Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/7R-QxUoImpQT5aNuY9E42A0SBHc.roa
File: 7R-QxUoImpQT5aNuY9E42A0SBHc.roa (raw, json)
Hash identifier: Mdu3CUfnKT/R7YuN+yS15FPJ7FG5jkPKl6/YUkCVs+I=
Subject key identifier: ED:1F:90:C5:4A:08:9A:94:13:E5:A3:6E:63:D1:38:D8:0D:12:04:77
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 0320B8E6
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/7R-QxUoImpQT5aNuY9E42A0SBHc.roa
Signing time: Mon 11 Apr 2022 17:54:03 +0000
ROA not before: Mon 11 Apr 2022 17:54:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34458
IP address blocks: 46.20.108.0/24 maxlen: 24
46.20.106.0/24 maxlen: 24
46.20.111.0/24 maxlen: 24
46.20.110.0/24 maxlen: 24
46.20.97.0/24 maxlen: 24
46.20.104.0/24 maxlen: 24
46.20.105.0/24 maxlen: 24
46.20.101.0/24 maxlen: 24
185.160.194.0/24 maxlen: 24
185.100.170.0/24 maxlen: 24
185.100.171.0/24 maxlen: 24
185.100.168.0/24 maxlen: 24
185.100.169.0/24 maxlen: 24
185.169.222.0/24 maxlen: 24
185.169.221.0/24 maxlen: 24
185.169.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 52476134 (0x320b8e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Apr 11 17:54:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ed1f90c54a089a9413e5a36e63d138d80d120477
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:1e:14:ba:1f:7b:f7:5d:f6:6f:db:0c:56:db:
68:4c:84:56:d4:fb:d2:19:54:5b:da:6c:3f:0c:cd:
c2:be:42:28:43:0d:d6:1b:05:a9:45:28:44:c2:f7:
79:d2:81:e2:1f:52:f2:a3:0f:76:73:c4:e4:03:6c:
38:96:2f:ff:9f:d2:1a:61:9d:98:6a:49:89:39:8d:
62:fa:ed:79:d5:2c:a1:bf:c5:e5:0a:1b:18:ed:86:
cb:6c:e5:32:59:1c:78:b0:ba:48:2c:cf:76:37:7a:
5a:14:2d:01:6e:34:73:1b:3b:74:fa:94:29:51:24:
13:a1:d1:14:7d:11:0f:98:66:bf:15:cd:53:3e:c4:
c3:53:2a:f5:97:2f:2d:77:a2:7b:eb:b1:eb:38:74:
2d:17:f0:ac:5d:3e:b7:8b:f9:c7:34:4d:67:bb:3f:
b8:a3:31:04:83:a7:2e:79:db:51:df:04:1f:d8:45:
7a:12:fd:2e:bc:07:ed:ee:a8:e2:45:f0:cd:9f:da:
1d:66:64:73:ed:5e:69:20:00:8b:13:a4:c9:6c:cc:
5a:1d:c2:24:92:29:61:af:ef:1c:6a:58:75:cb:fa:
4e:fd:44:3b:08:ab:25:8f:84:0a:e2:c0:31:92:b4:
18:30:1b:6c:aa:7e:06:8c:6b:c3:57:2b:71:63:75:
37:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:1F:90:C5:4A:08:9A:94:13:E5:A3:6E:63:D1:38:D8:0D:12:04:77
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/7R-QxUoImpQT5aNuY9E42A0SBHc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.97.0/24
46.20.101.0/24
46.20.104.0-46.20.106.255
46.20.108.0/24
46.20.110.0/23
185.100.168.0/22
185.160.194.0/24
185.169.221.0-185.169.223.255
Signature Algorithm: sha256WithRSAEncryption
5a:1a:32:a5:e3:dd:e0:68:62:28:16:45:f8:f9:03:e5:62:84:
1d:60:d0:76:a8:8b:9c:7e:39:46:f3:fd:3c:5f:8a:30:05:78:
42:f7:45:a1:a2:53:a9:4c:44:f7:aa:b6:b5:20:ba:8d:5e:6c:
78:e8:49:aa:f4:fa:83:61:fe:67:26:0a:6b:bf:e4:7a:e9:58:
7e:d2:f9:74:ee:fd:9d:0c:b2:3e:44:39:74:50:25:96:97:54:
68:fe:96:60:5d:d2:76:bf:ab:4a:ab:69:7a:0a:d7:15:5f:89:
41:50:48:3f:33:9c:b2:29:bf:ea:3e:8a:53:3c:16:81:67:72:
6f:40:fd:61:87:a9:e3:f2:ff:e3:c5:c6:87:76:27:e1:58:f3:
5e:df:a0:54:93:98:c4:8d:ce:cf:64:58:8e:c2:e9:88:70:fb:
9e:ed:ce:eb:59:f0:84:32:10:29:63:11:4e:ae:08:5f:18:fe:
3f:56:4d:b7:34:d0:a2:cb:0c:d9:d8:45:00:83:58:95:ad:3b:
ed:9a:11:65:4c:18:54:97:5c:30:0f:79:64:51:88:eb:fd:e0:
98:3c:c6:08:c2:35:fe:b0:88:78:87:75:31:02:6a:58:5c:08:
48:50:2c:c8:46:fc:96:91:5a:2b:51:2f:90:ea:64:af:1f:33:
da:47:9d:a8
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIEAyC45jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MWRkMGViZmY1YmEzOGE4NzU4Yjc5NGQwNGQ2MjkwNTE5NGEzMjY2MB4XDTIyMDQx
MTE3NTQwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWQxZjkwYzU0YTA4
OWE5NDEzZTVhMzZlNjNkMTM4ZDgwZDEyMDQ3NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANQeFLofe/dd9m/bDFbbaEyEVtT70hlUW9psPwzNwr5CKEMN
1hsFqUUoRML3edKB4h9S8qMPdnPE5ANsOJYv/5/SGmGdmGpJiTmNYvrtedUsob/F
5QobGO2Gy2zlMlkceLC6SCzPdjd6WhQtAW40cxs7dPqUKVEkE6HRFH0RD5hmvxXN
Uz7Ew1Mq9ZcvLXeie+ux6zh0LRfwrF0+t4v5xzRNZ7s/uKMxBIOnLnnbUd8EH9hF
ehL9LrwH7e6o4kXwzZ/aHWZkc+1eaSAAixOkyWzMWh3CJJIpYa/vHGpYdcv6Tv1E
OwirJY+ECuLAMZK0GDAbbKp+Boxrw1crcWN1NycCAwEAAaOCAkMwggI/MB0GA1Ud
DgQWBBTtH5DFSgialBPlo25j0TjYDRIEdzAfBgNVHSMEGDAWgBQR3Q6/9bo4qHWL
eU0E1ikFGUoyZjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VkME92X1c2T0toMWkzbE5CTllwQlJsS01tWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvYTY2YTI5LTUxY2MtNGJhOS04ODRmLWYxNzYxM2VhNDllNy8x
LzdSLVF4VW9JbXBRVDVhTnVZOUU0MkEwU0JIYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
YTY2YTI5LTUxY2MtNGJhOS04ODRmLWYxNzYxM2VhNDllNy8xL0VkME92X1c2T0to
MWkzbE5CTllwQlJsS01tWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBZ
BggrBgEFBQcBBwEB/wRKMEgwRgQCAAEwQAMEAC4UYQMEAC4UZTAMAwQDLhRoAwQA
LhRqAwQALhRsAwQBLhRuAwQCuWSoAwQAuaDCMAwDBAC5qd0DBAW5qcAwDQYJKoZI
hvcNAQELBQADggEBAFoaMqXj3eBoYigWRfj5A+VihB1g0Haoi5x+OUbz/TxfijAF
eEL3RaGiU6lMRPeqtrUguo1ebHjoSar0+oNh/mcmCmu/5HrpWH7S+XTu/Z0Msj5E
OXRQJZaXVGj+lmBd0na/q0qraXoK1xVfiUFQSD8znLIpv+o+ilM8FoFncm9A/WGH
qePy/+PFxod2J+FY817foFSTmMSNzs9kWI7C6Yhw+57tzutZ8IQyECljEU6uCF8Y
/j9WTbc00KLLDNnYRQCDWJWtO+2aEWVMGFSXXDAPeWRRiOv94Jg8xgjCNf6wiHiH
dTECalhcCEhQLMhG/JaRWitRL5DqZK8fM9pHnag=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:40:03 2025 by rpki-client