Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/HcbE34pE6HYzhEMv7N7a-AJN4bc.roa
File: HcbE34pE6HYzhEMv7N7a-AJN4bc.roa (raw, json)
Hash identifier: Y1X6uhPY9tZTW/9Ul2XbFKqLiOHFq/CxMH8qODetahg=
Subject key identifier: 1D:C6:C4:DF:8A:44:E8:76:33:84:43:2F:EC:DE:DA:F8:02:4D:E1:B7
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 021DCA72
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/HcbE34pE6HYzhEMv7N7a-AJN4bc.roa
Signing time: Sat 01 Jan 2022 09:59:59 +0000
ROA not before: Sat 01 Jan 2022 09:59:59 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34458
IP address blocks: 46.20.108.0/24 maxlen: 24
46.20.106.0/24 maxlen: 24
46.20.111.0/24 maxlen: 24
46.20.110.0/24 maxlen: 24
46.20.97.0/24 maxlen: 24
46.20.104.0/24 maxlen: 24
46.20.105.0/24 maxlen: 24
46.20.101.0/24 maxlen: 24
185.160.194.0/24 maxlen: 24
185.100.170.0/24 maxlen: 24
185.100.171.0/24 maxlen: 24
185.100.168.0/24 maxlen: 24
185.100.169.0/24 maxlen: 24
185.169.222.0/24 maxlen: 24
185.169.221.0/24 maxlen: 24
185.169.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35506802 (0x21dca72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Jan 1 09:59:59 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1dc6c4df8a44e8763384432fecdedaf8024de1b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:0a:16:81:c4:b2:56:5b:4f:9d:4a:68:e0:81:
f5:bc:2c:f5:51:77:f6:e5:ab:6d:fd:13:70:a1:8d:
9e:1f:de:ea:97:48:e1:07:71:46:4e:f7:90:2e:7d:
17:85:42:40:4b:19:8c:9d:9d:c0:6e:53:0e:5c:3f:
d8:2d:66:e3:53:60:f4:2d:c8:4a:8b:16:78:f2:9e:
be:7a:38:32:bf:2c:7d:21:6b:79:56:52:4c:3d:45:
d4:53:b2:b8:21:34:42:4b:de:8a:f7:9f:64:57:4f:
8c:ca:2f:ea:af:82:5e:cc:51:64:07:1f:86:f9:13:
e8:03:8b:82:fe:25:08:d3:c2:b8:ee:6a:f1:04:40:
58:d5:34:91:e8:5a:37:7d:97:10:9f:46:a9:1a:07:
de:9f:7d:d1:de:ad:b9:b2:36:ab:30:61:33:a8:1d:
dd:a7:7f:21:e1:d3:b0:10:47:71:3a:f3:32:f0:a4:
ee:34:15:f2:ab:af:9b:07:87:22:1b:cc:d7:fd:b6:
b8:7b:7f:a2:4e:70:fd:25:fc:c7:5d:46:a8:f1:76:
18:7b:bc:6b:00:35:ac:1b:ea:20:48:30:07:7b:78:
99:96:6b:f7:30:fa:8a:63:d7:1e:ad:20:9a:da:6e:
2c:62:c1:35:d1:dc:6d:12:b4:bb:2d:98:e1:85:ad:
f4:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:C6:C4:DF:8A:44:E8:76:33:84:43:2F:EC:DE:DA:F8:02:4D:E1:B7
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/HcbE34pE6HYzhEMv7N7a-AJN4bc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.97.0/24
46.20.101.0/24
46.20.104.0-46.20.106.255
46.20.108.0/24
46.20.110.0/23
185.100.168.0/22
185.160.194.0/24
185.169.221.0-185.169.223.255
Signature Algorithm: sha256WithRSAEncryption
47:1e:77:0f:84:91:43:29:62:ac:a4:fe:e7:a5:17:b4:64:e8:
9c:3b:6e:8f:d0:ec:0e:7c:7d:a9:d5:82:31:fc:bd:b5:95:27:
f3:1c:88:a8:19:e7:c5:e3:c7:90:a7:25:55:8b:5d:63:98:79:
69:cf:18:26:d8:91:d5:ae:8e:04:1d:89:8c:e8:7e:e0:fd:b0:
72:db:7f:dd:7f:35:2f:e0:c9:14:80:93:29:c5:33:13:11:e1:
24:6b:42:c7:7f:a9:90:8d:f7:a6:03:37:00:d3:60:ec:2b:2c:
ad:1a:5a:c7:ff:b9:77:71:af:9f:b2:2e:b2:fe:f3:e0:01:13:
b9:5c:4f:0e:50:06:42:11:c8:d1:22:0b:64:00:71:72:3c:f9:
2a:72:7b:65:0d:37:0b:d9:45:e8:e4:e2:81:b2:9d:63:b4:26:
4a:7b:00:c5:3d:50:50:92:42:21:6b:59:16:d4:47:83:fe:ff:
a7:d0:f3:20:51:c4:6f:f4:f3:98:07:da:27:9c:e0:55:43:1c:
89:8a:f0:8d:6f:1f:44:02:13:14:03:8b:61:2b:50:1e:b0:65:
7e:86:c1:5d:ab:42:9f:0f:85:fa:9d:79:61:ea:7a:2b:18:c2:
e9:1a:f5:13:91:79:b6:39:40:de:2d:f9:9c:b6:10:28:71:0f:
e8:2e:1d:16
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIEAh3KcjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MWRkMGViZmY1YmEzOGE4NzU4Yjc5NGQwNGQ2MjkwNTE5NGEzMjY2MB4XDTIyMDEw
MTA5NTk1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWRjNmM0ZGY4YTQ0
ZTg3NjMzODQ0MzJmZWNkZWRhZjgwMjRkZTFiNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANEKFoHEslZbT51KaOCB9bws9VF39uWrbf0TcKGNnh/e6pdI
4QdxRk73kC59F4VCQEsZjJ2dwG5TDlw/2C1m41Ng9C3ISosWePKevno4Mr8sfSFr
eVZSTD1F1FOyuCE0QkveivefZFdPjMov6q+CXsxRZAcfhvkT6AOLgv4lCNPCuO5q
8QRAWNU0kehaN32XEJ9GqRoH3p990d6tubI2qzBhM6gd3ad/IeHTsBBHcTrzMvCk
7jQV8quvmweHIhvM1/22uHt/ok5w/SX8x11GqPF2GHu8awA1rBvqIEgwB3t4mZZr
9zD6imPXHq0gmtpuLGLBNdHcbRK0uy2Y4YWt9NsCAwEAAaOCAkMwggI/MB0GA1Ud
DgQWBBQdxsTfikTodjOEQy/s3tr4Ak3htzAfBgNVHSMEGDAWgBQR3Q6/9bo4qHWL
eU0E1ikFGUoyZjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VkME92X1c2T0toMWkzbE5CTllwQlJsS01tWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvYTY2YTI5LTUxY2MtNGJhOS04ODRmLWYxNzYxM2VhNDllNy8x
L0hjYkUzNHBFNkhZemhFTXY3TjdhLUFKTjRiYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
YTY2YTI5LTUxY2MtNGJhOS04ODRmLWYxNzYxM2VhNDllNy8xL0VkME92X1c2T0to
MWkzbE5CTllwQlJsS01tWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBZ
BggrBgEFBQcBBwEB/wRKMEgwRgQCAAEwQAMEAC4UYQMEAC4UZTAMAwQDLhRoAwQA
LhRqAwQALhRsAwQBLhRuAwQCuWSoAwQAuaDCMAwDBAC5qd0DBAW5qcAwDQYJKoZI
hvcNAQELBQADggEBAEcedw+EkUMpYqyk/uelF7Rk6Jw7bo/Q7A58fanVgjH8vbWV
J/MciKgZ58Xjx5CnJVWLXWOYeWnPGCbYkdWujgQdiYzofuD9sHLbf91/NS/gyRSA
kynFMxMR4SRrQsd/qZCN96YDNwDTYOwrLK0aWsf/uXdxr5+yLrL+8+ABE7lcTw5Q
BkIRyNEiC2QAcXI8+Spye2UNNwvZRejk4oGynWO0Jkp7AMU9UFCSQiFrWRbUR4P+
/6fQ8yBRxG/085gH2iec4FVDHImK8I1vH0QCExQDi2ErUB6wZX6GwV2rQp8Phfqd
eWHqeisYwuka9RORebY5QN4t+Zy2EChxD+guHRY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:09 2024 by rpki-client on console-fra.rpki-client.org