Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/8802b1-3c91-4f09-a265-6d60b4b8dab7/1/raM-M2bYU0FNFhjlzvdD_UlUMqo.roa
File: raM-M2bYU0FNFhjlzvdD_UlUMqo.roa (raw, json)
Hash identifier: wV8fEmDvBfJvrSYIZN4SbjqZ2tHaJOJS31y6xuKwLoE=
Subject key identifier: AD:A3:3E:33:66:D8:53:41:4D:16:18:E5:CE:F7:43:FD:49:54:32:AA
Certificate issuer: /CN=3ce2c3edb5397f832ee8fe6a9eec3c5e43627077
Certificate serial: 01856F0216EB7D3DD1E413DF9B59671D33BD
Authority key identifier: 3C:E2:C3:ED:B5:39:7F:83:2E:E8:FE:6A:9E:EC:3C:5E:43:62:70:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/POLD7bU5f4Mu6P5qnuw8XkNicHc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/8802b1-3c91-4f09-a265-6d60b4b8dab7/1/raM-M2bYU0FNFhjlzvdD_UlUMqo.roa
Signing time: Sun 01 Jan 2023 20:24:45 +0000
ROA not before: Sun 01 Jan 2023 20:24:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44838
IP address blocks: 91.203.40.0/22 maxlen: 22
46.183.24.0/21 maxlen: 21
2a02:7340::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:02:16:eb:7d:3d:d1:e4:13:df:9b:59:67:1d:33:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ce2c3edb5397f832ee8fe6a9eec3c5e43627077
Validity
Not Before: Jan 1 20:24:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ada33e3366d853414d1618e5cef743fd495432aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:7e:29:44:ed:f2:7b:09:b2:71:a2:64:17:60:
bd:bf:3f:0d:06:b1:c3:64:b7:02:b3:96:40:cf:82:
20:aa:e6:70:d8:91:0e:6b:48:5d:2d:69:18:9e:5c:
1c:5b:95:a1:3d:49:6e:e2:9f:5e:52:d0:47:36:89:
06:43:8a:19:53:70:7c:fb:e9:fe:25:24:c6:02:bd:
10:ae:10:da:9a:fb:fe:77:1d:0f:b5:b8:9a:e0:b2:
7f:c9:bb:78:52:ed:45:ce:f8:26:4c:22:13:43:0b:
98:11:0d:d9:b8:92:a1:28:a8:a2:f1:e9:15:76:90:
63:1c:b6:91:ee:77:f1:7b:21:5e:8a:cd:99:6b:a4:
a7:58:16:30:53:2b:e3:a3:04:57:28:5c:ee:9f:50:
05:03:b2:1d:4d:74:75:61:2f:a6:87:e7:a1:b1:f1:
7f:a3:78:2d:2d:cc:79:98:38:ad:b1:fb:b3:3d:73:
bb:fe:ca:79:6c:74:cc:ac:e7:45:cd:e7:14:4d:eb:
28:3e:1c:e5:c8:be:bd:55:54:fc:2e:19:14:f9:c1:
e2:e5:e6:4e:4f:0b:69:aa:09:ff:7f:e5:bb:d6:06:
44:9e:b5:ab:eb:77:c0:37:8e:d3:b5:3c:94:92:72:
3b:c0:75:ba:54:6a:e3:54:f4:99:fb:d0:0a:53:8d:
57:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:A3:3E:33:66:D8:53:41:4D:16:18:E5:CE:F7:43:FD:49:54:32:AA
X509v3 Authority Key Identifier:
keyid:3C:E2:C3:ED:B5:39:7F:83:2E:E8:FE:6A:9E:EC:3C:5E:43:62:70:77
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/POLD7bU5f4Mu6P5qnuw8XkNicHc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/8802b1-3c91-4f09-a265-6d60b4b8dab7/1/raM-M2bYU0FNFhjlzvdD_UlUMqo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/8802b1-3c91-4f09-a265-6d60b4b8dab7/1/POLD7bU5f4Mu6P5qnuw8XkNicHc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.183.24.0/21
91.203.40.0/22
IPv6:
2a02:7340::/32
Signature Algorithm: sha256WithRSAEncryption
1b:19:1d:d9:02:20:40:47:fd:fc:03:e8:6b:e6:ec:18:9d:91:
4b:f9:ae:3b:fa:2d:90:4c:86:39:47:c3:44:3f:a8:e2:a0:9f:
ad:dc:97:e0:c6:c9:ed:f7:24:76:46:37:d1:c3:fd:e6:9a:9f:
b4:a0:fb:26:62:7e:7b:96:e9:a3:8a:23:72:6d:5a:f9:9a:3b:
f4:0c:d4:9c:34:93:3a:53:41:68:e0:d3:09:d4:df:7f:8d:a3:
8d:4f:2c:8e:19:22:ae:80:3a:82:1d:ba:45:a6:8e:32:a6:48:
60:f6:b5:8a:08:de:2f:d0:93:18:33:49:29:68:ae:86:34:20:
54:90:e0:8f:73:9b:e3:7d:5d:8d:51:5c:2e:b7:9b:44:10:6a:
6c:ef:21:11:18:02:f2:97:49:04:98:ad:17:d4:e0:3c:d3:16:
29:52:45:56:93:2a:9d:ba:a2:53:9d:47:91:a2:73:98:c6:2e:
7b:82:c3:3a:28:60:d5:94:23:3f:71:34:51:09:59:7e:8d:e7:
78:9e:c7:1e:06:c1:8a:5e:b3:c1:72:f2:c9:82:2f:4d:59:30:
ec:3e:f5:85:55:20:6f:47:0a:94:ba:11:91:ee:5d:26:64:a3:
a1:45:9e:c5:c3:3f:e4:d5:c7:90:c3:f9:6f:d9:94:96:6f:95:
d6:86:e1:6b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVvAhbrfT3R5BPfm1lnHTO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZTJjM2VkYjUzOTdmODMyZWU4ZmU2YTllZWMzYzVlNDM2
MjcwNzcwHhcNMjMwMTAxMjAyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGEzM2UzMzY2ZDg1MzQxNGQxNjE4ZTVjZWY3NDNmZDQ5NTQzMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n4pRO3yewmycaJkF2C9vz8NBrHD
ZLcCs5ZAz4IgquZw2JEOa0hdLWkYnlwcW5WhPUlu4p9eUtBHNokGQ4oZU3B8++n+
JSTGAr0QrhDamvv+dx0Ptbia4LJ/ybt4Uu1FzvgmTCITQwuYEQ3ZuJKhKKii8ekV
dpBjHLaR7nfxeyFeis2Za6SnWBYwUyvjowRXKFzun1AFA7IdTXR1YS+mh+ehsfF/
o3gtLcx5mDitsfuzPXO7/sp5bHTMrOdFzecUTesoPhzlyL69VVT8LhkU+cHi5eZO
Twtpqgn/f+W71gZEnrWr63fAN47TtTyUknI7wHW6VGrjVPSZ+9AKU41XpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK2jPjNm2FNBTRYY5c73Q/1JVDKqMB8GA1UdIwQY
MBaAFDziw+21OX+DLuj+ap7sPF5DYnB3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE9MRDdiVTVmNE11NlA1cW51dzhYa05pY0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84ODAyYjEtM2M5MS00ZjA5LWEyNjUt
NmQ2MGI0YjhkYWI3LzEvcmFNLU0yYllVMEZORmhqbHp2ZERfVWxVTXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84ODAyYjEtM2M5MS00ZjA5LWEyNjUtNmQ2MGI0YjhkYWI3
LzEvUE9MRDdiVTVmNE11NlA1cW51dzhYa05pY0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLrcYAwQC
W8soMA0EAgACMAcDBQAqAnNAMA0GCSqGSIb3DQEBCwUAA4IBAQAbGR3ZAiBAR/38
A+hr5uwYnZFL+a47+i2QTIY5R8NEP6jioJ+t3Jfgxsnt9yR2RjfRw/3mmp+0oPsm
Yn57lumjiiNybVr5mjv0DNScNJM6U0Fo4NMJ1N9/jaONTyyOGSKugDqCHbpFpo4y
pkhg9rWKCN4v0JMYM0kpaK6GNCBUkOCPc5vjfV2NUVwut5tEEGps7yERGALyl0kE
mK0X1OA80xYpUkVWkyqduqJTnUeRonOYxi57gsM6KGDVlCM/cTRRCVl+jed4nsce
BsGKXrPBcvLJgi9NWTDsPvWFVSBvRwqUuhGR7l0mZKOhRZ7Fwz/k1ceQw/lv2ZSW
b5XWhuFr
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:56 2023 by rpki-client on console-ams.rpki-client.org