Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/redkD6oNHgrDvm9ZitceoPE3zag.roa
File: redkD6oNHgrDvm9ZitceoPE3zag.roa (raw, json)
Hash identifier: ApL/PkJCJTI7HN13KKuBYvNQphSzISdO5sbloqMP6Wc=
Subject key identifier: AD:E7:64:0F:AA:0D:1E:0A:C3:BE:6F:59:8A:D7:1E:A0:F1:37:CD:A8
Certificate issuer: /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial: 018D0264E61D35EADBAEC6A9981D1BB1D98D
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/redkD6oNHgrDvm9ZitceoPE3zag.roa
Signing time: Sat 13 Jan 2024 10:36:23 +0000
ROA not before: Sat 13 Jan 2024 10:36:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49970
IP address blocks: 46.143.200.0/24 maxlen: 24
46.143.201.0/24 maxlen: 24
46.143.246.0/24 maxlen: 24
46.143.247.0/24 maxlen: 24
109.122.240.0/21 maxlen: 21
46.143.193.0/24 maxlen: 24
46.143.196.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:02:64:e6:1d:35:ea:db:ae:c6:a9:98:1d:1b:b1:d9:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Validity
Not Before: Jan 13 10:36:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ade7640faa0d1e0ac3be6f598ad71ea0f137cda8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:e1:69:bc:4e:0f:f6:78:9b:50:fd:95:66:b3:
86:50:fe:67:27:70:84:e8:0f:f7:60:a9:82:75:e4:
df:4c:95:36:17:fe:63:85:fe:bc:88:1f:a3:67:fd:
8d:7a:8e:54:c3:b1:17:51:1c:c9:37:2c:ba:70:25:
1d:d7:56:9b:8c:58:19:4b:ae:00:a6:39:83:62:22:
82:e3:f6:39:31:fc:43:7e:2e:72:51:c2:3d:07:99:
51:70:f0:5b:36:bb:aa:4a:c1:c2:76:4e:ec:4e:a2:
bb:93:73:45:6e:99:a2:f4:24:4a:16:00:04:aa:b8:
a4:d1:c7:3d:8c:2a:9f:7a:1b:0d:b8:5d:7d:82:b1:
e9:2b:9d:3a:74:29:1c:50:f9:c7:ca:8f:30:c8:9c:
21:36:58:cb:c2:27:2d:46:ce:ac:7e:88:41:36:1a:
d0:7e:60:e7:e3:f5:e0:9a:08:30:72:ff:f1:cb:80:
06:bf:f9:a4:f3:93:9e:b1:5d:c5:9c:42:76:fd:3a:
85:6c:fc:1e:f4:af:27:ae:74:c3:70:57:b4:42:d3:
de:49:66:20:25:a7:91:7f:de:ea:69:da:d9:05:74:
f5:aa:fe:1b:7b:4a:48:55:41:c9:ea:5c:09:43:f9:
22:7c:82:f1:9b:ef:78:55:42:76:1c:f2:6a:40:d7:
49:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:E7:64:0F:AA:0D:1E:0A:C3:BE:6F:59:8A:D7:1E:A0:F1:37:CD:A8
X509v3 Authority Key Identifier:
keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/redkD6oNHgrDvm9ZitceoPE3zag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.143.193.0/24
46.143.196.0/24
46.143.200.0/23
46.143.246.0/23
109.122.240.0/21
Signature Algorithm: sha256WithRSAEncryption
7f:15:3f:c2:5a:64:9e:21:b4:74:87:75:bd:4a:95:41:32:d0:
5e:34:a7:37:5c:68:00:b0:3b:f9:a6:94:c2:3a:38:50:e2:81:
3b:e3:ba:d2:6d:2e:4d:70:19:3e:bd:2e:38:18:da:93:2f:73:
93:14:68:5a:fc:a9:f6:eb:13:39:96:a3:ce:78:be:d7:92:83:
36:d2:f6:99:23:38:91:f7:4f:64:4e:02:db:89:3f:8e:15:9b:
2f:c3:34:5f:d9:49:bf:1a:a6:28:1f:ef:b1:2d:d2:8d:26:f6:
36:14:46:00:5e:cf:c4:c1:17:64:5f:57:76:0e:c2:22:df:fc:
75:d3:9d:97:90:c2:1d:d7:26:80:e0:4b:77:c2:12:9b:6f:80:
0c:72:3a:6f:4a:00:ec:af:bc:da:3f:4e:eb:dc:ec:79:51:7a:
53:f4:66:01:6d:76:e7:f8:5c:6b:bb:40:9b:c4:e5:d3:12:a4:
d4:0d:56:8d:c9:fc:13:49:9a:83:06:f9:a9:c1:a3:50:94:a1:
bf:32:cb:11:a3:36:34:ab:b0:9e:9b:1e:fd:00:d5:17:13:ef:
e3:2c:80:7b:52:dd:7f:b4:54:a6:ff:e4:88:88:9c:9a:d0:d1:
17:a7:61:a6:57:ff:ac:8c:69:80:74:13:58:fa:f8:09:e3:46:
9c:05:f9:53
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY0CZOYdNerbrsapmB0bsdmNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjQwMTEzMTAzNjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGU3NjQwZmFhMGQxZTBhYzNiZTZmNTk4YWQ3MWVhMGYxMzdjZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOFpvE4P9nibUP2VZrOGUP5nJ3CE
6A/3YKmCdeTfTJU2F/5jhf68iB+jZ/2Neo5Uw7EXURzJNyy6cCUd11abjFgZS64A
pjmDYiKC4/Y5MfxDfi5yUcI9B5lRcPBbNruqSsHCdk7sTqK7k3NFbpmi9CRKFgAE
qrik0cc9jCqfehsNuF19grHpK506dCkcUPnHyo8wyJwhNljLwictRs6sfohBNhrQ
fmDn4/Xgmggwcv/xy4AGv/mk85OesV3FnEJ2/TqFbPwe9K8nrnTDcFe0QtPeSWYg
JaeRf97qadrZBXT1qv4be0pIVUHJ6lwJQ/kifILxm+94VUJ2HPJqQNdJBwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFK3nZA+qDR4Kw75vWYrXHqDxN82oMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvcmVka0Q2b05IZ3JEdm05Wml0Y2VvUEUzemFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALo/BAwQA
Lo/EAwQBLo/IAwQBLo/2AwQDbXrwMA0GCSqGSIb3DQEBCwUAA4IBAQB/FT/CWmSe
IbR0h3W9SpVBMtBeNKc3XGgAsDv5ppTCOjhQ4oE747rSbS5NcBk+vS44GNqTL3OT
FGha/Kn26xM5lqPOeL7XkoM20vaZIziR909kTgLbiT+OFZsvwzRf2Um/GqYoH++x
LdKNJvY2FEYAXs/EwRdkX1d2DsIi3/x1052XkMId1yaA4Et3whKbb4AMcjpvSgDs
r7zaP07r3Ox5UXpT9GYBbXbn+Fxru0CbxOXTEqTUDVaNyfwTSZqDBvmpwaNQlKG/
MssRozY0q7Cemx79ANUXE+/jLIB7Ut1/tFSm/+SIiJya0NEXp2GmV/+sjGmAdBNY
+vgJ40acBflT
-----END CERTIFICATE-----
Generated at Tue Sep 24 17:14:23 2024 by rpki-client on console-ams.rpki-client.org