Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/hXIQyYPM6S8h8-W9VNubU5f0hV0.roa
File: hXIQyYPM6S8h8-W9VNubU5f0hV0.roa (raw, json)
Hash identifier: O5HeAu3HGS5d5q1lQwOcRFf9mXOhYe8OI45UGUp9cxI=
Subject key identifier: 85:72:10:C9:83:CC:E9:2F:21:F3:E5:BD:54:DB:9B:53:97:F4:85:5D
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 01856D2F31ECCEEDB795668AB5D9917C2309
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/hXIQyYPM6S8h8-W9VNubU5f0hV0.roa
Signing time: Sun 01 Jan 2023 11:54:47 +0000
ROA not before: Sun 01 Jan 2023 11:54:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 46.20.98.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:2f:31:ec:ce:ed:b7:95:66:8a:b5:d9:91:7c:23:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Jan 1 11:54:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=857210c983cce92f21f3e5bd54db9b5397f4855d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:cb:b3:f2:ab:74:75:12:11:e5:8c:34:13:b0:
f8:74:8f:b1:58:42:4c:ad:8e:49:cb:9f:18:09:74:
3f:6c:f4:f2:f9:6f:97:bb:f9:a8:8f:79:78:f2:bd:
6a:7d:e2:44:8c:88:8f:8d:17:25:d2:6a:2c:46:9f:
36:df:77:23:b6:6a:26:d6:ce:33:17:1b:58:f0:ad:
b1:6b:cd:d5:42:cb:a1:f0:65:75:af:f7:11:bf:52:
65:15:b9:57:bb:b2:4d:cd:b4:ca:91:85:e0:75:13:
49:ce:6a:26:26:5b:de:0f:f2:c5:c2:95:2c:20:2f:
e3:8b:cc:fa:5d:f6:fa:40:5a:67:58:a0:d2:d9:ad:
b4:f5:bd:d1:35:88:ce:e2:25:fa:ae:85:cd:0a:fa:
89:be:d1:b7:e1:fe:e8:40:3a:50:55:19:a9:9f:b0:
ad:8f:64:92:2a:00:ca:99:09:6b:09:ce:89:47:79:
75:7a:6a:7d:4e:25:9f:71:e0:7e:82:2d:c0:d6:16:
9c:86:13:a4:e3:94:ff:5d:5b:dd:df:67:3b:f5:36:
b2:6b:4d:ff:ff:00:d1:aa:a0:65:ba:1e:a5:90:54:
b1:eb:e2:20:cc:9f:a9:95:c9:86:ff:55:e5:ce:11:
fd:b6:6c:1c:fa:64:5d:f2:eb:22:39:51:7f:b5:98:
82:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:72:10:C9:83:CC:E9:2F:21:F3:E5:BD:54:DB:9B:53:97:F4:85:5D
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/hXIQyYPM6S8h8-W9VNubU5f0hV0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.98.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:ea:00:4a:49:4c:4e:4c:fa:cc:9b:bc:9e:1e:9c:20:ed:53:
52:55:88:bf:6a:c4:f2:86:f6:f2:d2:98:26:88:06:b4:5a:fa:
20:5e:de:21:46:32:00:87:fc:9c:92:08:d0:64:9a:27:41:30:
bb:77:4f:70:e8:13:99:54:27:46:dd:ad:7b:6c:5d:56:71:ae:
f4:86:22:70:d1:5a:ec:ce:7a:89:a4:59:1c:d5:77:35:a8:6c:
7d:d4:05:c5:ae:02:47:3f:14:e2:58:4e:04:bc:49:e4:e0:f1:
40:1c:4c:9c:af:59:d9:11:0e:ab:14:2b:0f:c6:f9:0e:9a:63:
55:25:f1:5e:13:14:e1:0e:5c:f4:ea:1b:4a:b0:85:b8:0c:be:
13:52:ca:ad:d1:af:28:9b:75:63:49:cc:c9:45:6d:57:73:53:
06:22:08:32:d0:25:61:c7:5a:6b:73:96:4d:07:c7:83:da:af:
ff:95:2d:91:86:9e:36:4b:86:0c:35:29:bc:38:6b:04:52:86:
a8:b5:dd:3a:c2:c3:25:0e:63:5c:a7:0a:21:8a:bd:0f:2a:d3:
a2:ae:2e:5d:1c:1f:d0:5a:95:85:b1:7f:0b:cf:0c:74:a0:ea:
4a:79:6b:65:23:a8:12:96:98:12:6e:bf:c6:de:93:98:ed:ae:
3c:3b:62:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtLzHszu23lWaKtdmRfCMJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMTAxMTE1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTcyMTBjOTgzY2NlOTJmMjFmM2U1YmQ1NGRiOWI1Mzk3ZjQ4NTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcuz8qt0dRIR5Yw0E7D4dI+xWEJM
rY5Jy58YCXQ/bPTy+W+Xu/moj3l48r1qfeJEjIiPjRcl0mosRp8233cjtmom1s4z
FxtY8K2xa83VQsuh8GV1r/cRv1JlFblXu7JNzbTKkYXgdRNJzmomJlveD/LFwpUs
IC/ji8z6Xfb6QFpnWKDS2a209b3RNYjO4iX6roXNCvqJvtG34f7oQDpQVRmpn7Ct
j2SSKgDKmQlrCc6JR3l1emp9TiWfceB+gi3A1hachhOk45T/XVvd32c79Taya03/
/wDRqqBluh6lkFSx6+IgzJ+plcmG/1XlzhH9tmwc+mRd8usiOVF/tZiCdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVyEMmDzOkvIfPlvVTbm1OX9IVdMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvaFhJUXlZUE02UzhoOC1XOVZOdWJVNWYwaFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRiMA0G
CSqGSIb3DQEBCwUAA4IBAQB66gBKSUxOTPrMm7yeHpwg7VNSVYi/asTyhvby0pgm
iAa0WvogXt4hRjIAh/yckgjQZJonQTC7d09w6BOZVCdG3a17bF1Wca70hiJw0Vrs
znqJpFkc1Xc1qGx91AXFrgJHPxTiWE4EvEnk4PFAHEycr1nZEQ6rFCsPxvkOmmNV
JfFeExThDlz06htKsIW4DL4TUsqt0a8om3VjSczJRW1Xc1MGIggy0CVhx1prc5ZN
B8eD2q//lS2Rhp42S4YMNSm8OGsEUoaotd06wsMlDmNcpwohir0PKtOiri5dHB/Q
WpWFsX8Lzwx0oOpKeWtlI6gSlpgSbr/G3pOY7a48O2IT
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:45:05 2025 by rpki-client