Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/5lZG2uqkayQbKHMY1gK1aRbhMJU.roa
File: 5lZG2uqkayQbKHMY1gK1aRbhMJU.roa (raw, json)
Hash identifier: QK8ZEqyAlm7G2EKzZsaKIB90Tka7QzxdPn0B2+AKTDs=
Subject key identifier: E6:56:46:DA:EA:A4:6B:24:1B:28:73:18:D6:02:B5:69:16:E1:30:95
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 018559EA3EC8F27A960852AA8D73BAE68158
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/5lZG2uqkayQbKHMY1gK1aRbhMJU.roa
Signing time: Wed 28 Dec 2022 18:06:41 +0000
ROA not before: Wed 28 Dec 2022 18:06:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34458
IP address blocks: 46.20.107.0/24 maxlen: 24
46.20.108.0/24 maxlen: 24
46.20.106.0/24 maxlen: 24
46.20.111.0/24 maxlen: 24
46.20.110.0/24 maxlen: 24
46.20.97.0/24 maxlen: 24
46.20.104.0/24 maxlen: 24
46.20.105.0/24 maxlen: 24
46.20.101.0/24 maxlen: 24
185.160.194.0/24 maxlen: 24
185.100.170.0/24 maxlen: 24
185.100.171.0/24 maxlen: 24
185.100.168.0/24 maxlen: 24
185.100.169.0/24 maxlen: 24
185.169.222.0/24 maxlen: 24
185.169.221.0/24 maxlen: 24
185.169.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:59:ea:3e:c8:f2:7a:96:08:52:aa:8d:73:ba:e6:81:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Dec 28 18:06:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e65646daeaa46b241b287318d602b56916e13095
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:32:5d:a6:16:df:9b:38:45:f4:86:ab:94:77:
ff:20:70:2a:e2:90:c5:39:f3:80:e7:40:ed:34:02:
d6:8f:56:e9:a2:0c:da:d6:25:95:78:53:d7:ac:4d:
ad:0a:2d:cd:c9:46:c1:f6:33:3b:c6:b1:18:40:97:
fa:d0:b0:96:d0:9f:e9:f0:49:6d:07:dd:2e:b4:f0:
34:55:ea:01:82:db:ef:be:30:33:18:bd:d0:f3:be:
6c:95:c2:18:c8:71:5d:31:42:fc:7e:ac:10:27:98:
d2:3f:cc:09:db:91:01:72:7b:87:1d:1f:6b:18:5e:
f2:46:f4:b0:06:78:06:26:ab:91:a3:18:44:a4:ba:
4a:e3:9a:00:f4:ca:06:f7:12:75:6e:2b:0e:2a:40:
dd:4d:0e:0c:5b:af:2e:a9:24:1e:32:cb:79:8c:d4:
0b:ff:ac:bf:db:8a:3e:a3:86:72:4e:15:de:31:b0:
ef:c8:29:5a:63:6b:13:60:39:0c:3b:5c:07:c1:44:
aa:32:91:4f:67:67:1f:4f:6c:9a:8a:92:88:71:52:
d2:14:3f:d9:ac:5d:16:ae:8d:19:8e:39:0f:78:b7:
ca:bd:60:55:12:b0:8c:76:c3:55:25:7f:4c:0d:37:
bd:94:e2:29:aa:62:0d:fb:ae:cc:90:82:b4:29:54:
41:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:56:46:DA:EA:A4:6B:24:1B:28:73:18:D6:02:B5:69:16:E1:30:95
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/5lZG2uqkayQbKHMY1gK1aRbhMJU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.97.0/24
46.20.101.0/24
46.20.104.0-46.20.108.255
46.20.110.0/23
185.100.168.0/22
185.160.194.0/24
185.169.221.0-185.169.223.255
Signature Algorithm: sha256WithRSAEncryption
7e:23:e8:03:26:a8:05:11:52:c0:0d:9b:48:d6:0c:49:02:8d:
ce:3b:1d:c5:0e:62:d3:22:d4:d5:64:52:75:66:5d:97:2f:d9:
6a:fb:5f:76:1d:e2:21:26:91:dd:10:63:76:79:a3:78:48:05:
3d:d3:9b:88:5e:c7:b6:5e:9a:a7:c3:b2:2b:96:4c:bb:91:94:
5e:6e:eb:77:82:ae:49:66:82:92:ad:b9:e6:ca:5c:bb:7f:54:
02:08:aa:ce:4f:fe:9b:cc:95:24:95:4b:be:d3:6e:4a:d5:44:
38:31:1b:e1:31:ae:4d:b2:c5:85:f0:2f:32:87:a0:21:90:3a:
ba:28:46:e0:56:ea:de:d0:01:79:02:f3:1d:05:7a:70:f2:eb:
68:7f:32:51:c6:f8:5d:58:f7:63:10:9d:20:4b:01:8a:67:9a:
20:bf:34:e9:8b:bb:17:34:1e:cc:fc:45:ff:4e:e5:14:bb:c1:
7c:c5:fe:2f:10:e1:6d:02:66:ea:ef:4b:2a:26:68:9a:ab:a7:
70:7d:1b:23:f3:27:03:46:ad:6b:1d:91:d0:33:8a:7e:75:72:
17:63:7d:9a:d4:d6:29:17:fb:28:64:b3:cb:02:87:29:c2:ce:
3f:dd:71:40:6b:a3:fd:d6:22:12:65:60:fc:cf:aa:5c:84:dd:
e0:df:80:a6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVZ6j7I8nqWCFKqjXO65oFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjIxMjI4MTgwNjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjU2NDZkYWVhYTQ2YjI0MWIyODczMThkNjAyYjU2OTE2ZTEzMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTJdphbfmzhF9IarlHf/IHAq4pDF
OfOA50DtNALWj1bpogza1iWVeFPXrE2tCi3NyUbB9jM7xrEYQJf60LCW0J/p8Elt
B90utPA0VeoBgtvvvjAzGL3Q875slcIYyHFdMUL8fqwQJ5jSP8wJ25EBcnuHHR9r
GF7yRvSwBngGJquRoxhEpLpK45oA9MoG9xJ1bisOKkDdTQ4MW68uqSQeMst5jNQL
/6y/24o+o4ZyThXeMbDvyClaY2sTYDkMO1wHwUSqMpFPZ2cfT2yaipKIcVLSFD/Z
rF0Wro0ZjjkPeLfKvWBVErCMdsNVJX9MDTe9lOIpqmIN+67MkIK0KVRBnwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFOZWRtrqpGskGyhzGNYCtWkW4TCVMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvNWxaRzJ1cWtheVFiS0hNWTFnSzFhUmJoTUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQALhRhAwQA
LhRlMAwDBAMuFGgDBAAuFGwDBAEuFG4DBAK5ZKgDBAC5oMIwDAMEALmp3QMEBbmp
wDANBgkqhkiG9w0BAQsFAAOCAQEAfiPoAyaoBRFSwA2bSNYMSQKNzjsdxQ5i0yLU
1WRSdWZdly/Zavtfdh3iISaR3RBjdnmjeEgFPdObiF7Htl6ap8OyK5ZMu5GUXm7r
d4KuSWaCkq255spcu39UAgiqzk/+m8yVJJVLvtNuStVEODEb4TGuTbLFhfAvMoeg
IZA6uihG4Fbq3tABeQLzHQV6cPLraH8yUcb4XVj3YxCdIEsBimeaIL806Yu7FzQe
zPxF/07lFLvBfMX+LxDhbQJm6u9LKiZomquncH0bI/MnA0atax2R0DOKfnVyF2N9
mtTWKRf7KGSzywKHKcLOP91xQGuj/dYiEmVg/M+qXITd4N+Apg==
-----END CERTIFICATE-----
Generated at Sun May 11 13:46:08 2025 by rpki-client