Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/ZyDM58zSndpUOErH0rG0FsQ0L2g.roa
File: ZyDM58zSndpUOErH0rG0FsQ0L2g.roa (raw, json)
Hash identifier: GJRTT2mzt2+jsVzrYOQ0xdZ5Ke/bvK1KtDL1HGEGYrw=
Subject key identifier: 67:20:CC:E7:CC:D2:9D:DA:54:38:4A:C7:D2:B1:B4:16:C4:34:2F:68
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 018C38476F6EE3341A83AA6D2AD32E556237
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/ZyDM58zSndpUOErH0rG0FsQ0L2g.roa
Signing time: Tue 05 Dec 2023 04:40:54 +0000
ROA not before: Tue 05 Dec 2023 04:40:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199077
IP address blocks: 46.21.17.0/24 maxlen: 24
46.21.21.0/24 maxlen: 24
46.21.22.0/24 maxlen: 24
46.21.18.0/24 maxlen: 24
46.21.19.0/24 maxlen: 24
193.222.105.0/24 maxlen: 24
193.222.104.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:38:47:6f:6e:e3:34:1a:83:aa:6d:2a:d3:2e:55:62:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Dec 5 04:40:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6720cce7ccd29dda54384ac7d2b1b416c4342f68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:fb:33:a0:c6:f2:cb:bb:08:21:9f:13:47:c2:
3b:62:97:0c:70:37:a0:3f:b6:04:46:46:27:ca:fb:
6f:2d:08:c5:6c:67:42:25:eb:a0:9f:a0:0e:32:68:
fe:87:9a:55:36:55:5c:20:4f:56:76:7a:2d:68:e2:
06:2c:ec:ed:2a:b5:7e:b0:2b:48:5d:a4:b8:e9:0a:
5e:dc:65:1f:43:84:58:a6:20:fe:21:f3:8f:49:ec:
76:d7:17:1c:c0:26:99:3b:da:bc:27:0c:b3:8c:0c:
68:2f:d7:da:75:90:1d:b3:86:d8:71:65:48:eb:1d:
a0:43:ad:26:0a:c7:88:d8:dc:97:a9:d1:51:31:e3:
03:0c:4f:77:72:89:0d:13:86:d8:fe:0a:b5:7b:23:
f3:6d:42:90:b6:f2:23:12:97:ac:45:78:9a:82:c3:
11:ae:26:2e:85:44:ff:fa:0c:83:9e:e4:9c:9d:ce:
44:ef:5c:c7:47:44:be:35:cf:67:9e:1b:43:da:44:
73:8f:41:03:34:ec:84:d1:16:a2:a0:91:2b:6f:cc:
08:e9:dc:7a:cc:6f:c7:98:2c:36:bc:32:1a:6e:7f:
2b:2e:ea:40:46:cf:fa:d5:62:96:52:e8:db:73:bb:
ea:76:69:ba:68:1e:2e:49:5a:e0:0f:6a:a0:aa:2b:
1c:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:20:CC:E7:CC:D2:9D:DA:54:38:4A:C7:D2:B1:B4:16:C4:34:2F:68
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/ZyDM58zSndpUOErH0rG0FsQ0L2g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.17.0-46.21.19.255
46.21.21.0-46.21.22.255
193.222.104.0/23
Signature Algorithm: sha256WithRSAEncryption
6b:ee:ac:60:a0:ea:78:42:7c:71:f6:ba:6b:63:4e:b4:78:7d:
f4:62:b8:6f:ee:7b:f4:00:15:eb:01:e8:79:e2:01:66:9c:02:
cd:b0:62:9b:b6:5b:88:75:09:2f:ac:f4:fa:3a:6e:76:4c:ae:
fc:02:69:2e:60:e3:b4:97:16:3e:d3:6c:d8:15:3f:29:63:f2:
ed:9e:38:7d:a5:48:6f:6d:89:68:47:d8:9d:f3:fb:2b:4f:c4:
3a:90:7d:dc:e7:9f:cb:8a:ef:e1:9c:7a:5f:d0:4a:ad:ab:3d:
e7:be:bb:40:9a:a6:0d:0d:7e:28:28:9e:bb:67:79:65:e2:02:
cf:33:fb:12:51:63:df:23:31:59:59:d0:d7:c8:e4:a6:c7:42:
bb:94:18:f5:c8:1f:5c:20:25:7b:16:5f:5e:c0:b9:51:f9:67:
e9:f6:91:1e:fc:09:60:28:02:61:6d:2d:9e:0c:f3:25:1f:67:
3b:4d:48:52:6c:99:f4:31:ec:1d:2a:5c:0e:c4:05:02:b2:0a:
78:d2:9a:fa:03:e4:c9:86:a7:75:6b:19:af:36:e8:e1:8c:eb:
18:4c:59:2d:d7:bd:f4:20:4c:d6:11:f0:2b:45:2e:62:31:34:
1c:67:d7:b4:e5:db:31:aa:f8:b1:42:ce:79:80:33:cd:c8:15:
b0:c6:4a:ec
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYw4R29u4zQag6ptKtMuVWI3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMxMjA1MDQ0MDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzIwY2NlN2NjZDI5ZGRhNTQzODRhYzdkMmIxYjQxNmM0MzQyZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/szoMbyy7sIIZ8TR8I7YpcMcDeg
P7YERkYnyvtvLQjFbGdCJeugn6AOMmj+h5pVNlVcIE9WdnotaOIGLOztKrV+sCtI
XaS46Qpe3GUfQ4RYpiD+IfOPSex21xccwCaZO9q8JwyzjAxoL9fadZAds4bYcWVI
6x2gQ60mCseI2NyXqdFRMeMDDE93cokNE4bY/gq1eyPzbUKQtvIjEpesRXiagsMR
riYuhUT/+gyDnuScnc5E71zHR0S+Nc9nnhtD2kRzj0EDNOyE0RaioJErb8wI6dx6
zG/HmCw2vDIabn8rLupARs/61WKWUujbc7vqdmm6aB4uSVrgD2qgqiscTQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGcgzOfM0p3aVDhKx9KxtBbENC9oMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvWnlETTU4elNuZHBVT0VySDByRzBGc1EwTDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAAuFRED
BAIuFRAwDAMEAC4VFQMEAC4VFgMEAcHeaDANBgkqhkiG9w0BAQsFAAOCAQEAa+6s
YKDqeEJ8cfa6a2NOtHh99GK4b+579AAV6wHoeeIBZpwCzbBim7ZbiHUJL6z0+jpu
dkyu/AJpLmDjtJcWPtNs2BU/KWPy7Z44faVIb22JaEfYnfP7K0/EOpB93Oefy4rv
4Zx6X9BKras95767QJqmDQ1+KCieu2d5ZeICzzP7ElFj3yMxWVnQ18jkpsdCu5QY
9cgfXCAlexZfXsC5Ufln6faRHvwJYCgCYW0tngzzJR9nO01IUmyZ9DHsHSpcDsQF
ArIKeNKa+gPkyYandWsZrzbo4YzrGExZLde99CBM1hHwK0UuYjE0HGfXtOXbMar4
sULOeYAzzcgVsMZK7A==
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:53:29 2025 by rpki-client