Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/1zPR0PyfsRbzAjT1-WYonoq0SZk.roa
File: 1zPR0PyfsRbzAjT1-WYonoq0SZk.roa (raw, json)
Hash identifier: NSs8BPbXEXcCGCReIsi1NE6KtLsGrJ3WVefYOY7DfNA=
Subject key identifier: D7:33:D1:D0:FC:9F:B1:16:F3:02:34:F5:F9:66:28:9E:8A:B4:49:99
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 0186FB51CCB7E54FA829817318EB5D112D86
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/1zPR0PyfsRbzAjT1-WYonoq0SZk.roa
Signing time: Sun 19 Mar 2023 19:21:27 +0000
ROA not before: Sun 19 Mar 2023 19:21:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34458
IP address blocks: 46.20.108.0/24 maxlen: 24
46.20.106.0/24 maxlen: 24
46.20.111.0/24 maxlen: 24
46.20.110.0/24 maxlen: 24
46.20.97.0/24 maxlen: 24
46.20.96.0/24 maxlen: 24
46.20.104.0/24 maxlen: 24
46.20.105.0/24 maxlen: 24
46.20.101.0/24 maxlen: 24
185.160.194.0/24 maxlen: 24
185.100.170.0/24 maxlen: 24
185.100.171.0/24 maxlen: 24
185.100.168.0/24 maxlen: 24
185.100.169.0/24 maxlen: 24
185.169.222.0/24 maxlen: 24
185.169.221.0/24 maxlen: 24
185.169.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:fb:51:cc:b7:e5:4f:a8:29:81:73:18:eb:5d:11:2d:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Mar 19 19:21:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d733d1d0fc9fb116f30234f5f966289e8ab44999
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:6a:49:e2:32:f9:18:67:90:b4:94:a0:ec:fd:
f0:47:36:4a:26:74:90:24:9e:4d:20:1d:cb:b0:36:
62:dc:4e:19:43:78:e2:95:10:ac:d6:64:20:20:80:
97:79:46:51:82:e4:f2:d9:4d:c1:c2:b6:44:7f:8f:
12:6f:01:f4:5d:a0:a4:14:e7:52:a2:eb:f8:6f:0a:
e9:67:b0:39:4a:b7:b7:68:2e:3c:13:0d:9a:7e:e3:
a8:9d:d9:00:7a:7a:02:2f:d2:3b:f3:e3:82:29:c1:
ee:ba:e2:b1:7c:b2:b0:4e:2a:c4:a4:24:ad:cf:f3:
f3:ec:05:79:2d:20:f7:b0:31:dd:d0:cc:33:3b:c8:
af:c4:9f:28:d7:f3:30:1e:c5:b0:db:93:0d:5e:cf:
a1:e6:66:ca:8f:c2:06:c4:3c:62:e5:54:b6:e4:6a:
c8:65:41:65:78:dc:54:87:02:e4:1f:42:59:36:49:
c8:c3:0e:d1:91:21:c0:e6:06:e1:21:51:5a:8f:b3:
6e:f2:1b:08:bb:fa:0e:47:6a:a9:da:5b:8e:d2:36:
ca:bd:d3:21:a3:5b:ed:0e:54:92:f6:2b:5c:f1:bd:
17:4e:df:f1:8c:da:c3:4c:b9:ed:f7:28:34:fa:a6:
93:46:de:fb:58:57:70:19:6f:8a:29:7b:d6:c0:47:
43:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:33:D1:D0:FC:9F:B1:16:F3:02:34:F5:F9:66:28:9E:8A:B4:49:99
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/1zPR0PyfsRbzAjT1-WYonoq0SZk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.96.0/23
46.20.101.0/24
46.20.104.0-46.20.106.255
46.20.108.0/24
46.20.110.0/23
185.100.168.0/22
185.160.194.0/24
185.169.221.0-185.169.223.255
Signature Algorithm: sha256WithRSAEncryption
0b:52:65:ea:c9:06:ae:ff:d5:03:1e:b2:2b:79:8a:ed:60:31:
8b:e2:b1:25:e1:80:f5:b8:71:76:32:15:7b:5b:e8:ea:9d:e2:
99:f0:4a:a6:b3:9d:f8:e8:6f:3e:af:95:04:37:3c:c4:50:6c:
81:53:5d:56:a5:a7:b3:c5:ad:bc:f1:96:7b:9e:ad:38:8b:2b:
f6:4e:25:4c:d2:1a:95:90:e7:aa:04:e0:07:f0:5f:22:72:23:
be:44:96:8c:7a:fe:5b:c4:77:3c:58:33:f2:ab:80:e5:e9:88:
25:66:5a:e0:7d:42:04:a6:7d:48:45:a8:dc:9c:7f:89:92:03:
32:43:70:95:9a:29:5a:ac:25:35:21:82:37:0f:4f:ac:8d:a5:
2f:0c:10:7b:9f:3b:3f:39:f3:23:59:9c:2c:a6:95:db:42:ed:
ad:2c:bc:6c:85:63:c1:c9:8f:b6:04:e3:0f:d3:d4:15:70:82:
ef:9e:91:db:b8:73:c3:8d:b5:3d:0b:8d:aa:12:64:4e:6e:5c:
18:e7:57:bc:d9:a2:f4:63:32:4c:66:06:c3:42:0e:7d:ae:37:
e0:71:8d:c0:f5:bc:d9:7f:23:af:9e:98:00:22:7c:fd:7c:5d:
a1:fe:b6:99:78:82:c7:16:f2:e9:2e:1a:c5:16:8f:da:31:10:
70:92:d1:6c
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYb7Ucy35U+oKYFzGOtdES2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMzE5MTkyMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzMzZDFkMGZjOWZiMTE2ZjMwMjM0ZjVmOTY2Mjg5ZThhYjQ0OTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGpJ4jL5GGeQtJSg7P3wRzZKJnSQ
JJ5NIB3LsDZi3E4ZQ3jilRCs1mQgIICXeUZRguTy2U3BwrZEf48SbwH0XaCkFOdS
ouv4bwrpZ7A5Sre3aC48Ew2afuOondkAenoCL9I78+OCKcHuuuKxfLKwTirEpCSt
z/Pz7AV5LSD3sDHd0MwzO8ivxJ8o1/MwHsWw25MNXs+h5mbKj8IGxDxi5VS25GrI
ZUFleNxUhwLkH0JZNknIww7RkSHA5gbhIVFaj7Nu8hsIu/oOR2qp2luO0jbKvdMh
o1vtDlSS9itc8b0XTt/xjNrDTLnt9yg0+qaTRt77WFdwGW+KKXvWwEdDtwIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFNcz0dD8n7EW8wI09flmKJ6KtEmZMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvMXpQUjBQeWZzUmJ6QWpUMS1XWW9ub3EwU1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQBLhRgAwQA
LhRlMAwDBAMuFGgDBAAuFGoDBAAuFGwDBAEuFG4DBAK5ZKgDBAC5oMIwDAMEALmp
3QMEBbmpwDANBgkqhkiG9w0BAQsFAAOCAQEAC1Jl6skGrv/VAx6yK3mK7WAxi+Kx
JeGA9bhxdjIVe1vo6p3imfBKprOd+OhvPq+VBDc8xFBsgVNdVqWns8WtvPGWe56t
OIsr9k4lTNIalZDnqgTgB/BfInIjvkSWjHr+W8R3PFgz8quA5emIJWZa4H1CBKZ9
SEWo3Jx/iZIDMkNwlZopWqwlNSGCNw9PrI2lLwwQe587PznzI1mcLKaV20LtrSy8
bIVjwcmPtgTjD9PUFXCC756R27hzw421PQuNqhJkTm5cGOdXvNmi9GMyTGYGw0IO
fa434HGNwPW82X8jr56YACJ8/Xxdof62mXiCxxby6S4axRaP2jEQcJLRbA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:14:26 2025 by rpki-client