Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/lmTk-jfPPt8L31Mg1PKjnWyVpF8.roa
File: lmTk-jfPPt8L31Mg1PKjnWyVpF8.roa (raw, json)
Hash identifier: +ln1aHdFp1oH7weEzIEfloMK4YoXMbuc/+OpT+nqacI=
Subject key identifier: 96:64:E4:FA:37:CF:3E:DF:0B:DF:53:20:D4:F2:A3:9D:6C:95:A4:5F
Certificate issuer: /CN=1c99cebe0cf09903903d19c1ca0ae62421764859
Certificate serial: 01879DCC3FD85A029C10FFF5665A082AC661
Authority key identifier: 1C:99:CE:BE:0C:F0:99:03:90:3D:19:C1:CA:0A:E6:24:21:76:48:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/lmTk-jfPPt8L31Mg1PKjnWyVpF8.roa
Signing time: Thu 20 Apr 2023 08:33:41 +0000
ROA not before: Thu 20 Apr 2023 08:33:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21119
IP address blocks: 213.179.48.0/20 maxlen: 20
46.16.48.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:9d:cc:3f:d8:5a:02:9c:10:ff:f5:66:5a:08:2a:c6:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c99cebe0cf09903903d19c1ca0ae62421764859
Validity
Not Before: Apr 20 08:33:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9664e4fa37cf3edf0bdf5320d4f2a39d6c95a45f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:41:0c:94:77:81:a6:fc:ec:a8:53:a3:d6:0e:
b1:53:9f:c9:d3:38:2e:1a:df:87:0c:3c:ce:78:6c:
2d:67:9d:86:a8:a9:2e:27:b3:36:b8:b5:db:bc:e9:
ea:a3:55:46:d6:32:da:f9:89:26:cd:1e:f7:31:29:
18:be:0f:38:2c:79:de:87:85:bb:18:72:12:58:0e:
01:27:a2:ae:a0:b9:37:60:5f:29:3f:42:44:cc:1c:
a3:83:8a:4c:9d:f4:9a:e7:0e:7d:03:89:2d:f7:ef:
4a:92:c7:b3:8b:8b:03:53:a4:06:cf:f1:f3:43:a1:
b0:a6:e8:af:27:04:ac:9e:f3:7c:6b:6c:10:ec:64:
bb:30:61:39:3e:fc:30:3d:e8:7a:9c:59:9d:32:90:
38:84:ea:46:36:a1:e0:12:27:14:fb:6b:07:86:30:
a9:19:12:aa:65:59:88:1e:e3:93:23:89:75:e4:19:
22:fc:1b:e1:17:fb:b4:62:42:99:dd:d0:ca:40:96:
50:71:da:1b:a3:0a:8f:2d:41:f3:b0:91:3a:6f:e7:
ec:59:76:2b:32:62:58:d0:99:5c:c0:54:14:ba:be:
2a:65:a0:0c:ca:c7:af:1c:49:a3:17:62:10:0a:e5:
bf:6b:89:e3:08:de:12:88:6d:ad:9b:10:31:6a:6e:
dc:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:64:E4:FA:37:CF:3E:DF:0B:DF:53:20:D4:F2:A3:9D:6C:95:A4:5F
X509v3 Authority Key Identifier:
keyid:1C:99:CE:BE:0C:F0:99:03:90:3D:19:C1:CA:0A:E6:24:21:76:48:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJnOvgzwmQOQPRnBygrmJCF2SFk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/lmTk-jfPPt8L31Mg1PKjnWyVpF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3fea1a-57bc-493a-9a3e-8c25b5fb276f/1/HJnOvgzwmQOQPRnBygrmJCF2SFk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.16.48.0/21
213.179.48.0/20
Signature Algorithm: sha256WithRSAEncryption
46:2d:2b:15:7b:26:3e:70:1e:24:06:56:d6:12:57:9e:b2:3e:
c9:9b:2f:07:da:bf:c3:c7:42:4c:71:30:5e:40:51:8b:1d:c6:
6b:69:13:29:3b:fd:1c:fc:68:cb:3c:62:b2:fd:04:d5:62:e5:
eb:9f:a6:8c:79:65:31:29:98:10:fc:d6:4f:8a:2f:dc:34:7f:
69:23:d9:23:1f:bb:3c:7f:89:c8:54:bb:32:2f:cb:ed:33:3b:
0d:38:96:0e:b5:6d:a8:b4:69:de:4d:ab:ba:06:e7:b2:94:62:
51:fd:a7:80:3b:8e:ee:50:26:7c:61:ef:b5:af:38:1a:a0:55:
3e:58:f2:dc:36:60:05:fd:d0:53:6f:94:21:ab:cd:5c:c7:27:
79:0b:3b:b3:7a:f9:0c:5e:b2:8d:f9:ba:9d:f4:14:aa:df:52:
15:eb:3a:2c:82:1e:d7:bd:86:cb:ea:46:6e:5c:e3:b4:dc:82:
dd:28:9c:51:0f:61:48:9f:b2:c6:cf:6b:79:61:4a:57:60:03:
f0:6d:c3:12:6a:33:b8:af:c3:a6:60:03:90:f4:2d:b0:68:a1:
54:e2:af:1f:a0:c7:cd:ee:e7:4e:fa:b1:e6:e3:cf:a6:3d:f4:
59:a3:6c:17:e6:84:db:a4:c0:50:f9:12:e7:3b:7e:0e:b3:55:
06:37:92:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYedzD/YWgKcEP/1ZloIKsZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTljZWJlMGNmMDk5MDM5MDNkMTljMWNhMGFlNjI0MjE3
NjQ4NTkwHhcNMjMwNDIwMDgzMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjY0ZTRmYTM3Y2YzZWRmMGJkZjUzMjBkNGYyYTM5ZDZjOTVhNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukEMlHeBpvzsqFOj1g6xU5/J0zgu
Gt+HDDzOeGwtZ52GqKkuJ7M2uLXbvOnqo1VG1jLa+YkmzR73MSkYvg84LHneh4W7
GHISWA4BJ6KuoLk3YF8pP0JEzByjg4pMnfSa5w59A4kt9+9Kksezi4sDU6QGz/Hz
Q6GwpuivJwSsnvN8a2wQ7GS7MGE5PvwwPeh6nFmdMpA4hOpGNqHgEicU+2sHhjCp
GRKqZVmIHuOTI4l15Bki/BvhF/u0YkKZ3dDKQJZQcdobowqPLUHzsJE6b+fsWXYr
MmJY0JlcwFQUur4qZaAMysevHEmjF2IQCuW/a4njCN4SiG2tmxAxam7cOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJZk5Po3zz7fC99TINTyo51slaRfMB8GA1UdIwQY
MBaAFByZzr4M8JkDkD0ZwcoK5iQhdkhZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpuT3ZnendtUU9RUFJuQnlncm1KQ0YyU0ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8zZmVhMWEtNTdiYy00OTNhLTlhM2Ut
OGMyNWI1ZmIyNzZmLzEvbG1Uay1qZlBQdDhMMzFNZzFQS2puV3lWcEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8zZmVhMWEtNTdiYy00OTNhLTlhM2UtOGMyNWI1ZmIyNzZm
LzEvSEpuT3ZnendtUU9RUFJuQnlncm1KQ0YyU0ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLhAwAwQE
1bMwMA0GCSqGSIb3DQEBCwUAA4IBAQBGLSsVeyY+cB4kBlbWEleesj7Jmy8H2r/D
x0JMcTBeQFGLHcZraRMpO/0c/GjLPGKy/QTVYuXrn6aMeWUxKZgQ/NZPii/cNH9p
I9kjH7s8f4nIVLsyL8vtMzsNOJYOtW2otGneTau6BueylGJR/aeAO47uUCZ8Ye+1
rzgaoFU+WPLcNmAF/dBTb5Qhq81cxyd5CzuzevkMXrKN+bqd9BSq31IV6zosgh7X
vYbL6kZuXOO03ILdKJxRD2FIn7LGz2t5YUpXYAPwbcMSajO4r8OmYAOQ9C2waKFU
4q8foMfN7udO+rHm48+mPfRZo2wX5oTbpMBQ+RLnO34Os1UGN5Ir
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:16 2024 by rpki-client on console-fra.rpki-client.org