Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/prMIxgUe96_9Tfu4uQgBlwBdl1E.roa
File: prMIxgUe96_9Tfu4uQgBlwBdl1E.roa (raw, json)
Hash identifier: sSXE4V1Cg8mZaDEUaU7Q6iGImDjyagJoKAixQXoyH1E=
Subject key identifier: A6:B3:08:C6:05:1E:F7:AF:FD:4D:FB:B8:B9:08:01:97:00:5D:97:51
Certificate issuer: /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial: 021EC997
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/prMIxgUe96_9Tfu4uQgBlwBdl1E.roa
Signing time: Sat 01 Jan 2022 10:00:00 +0000
ROA not before: Sat 01 Jan 2022 10:00:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35913
IP address blocks: 46.20.109.0/24 maxlen: 24
46.20.107.0/24 maxlen: 24
185.160.195.0/24 maxlen: 24
185.160.193.0/24 maxlen: 24
46.20.98.0/24 maxlen: 24
185.169.220.0/24 maxlen: 24
46.20.103.0/24 maxlen: 24
46.20.102.0/24 maxlen: 24
46.20.99.0/24 maxlen: 24
46.20.100.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35572119 (0x21ec997)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Validity
Not Before: Jan 1 10:00:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a6b308c6051ef7affd4dfbb8b9080197005d9751
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:55:69:26:a3:5e:4b:34:9f:11:5c:1e:4d:9f:
eb:74:7b:b0:6c:f1:77:27:c2:7e:0a:35:4a:39:28:
db:d9:ba:cc:54:4f:9c:b3:ed:54:09:86:7e:f7:d5:
af:35:cc:60:64:6f:ac:a3:80:42:ff:cb:6b:75:4b:
de:53:94:4c:d3:bf:f6:ed:7a:89:2f:58:b2:3b:68:
1b:62:85:02:7c:32:93:8e:14:3f:00:e4:39:21:3d:
42:58:85:eb:90:85:c0:be:52:7b:cb:06:56:49:40:
c8:50:de:6d:04:78:6f:5c:86:ab:0b:2e:56:67:26:
8e:c0:10:1c:a1:20:de:2e:8c:ae:7d:dc:e9:32:49:
28:0c:5e:f3:be:54:c3:16:6b:3c:f9:7d:cc:58:0b:
91:b0:1c:c9:74:dc:d7:da:e5:70:ba:fe:a0:90:fe:
ee:4e:c0:23:da:f8:7e:f0:ab:d9:22:90:ab:ba:e7:
64:77:2d:a2:e9:83:4f:1c:26:7b:cb:09:63:05:8a:
26:2f:be:8c:90:a4:94:ff:bb:8a:f0:7f:78:f3:bb:
68:b5:08:0e:53:79:eb:b7:66:5f:de:e9:a3:0c:6c:
65:c2:a8:e9:5a:cb:1b:4e:82:dc:28:0d:a2:1b:ed:
cd:02:db:c4:5e:a7:e3:53:27:02:9d:3b:1d:6f:b1:
ca:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:B3:08:C6:05:1E:F7:AF:FD:4D:FB:B8:B9:08:01:97:00:5D:97:51
X509v3 Authority Key Identifier:
keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/prMIxgUe96_9Tfu4uQgBlwBdl1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.98.0-46.20.100.255
46.20.102.0/23
46.20.107.0/24
46.20.109.0/24
185.160.193.0/24
185.160.195.0/24
185.169.220.0/24
Signature Algorithm: sha256WithRSAEncryption
c6:48:7d:7a:a1:63:e9:57:e6:02:fb:e4:41:7e:3b:5e:01:69:
74:18:ae:80:db:2c:9f:41:7d:13:71:1a:b1:a8:1a:0d:2e:f2:
d2:53:83:6c:77:50:4c:82:08:83:a6:11:e0:f7:ba:29:0d:e8:
4d:44:b2:f3:af:b7:63:1c:ee:8e:9f:5a:c0:47:87:e7:92:17:
96:6f:3b:f8:6b:83:d7:9c:b6:ca:f5:a2:0a:72:55:83:99:15:
88:d1:c6:0d:65:a9:ef:5b:41:20:c5:ca:d9:20:51:5a:05:5e:
39:c1:c9:5c:05:ef:61:4b:6f:1e:bf:ee:11:91:9a:a7:92:b8:
dd:6d:89:6b:c9:a0:48:7f:ab:85:32:a9:32:5e:ba:e2:07:18:
1b:bb:86:55:92:8e:60:44:ff:b1:f8:87:9b:3d:70:6d:56:50:
44:7e:71:bf:f6:01:b5:25:47:57:1c:09:2e:9b:9c:44:32:e0:
a0:40:d0:bf:6b:e0:2c:b4:f3:c0:68:a5:b1:87:65:5f:87:dc:
f2:40:7c:a9:0d:28:f2:7b:0e:04:b0:f8:a4:36:98:e6:27:6d:
9c:23:42:0c:86:18:ba:a2:a7:64:64:6b:83:59:88:46:a6:10:
9b:1d:d2:20:a7:2f:c1:7c:a8:3d:ce:10:f3:f6:b7:11:03:31:
df:07:c8:19
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIEAh7JlzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MWRkMGViZmY1YmEzOGE4NzU4Yjc5NGQwNGQ2MjkwNTE5NGEzMjY2MB4XDTIyMDEw
MTEwMDAwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTZiMzA4YzYwNTFl
ZjdhZmZkNGRmYmI4YjkwODAxOTcwMDVkOTc1MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOVVaSajXks0nxFcHk2f63R7sGzxdyfCfgo1Sjko29m6zFRP
nLPtVAmGfvfVrzXMYGRvrKOAQv/La3VL3lOUTNO/9u16iS9YsjtoG2KFAnwyk44U
PwDkOSE9QliF65CFwL5Se8sGVklAyFDebQR4b1yGqwsuVmcmjsAQHKEg3i6Mrn3c
6TJJKAxe875UwxZrPPl9zFgLkbAcyXTc19rlcLr+oJD+7k7AI9r4fvCr2SKQq7rn
ZHctoumDTxwme8sJYwWKJi++jJCklP+7ivB/ePO7aLUIDlN567dmX97powxsZcKo
6VrLG06C3CgNohvtzQLbxF6n41MnAp07HW+xyvECAwEAAaOCAjUwggIxMB0GA1Ud
DgQWBBSmswjGBR73r/1N+7i5CAGXAF2XUTAfBgNVHSMEGDAWgBQR3Q6/9bo4qHWL
eU0E1ikFGUoyZjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VkME92X1c2T0toMWkzbE5CTllwQlJsS01tWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvYTY2YTI5LTUxY2MtNGJhOS04ODRmLWYxNzYxM2VhNDllNy8x
L3ByTUl4Z1VlOTZfOVRmdTR1UWdCbHdCZGwxRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
YTY2YTI5LTUxY2MtNGJhOS04ODRmLWYxNzYxM2VhNDllNy8xL0VkME92X1c2T0to
MWkzbE5CTllwQlJsS01tWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBL
BggrBgEFBQcBBwEB/wQ8MDowOAQCAAEwMjAMAwQBLhRiAwQALhRkAwQBLhRmAwQA
LhRrAwQALhRtAwQAuaDBAwQAuaDDAwQAuancMA0GCSqGSIb3DQEBCwUAA4IBAQDG
SH16oWPpV+YC++RBfjteAWl0GK6A2yyfQX0TcRqxqBoNLvLSU4Nsd1BMggiDphHg
97opDehNRLLzr7djHO6On1rAR4fnkheWbzv4a4PXnLbK9aIKclWDmRWI0cYNZanv
W0EgxcrZIFFaBV45wclcBe9hS28ev+4RkZqnkrjdbYlryaBIf6uFMqkyXrriBxgb
u4ZVko5gRP+x+IebPXBtVlBEfnG/9gG1JUdXHAkum5xEMuCgQNC/a+AstPPAaKWx
h2Vfh9zyQHypDSjyew4EsPikNpjmJ22cI0IMhhi6oqdkZGuDWYhGphCbHdIgpy/B
fKg9zhDz9rcRAzHfB8gZ
-----END CERTIFICATE-----
Generated at Fri May 9 02:40:48 2025 by rpki-client