Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/Qr1AXk-mrOe4s6DdccYI34uxtmk.roa
File: Qr1AXk-mrOe4s6DdccYI34uxtmk.roa (raw, json)
Hash identifier: Zu9tFNCgMffX/Vuaw3xZmdoDMC/zztAThvC/Ssa+7wY=
Subject key identifier: 42:BD:40:5E:4F:A6:AC:E7:B8:B3:A0:DD:71:C6:08:DF:8B:B1:B6:69
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 01914A3B8293BEC8B1A5A31E0E119B776DFC
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/Qr1AXk-mrOe4s6DdccYI34uxtmk.roa
Signing time: Tue 13 Aug 2024 05:34:59 +0000
ROA not before: Tue 13 Aug 2024 05:34:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199077
IP address blocks: 46.21.17.0/24 maxlen: 24
46.21.18.0/24 maxlen: 24
46.21.19.0/24 maxlen: 24
46.21.21.0/24 maxlen: 24
46.21.22.0/24 maxlen: 24
77.220.92.0/24 maxlen: 24
77.220.93.0/24 maxlen: 24
77.220.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:4a:3b:82:93:be:c8:b1:a5:a3:1e:0e:11:9b:77:6d:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Aug 13 05:34:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=42bd405e4fa6ace7b8b3a0dd71c608df8bb1b669
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:1b:da:01:56:ee:d2:b4:be:99:8e:bb:e8:d1:
35:8a:67:25:58:29:87:e1:68:2d:da:3e:8d:4b:54:
a5:98:50:b5:52:0e:ae:cb:1c:d5:25:b0:54:ac:e4:
61:3f:76:33:83:59:3a:49:80:55:98:76:aa:b9:34:
a9:ed:75:e1:9f:9f:92:93:bc:0d:26:a7:67:66:b1:
1c:1a:d9:4a:c2:5d:03:78:08:b3:b7:6a:dc:6d:ad:
2b:93:85:95:d1:86:16:8c:2d:53:32:b2:bd:fc:b3:
2e:dc:cb:aa:30:d7:42:bf:43:60:49:42:e1:10:2e:
5a:e2:95:19:e4:63:2f:00:eb:b3:91:f5:6d:36:83:
61:9b:e6:79:f3:5a:11:58:a5:40:e5:7b:f8:56:08:
c6:1f:24:92:1b:d5:af:c1:22:21:b3:e1:f1:70:bf:
7b:2b:f7:f7:1b:23:2f:c4:2e:5a:84:8a:01:af:23:
87:b6:b1:b8:6d:60:60:0b:9e:b8:cb:c0:e4:bc:c1:
b0:27:6b:35:61:db:32:d0:db:4c:10:6a:34:bb:09:
2a:e2:23:ee:76:f7:2c:78:e2:8e:e9:d3:52:bb:03:
cb:85:52:1a:d3:a2:be:4d:76:61:65:d7:14:e0:fa:
ad:9c:0f:94:b4:b4:7f:10:75:1c:81:ad:63:3c:d3:
b3:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:BD:40:5E:4F:A6:AC:E7:B8:B3:A0:DD:71:C6:08:DF:8B:B1:B6:69
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/Qr1AXk-mrOe4s6DdccYI34uxtmk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.17.0-46.21.19.255
46.21.21.0-46.21.22.255
77.220.92.0-77.220.94.255
Signature Algorithm: sha256WithRSAEncryption
8f:39:c0:cd:42:36:9b:72:92:70:7a:83:61:17:3e:c5:b5:37:
33:c3:fb:76:a3:c7:f5:04:b9:be:03:31:c7:ed:42:ec:c3:c0:
cd:0b:2d:7c:fe:39:f2:8e:a1:37:ec:25:7d:f5:8b:36:59:f0:
d4:89:7c:a5:77:0d:a2:2f:73:52:0b:c7:6a:fa:bd:43:3a:59:
9a:53:5c:00:db:62:2d:b2:28:0b:56:bf:0f:9d:c7:1c:f1:07:
4a:86:d8:1d:4a:24:1f:57:5f:6e:08:58:d6:e9:93:6d:36:d6:
a1:60:b6:32:6f:89:8c:1b:87:ff:73:75:77:ac:e9:8b:bc:ea:
a9:9d:a9:bc:db:79:8c:c9:81:84:b4:cd:b7:ec:bd:91:cb:b4:
a5:0f:be:12:53:d5:22:73:b9:0f:08:a8:98:52:f9:a0:ec:c3:
f2:25:15:9d:91:33:fc:cc:e9:19:40:31:4d:63:f8:54:f8:9d:
96:96:ee:2a:83:66:25:3e:95:26:2f:59:2d:b9:99:43:4e:de:
1a:a5:4f:22:56:d9:d3:21:da:9d:58:4c:01:40:3a:fd:82:2b:
0f:da:d8:b2:48:48:01:06:6d:9a:12:51:67:c5:2b:f8:5a:77:
e8:b5:b0:c3:66:fb:9a:c1:3c:b4:f8:fd:70:40:bc:ab:25:b0:
d2:40:b4:7d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZFKO4KTvsixpaMeDhGbd238MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjQwODEzMDUzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmJkNDA1ZTRmYTZhY2U3YjhiM2EwZGQ3MWM2MDhkZjhiYjFiNjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxvaAVbu0rS+mY676NE1imclWCmH
4Wgt2j6NS1SlmFC1Ug6uyxzVJbBUrORhP3Yzg1k6SYBVmHaquTSp7XXhn5+Sk7wN
JqdnZrEcGtlKwl0DeAizt2rcba0rk4WV0YYWjC1TMrK9/LMu3MuqMNdCv0NgSULh
EC5a4pUZ5GMvAOuzkfVtNoNhm+Z581oRWKVA5Xv4VgjGHySSG9WvwSIhs+HxcL97
K/f3GyMvxC5ahIoBryOHtrG4bWBgC564y8DkvMGwJ2s1Ydsy0NtMEGo0uwkq4iPu
dvcseOKO6dNSuwPLhVIa06K+TXZhZdcU4PqtnA+UtLR/EHUcga1jPNOzQwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEK9QF5PpqznuLOg3XHGCN+LsbZpMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvUXIxQVhrLW1yT2U0czZEZGNjWUkzNHV4dG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqMAwDBAAuFRED
BAIuFRAwDAMEAC4VFQMEAC4VFjAMAwQCTdxcAwQATdxeMA0GCSqGSIb3DQEBCwUA
A4IBAQCPOcDNQjabcpJweoNhFz7FtTczw/t2o8f1BLm+AzHH7ULsw8DNCy18/jny
jqE37CV99Ys2WfDUiXyldw2iL3NSC8dq+r1DOlmaU1wA22ItsigLVr8Pnccc8QdK
htgdSiQfV19uCFjW6ZNtNtahYLYyb4mMG4f/c3V3rOmLvOqpnam823mMyYGEtM23
7L2Ry7SlD74SU9Uic7kPCKiYUvmg7MPyJRWdkTP8zOkZQDFNY/hU+J2Wlu4qg2Yl
PpUmL1ktuZlDTt4apU8iVtnTIdqdWEwBQDr9gisP2tiySEgBBm2aElFnxSv4Wnfo
tbDDZvuawTy0+P1wQLyrJbDSQLR9
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:52:50 2025 by rpki-client