Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/71o8i3HREgrx595dknAQIS3_9jw.roa
File: 71o8i3HREgrx595dknAQIS3_9jw.roa (raw, json)
Hash identifier: OrjG0+lKs2eiN6g7NaBHVHdZX5bYJVFoGz0vIpeI6qo=
Subject key identifier: EF:5A:3C:8B:71:D1:12:0A:F1:E7:DE:5D:92:70:10:21:2D:FF:F6:3C
Certificate issuer: /CN=a04845af1dc0087b274cee52a4a9e0880335435d
Certificate serial: 018CCE8F7860753CB79B597A03E3A89DB473
Authority key identifier: A0:48:45:AF:1D:C0:08:7B:27:4C:EE:52:A4:A9:E0:88:03:35:43:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/71o8i3HREgrx595dknAQIS3_9jw.roa
Signing time: Wed 03 Jan 2024 09:02:38 +0000
ROA not before: Wed 03 Jan 2024 09:02:38 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42910
IP address blocks: 46.235.11.0/24 maxlen: 32
46.235.9.0/24 maxlen: 24
46.235.8.0/24 maxlen: 32
46.235.10.0/24 maxlen: 32
178.210.162.0/24 maxlen: 24
178.210.161.0/24 maxlen: 24
178.210.160.0/24 maxlen: 24
178.210.165.0/24 maxlen: 24
178.210.164.0/24 maxlen: 24
178.210.163.0/24 maxlen: 24
178.210.166.0/24 maxlen: 24
178.210.172.0/24 maxlen: 24
178.210.171.0/24 maxlen: 24
178.210.170.0/24 maxlen: 24
178.210.169.0/24 maxlen: 24
178.210.168.0/24 maxlen: 24
178.210.167.0/24 maxlen: 24
178.210.176.0/24 maxlen: 24
178.210.175.0/24 maxlen: 24
178.210.174.0/24 maxlen: 24
178.210.173.0/24 maxlen: 24
178.210.177.0/24 maxlen: 24
178.210.178.0/24 maxlen: 32
178.210.179.0/24 maxlen: 32
178.210.181.0/24 maxlen: 24
178.210.180.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ce:8f:78:60:75:3c:b7:9b:59:7a:03:e3:a8:9d:b4:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a04845af1dc0087b274cee52a4a9e0880335435d
Validity
Not Before: Jan 3 09:02:38 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ef5a3c8b71d1120af1e7de5d927010212dfff63c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:b6:df:5a:72:6a:48:50:4c:c7:3f:eb:0c:b6:
34:c0:34:43:d2:ce:cf:ca:4b:52:35:42:ed:c8:fb:
21:1e:5c:92:b4:d4:47:5d:86:58:b9:c9:1e:f7:2d:
41:f4:c5:23:45:19:9d:2f:c6:e5:83:f7:17:ca:d6:
38:ba:e8:05:05:18:a5:9d:36:c1:1e:6f:d3:a1:ca:
3d:83:c7:1e:b2:ce:61:7b:43:b6:ba:71:1f:c1:00:
98:98:0a:00:79:c4:62:df:3c:70:d0:b4:94:53:8f:
30:15:07:21:81:62:a9:f1:62:52:e3:5e:a6:f9:cc:
c8:77:5f:37:d2:98:ef:5a:69:f3:55:05:65:f6:1f:
04:5e:f5:24:f0:bf:20:76:2a:62:cf:9a:07:1b:bc:
fc:1f:0b:eb:e2:13:24:63:88:11:11:cb:9e:5a:b9:
42:28:5e:99:1d:9d:5f:bc:70:60:d5:5f:0b:c2:4e:
77:26:ed:5f:ea:69:9d:9c:ea:6f:13:99:fe:1d:a8:
f4:e8:81:50:22:eb:65:2b:22:fd:06:f1:30:0f:15:
94:c2:45:9c:20:4f:b2:81:7b:76:44:76:bf:e3:f9:
cf:92:b6:d5:5b:14:25:81:e7:87:09:61:05:93:d6:
d2:a5:75:ef:55:9e:7d:c8:e6:f7:3a:a2:84:2f:fd:
e9:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:5A:3C:8B:71:D1:12:0A:F1:E7:DE:5D:92:70:10:21:2D:FF:F6:3C
X509v3 Authority Key Identifier:
keyid:A0:48:45:AF:1D:C0:08:7B:27:4C:EE:52:A4:A9:E0:88:03:35:43:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oEhFrx3ACHsnTO5SpKngiAM1Q10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/71o8i3HREgrx595dknAQIS3_9jw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e55e30-97c6-40e6-81b7-507011570ee6/1/oEhFrx3ACHsnTO5SpKngiAM1Q10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.235.8.0/22
178.210.160.0-178.210.181.255
Signature Algorithm: sha256WithRSAEncryption
61:a3:78:33:cc:55:7d:fa:e0:e3:02:40:02:73:cd:21:3d:70:
12:ee:d1:a7:76:db:e5:05:cf:da:41:f0:cf:ac:67:e1:d9:30:
79:05:35:32:e3:24:ae:cf:79:b5:96:13:ae:6d:8c:62:da:49:
70:97:43:cc:48:d9:17:a5:03:1a:6d:36:2c:da:fc:58:c2:43:
fa:e6:81:69:46:91:fa:bc:28:06:ab:a7:30:8f:d8:1c:31:60:
a5:a8:dc:27:f7:6b:79:45:fc:7c:26:8b:cd:a1:c5:2e:9e:18:
2a:6e:17:f9:e2:7c:64:65:e0:f8:97:47:31:00:86:7a:a6:40:
d4:16:db:6b:fd:9e:b5:46:c8:29:8e:86:65:80:3f:f5:9b:b0:
a1:02:a7:a5:2d:cd:1f:89:a4:4a:56:23:b7:bc:fa:27:78:c9:
3d:a8:38:34:e6:16:c1:2e:25:67:5b:03:c5:b4:89:86:ca:06:
4b:eb:70:7c:3a:1d:7a:10:50:a6:2a:59:4f:cc:f7:83:8d:0a:
5f:0c:af:34:9c:18:93:43:9f:37:16:69:24:78:d9:e9:74:8a:
68:82:fe:aa:07:05:c9:88:45:37:ef:0d:f5:52:da:21:fc:2c:
02:a6:6f:22:96:1e:86:de:2d:52:8f:c1:d9:56:0c:75:e4:e3:
bd:3b:87:dd
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzOj3hgdTy3m1l6A+OonbRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNDg0NWFmMWRjMDA4N2IyNzRjZWU1MmE0YTllMDg4MDMz
NTQzNWQwHhcNMjQwMTAzMDkwMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjVhM2M4YjcxZDExMjBhZjFlN2RlNWQ5MjcwMTAyMTJkZmZmNjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLbfWnJqSFBMxz/rDLY0wDRD0s7P
yktSNULtyPshHlyStNRHXYZYucke9y1B9MUjRRmdL8blg/cXytY4uugFBRilnTbB
Hm/Toco9g8cess5he0O2unEfwQCYmAoAecRi3zxw0LSUU48wFQchgWKp8WJS416m
+czId1830pjvWmnzVQVl9h8EXvUk8L8gdipiz5oHG7z8Hwvr4hMkY4gREcueWrlC
KF6ZHZ1fvHBg1V8Lwk53Ju1f6mmdnOpvE5n+Haj06IFQIutlKyL9BvEwDxWUwkWc
IE+ygXt2RHa/4/nPkrbVWxQlgeeHCWEFk9bSpXXvVZ59yOb3OqKEL/3pdQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFO9aPItx0RIK8efeXZJwECEt//Y8MB8GA1UdIwQY
MBaAFKBIRa8dwAh7J0zuUqSp4IgDNUNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0VoRnJ4M0FDSHNuVE81U3BLbmdpQU0xUTEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNTVlMzAtOTdjNi00MGU2LTgxYjct
NTA3MDExNTcwZWU2LzEvNzFvOGkzSFJFZ3J4NTk1ZGtuQVFJUzNfOWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNTVlMzAtOTdjNi00MGU2LTgxYjctNTA3MDExNTcwZWU2
LzEvb0VoRnJ4M0FDSHNuVE81U3BLbmdpQU0xUTEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCLusIMAwD
BAWy0qADBAGy0rQwDQYJKoZIhvcNAQELBQADggEBAGGjeDPMVX364OMCQAJzzSE9
cBLu0ad22+UFz9pB8M+sZ+HZMHkFNTLjJK7PebWWE65tjGLaSXCXQ8xI2RelAxpt
Niza/FjCQ/rmgWlGkfq8KAarpzCP2BwxYKWo3Cf3a3lF/Hwmi82hxS6eGCpuF/ni
fGRl4PiXRzEAhnqmQNQW22v9nrVGyCmOhmWAP/WbsKECp6UtzR+JpEpWI7e8+id4
yT2oODTmFsEuJWdbA8W0iYbKBkvrcHw6HXoQUKYqWU/M94ONCl8MrzScGJNDnzcW
aSR42el0imiC/qoHBcmIRTfvDfVS2iH8LAKmbyKWHobeLVKPwdlWDHXk4707h90=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:16:00 2025 by rpki-client