Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/PK7tSb-zg6ZQ8R0SIeamj9tdx_k.roa
File: PK7tSb-zg6ZQ8R0SIeamj9tdx_k.roa (raw, json)
Hash identifier: nGqGhgBdn2kKFYITjFg6PM8CUBGwcgFIF8iVR2gR1mM=
Subject key identifier: 3C:AE:ED:49:BF:B3:83:A6:50:F1:1D:12:21:E6:A6:8F:DB:5D:C7:F9
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 018BF630E64453748EA45DD7AECFA8838537
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/PK7tSb-zg6ZQ8R0SIeamj9tdx_k.roa
Signing time: Wed 22 Nov 2023 08:41:21 +0000
ROA not before: Wed 22 Nov 2023 08:41:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199077
IP address blocks: 46.21.17.0/24 maxlen: 24
46.21.18.0/24 maxlen: 24
46.21.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:f6:30:e6:44:53:74:8e:a4:5d:d7:ae:cf:a8:83:85:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Nov 22 08:41:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3caeed49bfb383a650f11d1221e6a68fdb5dc7f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:db:14:9d:07:e5:d9:06:c5:f9:d0:19:16:29:
39:23:b2:b7:ba:75:12:04:9c:51:24:bc:b9:92:90:
82:a9:71:71:e3:02:b4:3c:87:81:e4:c4:e2:9f:7f:
ef:5c:ca:0c:42:1b:26:48:8b:63:65:34:4e:d6:b7:
e2:51:22:3a:93:42:de:1e:ef:2b:60:15:62:55:c8:
47:54:07:58:ab:50:27:a9:7b:4d:89:4a:ba:aa:5c:
1e:69:77:0e:d0:5f:67:b7:99:76:c4:66:b7:42:62:
9b:00:21:bb:ba:5b:1a:af:c5:9e:b7:03:b6:8b:ab:
5d:9c:4b:b8:77:af:a5:29:76:ad:37:86:80:8b:62:
1b:89:73:a7:5d:44:9f:04:e6:3e:2f:e0:49:3f:82:
08:48:a3:7e:81:0e:62:90:3a:36:f2:e4:c6:61:c5:
99:2c:d7:01:c4:a7:b3:ce:b8:8c:8d:15:94:a3:e5:
61:e8:11:27:e1:76:85:db:3b:2f:18:37:ca:ad:d6:
a0:8e:96:40:9c:ce:a6:63:1f:0e:e9:60:2b:e6:3c:
cc:c9:18:63:f9:0c:af:d6:cc:7b:aa:fb:61:b5:15:
23:c0:6b:99:13:2d:d7:4e:90:ca:45:de:ff:e6:a9:
65:64:14:69:88:44:9f:55:81:a9:73:c5:c8:e0:2a:
9e:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:AE:ED:49:BF:B3:83:A6:50:F1:1D:12:21:E6:A6:8F:DB:5D:C7:F9
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/PK7tSb-zg6ZQ8R0SIeamj9tdx_k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.17.0-46.21.19.255
Signature Algorithm: sha256WithRSAEncryption
b1:9e:9f:27:2c:79:0b:d7:e7:6c:1b:c9:b1:7c:24:bc:59:ea:
50:5a:b2:dd:81:c1:18:09:4b:8a:63:2e:93:5f:14:35:07:be:
00:2c:58:88:f9:30:a0:98:21:68:11:dd:c2:c2:2c:92:3f:5d:
ea:0a:85:5e:1e:fc:db:c9:38:e3:36:87:ba:94:23:ef:b9:3c:
30:57:8a:1d:8d:5e:c6:5f:6b:90:8f:f7:6f:4c:bc:26:b7:3e:
cc:20:8a:60:cd:a7:84:c6:6e:e2:e1:5b:d2:b8:70:a5:86:bb:
83:e1:26:fe:5d:e9:2b:85:14:a9:b7:f4:c7:69:2f:82:ef:df:
b0:4f:2d:04:e9:9d:79:23:7f:34:e5:a5:45:c2:04:43:4e:7d:
5a:e5:05:db:22:e2:ba:c0:f6:7d:fd:e3:0b:0b:28:e6:41:94:
4f:98:e7:8f:2b:56:11:74:1b:a1:79:f8:fd:96:de:a1:3d:72:
92:72:3a:63:4e:14:90:08:48:f2:21:57:7c:9b:61:42:00:04:
ec:bf:50:76:49:83:f3:4c:59:d7:89:ca:83:24:29:e7:ed:54:
0f:5c:9c:07:46:4c:6c:15:21:db:1b:9f:aa:8b:c5:b5:f2:18:
90:db:45:a8:5f:23:e9:09:45:3a:df:db:55:c5:18:5b:2f:43:
ec:b9:12:17
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYv2MOZEU3SOpF3Xrs+og4U3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMxMTIyMDg0MTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2FlZWQ0OWJmYjM4M2E2NTBmMTFkMTIyMWU2YTY4ZmRiNWRjN2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9sUnQfl2QbF+dAZFik5I7K3unUS
BJxRJLy5kpCCqXFx4wK0PIeB5MTin3/vXMoMQhsmSItjZTRO1rfiUSI6k0LeHu8r
YBViVchHVAdYq1AnqXtNiUq6qlweaXcO0F9nt5l2xGa3QmKbACG7ulsar8WetwO2
i6tdnEu4d6+lKXatN4aAi2IbiXOnXUSfBOY+L+BJP4IISKN+gQ5ikDo28uTGYcWZ
LNcBxKezzriMjRWUo+Vh6BEn4XaF2zsvGDfKrdagjpZAnM6mYx8O6WAr5jzMyRhj
+Qyv1sx7qvthtRUjwGuZEy3XTpDKRd7/5qllZBRpiESfVYGpc8XI4CqevwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDyu7Um/s4OmUPEdEiHmpo/bXcf5MB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvUEs3dFNiLXpnNlpROFIwU0llYW1qOXRkeF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAuFRED
BAIuFRAwDQYJKoZIhvcNAQELBQADggEBALGenycseQvX52wbybF8JLxZ6lBast2B
wRgJS4pjLpNfFDUHvgAsWIj5MKCYIWgR3cLCLJI/XeoKhV4e/NvJOOM2h7qUI++5
PDBXih2NXsZfa5CP929MvCa3PswgimDNp4TGbuLhW9K4cKWGu4PhJv5d6SuFFKm3
9MdpL4Lv37BPLQTpnXkjfzTlpUXCBENOfVrlBdsi4rrA9n394wsLKOZBlE+Y548r
VhF0G6F5+P2W3qE9cpJyOmNOFJAISPIhV3ybYUIABOy/UHZJg/NMWdeJyoMkKeft
VA9cnAdGTGwVIdsbn6qLxbXyGJDbRahfI+kJRTrf21XFGFsvQ+y5Ehc=
-----END CERTIFICATE-----
Generated at Sat Apr 19 04:50:29 2025 by rpki-client