Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/tNFArNL6ZulLezA2ucffWGerjsM.roa
File: tNFArNL6ZulLezA2ucffWGerjsM.roa (raw, json)
Hash identifier: /WY4iQ9/3raanqQmIG0uVeYsze4lUxPHB644dIq4uDA=
Subject key identifier: B4:D1:40:AC:D2:FA:66:E9:4B:7B:30:36:B9:C7:DF:58:67:AB:8E:C3
Certificate issuer: /CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
Certificate serial: 01856B256CB7423BBA8352F70F4A3AA41371
Authority key identifier: A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/tNFArNL6ZulLezA2ucffWGerjsM.roa
Signing time: Sun 01 Jan 2023 02:24:52 +0000
ROA not before: Sun 01 Jan 2023 02:24:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43584
IP address blocks: 46.16.160.0/23 maxlen: 23
46.16.164.0/24 maxlen: 24
185.27.147.0/24 maxlen: 24
185.27.146.0/24 maxlen: 24
46.16.166.0/24 maxlen: 24
46.16.165.0/24 maxlen: 24
46.16.167.0/24 maxlen: 24
91.197.142.0/23 maxlen: 23
91.197.141.0/24 maxlen: 24
91.197.140.0/24 maxlen: 24
185.27.144.0/24 maxlen: 24
185.27.144.0/22 maxlen: 22
185.27.145.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:25:6c:b7:42:3b:ba:83:52:f7:0f:4a:3a:a4:13:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a68ff9229efd8d12b4273f346f8c6454ea587ecc
Validity
Not Before: Jan 1 02:24:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b4d140acd2fa66e94b7b3036b9c7df5867ab8ec3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:80:07:ed:88:e4:1a:60:76:b4:f8:3b:36:43:
49:3d:0f:7a:61:35:ba:b2:d6:86:02:66:89:d5:d2:
d7:8d:42:e2:f3:dc:14:c0:a0:f9:80:9a:b0:e9:f1:
27:a3:77:6f:de:5d:ba:81:d7:bf:2f:ca:ef:e3:7e:
33:19:35:eb:e9:80:a5:de:0a:e3:8a:67:47:ba:93:
bf:8f:d8:b0:aa:e3:b8:0e:ba:47:44:bb:5e:50:74:
f4:e7:06:91:cd:a2:7d:ef:68:af:31:6c:de:17:dd:
d3:ba:a5:a7:58:56:9d:dd:4d:8c:aa:2e:d6:a6:51:
5d:5a:d1:02:d2:21:48:e3:fd:23:91:0a:5c:fb:12:
46:8a:f2:b6:b1:3e:ff:18:bd:d4:84:1d:10:55:f8:
c7:05:9a:63:6a:85:3f:58:ce:c3:33:26:0a:37:83:
27:49:66:fc:36:27:17:63:7d:17:c1:bf:28:dc:d0:
40:04:47:d6:cd:46:9b:d5:38:f6:f5:a1:90:71:88:
3d:95:41:e8:45:ba:91:b5:63:0a:9e:2f:ff:88:ca:
e9:18:cf:74:09:b3:2b:26:3a:d1:0a:70:52:33:9d:
e3:5b:94:4f:e2:5d:56:25:81:20:68:b5:d1:3b:21:
dc:20:f6:39:26:33:f6:12:b6:a0:f9:60:f8:fc:0c:
8d:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:D1:40:AC:D2:FA:66:E9:4B:7B:30:36:B9:C7:DF:58:67:AB:8E:C3
X509v3 Authority Key Identifier:
keyid:A6:8F:F9:22:9E:FD:8D:12:B4:27:3F:34:6F:8C:64:54:EA:58:7E:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/po_5Ip79jRK0Jz80b4xkVOpYfsw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/tNFArNL6ZulLezA2ucffWGerjsM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/2ff98e-6ff9-4233-b9f1-227e21e691e7/1/po_5Ip79jRK0Jz80b4xkVOpYfsw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.16.160.0/23
46.16.164.0/22
91.197.140.0/22
185.27.144.0/22
Signature Algorithm: sha256WithRSAEncryption
12:6c:cd:32:80:93:b9:57:38:4b:fd:15:82:53:24:4e:1c:2a:
a4:8e:a5:02:13:ca:47:2b:12:00:31:a2:25:8a:3d:7b:ca:aa:
3b:56:b2:76:eb:15:4b:99:1f:1b:22:50:14:5c:e3:8f:00:ef:
85:f7:dc:ef:44:2e:c2:e7:b8:b1:5d:bb:83:3d:af:c4:78:9e:
0c:a8:a0:df:5c:48:7c:55:86:8e:ce:41:c2:ff:9d:2f:fa:88:
75:7d:0d:99:60:49:95:79:f5:c4:a6:d0:3a:fd:1e:e2:4f:b6:
f7:a8:b5:02:65:5e:14:b0:73:72:f3:ee:a3:e7:e3:58:38:fe:
4a:1a:51:97:68:55:d6:49:3b:8d:75:79:0b:48:90:c7:9d:02:
8b:4c:a8:be:77:cb:8b:6d:a1:08:5a:4f:6a:cd:63:18:1f:d7:
c5:c4:eb:50:96:ee:dd:58:c6:bf:1b:87:8d:4d:b2:c4:e5:8d:
6a:63:f0:42:31:b0:c9:1c:00:54:85:7c:f5:db:c3:fc:54:f9:
da:09:ef:14:14:98:06:db:1e:c0:41:1e:f3:39:6a:76:33:94:
13:c7:2c:c9:a0:75:a0:6d:6d:96:45:65:74:a2:7a:e0:6f:6d:
a2:c8:1a:0a:b2:b1:1b:74:26:a8:f5:2c:14:10:b7:ad:01:0c:
a6:fe:49:b7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVrJWy3Qju6g1L3D0o6pBNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2OGZmOTIyOWVmZDhkMTJiNDI3M2YzNDZmOGM2NDU0ZWE1
ODdlY2MwHhcNMjMwMTAxMDIyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQxNDBhY2QyZmE2NmU5NGI3YjMwMzZiOWM3ZGY1ODY3YWI4ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7YAH7YjkGmB2tPg7NkNJPQ96YTW6
staGAmaJ1dLXjULi89wUwKD5gJqw6fEno3dv3l26gde/L8rv434zGTXr6YCl3grj
imdHupO/j9iwquO4DrpHRLteUHT05waRzaJ972ivMWzeF93TuqWnWFad3U2Mqi7W
plFdWtEC0iFI4/0jkQpc+xJGivK2sT7/GL3UhB0QVfjHBZpjaoU/WM7DMyYKN4Mn
SWb8NicXY30Xwb8o3NBABEfWzUab1Tj29aGQcYg9lUHoRbqRtWMKni//iMrpGM90
CbMrJjrRCnBSM53jW5RP4l1WJYEgaLXROyHcIPY5JjP2Erag+WD4/AyNOwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLTRQKzS+mbpS3swNrnH31hnq47DMB8GA1UdIwQY
MBaAFKaP+SKe/Y0StCc/NG+MZFTqWH7MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEt
MjI3ZTIxZTY5MWU3LzEvdE5GQXJOTDZadWxMZXpBMnVjZmZXR2VyanNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8yZmY5OGUtNmZmOS00MjMzLWI5ZjEtMjI3ZTIxZTY5MWU3
LzEvcG9fNUlwNzlqUkswSno4MGI0eGtWT3BZZnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBLhCgAwQC
LhCkAwQCW8WMAwQCuRuQMA0GCSqGSIb3DQEBCwUAA4IBAQASbM0ygJO5VzhL/RWC
UyROHCqkjqUCE8pHKxIAMaIlij17yqo7VrJ26xVLmR8bIlAUXOOPAO+F99zvRC7C
57ixXbuDPa/EeJ4MqKDfXEh8VYaOzkHC/50v+oh1fQ2ZYEmVefXEptA6/R7iT7b3
qLUCZV4UsHNy8+6j5+NYOP5KGlGXaFXWSTuNdXkLSJDHnQKLTKi+d8uLbaEIWk9q
zWMYH9fFxOtQlu7dWMa/G4eNTbLE5Y1qY/BCMbDJHABUhXz128P8VPnaCe8UFJgG
2x7AQR7zOWp2M5QTxyzJoHWgbW2WRWV0onrgb22iyBoKsrEbdCao9SwUELetAQym
/km3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:24 2024 by rpki-client on console-ams.rpki-client.org