhhMTQ5Nzc4NzEwYjUzNTgy
MjUxZDkwHhcNMjMwNDI2MDAyMzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzgxZmVjYmFkNmM0NDQ3MWI5OWZlYjM3NzZkYzkxZTk2MTM4ZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOF93ovkp6I+GFEYWpQ3P0bd5w/R
uKpTMOnny8oRD6raYwd4ni2eSc314wThxNAW3agW9VZhKtwIZspqeHpAFsUJY0wF
yKZIxYMkRmgvH8lWkqAO1mwdK6lXHeOqvrxTk4nSzvRawCH+yU5GOyudUokIrZyS
CrRrEHsLu6S5lc7KwFe9ji2CWl/+ZY12X3LAOhnM//lyW6+JSP+YLYq6hWva+34j
N1jh9Y2dF1GN9aTFD4pfH/wvtj+ja7X/mRLUXTJibVmueN6pIVGgnieTe3IbeZWJ
rI73mDh31LvDqFIz7QrRLRatTh3yvPrPydRZudga5Cr0pO4dBNYOElyHLQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFEyB/sutbERHG5n+s3dtyR6WE49tMB8GA1UdIwQY
MBaAFGGxldEwUP88RooUl3hxC1NYIlHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJHVjBUQlFfenhHaWhTWGVIRUxVMWdpVWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yZjNjMTktNTZkNS00OTI0LThiY2It
YmFjNDcyYWI3YjZhLzEvVElILXk2MXNSRWNibWY2emQyM0pIcFlUajIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yZjNjMTktNTZkNS00OTI0LThiY2ItYmFjNDcyYWI3YjZh
LzEvWWJHVjBUQlFfenhHaWhTWGVIRUxVMWdpVWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQELhUAAwQE
V/3wAwQF1YfAMA0EAgACMAcDBQMqAQf4MA0GCSqGSIb3DQEBCwUAA4IBAQA7qr94
WoApEYyIUltmvBy5LiKL/t9+0jvrcwMmpQBDq4FD5BvfCrcCRcjXp+pdG25LmHIe
MkJcPVrbtoy/IYmyn1vjPz/MWokDQfEG2wjmG7hO0J1LE/NlsWMf9XJFgacAYsg1
9rAMO52gn+nSpVsgt1usSc6tl9pheZ7tqE1YPDT9eCajDwn64qKrtrfErU5dyg3m
vQ077zk9g96ipBrcZAvr+5an19bf84HYjWybdoxK1KyEddTIV7oV3aLYd0Yu01wS
6Qt8HColnnvtuHCgTjfGMQsnbAndFTmRxvT8Q7+tZRLDAxbMXsKzH/sRq9PN4SST
nMl3i9LZHAcDXkeb
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:29:53 2025 by rpki-client