Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/BfFEygAeC4wL4J_y1HEC4RN7ROc.roa
File: BfFEygAeC4wL4J_y1HEC4RN7ROc.roa (raw, json)
Hash identifier: CLVAZaqWmrweCnwnyXsGSrT8Y2Dz9Pcg/P3FjlYayks=
Subject key identifier: 05:F1:44:CA:00:1E:0B:8C:0B:E0:9F:F2:D4:71:02:E1:13:7B:44:E7
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 018683720D8F9C6CEC4605B1BD6299F4929B
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/BfFEygAeC4wL4J_y1HEC4RN7ROc.roa
Signing time: Fri 24 Feb 2023 12:42:15 +0000
ROA not before: Fri 24 Feb 2023 12:42:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35913
IP address blocks: 46.20.107.0/24 maxlen: 24
46.20.98.0/24 maxlen: 24
46.20.103.0/24 maxlen: 24
46.20.102.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:83:72:0d:8f:9c:6c:ec:46:05:b1:bd:62:99:f4:92:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Feb 24 12:42:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=05f144ca001e0b8c0be09ff2d47102e1137b44e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:51:e4:eb:bf:9a:a9:09:8b:91:72:b4:23:50:
e7:93:68:61:aa:10:a4:57:78:6f:df:7a:bb:b3:5a:
01:2a:3d:ba:ff:50:60:35:21:f0:05:79:ea:5f:1a:
b5:f7:22:3d:24:dc:cc:29:7a:99:f8:57:30:b8:35:
f2:bf:72:44:92:ed:08:00:46:bc:00:ff:2c:71:f4:
b1:d5:b3:0a:1c:e8:96:3a:a7:b1:25:ac:bd:96:e6:
45:67:5c:d5:3b:a0:2e:a7:1a:4f:37:5d:d5:cb:a8:
5a:e8:8b:65:f5:55:6e:97:f2:ad:46:01:bb:92:03:
46:42:60:34:9b:85:66:68:74:73:29:f7:71:0d:34:
a0:df:e2:96:28:06:82:04:25:f7:cc:74:a3:72:a6:
c3:02:6e:be:a3:28:c2:bf:14:a6:3c:5a:30:c7:ce:
e3:96:26:6d:d7:e3:d0:97:1d:93:bf:1c:15:0f:99:
37:48:c2:50:1b:b5:fc:6b:ab:b1:a4:0c:ec:85:c9:
c2:a8:b4:3c:aa:fd:07:fc:6f:6f:c0:06:41:a5:31:
f7:d4:35:40:16:b1:a9:34:51:b6:7b:af:a9:ac:07:
ca:8b:50:3d:87:2c:ec:dd:3f:b9:37:01:df:88:49:
e5:6d:ff:54:a2:27:c2:d5:ca:c8:fb:59:a3:a7:9c:
9d:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:F1:44:CA:00:1E:0B:8C:0B:E0:9F:F2:D4:71:02:E1:13:7B:44:E7
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/BfFEygAeC4wL4J_y1HEC4RN7ROc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.98.0/24
46.20.102.0/23
46.20.107.0/24
Signature Algorithm: sha256WithRSAEncryption
01:f3:5a:e4:81:35:2d:ca:97:f5:94:00:c4:4e:7b:18:21:3f:
e7:3f:7b:35:d6:33:67:a3:f9:f6:e5:45:b4:fc:2f:30:d7:13:
7f:b0:a5:97:98:85:11:b9:35:52:15:85:b6:22:62:ee:8e:a2:
e9:23:c7:c2:39:eb:35:41:fa:8d:0c:d6:66:4d:d7:64:75:74:
89:92:3d:50:4a:2a:7e:40:73:ad:aa:ce:81:44:10:b9:e4:c6:
15:87:e6:a8:a7:12:85:f8:2c:5a:79:47:76:a6:a6:d9:57:04:
7f:b0:ab:f4:d4:c3:1c:9c:04:8f:6d:56:21:0f:57:ec:99:31:
f9:19:12:3d:3b:70:80:06:67:49:22:45:61:a5:87:92:da:4d:
0f:23:76:43:fc:ee:b5:b2:a0:e0:68:78:80:5c:dd:ce:01:5c:
97:0a:39:38:5f:54:1b:20:dd:f7:73:69:33:b2:5c:43:5e:5c:
4d:e7:2e:1f:a1:6a:fc:ae:de:75:f2:1b:35:9f:c9:53:f1:a2:
b5:ad:de:48:0d:68:0a:27:c0:c1:b0:aa:e1:98:d7:56:3f:8b:
9e:bc:ee:86:dc:d0:a5:32:8e:8a:b6:17:d4:1c:62:ab:60:bf:
bf:38:54:8e:60:89:43:3b:7b:d0:f2:df:96:39:35:b7:53:21:
45:23:71:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYaDcg2PnGzsRgWxvWKZ9JKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMjI0MTI0MjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWYxNDRjYTAwMWUwYjhjMGJlMDlmZjJkNDcxMDJlMTEzN2I0NGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlHk67+aqQmLkXK0I1Dnk2hhqhCk
V3hv33q7s1oBKj26/1BgNSHwBXnqXxq19yI9JNzMKXqZ+FcwuDXyv3JEku0IAEa8
AP8scfSx1bMKHOiWOqexJay9luZFZ1zVO6AupxpPN13Vy6ha6Itl9VVul/KtRgG7
kgNGQmA0m4VmaHRzKfdxDTSg3+KWKAaCBCX3zHSjcqbDAm6+oyjCvxSmPFowx87j
liZt1+PQlx2TvxwVD5k3SMJQG7X8a6uxpAzshcnCqLQ8qv0H/G9vwAZBpTH31DVA
FrGpNFG2e6+prAfKi1A9hyzs3T+5NwHfiEnlbf9UoifC1crI+1mjp5ydnQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAXxRMoAHguMC+Cf8tRxAuETe0TnMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvQmZGRXlnQWVDNHdMNEpfeTFIRUM0Uk43Uk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALhRiAwQB
LhRmAwQALhRrMA0GCSqGSIb3DQEBCwUAA4IBAQAB81rkgTUtypf1lADETnsYIT/n
P3s11jNno/n25UW0/C8w1xN/sKWXmIURuTVSFYW2ImLujqLpI8fCOes1QfqNDNZm
TddkdXSJkj1QSip+QHOtqs6BRBC55MYVh+aopxKF+CxaeUd2pqbZVwR/sKv01MMc
nASPbVYhD1fsmTH5GRI9O3CABmdJIkVhpYeS2k0PI3ZD/O61sqDgaHiAXN3OAVyX
Cjk4X1QbIN33c2kzslxDXlxN5y4foWr8rt518hs1n8lT8aK1rd5IDWgKJ8DBsKrh
mNdWP4uevO6G3NClMo6KthfUHGKrYL+/OFSOYIlDO3vQ8t+WOTW3UyFFI3Ec
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:16 2023 by rpki-client on console-ams.rpki-client.org