Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/BStF7DRNz77sEmctNxkc13_ZZeQ.roa
File: BStF7DRNz77sEmctNxkc13_ZZeQ.roa (raw, json)
Hash identifier: mQojCIKoz2TGocorJSatalZSku7HR8UxVL+jcsMTm+o=
Subject key identifier: 05:2B:45:EC:34:4D:CF:BE:EC:12:67:2D:37:19:1C:D7:7F:D9:65:E4
Certificate issuer: /CN=bef2158a0f2a42617a821a0b4fcc9c9a93f4246d
Certificate serial: 018CC34935B6E784CE4072A62722E0010D52
Authority key identifier: BE:F2:15:8A:0F:2A:42:61:7A:82:1A:0B:4F:CC:9C:9A:93:F4:24:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vvIVig8qQmF6ghoLT8ycmpP0JG0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/BStF7DRNz77sEmctNxkc13_ZZeQ.roa
Signing time: Mon 01 Jan 2024 04:30:04 +0000
ROA not before: Mon 01 Jan 2024 04:30:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49283
IP address blocks: 46.182.160.0/21 maxlen: 21
185.68.56.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:49:35:b6:e7:84:ce:40:72:a6:27:22:e0:01:0d:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bef2158a0f2a42617a821a0b4fcc9c9a93f4246d
Validity
Not Before: Jan 1 04:30:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=052b45ec344dcfbeec12672d37191cd77fd965e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:98:b5:3d:44:c0:bf:2d:f5:d4:f5:e9:4b:81:
a0:5f:42:5f:ad:b4:7f:72:32:ef:be:e1:fe:06:97:
82:42:29:a3:44:ee:2c:41:1a:8f:0e:18:07:27:85:
14:23:92:d7:74:96:68:17:c0:70:96:1f:49:96:fb:
88:10:15:eb:f2:25:03:dd:bb:aa:a4:46:8d:c4:18:
bb:28:10:c2:0e:38:0b:a1:47:75:17:e3:16:06:56:
2a:a4:2c:f7:a5:ce:67:af:c2:8d:1d:84:c4:6c:ca:
99:e7:08:8c:89:3f:63:74:c5:53:89:f0:93:60:9a:
34:31:7f:12:28:52:23:75:30:d7:7b:d2:dd:77:9b:
70:71:9a:76:4e:09:8a:8d:68:11:87:af:90:33:09:
03:1c:1b:76:86:65:21:98:4e:eb:7c:22:c5:ec:1b:
8b:7f:f7:25:a8:e7:23:bc:c3:0a:e9:08:1e:ad:1d:
3a:9a:00:07:2d:36:8e:9d:a4:66:26:8f:5a:8c:f3:
64:85:9d:f8:6e:f2:b9:00:59:67:89:5f:8d:d6:18:
e0:bc:66:fe:27:fa:45:e7:c4:a5:3e:a8:53:c1:7b:
12:8f:43:78:09:b0:2c:3b:04:36:fb:41:42:68:cf:
8b:6c:0d:b3:5b:61:33:32:87:c1:ae:fd:99:79:d1:
9d:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:2B:45:EC:34:4D:CF:BE:EC:12:67:2D:37:19:1C:D7:7F:D9:65:E4
X509v3 Authority Key Identifier:
keyid:BE:F2:15:8A:0F:2A:42:61:7A:82:1A:0B:4F:CC:9C:9A:93:F4:24:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vvIVig8qQmF6ghoLT8ycmpP0JG0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/BStF7DRNz77sEmctNxkc13_ZZeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/vvIVig8qQmF6ghoLT8ycmpP0JG0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.182.160.0/21
185.68.56.0/24
Signature Algorithm: sha256WithRSAEncryption
83:f0:30:e6:10:10:f5:ae:ab:78:43:e1:08:a8:5a:d2:04:eb:
39:12:dd:0f:e7:76:32:e7:a6:9f:7f:c2:6b:91:18:67:05:96:
bb:cb:fb:e9:2e:5c:f3:6e:96:e6:36:97:18:a0:f1:c3:07:ee:
5d:25:80:19:87:2e:a6:ed:ee:5c:76:db:3b:89:0c:32:7a:ef:
6d:e1:ad:85:3c:8c:2b:72:7d:0b:35:84:09:fa:16:50:49:63:
58:b7:5d:ce:de:a8:8f:8a:0e:6d:d5:d8:12:be:51:76:ab:b2:
fc:de:44:d8:64:a4:5e:38:fb:03:0a:cb:d6:ac:34:7d:62:07:
41:e5:77:a0:72:65:07:29:a9:8b:ff:92:42:a8:fa:c2:f6:fe:
68:a4:98:94:cd:da:3b:72:0c:9a:e3:3f:eb:0d:51:52:63:a9:
77:08:f7:3e:d0:61:ed:14:b7:2d:91:24:f0:1a:41:2e:9d:45:
48:1c:43:1a:81:fc:0c:20:e7:d7:0d:ba:4e:28:e6:47:bb:45:
f8:62:28:48:0b:df:ab:6e:46:71:76:30:c1:0b:3b:f0:9c:b1:
d0:2a:8d:09:3a:c7:58:cb:39:0c:07:6f:6b:7d:2d:ea:2b:df:
d0:8d:21:da:21:e4:c7:eb:39:22:83:92:25:28:68:f6:85:2e:
09:2f:5f:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSTW254TOQHKmJyLgAQ1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlZjIxNThhMGYyYTQyNjE3YTgyMWEwYjRmY2M5YzlhOTNm
NDI0NmQwHhcNMjQwMTAxMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTJiNDVlYzM0NGRjZmJlZWMxMjY3MmQzNzE5MWNkNzdmZDk2NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5i1PUTAvy311PXpS4GgX0JfrbR/
cjLvvuH+BpeCQimjRO4sQRqPDhgHJ4UUI5LXdJZoF8Bwlh9JlvuIEBXr8iUD3buq
pEaNxBi7KBDCDjgLoUd1F+MWBlYqpCz3pc5nr8KNHYTEbMqZ5wiMiT9jdMVTifCT
YJo0MX8SKFIjdTDXe9Ldd5twcZp2TgmKjWgRh6+QMwkDHBt2hmUhmE7rfCLF7BuL
f/clqOcjvMMK6QgerR06mgAHLTaOnaRmJo9ajPNkhZ34bvK5AFlniV+N1hjgvGb+
J/pF58SlPqhTwXsSj0N4CbAsOwQ2+0FCaM+LbA2zW2EzMofBrv2ZedGd5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAUrRew0Tc++7BJnLTcZHNd/2WXkMB8GA1UdIwQY
MBaAFL7yFYoPKkJheoIaC0/MnJqT9CRtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnZJVmlnOHFRbUY2Z2hvTFQ4eWNtcFAwSkcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80MmQ4MjEtNzRhZi00Y2VkLTk0ZWEt
MDI3YjU4ZTZmZGM1LzEvQlN0RjdEUk56NzdzRW1jdE54a2MxM19aWmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80MmQ4MjEtNzRhZi00Y2VkLTk0ZWEtMDI3YjU4ZTZmZGM1
LzEvdnZJVmlnOHFRbUY2Z2hvTFQ4eWNtcFAwSkcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLragAwQA
uUQ4MA0GCSqGSIb3DQEBCwUAA4IBAQCD8DDmEBD1rqt4Q+EIqFrSBOs5Et0P53Yy
56aff8JrkRhnBZa7y/vpLlzzbpbmNpcYoPHDB+5dJYAZhy6m7e5cdts7iQwyeu9t
4a2FPIwrcn0LNYQJ+hZQSWNYt13O3qiPig5t1dgSvlF2q7L83kTYZKReOPsDCsvW
rDR9YgdB5XegcmUHKamL/5JCqPrC9v5opJiUzdo7cgya4z/rDVFSY6l3CPc+0GHt
FLctkSTwGkEunUVIHEMagfwMIOfXDbpOKOZHu0X4YihIC9+rbkZxdjDBCzvwnLHQ
Ko0JOsdYyzkMB29rfS3qK9/QjSHaIeTH6zkig5IlKGj2hS4JL1/X
-----END CERTIFICATE-----
Generated at Wed Oct 2 10:53:38 2024 by rpki-client on console-ams.rpki-client.org