Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/y3jmVMTkM-kLV0ZzyKzK8-c81xY.roa
File: y3jmVMTkM-kLV0ZzyKzK8-c81xY.roa (raw, json)
Hash identifier: ksp3M6kp+ec8CPIlzRYFITQRaVkTx3+3IM9BuShEKeo=
Subject key identifier: CB:78:E6:54:C4:E4:33:E9:0B:57:46:73:C8:AC:CA:F3:E7:3C:D7:16
Certificate issuer: /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial: 019461E47C122D026933A183A81666122251
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/y3jmVMTkM-kLV0ZzyKzK8-c81xY.roa
Signing time: Mon 13 Jan 2025 22:59:11 +0000
ROA not before: Mon 13 Jan 2025 22:59:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204079
IP address blocks: 46.36.98.0/24 maxlen: 24
46.36.106.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:61:e4:7c:12:2d:02:69:33:a1:83:a8:16:66:12:22:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Validity
Not Before: Jan 13 22:59:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb78e654c4e433e90b574673c8accaf3e73cd716
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:32:a5:41:3b:be:ec:6b:f9:69:f8:58:de:64:
50:09:e6:54:da:00:c7:98:ae:a9:a6:30:db:69:51:
6e:2d:6e:1a:42:cf:77:67:1c:96:ad:45:4e:14:cf:
32:0e:3f:3f:59:b9:6f:36:47:e3:7d:f3:e8:32:44:
d2:79:69:ff:32:f8:12:07:14:b9:55:0c:52:59:81:
ce:0d:7e:80:1e:ae:ca:a4:4f:c8:58:c8:c6:31:03:
db:e3:b2:5f:1f:8f:79:22:f2:36:bc:19:31:a8:bc:
c1:94:64:82:93:51:45:a4:49:b6:15:b3:b8:cc:fc:
80:b8:e2:9c:24:21:b4:fa:a0:b9:4b:ab:e8:d3:b1:
2d:1e:c1:75:68:2e:34:1f:f1:28:9f:71:3e:03:43:
b9:7c:db:3e:6e:ec:e8:cf:d2:bb:75:5d:27:12:cb:
6c:cf:2e:20:df:7c:1d:1c:bd:d2:0f:2d:b7:45:c9:
12:e3:a0:75:4f:b7:a9:f0:9a:1a:b3:a5:9c:e8:87:
ba:63:14:98:3f:fd:0b:17:5f:a6:8c:9a:d5:96:eb:
ac:8d:80:0f:aa:4a:f1:18:e5:09:11:86:1c:30:dd:
71:6d:c0:d4:5b:fa:7c:36:e7:21:3e:cd:99:d6:b2:
92:e0:94:a7:23:19:53:d3:51:fb:21:e2:c4:dc:04:
3d:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:78:E6:54:C4:E4:33:E9:0B:57:46:73:C8:AC:CA:F3:E7:3C:D7:16
X509v3 Authority Key Identifier:
keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/y3jmVMTkM-kLV0ZzyKzK8-c81xY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.36.98.0/24
46.36.106.0/24
Signature Algorithm: sha256WithRSAEncryption
26:67:32:28:90:0c:bb:1f:e7:c9:0c:13:bf:a7:9c:d6:16:32:
80:ef:7d:b9:15:8b:b2:5e:d0:aa:66:96:f5:3e:c6:19:cf:82:
1b:88:14:78:8f:9e:ea:74:0d:a7:2b:00:02:f0:3b:e4:1c:7b:
65:90:36:64:28:fc:87:50:3a:f4:21:9d:e1:b7:66:30:11:23:
47:14:41:9a:76:82:3e:96:04:a6:a7:d1:48:1d:20:c1:fb:06:
65:0a:eb:f6:75:8d:6a:43:bc:78:8f:01:52:2d:8c:9b:9f:32:
65:f4:5c:b9:e7:c0:ef:c6:a8:5e:bd:b3:c6:c2:9e:47:ea:82:
7d:d7:20:bb:9e:e2:8e:be:80:bb:4d:55:39:a5:4a:54:cd:f7:
24:82:c6:75:1e:43:f7:0b:07:e2:c9:63:df:6e:74:78:79:1f:
8d:6f:69:b6:c0:8f:a7:0e:57:c2:98:82:63:53:37:23:d7:b9:
c9:aa:20:6c:0e:ef:55:e6:f4:c1:1a:22:08:9a:2a:dc:52:de:
cc:6a:e1:0e:e6:33:0b:7f:19:5a:28:73:1d:8a:d7:b1:42:09:
89:f6:5c:c7:6b:61:56:0b:8f:aa:cf:6a:5b:66:99:ea:f9:2d:
f6:15:ac:87:c0:14:e1:ee:aa:3e:de:d8:f5:74:82:05:82:8f:
cd:af:87:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRh5HwSLQJpM6GDqBZmEiJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjUwMTEzMjI1OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjc4ZTY1NGM0ZTQzM2U5MGI1NzQ2NzNjOGFjY2FmM2U3M2NkNzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DKlQTu+7Gv5afhY3mRQCeZU2gDH
mK6ppjDbaVFuLW4aQs93ZxyWrUVOFM8yDj8/WblvNkfjffPoMkTSeWn/MvgSBxS5
VQxSWYHODX6AHq7KpE/IWMjGMQPb47JfH495IvI2vBkxqLzBlGSCk1FFpEm2FbO4
zPyAuOKcJCG0+qC5S6vo07EtHsF1aC40H/Eon3E+A0O5fNs+buzoz9K7dV0nEsts
zy4g33wdHL3SDy23RckS46B1T7ep8Joas6Wc6Ie6YxSYP/0LF1+mjJrVluusjYAP
qkrxGOUJEYYcMN1xbcDUW/p8NuchPs2Z1rKS4JSnIxlT01H7IeLE3AQ9oQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMt45lTE5DPpC1dGc8isyvPnPNcWMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEveTNqbVZNVGtNLWtMVjBaenlLeks4LWM4MXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiRiAwQA
LiRqMA0GCSqGSIb3DQEBCwUAA4IBAQAmZzIokAy7H+fJDBO/p5zWFjKA7325FYuy
XtCqZpb1PsYZz4IbiBR4j57qdA2nKwAC8DvkHHtlkDZkKPyHUDr0IZ3ht2YwESNH
FEGadoI+lgSmp9FIHSDB+wZlCuv2dY1qQ7x4jwFSLYybnzJl9Fy558DvxqhevbPG
wp5H6oJ91yC7nuKOvoC7TVU5pUpUzfckgsZ1HkP3CwfiyWPfbnR4eR+Nb2m2wI+n
DlfCmIJjUzcj17nJqiBsDu9V5vTBGiIImircUt7MauEO5jMLfxlaKHMditexQgmJ
9lzHa2FWC4+qz2pbZpnq+S32FayHwBTh7qo+3tj1dIIFgo/Nr4eC
-----END CERTIFICATE-----
Generated at Fri May 2 02:53:09 2025 by rpki-client