Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/nfMdXV0_ig2y1bMXsRgLFBTdxs8.roa
File: nfMdXV0_ig2y1bMXsRgLFBTdxs8.roa (raw, json)
Hash identifier: H5BVrT7ATtOu7G9GKyXSNYDS5o/5CeiWM/J16VSZsLo=
Subject key identifier: 9D:F3:1D:5D:5D:3F:8A:0D:B2:D5:B3:17:B1:18:0B:14:14:DD:C6:CF
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 02CCD7F3
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/nfMdXV0_ig2y1bMXsRgLFBTdxs8.roa
Signing time: Thu 10 Mar 2022 16:41:06 +0000
ROA not before: Thu 10 Mar 2022 16:41:06 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35913
IP address blocks: 46.20.109.0/24 maxlen: 24
46.20.107.0/24 maxlen: 24
46.20.98.0/24 maxlen: 24
185.169.220.0/24 maxlen: 24
46.20.103.0/24 maxlen: 24
46.20.102.0/24 maxlen: 24
46.20.99.0/24 maxlen: 24
46.20.100.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 46979059 (0x2ccd7f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Mar 10 16:41:06 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9df31d5d5d3f8a0db2d5b317b1180b1414ddc6cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:04:8d:87:e0:2d:c8:0e:b2:55:31:f5:2e:ca:
6c:db:2a:1f:35:31:18:b0:82:44:79:8a:a5:52:4c:
32:56:d6:6c:dd:81:60:5c:d0:fc:0d:a4:a4:91:d1:
df:b3:27:1a:fb:18:26:4c:8b:fd:28:40:b9:19:79:
2f:bb:5b:41:25:4c:8e:26:ae:ac:18:b3:b1:96:79:
94:d5:3e:d1:08:11:41:9b:90:5d:55:59:61:db:92:
b5:7e:40:31:af:ee:3a:8e:ed:92:37:46:9b:af:80:
ee:0c:f0:7a:ac:5e:67:ad:cd:b2:13:5c:f8:ee:27:
1d:bf:48:9d:d7:1f:8a:79:b2:2f:e7:26:22:9b:92:
6f:bf:5d:b7:b7:e3:d9:a5:25:1c:89:f8:ec:62:37:
1f:2c:63:96:45:7e:2d:34:91:bb:59:01:91:34:d1:
5b:7b:ab:78:42:06:b2:5c:35:dd:cb:f9:43:f0:6d:
2e:5f:35:1b:0a:eb:ff:9c:fe:82:e8:4f:35:3b:69:
d6:4e:d0:27:cc:38:49:eb:e0:c1:ca:4e:c5:3c:28:
3d:38:46:b9:a8:65:8b:4f:c1:51:c4:42:6a:96:72:
56:3e:db:59:49:60:ae:dd:a9:22:6d:13:55:94:b7:
41:9e:75:9b:59:81:d3:d5:b5:ab:76:96:08:56:43:
47:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:F3:1D:5D:5D:3F:8A:0D:B2:D5:B3:17:B1:18:0B:14:14:DD:C6:CF
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/nfMdXV0_ig2y1bMXsRgLFBTdxs8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.98.0-46.20.100.255
46.20.102.0/23
46.20.107.0/24
46.20.109.0/24
185.169.220.0/24
Signature Algorithm: sha256WithRSAEncryption
a0:2c:49:81:9b:30:0e:76:68:18:c0:39:1b:f2:d4:37:cb:b0:
65:9c:37:50:41:a7:c4:dd:eb:48:a8:b1:84:20:00:05:d9:20:
08:02:0f:71:3d:41:5c:b4:fb:ce:58:af:93:f9:56:6c:98:36:
47:a2:15:8d:a2:ab:17:e9:36:82:36:53:2a:4c:ab:6e:6d:54:
07:d8:b3:83:a4:ae:a5:d9:df:b5:75:84:3b:08:64:be:30:72:
44:ce:b0:0f:81:95:92:e9:d1:c5:66:ec:05:06:cc:be:03:9e:
f9:e8:06:64:a1:0e:ee:ec:52:5d:46:91:f7:de:bb:0b:51:09:
a0:f4:82:e4:eb:58:7f:c8:8e:c6:8a:8a:aa:3b:1b:0b:fa:ee:
bc:a1:93:e8:a2:28:e2:cc:fb:df:0e:61:a5:90:c4:94:8e:e9:
a4:a8:0f:21:ce:b2:6d:fd:d9:8e:60:09:c2:16:9d:26:ff:da:
c5:e0:99:3a:04:d6:92:db:7c:02:9e:51:28:4d:63:6e:d9:da:
22:0a:c6:03:45:ae:6e:32:bf:d0:9e:00:5b:18:7a:f2:65:3b:
9d:13:f0:f4:58:78:57:6c:ea:c0:bb:b6:63:b9:6d:52:b6:db:
2a:fe:9c:ce:9d:9a:45:de:62:3b:5d:a9:a8:3f:2b:03:20:bf:
d3:f3:ca:c3
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEAszX8zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MWRkMGViZmY1YmEzOGE4NzU4Yjc5NGQwNGQ2MjkwNTE5NGEzMjY2MB4XDTIyMDMx
MDE2NDEwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWRmMzFkNWQ1ZDNm
OGEwZGIyZDViMzE3YjExODBiMTQxNGRkYzZjZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOMEjYfgLcgOslUx9S7KbNsqHzUxGLCCRHmKpVJMMlbWbN2B
YFzQ/A2kpJHR37MnGvsYJkyL/ShAuRl5L7tbQSVMjiaurBizsZZ5lNU+0QgRQZuQ
XVVZYduStX5AMa/uOo7tkjdGm6+A7gzweqxeZ63NshNc+O4nHb9IndcfinmyL+cm
IpuSb79dt7fj2aUlHIn47GI3HyxjlkV+LTSRu1kBkTTRW3ureEIGslw13cv5Q/Bt
Ll81Gwrr/5z+guhPNTtp1k7QJ8w4SevgwcpOxTwoPThGuahli0/BUcRCapZyVj7b
WUlgrt2pIm0TVZS3QZ51m1mB09W1q3aWCFZDR8MCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBSd8x1dXT+KDbLVsxexGAsUFN3GzzAfBgNVHSMEGDAWgBQR3Q6/9bo4qHWL
eU0E1ikFGUoyZjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VkME92X1c2T0toMWkzbE5CTllwQlJsS01tWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvYTY2YTI5LTUxY2MtNGJhOS04ODRmLWYxNzYxM2VhNDllNy8x
L25mTWRYVjBfaWcyeTFiTVhzUmdMRkJUZHhzOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
YTY2YTI5LTUxY2MtNGJhOS04ODRmLWYxNzYxM2VhNDllNy8xL0VkME92X1c2T0to
MWkzbE5CTllwQlJsS01tWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAEwJjAMAwQBLhRiAwQALhRkAwQBLhRmAwQA
LhRrAwQALhRtAwQAuancMA0GCSqGSIb3DQEBCwUAA4IBAQCgLEmBmzAOdmgYwDkb
8tQ3y7BlnDdQQafE3etIqLGEIAAF2SAIAg9xPUFctPvOWK+T+VZsmDZHohWNoqsX
6TaCNlMqTKtubVQH2LODpK6l2d+1dYQ7CGS+MHJEzrAPgZWS6dHFZuwFBsy+A575
6AZkoQ7u7FJdRpH33rsLUQmg9ILk61h/yI7GioqqOxsL+u68oZPooijizPvfDmGl
kMSUjumkqA8hzrJt/dmOYAnCFp0m/9rF4Jk6BNaS23wCnlEoTWNu2doiCsYDRa5u
Mr/QngBbGHryZTudE/D0WHhXbOrAu7ZjuW1Sttsq/pzOnZpF3mI7XamoPysDIL/T
88rD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:59 2024 by rpki-client on console-ams.rpki-client.org