Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/feeef5-c96f-4652-94e0-ed38f649e39f/1/gnLG3As7BenoSF7wC6xDYI0z1lY.roa
File: gnLG3As7BenoSF7wC6xDYI0z1lY.roa (raw, json)
Hash identifier: aQcs0UqweKMAeFmKq9Uak2ZJH0I0DllE8tNupg6i0oc=
Subject key identifier: 82:72:C6:DC:0B:3B:05:E9:E8:48:5E:F0:0B:AC:43:60:8D:33:D6:56
Certificate issuer: /CN=dbc8f2ff98f610fe83830d18918f4c9037272411
Certificate serial: 018CC94D675354013432520B62A1426385F8
Authority key identifier: DB:C8:F2:FF:98:F6:10:FE:83:83:0D:18:91:8F:4C:90:37:27:24:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/28jy_5j2EP6Dgw0YkY9MkDcnJBE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/feeef5-c96f-4652-94e0-ed38f649e39f/1/gnLG3As7BenoSF7wC6xDYI0z1lY.roa
Signing time: Tue 02 Jan 2024 08:32:22 +0000
ROA not before: Tue 02 Jan 2024 08:32:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 216139
IP address blocks: 46.30.42.0/24 maxlen: 24
46.30.43.0/24 maxlen: 24
46.30.40.0/24 maxlen: 24
46.30.41.0/24 maxlen: 24
46.30.44.0/24 maxlen: 24
46.30.47.0/24 maxlen: 24
46.30.45.0/24 maxlen: 24
46.30.46.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4d:67:53:54:01:34:32:52:0b:62:a1:42:63:85:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbc8f2ff98f610fe83830d18918f4c9037272411
Validity
Not Before: Jan 2 08:32:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8272c6dc0b3b05e9e8485ef00bac43608d33d656
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:d8:69:7c:dd:34:07:a7:dd:ea:c7:72:a1:26:
78:40:df:f2:63:e2:94:e5:f5:46:4d:81:9f:64:de:
b5:95:ba:82:5a:c5:85:a7:1d:e7:a4:e7:e9:42:58:
3e:b5:b2:2d:21:ed:23:53:52:da:d6:66:9f:2b:86:
f9:df:0d:b0:6a:f3:ed:b3:35:e7:cc:ba:86:8e:79:
8e:87:1a:29:c2:17:2f:bd:d6:09:25:49:94:7e:d4:
b1:54:08:47:a8:0c:b1:a4:c9:df:57:d6:f9:fd:56:
09:fe:38:e4:83:54:00:6c:10:50:69:4e:9e:74:7b:
31:fd:9d:42:29:e6:1b:69:44:76:cb:0a:9f:df:e3:
59:9b:89:c2:b2:73:b1:d0:52:95:b2:2a:1d:bd:48:
16:f4:38:c9:82:8d:28:30:c4:50:31:21:e5:24:5d:
03:1a:48:40:99:ca:99:49:62:f9:88:1e:1d:98:3e:
af:6b:d4:22:6c:0b:f1:b1:a1:b3:25:58:9f:1c:74:
95:86:fd:30:f9:c2:ac:ba:b2:56:2a:db:7e:7c:d9:
65:c1:ca:bd:2c:26:4e:96:f9:b9:d9:ce:38:2b:70:
16:14:26:f0:c3:39:4d:b3:a9:fe:b3:db:a3:06:06:
f4:a4:28:a9:e8:cd:8e:6c:c8:27:5e:f6:49:6a:5c:
33:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:72:C6:DC:0B:3B:05:E9:E8:48:5E:F0:0B:AC:43:60:8D:33:D6:56
X509v3 Authority Key Identifier:
keyid:DB:C8:F2:FF:98:F6:10:FE:83:83:0D:18:91:8F:4C:90:37:27:24:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28jy_5j2EP6Dgw0YkY9MkDcnJBE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/feeef5-c96f-4652-94e0-ed38f649e39f/1/gnLG3As7BenoSF7wC6xDYI0z1lY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/feeef5-c96f-4652-94e0-ed38f649e39f/1/28jy_5j2EP6Dgw0YkY9MkDcnJBE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.30.40.0/21
Signature Algorithm: sha256WithRSAEncryption
5c:5c:1b:f6:46:fd:eb:31:58:13:9a:0e:2f:2e:17:1f:cb:74:
07:e9:78:6c:88:7f:80:a4:4f:a4:ab:20:5a:1b:08:1e:88:a9:
92:ef:31:bf:35:e4:6a:7a:80:74:df:b5:69:36:36:fd:70:d1:
9a:92:06:b7:b6:2c:68:b5:2a:a8:d6:20:27:fe:8f:f3:0e:db:
c6:4a:4c:da:c2:e3:34:a6:e3:43:35:4c:35:a9:31:af:c1:7e:
da:2c:61:93:c9:48:5f:72:83:ee:1b:08:5a:97:b3:6e:81:bf:
a1:e1:77:f7:0b:59:43:35:8b:95:a3:aa:eb:81:43:70:eb:66:
97:bd:6e:25:23:05:6f:10:a3:75:85:e7:5d:1c:85:dc:21:c7:
1f:27:98:2e:98:07:b7:2c:ce:bd:92:be:06:48:49:6b:f6:df:
7a:de:d4:d2:e0:7e:c3:e5:7d:d2:9e:e8:f1:1d:82:ed:4e:28:
e8:69:72:f7:9a:77:73:57:61:66:38:4d:8b:b3:36:ab:b6:1c:
42:82:ed:fe:2e:d0:da:da:96:4e:20:b7:1f:0e:1e:ed:d9:4f:
6f:fa:a6:c2:c5:aa:aa:13:4e:09:90:2a:91:58:8b:53:df:c7:
72:b4:4f:89:2c:c2:f5:90:a2:92:a9:ae:06:4e:80:dd:3a:1e:
c7:54:3a:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTWdTVAE0MlILYqFCY4X4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYzhmMmZmOThmNjEwZmU4MzgzMGQxODkxOGY0YzkwMzcy
NzI0MTEwHhcNMjQwMTAyMDgzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjcyYzZkYzBiM2IwNWU5ZTg0ODVlZjAwYmFjNDM2MDhkMzNkNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdhpfN00B6fd6sdyoSZ4QN/yY+KU
5fVGTYGfZN61lbqCWsWFpx3npOfpQlg+tbItIe0jU1La1mafK4b53w2wavPtszXn
zLqGjnmOhxopwhcvvdYJJUmUftSxVAhHqAyxpMnfV9b5/VYJ/jjkg1QAbBBQaU6e
dHsx/Z1CKeYbaUR2ywqf3+NZm4nCsnOx0FKVsiodvUgW9DjJgo0oMMRQMSHlJF0D
GkhAmcqZSWL5iB4dmD6va9QibAvxsaGzJVifHHSVhv0w+cKsurJWKtt+fNllwcq9
LCZOlvm52c44K3AWFCbwwzlNs6n+s9ujBgb0pCip6M2ObMgnXvZJalwzXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJyxtwLOwXp6Ehe8AusQ2CNM9ZWMB8GA1UdIwQY
MBaAFNvI8v+Y9hD+g4MNGJGPTJA3JyQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhqeV81ajJFUDZEZ3cwWWtZOU1rRGNuSkJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9mZWVlZjUtYzk2Zi00NjUyLTk0ZTAt
ZWQzOGY2NDllMzlmLzEvZ25MRzNBczdCZW5vU0Y3d0M2eERZSTB6MWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9mZWVlZjUtYzk2Zi00NjUyLTk0ZTAtZWQzOGY2NDllMzlm
LzEvMjhqeV81ajJFUDZEZ3cwWWtZOU1rRGNuSkJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLh4oMA0G
CSqGSIb3DQEBCwUAA4IBAQBcXBv2Rv3rMVgTmg4vLhcfy3QH6XhsiH+ApE+kqyBa
GwgeiKmS7zG/NeRqeoB037VpNjb9cNGakga3tixotSqo1iAn/o/zDtvGSkzawuM0
puNDNUw1qTGvwX7aLGGTyUhfcoPuGwhal7Nugb+h4Xf3C1lDNYuVo6rrgUNw62aX
vW4lIwVvEKN1heddHIXcIccfJ5gumAe3LM69kr4GSElr9t963tTS4H7D5X3Snujx
HYLtTijoaXL3mndzV2FmOE2LszarthxCgu3+LtDa2pZOILcfDh7t2U9v+qbCxaqq
E04JkCqRWItT38dytE+JLML1kKKSqa4GToDdOh7HVDr2
-----END CERTIFICATE-----
Generated at Tue Sep 17 12:46:10 2024 by rpki-client on console-fra.rpki-client.org