Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/CB7SBZpWfIKcpxn0r_XLoSQ94KI.roa
File: CB7SBZpWfIKcpxn0r_XLoSQ94KI.roa (raw, json)
Hash identifier: hxaBEYz8nSRphRm7TCjY+lxH9fWA9i1E8r9IlTpe0hw=
Subject key identifier: 08:1E:D2:05:9A:56:7C:82:9C:A7:19:F4:AF:F5:CB:A1:24:3D:E0:A2
Certificate issuer: /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial: 0189E59907B4538A916E760D906F5DFBAC6E
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/CB7SBZpWfIKcpxn0r_XLoSQ94KI.roa
Signing time: Fri 11 Aug 2023 17:15:58 +0000
ROA not before: Fri 11 Aug 2023 17:15:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 26968
IP address blocks: 46.8.201.0/24 maxlen: 24
46.8.200.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:e5:99:07:b4:53:8a:91:6e:76:0d:90:6f:5d:fb:ac:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
Validity
Not Before: Aug 11 17:15:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=081ed2059a567c829ca719f4aff5cba1243de0a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:af:48:f3:dd:19:d4:45:1a:c5:cd:69:10:81:
39:de:4a:e2:60:26:46:26:cb:88:00:a9:b9:b2:6e:
65:eb:ee:52:b0:e6:c3:65:58:e7:57:ff:8d:3f:81:
04:b3:86:7d:a9:6e:4d:f9:8c:9b:47:42:96:26:dc:
f3:27:86:b9:98:12:b9:50:ed:c2:73:02:36:5c:e2:
d4:58:21:e9:dd:5e:40:ff:08:da:6f:1c:b2:42:b5:
73:97:10:c6:c0:10:f7:39:75:8d:d0:a3:56:8f:53:
d6:cb:b8:59:90:16:ad:a0:6e:37:50:4d:40:4e:6c:
66:df:c5:d2:30:d7:ca:45:63:de:ad:e0:65:98:0c:
ac:6a:d3:f6:d8:f1:00:db:fe:25:b7:c1:82:69:b5:
c7:46:de:dd:b5:b9:3a:e1:6a:9b:c6:f9:4e:97:3d:
a1:4b:b4:da:47:46:49:c7:73:5e:b3:33:23:cb:ad:
99:14:58:08:d9:fa:b4:92:5e:cf:86:b1:1b:62:56:
74:b4:0d:bd:d9:bf:8a:fb:bb:c4:46:67:06:ae:ed:
59:f9:1c:22:78:a1:07:1a:e2:9a:89:b0:83:c2:a9:
51:6e:a8:4b:b0:5a:64:11:88:a3:c4:97:07:54:ec:
83:17:4f:22:cf:82:94:96:09:d0:db:4e:95:a4:16:
0b:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:1E:D2:05:9A:56:7C:82:9C:A7:19:F4:AF:F5:CB:A1:24:3D:E0:A2
X509v3 Authority Key Identifier:
keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/CB7SBZpWfIKcpxn0r_XLoSQ94KI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.200.0/23
Signature Algorithm: sha256WithRSAEncryption
68:d9:fd:04:b6:3d:39:23:e7:8b:f8:4c:e1:29:a4:94:46:e7:
c0:86:8a:75:ae:b8:aa:1f:5a:44:cb:ea:28:9e:74:6f:1c:52:
b9:60:32:2a:c2:fb:8d:1e:0a:b3:e3:b6:54:22:cd:4b:a3:3b:
06:e8:a4:41:e5:8b:92:97:41:5c:6b:63:ca:1b:e1:c4:43:30:
f2:48:ae:65:f1:18:ba:d1:2f:5d:8c:6a:45:24:bf:a5:c6:57:
d8:fc:6e:97:ec:af:de:93:61:73:22:f9:6b:3e:ab:d3:d7:6e:
b1:93:aa:57:fa:6f:7d:56:dc:c5:02:0b:df:16:de:fb:85:4f:
27:0b:70:c3:33:6b:3f:fc:89:3f:e1:8b:20:9a:ac:27:d3:82:
6b:30:37:f6:d9:e7:a3:c1:22:69:e2:8a:38:e9:14:2b:b0:4b:
d8:d8:97:1f:10:2e:66:78:74:04:b6:a5:b9:84:51:d8:4c:6e:
96:1d:cb:28:f9:27:73:9c:90:58:73:a0:79:f6:94:ab:f9:be:
62:48:ba:08:41:b0:47:67:34:5f:c5:6c:0a:4a:7d:70:c8:48:
5b:91:cc:bd:e4:a6:ff:78:b7:52:42:57:bc:d6:bf:a7:62:1f:
a4:8b:a2:8f:d7:02:16:5e:40:5e:81:cf:89:09:07:07:26:fd:
ec:18:79:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYnlmQe0U4qRbnYNkG9d+6xuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjMwODExMTcxNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFlZDIwNTlhNTY3YzgyOWNhNzE5ZjRhZmY1Y2JhMTI0M2RlMGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq9I890Z1EUaxc1pEIE53kriYCZG
JsuIAKm5sm5l6+5SsObDZVjnV/+NP4EEs4Z9qW5N+YybR0KWJtzzJ4a5mBK5UO3C
cwI2XOLUWCHp3V5A/wjabxyyQrVzlxDGwBD3OXWN0KNWj1PWy7hZkBatoG43UE1A
Tmxm38XSMNfKRWPereBlmAysatP22PEA2/4lt8GCabXHRt7dtbk64WqbxvlOlz2h
S7TaR0ZJx3NeszMjy62ZFFgI2fq0kl7PhrEbYlZ0tA292b+K+7vERmcGru1Z+Rwi
eKEHGuKaibCDwqlRbqhLsFpkEYijxJcHVOyDF08iz4KUlgnQ206VpBYL5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAge0gWaVnyCnKcZ9K/1y6EkPeCiMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvQ0I3U0JacFdmSUtjcHhuMHJfWExvU1E5NEtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLgjIMA0G
CSqGSIb3DQEBCwUAA4IBAQBo2f0Etj05I+eL+EzhKaSURufAhop1rriqH1pEy+oo
nnRvHFK5YDIqwvuNHgqz47ZUIs1LozsG6KRB5YuSl0Fca2PKG+HEQzDySK5l8Ri6
0S9djGpFJL+lxlfY/G6X7K/ek2FzIvlrPqvT126xk6pX+m99VtzFAgvfFt77hU8n
C3DDM2s//Ik/4Ysgmqwn04JrMDf22eejwSJp4oo46RQrsEvY2JcfEC5meHQEtqW5
hFHYTG6WHcso+SdznJBYc6B59pSr+b5iSLoIQbBHZzRfxWwKSn1wyEhbkcy95Kb/
eLdSQle81r+nYh+ki6KP1wIWXkBegc+JCQcHJv3sGHky
-----END CERTIFICATE-----
Generated at Tue May 6 00:28:35 2025 by rpki-client