Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/ehyQToUVop4F7Vr_8CqltvIVbws.roa
File: ehyQToUVop4F7Vr_8CqltvIVbws.roa (raw, json)
Hash identifier: 1ZTKPT1crBuDL3BqEjgn50xbwuPs/HGwz5wsH0oWh/U=
Subject key identifier: 7A:1C:90:4E:85:15:A2:9E:05:ED:5A:FF:F0:2A:A5:B6:F2:15:6F:0B
Certificate issuer: /CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
Certificate serial: 01856B256D6B8352788FDAB1D787664E44BB
Authority key identifier: A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/ehyQToUVop4F7Vr_8CqltvIVbws.roa
Signing time: Sun 01 Jan 2023 02:24:52 +0000
ROA not before: Sun 01 Jan 2023 02:24:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 396982
IP address blocks: 46.16.161.0/24 maxlen: 24
46.16.160.0/24 maxlen: 24
46.16.160.0/23 maxlen: 23
46.16.164.0/24 maxlen: 24
46.16.166.0/24 maxlen: 24
185.27.146.0/24 maxlen: 24
46.16.165.0/24 maxlen: 24
185.27.147.0/24 maxlen: 24
91.197.140.0/24 maxlen: 24
91.197.140.0/22 maxlen: 22
91.197.141.0/24 maxlen: 24
91.197.143.0/24 maxlen: 24
91.197.142.0/23 maxlen: 23
91.197.142.0/24 maxlen: 24
185.27.144.0/24 maxlen: 24
185.27.144.0/22 maxlen: 22
185.27.145.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:25:6d:6b:83:52:78:8f:da:b1:d7:87:66:4e:44:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
Validity
Not Before: Jan 1 02:24:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7a1c904e8515a29e05ed5afff02aa5b6f2156f0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:e0:0e:0a:87:16:f0:69:06:cf:1a:f6:0d:a6:
6b:68:9c:9e:ba:78:ff:9d:c9:32:a6:98:ca:a6:c2:
02:b9:77:f3:09:72:0e:82:9a:92:b0:37:39:a8:d1:
80:ee:34:58:f9:91:ba:c0:a4:c2:04:8d:92:4c:fa:
33:ec:10:df:90:cd:82:58:e9:0b:78:58:06:f5:10:
77:42:77:ca:a5:b3:86:52:69:22:83:a5:5b:f9:78:
ca:ee:53:37:62:6b:d0:8d:77:ad:ca:c8:9f:56:49:
8c:13:3f:21:17:61:1e:e3:80:34:1f:03:00:80:69:
c3:88:8a:1a:95:66:29:a0:57:36:05:80:b7:31:e6:
c6:76:3c:21:d2:9d:bb:93:41:d5:74:b5:5f:6b:a5:
90:16:34:27:0a:e1:5b:ce:d3:e2:2f:4e:6b:46:6a:
8f:0e:d7:f9:0b:eb:fa:2a:c0:54:01:18:a7:c0:8f:
8e:1c:04:cf:5e:ff:4d:c9:4f:cc:db:06:44:66:d2:
3a:00:3a:03:e6:32:21:3a:6f:ac:4b:dc:77:dd:60:
2b:a6:14:3b:9d:50:7d:59:78:42:ee:eb:7f:ef:99:
3c:4a:02:80:c1:a4:84:ef:2c:43:95:53:d5:4f:77:
33:3b:0b:ce:eb:70:20:86:38:e8:69:86:39:14:1e:
a3:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:1C:90:4E:85:15:A2:9E:05:ED:5A:FF:F0:2A:A5:B6:F2:15:6F:0B
X509v3 Authority Key Identifier:
keyid:A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/ehyQToUVop4F7Vr_8CqltvIVbws.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/po_5Ip79jRK0Jz80b4xkVOpYfsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.16.160.0/23
46.16.164.0-46.16.166.255
91.197.140.0/22
185.27.144.0/22
Signature Algorithm: sha256WithRSAEncryption
7d:71:4c:33:56:3d:19:02:2c:fd:2e:17:3a:ed:7c:1a:73:e6:
bb:f4:f6:6d:ae:f0:f2:97:14:d9:c3:51:38:ed:87:0b:98:d5:
a6:dc:f2:c1:91:cc:1b:9f:93:5c:d6:4f:ca:3d:20:1a:5a:e1:
fe:b1:1d:a7:5f:47:86:4b:ea:18:4d:61:cd:a9:ef:95:d4:b3:
5c:9e:b7:54:37:53:47:ca:2d:75:7b:3a:72:a3:92:43:82:ec:
25:93:6d:16:ca:2c:a8:19:0c:c1:49:f2:13:41:cf:57:67:5c:
3c:45:a8:8e:f4:00:ee:ea:59:11:3e:b1:41:6b:c6:ae:9a:7f:
32:c9:d4:e1:6b:47:b3:01:25:7b:76:a7:8a:e8:10:60:8e:85:
02:bd:3f:6b:3d:70:c4:30:64:30:b9:77:55:54:b4:c9:0c:1c:
f5:d8:fa:27:bd:93:eb:05:f4:fe:85:05:d6:4d:98:94:54:77:
39:47:59:5d:b3:e6:eb:48:04:d6:b8:67:d7:4e:a5:97:8e:51:
be:35:46:a4:ef:1a:00:ba:e7:84:0b:9b:de:ec:85:ab:37:37:
07:de:42:02:18:97:16:a8:4e:97:b1:de:05:69:ed:2d:e0:d6:
a9:de:dc:46:d0:1c:03:69:e9:2c:77:11:bf:f9:58:ea:3f:9a:
b3:46:ea:b6
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVrJW1rg1J4j9qx14dmTkS7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2OGZmOTIyOWVmZDhkMTJiNDI3M2YzNDZmOGM2NDU0ZWE1
ODdlY2MwHhcNMjMwMTAxMDIyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTFjOTA0ZTg1MTVhMjllMDVlZDVhZmZmMDJhYTViNmYyMTU2ZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+AOCocW8GkGzxr2DaZraJyeunj/
nckyppjKpsICuXfzCXIOgpqSsDc5qNGA7jRY+ZG6wKTCBI2STPoz7BDfkM2CWOkL
eFgG9RB3QnfKpbOGUmkig6Vb+XjK7lM3YmvQjXetysifVkmMEz8hF2Ee44A0HwMA
gGnDiIoalWYpoFc2BYC3MebGdjwh0p27k0HVdLVfa6WQFjQnCuFbztPiL05rRmqP
Dtf5C+v6KsBUARinwI+OHATPXv9NyU/M2wZEZtI6ADoD5jIhOm+sS9x33WArphQ7
nVB9WXhC7ut/75k8SgKAwaSE7yxDlVPVT3czOwvO63AghjjoaYY5FB6jsQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFHockE6FFaKeBe1a//AqpbbyFW8LMB8GA1UdIwQY
MBaAFKaP+SKe/Y0StCc/NG+MZFTqWH7MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEt
MjI3ZTIxZTY5MWU3LzEvZWh5UVRvVVZvcDRGN1ZyXzhDcWx0dklWYndzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEtMjI3ZTIxZTY5MWU3
LzEvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBLhCgMAwD
BAIuEKQDBAAuEKYDBAJbxYwDBAK5G5AwDQYJKoZIhvcNAQELBQADggEBAH1xTDNW
PRkCLP0uFzrtfBpz5rv09m2u8PKXFNnDUTjthwuY1abc8sGRzBufk1zWT8o9IBpa
4f6xHadfR4ZL6hhNYc2p75XUs1yet1Q3U0fKLXV7OnKjkkOC7CWTbRbKLKgZDMFJ
8hNBz1dnXDxFqI70AO7qWRE+sUFrxq6afzLJ1OFrR7MBJXt2p4roEGCOhQK9P2s9
cMQwZDC5d1VUtMkMHPXY+ie9k+sF9P6FBdZNmJRUdzlHWV2z5utIBNa4Z9dOpZeO
Ub41RqTvGgC654QLm97shas3NwfeQgIYlxaoTpex3gVp7S3g1qne3EbQHANp6Sx3
Eb/5WOo/mrNG6rY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:03 2024 by rpki-client on console-fra.rpki-client.org