Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/v7llEJiPMP5vcfFC7uAfMl8cRlo.roa
File: v7llEJiPMP5vcfFC7uAfMl8cRlo.roa (raw, json)
Hash identifier: FJf4KjtFkF9pCanmY/1aeF1r2PmgleAmnFlZPjPXFGY=
Subject key identifier: BF:B9:65:10:98:8F:30:FE:6F:71:F1:42:EE:E0:1F:32:5F:1C:46:5A
Certificate issuer: /CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Certificate serial: 01847B9C7DA9ECAA380C5CC14C860C722AA3
Authority key identifier: F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/v7llEJiPMP5vcfFC7uAfMl8cRlo.roa
Signing time: Tue 15 Nov 2022 14:06:04 +0000
ROA not before: Tue 15 Nov 2022 14:06:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44318
IP address blocks: 91.201.144.0/22 maxlen: 23
46.173.96.0/19 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:7b:9c:7d:a9:ec:aa:38:0c:5c:c1:4c:86:0c:72:2a:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Validity
Not Before: Nov 15 14:06:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bfb96510988f30fe6f71f142eee01f325f1c465a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:b9:26:8a:33:b6:3a:97:2a:b6:ac:17:3d:cc:
b6:73:99:ae:5f:be:b5:1e:86:2c:89:2d:c2:ee:69:
bd:0b:af:d9:77:b3:49:35:88:85:63:af:6b:c2:7c:
d5:fc:7f:29:55:84:5e:30:ed:d3:bf:49:86:a0:8c:
81:cf:79:a0:a6:1e:f4:90:9f:19:a9:44:e5:c0:a2:
86:25:1e:2b:ac:4f:1b:ad:8b:fc:43:aa:8b:23:d4:
d9:d4:97:ac:05:a5:51:4f:bd:c2:0e:c6:14:1d:bd:
db:b5:23:ed:f7:8d:2f:53:f7:2e:b0:cf:c1:b6:e7:
b2:fa:c3:d9:e7:f6:e0:0b:a3:6b:7c:af:19:63:52:
40:e6:67:68:93:2e:a3:05:09:13:3e:7f:4d:c6:74:
5d:36:9a:28:2c:ec:fb:73:d4:a3:36:de:62:72:27:
4f:50:a3:a1:f3:46:74:11:10:03:18:de:2d:05:be:
54:88:47:c5:ce:f3:ab:b0:1b:26:bb:4e:b0:19:c7:
61:6e:63:97:fa:48:91:d0:35:46:d9:60:88:a6:72:
25:ea:67:90:49:9b:1a:dd:d3:f2:28:a3:76:d3:a9:
a2:2c:80:96:d2:99:16:18:0b:07:39:1d:17:79:9d:
b3:04:ef:b0:c1:a8:0b:21:58:d9:04:7b:6f:8d:97:
c7:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:B9:65:10:98:8F:30:FE:6F:71:F1:42:EE:E0:1F:32:5F:1C:46:5A
X509v3 Authority Key Identifier:
keyid:F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/v7llEJiPMP5vcfFC7uAfMl8cRlo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.173.96.0/19
91.201.144.0/22
Signature Algorithm: sha256WithRSAEncryption
85:d6:22:96:f0:b5:fb:1f:c4:7f:da:38:77:01:81:ec:70:fe:
16:66:c9:44:ec:2c:2e:5e:21:f3:ef:ba:8a:62:9e:5e:55:7e:
3b:de:c4:9e:bc:0c:5d:37:ad:27:73:27:be:84:77:0a:f1:40:
43:e4:57:04:29:20:0f:59:a5:87:c7:af:0b:ad:4d:7c:28:a1:
da:68:33:b2:32:0f:7a:bf:95:c2:54:df:b1:fa:78:50:17:7e:
73:ec:ec:eb:81:f9:f3:50:d4:1e:55:98:29:56:d4:a1:06:ac:
31:a7:da:1e:2f:b3:16:c4:77:73:13:30:88:41:25:c9:e1:5f:
e3:90:80:4d:e7:08:24:18:b4:8f:99:88:db:ad:cd:ff:ad:29:
97:8b:24:1c:13:3a:6b:97:8c:4f:f8:61:e9:fa:fe:8b:76:5e:
85:8f:88:2a:80:70:9d:f8:d4:39:26:3d:70:38:32:1a:ad:4c:
11:0b:01:9f:68:18:98:a7:e8:26:85:a9:9a:d9:81:a6:25:1e:
83:0e:de:94:5d:2c:f7:64:9a:5e:a1:13:8a:fd:b8:c4:88:43:
59:84:d8:5b:c9:c0:19:05:c1:a1:ef:69:80:2b:18:0f:fe:e0:
e3:c3:0d:5c:13:a7:62:c8:39:24:58:9e:8b:55:9e:9b:3c:dd:
a0:f3:ef:67
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYR7nH2p7Ko4DFzBTIYMciqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NDEyODE0NmI3YmVjOGJkMTE4NWJiZTBjM2I5MzQwYWFm
NWI3MTQwHhcNMjIxMTE1MTQwNjA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmI5NjUxMDk4OGYzMGZlNmY3MWYxNDJlZWUwMWYzMjVmMWM0NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLkmijO2OpcqtqwXPcy2c5muX761
HoYsiS3C7mm9C6/Zd7NJNYiFY69rwnzV/H8pVYReMO3Tv0mGoIyBz3mgph70kJ8Z
qUTlwKKGJR4rrE8brYv8Q6qLI9TZ1JesBaVRT73CDsYUHb3btSPt940vU/cusM/B
tuey+sPZ5/bgC6NrfK8ZY1JA5mdoky6jBQkTPn9NxnRdNpooLOz7c9SjNt5icidP
UKOh80Z0ERADGN4tBb5UiEfFzvOrsBsmu06wGcdhbmOX+kiR0DVG2WCIpnIl6meQ
SZsa3dPyKKN206miLICW0pkWGAsHOR0XeZ2zBO+wwagLIVjZBHtvjZfH5wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFL+5ZRCYjzD+b3HxQu7gHzJfHEZaMB8GA1UdIwQY
MBaAFPhBKBRre+yL0Rhbvgw7k0Cq9bcUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FRW9GR3Q3N0l2UkdGdS1ERHVUUUtyMXR4US5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQx
LTEzODM5NjQwYTYwNC8xL3Y3bGxFSmlQTVA1dmNmRkM3dUFmTWw4Y1Jsby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQxLTEzODM5NjQwYTYw
NC8xLzEtRUVvRkd0NzdJdlJHRnUtRER1VFFLcjF0eFEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAUurWAD
BAJbyZAwDQYJKoZIhvcNAQELBQADggEBAIXWIpbwtfsfxH/aOHcBgexw/hZmyUTs
LC5eIfPvuopinl5VfjvexJ68DF03rSdzJ76EdwrxQEPkVwQpIA9ZpYfHrwutTXwo
odpoM7IyD3q/lcJU37H6eFAXfnPs7OuB+fNQ1B5VmClW1KEGrDGn2h4vsxbEd3MT
MIhBJcnhX+OQgE3nCCQYtI+ZiNutzf+tKZeLJBwTOmuXjE/4Yen6/ot2XoWPiCqA
cJ341DkmPXA4MhqtTBELAZ9oGJin6CaFqZrZgaYlHoMO3pRdLPdkml6hE4r9uMSI
Q1mE2FvJwBkFwaHvaYArGA/+4OPDDVwTp2LIOSRYnotVnps83aDz72c=
-----END CERTIFICATE-----
Generated at Thu Apr 17 00:43:21 2025 by rpki-client