Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/PfwGkWQ002mcskLvsnn3Pc1xOxs.roa
File: PfwGkWQ002mcskLvsnn3Pc1xOxs.roa (raw, json)
Hash identifier: JNtM1l3aP3ODe9cikQwm1JAXmpUeaFKYz33q8twrSGI=
Subject key identifier: 3D:FC:06:91:64:34:D3:69:9C:B2:42:EF:B2:79:F7:3D:CD:71:3B:1B
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 01856D2F30A5D800C6D783DCF23EDC20A757
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/PfwGkWQ002mcskLvsnn3Pc1xOxs.roa
Signing time: Sun 01 Jan 2023 11:54:47 +0000
ROA not before: Sun 01 Jan 2023 11:54:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35913
IP address blocks: 46.20.103.0/24 maxlen: 24
46.20.102.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:2f:30:a5:d8:00:c6:d7:83:dc:f2:3e:dc:20:a7:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Jan 1 11:54:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3dfc06916434d3699cb242efb279f73dcd713b1b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:d0:c7:0d:a8:51:18:5f:1d:46:88:da:8e:27:
d1:82:5e:42:99:31:9e:93:3e:e5:39:ee:cb:37:a5:
9c:0e:7f:c6:ff:b1:7c:fa:26:ca:f3:c3:e0:55:e0:
55:f0:6b:76:f8:eb:ea:59:a5:77:d3:69:12:07:35:
4f:b1:7e:ed:a0:e9:a6:10:71:e6:b6:27:75:9f:61:
a5:8c:16:4a:2b:7a:dd:37:8b:85:da:21:77:0d:56:
2e:20:1a:b1:7a:6c:19:0b:0d:43:63:cc:b0:b8:9f:
52:5c:a6:e8:fc:78:43:6e:87:26:33:eb:56:92:eb:
1a:b9:db:cd:b1:2f:a8:66:1a:3d:c0:a4:8c:a1:6c:
1d:8b:06:5b:03:56:98:cc:26:7d:de:99:ae:7a:75:
38:9d:cd:00:dc:eb:07:9f:b8:70:c9:dc:3d:e4:ed:
76:d6:71:9a:bf:4d:2d:47:f9:de:21:35:13:10:30:
c2:e9:9a:00:e3:41:47:3d:94:92:34:57:48:c6:97:
ba:bf:61:af:8d:b0:f3:d5:04:3a:96:27:5d:c5:5d:
ee:2f:e9:17:f7:d4:a0:7c:e4:63:00:12:b9:c7:fb:
73:d8:9a:3e:8f:b4:d5:1c:8f:8c:ef:40:fc:66:89:
75:33:e5:7d:1a:85:ef:53:fe:cb:65:b9:86:75:01:
17:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:FC:06:91:64:34:D3:69:9C:B2:42:EF:B2:79:F7:3D:CD:71:3B:1B
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/PfwGkWQ002mcskLvsnn3Pc1xOxs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.102.0/23
Signature Algorithm: sha256WithRSAEncryption
74:0d:d6:94:13:7e:74:e2:30:e4:05:ca:8e:41:61:b1:09:c1:
83:6b:f0:ba:f1:f8:a9:5f:92:f1:84:c1:71:87:d3:35:43:60:
67:eb:e5:fb:aa:8c:ff:f7:6d:e3:67:1d:98:de:27:5e:27:44:
20:2a:6b:57:85:6d:29:93:b7:cb:6c:ed:8c:92:6b:3b:95:51:
01:ae:22:95:6b:46:f4:d5:17:73:b2:55:88:8e:f5:0b:93:76:
8f:a1:01:40:57:62:ba:75:07:75:8b:d3:7c:5a:5f:4a:2c:80:
aa:b3:7b:8b:6a:19:84:e2:1c:08:69:39:6e:18:f5:84:bb:d6:
bd:e4:5a:12:d9:2b:26:c4:7e:db:69:b9:75:c8:d3:10:59:2b:
4d:7a:c1:5d:57:03:56:86:5f:9e:e9:7e:08:22:b2:b5:c2:dd:
91:8b:8f:64:f1:8d:23:68:02:51:7c:b5:22:01:c5:5d:da:da:
5c:e4:0b:51:ee:76:7b:fc:0f:1a:ff:46:de:16:4d:f1:2e:66:
3a:b9:4f:39:c2:dc:2e:2e:39:73:a7:ee:e6:21:fc:71:ec:a2:
48:89:9d:ba:4f:d7:9f:78:8e:6a:13:91:a5:23:38:87:ef:ed:
34:5d:8f:dd:2b:48:e2:2e:82:cc:2b:65:61:72:46:60:be:6a:
bd:82:67:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtLzCl2ADG14Pc8j7cIKdXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMTAxMTE1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGZjMDY5MTY0MzRkMzY5OWNiMjQyZWZiMjc5ZjczZGNkNzEzYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktDHDahRGF8dRojajifRgl5CmTGe
kz7lOe7LN6WcDn/G/7F8+ibK88PgVeBV8Gt2+OvqWaV302kSBzVPsX7toOmmEHHm
tid1n2GljBZKK3rdN4uF2iF3DVYuIBqxemwZCw1DY8ywuJ9SXKbo/HhDbocmM+tW
kusaudvNsS+oZho9wKSMoWwdiwZbA1aYzCZ93pmuenU4nc0A3OsHn7hwydw95O12
1nGav00tR/neITUTEDDC6ZoA40FHPZSSNFdIxpe6v2GvjbDz1QQ6liddxV3uL+kX
99SgfORjABK5x/tz2Jo+j7TVHI+M70D8Zol1M+V9GoXvU/7LZbmGdQEX5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD38BpFkNNNpnLJC77J59z3NcTsbMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvUGZ3R2tXUTAwMm1jc2tMdnNubjNQYzF4T3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLhRmMA0G
CSqGSIb3DQEBCwUAA4IBAQB0DdaUE3504jDkBcqOQWGxCcGDa/C68fipX5LxhMFx
h9M1Q2Bn6+X7qoz/923jZx2Y3ideJ0QgKmtXhW0pk7fLbO2Mkms7lVEBriKVa0b0
1RdzslWIjvULk3aPoQFAV2K6dQd1i9N8Wl9KLICqs3uLahmE4hwIaTluGPWEu9a9
5FoS2SsmxH7babl1yNMQWStNesFdVwNWhl+e6X4IIrK1wt2Ri49k8Y0jaAJRfLUi
AcVd2tpc5AtR7nZ7/A8a/0beFk3xLmY6uU85wtwuLjlzp+7mIfxx7KJIiZ26T9ef
eI5qE5GlIziH7+00XY/dK0jiLoLMK2VhckZgvmq9gmdk
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:59 2024 by rpki-client on console-ams.rpki-client.org