Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/UgaNNYCHe_dIjx26YstEaKNkczM.roa
File: UgaNNYCHe_dIjx26YstEaKNkczM.roa (raw, json)
Hash identifier: icRB5EzA7BYuEISPMiiWIc47QnpADigStyYber9TCas=
Subject key identifier: 52:06:8D:35:80:87:7B:F7:48:8F:1D:BA:62:CB:44:68:A3:64:73:33
Certificate issuer: /CN=a0a8631e6e5a7ac66da4fb160fd5b4fca9378805
Certificate serial: 0188C0D46317F182D04717DDD707C8778849
Authority key identifier: A0:A8:63:1E:6E:5A:7A:C6:6D:A4:FB:16:0F:D5:B4:FC:A9:37:88:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oKhjHm5aesZtpPsWD9W0_Kk3iAU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/UgaNNYCHe_dIjx26YstEaKNkczM.roa
Signing time: Thu 15 Jun 2023 20:52:04 +0000
ROA not before: Thu 15 Jun 2023 20:52:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60198
IP address blocks: 46.17.216.0/23 maxlen: 23
46.17.216.0/24 maxlen: 24
2a02:4f63::/32 maxlen: 32
2a02:4f61::/32 maxlen: 32
2a02:4f64::/32 maxlen: 32
2a02:4f67::/32 maxlen: 32
2a02:4f60::/32 maxlen: 32
2a02:4f66::/32 maxlen: 32
2a02:4f65::/32 maxlen: 32
2a02:4f62::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:c0:d4:63:17:f1:82:d0:47:17:dd:d7:07:c8:77:88:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0a8631e6e5a7ac66da4fb160fd5b4fca9378805
Validity
Not Before: Jun 15 20:52:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=52068d3580877bf7488f1dba62cb4468a3647333
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:ec:85:c0:fe:51:26:58:fb:96:96:b9:aa:5c:
ba:13:e4:a6:21:c4:d1:11:b4:83:70:db:01:19:c3:
97:56:29:4c:7f:37:64:19:b5:f5:78:c9:b4:4d:af:
03:05:4b:61:aa:17:54:c7:32:d4:b7:39:76:fc:8e:
2b:31:84:8a:af:52:66:d8:06:04:d5:7e:65:b4:7d:
d2:6e:ac:45:cb:ba:6a:33:f0:6f:fe:bf:2c:e7:8b:
d1:b5:4c:0e:cc:f6:20:ce:69:b5:d9:07:5b:ce:36:
74:95:b0:8c:1e:56:ae:28:70:2c:35:03:1d:78:a7:
59:02:de:f8:d9:e6:a2:46:fc:23:05:85:d9:b8:8e:
32:b6:ba:9d:02:2a:d5:95:88:1c:cc:c2:04:68:6b:
e8:14:a5:30:c2:88:0d:ab:cd:b5:26:45:f3:48:c3:
59:fa:1c:a8:09:03:79:d0:92:50:6a:9e:07:05:b8:
1a:de:dc:3b:c2:cb:a7:c8:71:f1:ef:a7:cb:03:99:
c6:67:88:e8:5b:0e:45:23:1b:cf:3e:9f:82:4b:0f:
75:9e:17:92:de:ac:80:ac:59:91:0b:80:4e:8b:b7:
fc:d6:7a:93:a0:2b:25:40:5e:c3:ea:24:bc:cc:b7:
33:6a:d1:4e:1b:b4:32:32:16:d7:e6:d4:b1:3c:67:
b1:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:06:8D:35:80:87:7B:F7:48:8F:1D:BA:62:CB:44:68:A3:64:73:33
X509v3 Authority Key Identifier:
keyid:A0:A8:63:1E:6E:5A:7A:C6:6D:A4:FB:16:0F:D5:B4:FC:A9:37:88:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKhjHm5aesZtpPsWD9W0_Kk3iAU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/UgaNNYCHe_dIjx26YstEaKNkczM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/oKhjHm5aesZtpPsWD9W0_Kk3iAU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.17.216.0/23
IPv6:
2a02:4f60::/29
Signature Algorithm: sha256WithRSAEncryption
86:bb:a6:ca:20:38:84:6a:a4:a1:71:b3:70:73:c4:ea:9d:02:
d2:59:5b:32:9c:bd:29:c0:92:03:a7:fa:2c:3c:84:7c:82:65:
13:e1:3c:d7:8b:6d:56:f0:94:3f:03:78:e3:60:28:ea:a6:69:
a0:67:da:48:ae:4b:04:57:46:14:2f:a9:30:8f:27:3a:d2:97:
96:dd:2d:c5:09:90:ab:f2:b1:a3:90:df:ae:04:d1:2b:fa:02:
ad:d5:c0:2b:9a:7a:db:6a:cb:2c:6b:60:6f:89:b0:3d:ec:d0:
42:7b:4e:b6:b3:0a:bd:87:db:a6:e0:cd:2d:3c:c3:16:2f:0a:
d2:be:f4:67:b6:d0:14:91:1c:66:e9:6e:1e:e0:57:93:4b:b5:
93:36:38:69:f9:38:ab:d0:ca:19:42:06:75:8e:3f:84:83:56:
b1:f1:2c:54:84:cf:ff:d8:74:7c:dc:f6:f8:92:08:1b:7b:7d:
92:14:f3:88:17:25:10:fc:ee:1e:1c:4c:db:a1:7b:b4:2d:b8:
17:ad:77:3b:ba:ee:3f:43:0d:dc:ee:38:95:7a:57:83:63:94:
37:fd:39:50:21:ef:c4:25:48:01:a8:fd:b8:d9:1a:01:f8:98:
7e:e8:1b:05:58:04:6f:fd:0e:82:2c:c0:41:a7:26:0a:1a:8a:
17:31:52:f8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYjA1GMX8YLQRxfd1wfId4hJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYTg2MzFlNmU1YTdhYzY2ZGE0ZmIxNjBmZDViNGZjYTkz
Nzg4MDUwHhcNMjMwNjE1MjA1MjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjA2OGQzNTgwODc3YmY3NDg4ZjFkYmE2MmNiNDQ2OGEzNjQ3MzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOyFwP5RJlj7lpa5qly6E+SmIcTR
EbSDcNsBGcOXVilMfzdkGbX1eMm0Ta8DBUthqhdUxzLUtzl2/I4rMYSKr1Jm2AYE
1X5ltH3SbqxFy7pqM/Bv/r8s54vRtUwOzPYgzmm12QdbzjZ0lbCMHlauKHAsNQMd
eKdZAt742eaiRvwjBYXZuI4ytrqdAirVlYgczMIEaGvoFKUwwogNq821JkXzSMNZ
+hyoCQN50JJQap4HBbga3tw7wsunyHHx76fLA5nGZ4joWw5FIxvPPp+CSw91nheS
3qyArFmRC4BOi7f81nqToCslQF7D6iS8zLczatFOG7QyMhbX5tSxPGexVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFIGjTWAh3v3SI8dumLLRGijZHMzMB8GA1UdIwQY
MBaAFKCoYx5uWnrGbaT7Fg/VtPypN4gFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0toakhtNWFlc1p0cFBzV0Q5VzBfS2szaUFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kZmZhOWItMWQ2OS00ODY5LTlkYzQt
ODY3ZDFkODc3MTQwLzEvVWdhTk5ZQ0hlX2RJangyNllzdEVhS05rY3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kZmZhOWItMWQ2OS00ODY5LTlkYzQtODY3ZDFkODc3MTQw
LzEvb0toakhtNWFlc1p0cFBzV0Q5VzBfS2szaUFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLhHYMA0E
AgACMAcDBQMqAk9gMA0GCSqGSIb3DQEBCwUAA4IBAQCGu6bKIDiEaqShcbNwc8Tq
nQLSWVsynL0pwJIDp/osPIR8gmUT4TzXi21W8JQ/A3jjYCjqpmmgZ9pIrksEV0YU
L6kwjyc60peW3S3FCZCr8rGjkN+uBNEr+gKt1cArmnrbasssa2BvibA97NBCe062
swq9h9um4M0tPMMWLwrSvvRnttAUkRxm6W4e4FeTS7WTNjhp+Tir0MoZQgZ1jj+E
g1ax8SxUhM//2HR83Pb4kggbe32SFPOIFyUQ/O4eHEzboXu0LbgXrXc7uu4/Qw3c
7jiVeleDY5Q3/TlQIe/EJUgBqP242RoB+Jh+6BsFWARv/Q6CLMBBpyYKGooXMVL4
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:45:58 2025 by rpki-client