Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/bmj_fz8wTVacQhLkcNv9QrgtbCc.roa
File: bmj_fz8wTVacQhLkcNv9QrgtbCc.roa (raw, json)
Hash identifier: R2Bm7A0D7FMRGtJKqZdWxPCEzxv2zta3W5rTeP6Xu2g=
Subject key identifier: 6E:68:FF:7F:3F:30:4D:56:9C:42:12:E4:70:DB:FD:42:B8:2D:6C:27
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 0183C3B3144480ED459C20CF34BE8AE63F38
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/bmj_fz8wTVacQhLkcNv9QrgtbCc.roa
Signing time: Mon 10 Oct 2022 21:00:36 +0000
ROA not before: Mon 10 Oct 2022 21:00:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44486
IP address blocks: 46.20.100.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:c3:b3:14:44:80:ed:45:9c:20:cf:34:be:8a:e6:3f:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Oct 10 21:00:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6e68ff7f3f304d569c4212e470dbfd42b82d6c27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:b6:69:aa:43:70:da:c4:12:0b:e6:d8:2a:0f:
14:8f:de:bb:3e:03:61:c4:3e:b5:a6:68:1c:ca:35:
63:55:08:ef:02:03:89:91:8c:79:6b:dc:a1:69:3b:
f6:c5:aa:3b:19:7d:8d:3c:e8:89:0a:7f:fb:cd:70:
cd:19:b3:29:35:34:5d:c9:c1:e9:e0:e5:91:90:98:
17:93:52:ca:a5:4e:5a:2e:8b:26:84:d3:ac:8c:0d:
0e:f5:93:e4:be:ee:6c:03:90:53:f8:84:05:1d:8f:
61:47:4c:b2:3d:0a:9e:6a:7d:00:42:31:bc:d3:98:
94:b0:0b:b3:3e:db:2d:c0:70:d9:4f:53:43:f5:3a:
32:a7:23:3d:48:18:3e:bf:0a:b8:5c:92:4e:01:5c:
be:88:91:f3:ca:4a:2d:93:29:aa:ee:c3:b1:02:98:
ce:ed:2e:38:05:ce:f5:62:21:6d:d7:c2:43:9f:95:
38:dd:ae:52:40:3a:9f:d9:47:78:78:4b:a1:5b:a7:
1d:74:11:bc:9e:97:32:dd:8d:0a:22:08:b9:41:4a:
72:c9:aa:33:cd:5c:a1:81:65:e7:90:42:cc:a0:35:
d4:82:9f:55:06:80:6a:e9:87:17:44:d8:1c:1b:1c:
52:9e:0e:85:ec:c3:2f:a6:e9:22:2d:9f:c5:e1:c8:
c0:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:68:FF:7F:3F:30:4D:56:9C:42:12:E4:70:DB:FD:42:B8:2D:6C:27
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/bmj_fz8wTVacQhLkcNv9QrgtbCc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.100.0/24
Signature Algorithm: sha256WithRSAEncryption
59:5e:1b:46:60:2b:ab:20:d9:a1:be:69:18:a8:fc:41:31:f2:
b3:4c:ed:03:9f:d2:dc:07:d1:7b:62:14:c3:f9:fb:32:46:ff:
e0:86:8b:d1:4a:77:25:14:35:33:f2:fe:47:64:6d:11:d3:ac:
8e:73:c4:00:cb:2e:00:4e:af:79:b9:60:e8:ac:80:45:27:88:
67:12:cf:3e:e9:ca:84:7c:11:de:64:4f:8e:d9:18:b9:31:68:
99:87:27:2b:26:ef:f8:7a:f2:6e:7a:b5:98:10:04:18:ad:3e:
53:b3:09:44:a0:8b:4e:37:84:e3:a2:95:92:1f:b6:b5:6f:1c:
04:1e:9d:c9:07:0d:9e:dd:77:16:f6:b2:77:28:78:c3:0b:ed:
e7:90:20:d6:94:fd:e3:aa:fc:d6:2c:65:e1:57:2e:a7:f4:c1:
4e:52:45:e3:74:2e:b3:a0:f8:e7:23:29:c5:60:6e:8d:8b:35:
01:a0:08:6d:f4:a5:cf:cd:2a:ea:5a:d3:df:fe:33:ab:62:7f:
46:2b:5d:ea:5d:a1:e4:81:41:eb:9f:65:6f:cf:77:18:2c:31:
2b:c6:09:8f:fc:9b:df:99:3a:be:86:68:67:dd:24:f8:65:ce:
3f:16:30:31:2b:86:50:a1:bc:59:8c:d2:ca:ce:43:f4:a4:04:
79:68:13:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYPDsxREgO1FnCDPNL6K5j84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjIxMDEwMjEwMDM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTY4ZmY3ZjNmMzA0ZDU2OWM0MjEyZTQ3MGRiZmQ0MmI4MmQ2YzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrZpqkNw2sQSC+bYKg8Uj967PgNh
xD61pmgcyjVjVQjvAgOJkYx5a9yhaTv2xao7GX2NPOiJCn/7zXDNGbMpNTRdycHp
4OWRkJgXk1LKpU5aLosmhNOsjA0O9ZPkvu5sA5BT+IQFHY9hR0yyPQqean0AQjG8
05iUsAuzPtstwHDZT1ND9ToypyM9SBg+vwq4XJJOAVy+iJHzykotkymq7sOxApjO
7S44Bc71YiFt18JDn5U43a5SQDqf2Ud4eEuhW6cddBG8npcy3Y0KIgi5QUpyyaoz
zVyhgWXnkELMoDXUgp9VBoBq6YcXRNgcGxxSng6F7MMvpukiLZ/F4cjAXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5o/38/ME1WnEIS5HDb/UK4LWwnMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvYm1qX2Z6OHdUVmFjUWhMa2NOdjlRcmd0YkNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRkMA0G
CSqGSIb3DQEBCwUAA4IBAQBZXhtGYCurINmhvmkYqPxBMfKzTO0Dn9LcB9F7YhTD
+fsyRv/ghovRSnclFDUz8v5HZG0R06yOc8QAyy4ATq95uWDorIBFJ4hnEs8+6cqE
fBHeZE+O2Ri5MWiZhycrJu/4evJuerWYEAQYrT5TswlEoItON4TjopWSH7a1bxwE
Hp3JBw2e3XcW9rJ3KHjDC+3nkCDWlP3jqvzWLGXhVy6n9MFOUkXjdC6zoPjnIynF
YG6NizUBoAht9KXPzSrqWtPf/jOrYn9GK13qXaHkgUHrn2Vvz3cYLDErxgmP/Jvf
mTq+hmhn3ST4Zc4/FjAxK4ZQobxZjNLKzkP0pAR5aBPb
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:46:43 2025 by rpki-client