Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/iqBQ6I4RNj4mld2tDnV-unlDN9I.roa
File: iqBQ6I4RNj4mld2tDnV-unlDN9I.roa (raw, json)
Hash identifier: 3oSrINoCCE0+XV/eGL2bfMKMSZz62Rk/Hbk8LsS8erM=
Subject key identifier: 8A:A0:50:E8:8E:11:36:3E:26:95:DD:AD:0E:75:7E:BA:79:43:37:D2
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 0185B657DA2AD098B9103AD0A49754034227
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/iqBQ6I4RNj4mld2tDnV-unlDN9I.roa
Signing time: Sun 15 Jan 2023 16:51:28 +0000
ROA not before: Sun 15 Jan 2023 16:51:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 149767
IP address blocks: 46.20.109.0/24 maxlen: 24
46.20.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:b6:57:da:2a:d0:98:b9:10:3a:d0:a4:97:54:03:42:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Jan 15 16:51:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8aa050e88e11363e2695ddad0e757eba794337d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:95:88:f5:15:e1:c5:20:7e:0d:03:c2:e2:e5:
55:de:79:6e:f5:d8:16:52:2f:f5:23:6a:f5:9f:d1:
e8:e3:c7:d9:29:15:7d:ff:7f:71:95:2e:20:83:57:
72:e6:05:4e:3b:83:86:ff:a2:e1:8c:18:cd:f1:1b:
2f:2d:0e:13:fd:f0:39:23:45:21:3a:28:07:7e:f2:
ea:d6:de:3d:1b:f9:84:55:cb:1a:84:65:8c:56:ec:
04:1a:b9:a3:b4:2a:81:8c:42:f2:01:9f:f7:ce:7c:
00:7e:d9:57:bb:c8:43:8f:51:8f:1d:d4:b4:d6:48:
18:51:fd:b6:73:1d:9a:d7:a6:bc:c1:4b:97:3d:68:
c0:42:3e:49:c0:bd:40:6d:20:07:dc:2d:84:ce:3a:
d6:5d:ef:20:df:d2:6c:2f:2b:8d:8a:8b:6f:6e:a8:
58:0a:55:c2:79:52:63:d5:70:8d:6f:b3:9b:b0:a2:
1f:fa:82:c0:0b:6d:7d:bf:d7:4d:fd:96:e6:b1:21:
5e:14:dd:4a:18:e4:ef:13:18:e7:c7:98:9b:12:d1:
e2:eb:bd:3a:97:5e:c3:12:30:ed:90:4c:ca:06:29:
95:31:0f:26:a8:30:06:0c:d8:f5:f9:00:c3:e2:80:
9d:64:54:02:75:17:85:d2:eb:fa:35:92:0b:7b:b3:
4b:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:A0:50:E8:8E:11:36:3E:26:95:DD:AD:0E:75:7E:BA:79:43:37:D2
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/iqBQ6I4RNj4mld2tDnV-unlDN9I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.99.0/24
46.20.109.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:4d:8d:da:74:cc:8e:27:ae:12:dd:8a:f0:ed:ce:52:e3:b3:
60:e2:5b:d0:45:d1:04:c5:ff:64:12:4c:e3:d0:f3:49:41:c7:
10:e1:36:a5:56:df:b2:95:58:c8:50:af:78:73:d1:8e:a9:4c:
96:06:12:a2:a7:d8:a8:1e:29:ef:c3:94:3c:29:ae:1f:e9:84:
56:e5:d6:10:a4:1d:44:ba:8a:6a:6a:c3:8c:60:ff:7f:ff:57:
03:e9:0e:75:6b:d6:a4:07:60:a0:e0:7c:94:d1:5f:9d:b3:6a:
c2:cf:c6:f4:8c:e3:9b:67:7e:9b:96:e2:3c:c6:87:0f:87:b8:
06:9f:d1:e5:6e:d0:58:39:d7:e5:a4:81:21:12:1e:cb:59:aa:
df:9c:a4:aa:0d:25:40:95:77:24:d7:10:64:ca:12:e7:80:3b:
f7:95:97:c2:fb:af:1e:69:ca:6a:43:8b:79:81:80:8e:04:0e:
a3:ee:57:ea:ee:f0:5b:1f:7e:e1:9f:a9:b7:e9:34:50:84:e0:
ac:06:d3:fd:a5:d1:25:3a:59:db:eb:5a:58:7c:32:f0:2c:04:
14:6a:d6:07:85:c6:67:cf:af:96:8d:69:3d:39:25:d8:7b:d2:
f7:f1:0d:3f:e3:66:02:94:47:c1:c0:b3:07:fd:f0:58:3d:11:
86:8f:7b:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYW2V9oq0Ji5EDrQpJdUA0InMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMTE1MTY1MTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWEwNTBlODhlMTEzNjNlMjY5NWRkYWQwZTc1N2ViYTc5NDMzN2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5WI9RXhxSB+DQPC4uVV3nlu9dgW
Ui/1I2r1n9Ho48fZKRV9/39xlS4gg1dy5gVOO4OG/6LhjBjN8RsvLQ4T/fA5I0Uh
OigHfvLq1t49G/mEVcsahGWMVuwEGrmjtCqBjELyAZ/3znwAftlXu8hDj1GPHdS0
1kgYUf22cx2a16a8wUuXPWjAQj5JwL1AbSAH3C2EzjrWXe8g39JsLyuNiotvbqhY
ClXCeVJj1XCNb7ObsKIf+oLAC219v9dN/ZbmsSFeFN1KGOTvExjnx5ibEtHi6706
l17DEjDtkEzKBimVMQ8mqDAGDNj1+QDD4oCdZFQCdReF0uv6NZILe7NLxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIqgUOiOETY+JpXdrQ51frp5QzfSMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvaXFCUTZJNFJOajRtbGQydERuVi11bmxETjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALhRjAwQA
LhRtMA0GCSqGSIb3DQEBCwUAA4IBAQA8TY3adMyOJ64S3Yrw7c5S47Ng4lvQRdEE
xf9kEkzj0PNJQccQ4TalVt+ylVjIUK94c9GOqUyWBhKip9ioHinvw5Q8Ka4f6YRW
5dYQpB1EuopqasOMYP9//1cD6Q51a9akB2Cg4HyU0V+ds2rCz8b0jOObZ36bluI8
xocPh7gGn9HlbtBYOdflpIEhEh7LWarfnKSqDSVAlXck1xBkyhLngDv3lZfC+68e
acpqQ4t5gYCOBA6j7lfq7vBbH37hn6m36TRQhOCsBtP9pdElOlnb61pYfDLwLAQU
atYHhcZnz6+WjWk9OSXYe9L38Q0/42YClEfBwLMH/fBYPRGGj3sW
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:59 2024 by rpki-client on console-ams.rpki-client.org