Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/FzFgOhQ0w0JVO72YgkDTCWVCZgg.roa
File: FzFgOhQ0w0JVO72YgkDTCWVCZgg.roa (raw, json)
Hash identifier: flTWvEBRE4/Z0Zc4a+Zm1EzywzxhiMiHsApsXoHm9hg=
Subject key identifier: 17:31:60:3A:14:34:C3:42:55:3B:BD:98:82:40:D3:09:65:42:66:08
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0188A0961C2F13FAF93780ADD68805FE703B
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/FzFgOhQ0w0JVO72YgkDTCWVCZgg.roa
Signing time: Fri 09 Jun 2023 14:36:12 +0000
ROA not before: Fri 09 Jun 2023 14:36:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202673
IP address blocks: 194.15.154.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:a0:96:1c:2f:13:fa:f9:37:80:ad:d6:88:05:fe:70:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jun 9 14:36:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1731603a1434c342553bbd988240d30965426608
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:e7:f1:ac:f4:13:0e:29:c7:0b:6e:02:5c:98:
f4:67:0e:08:8e:06:dd:f7:45:69:12:e9:63:8b:ed:
68:bb:84:22:3e:1d:7e:e9:c2:f8:64:f8:f5:ef:63:
f2:62:0f:f9:9b:2c:72:92:2c:81:c2:8d:d7:d0:52:
c4:dd:36:64:05:ff:3c:bc:24:36:2d:69:e4:39:d4:
12:ad:5e:87:4c:62:8d:fe:26:b3:f0:55:e2:08:78:
0f:10:23:94:b1:fc:5e:86:e3:98:c6:93:77:73:01:
f1:7d:55:1f:60:87:69:b7:bd:2f:dd:1d:16:76:14:
2f:95:ee:24:12:7c:0d:12:06:a4:58:4e:00:6d:17:
b6:98:b9:28:82:dc:eb:60:77:27:64:4c:ea:82:19:
ee:e9:f4:2b:74:c2:47:36:e8:a1:b6:72:71:18:ff:
e1:0e:e4:ac:c7:a9:3b:b7:e5:20:b9:47:42:9f:92:
25:17:5a:c6:33:04:41:a6:6a:f7:90:9d:2e:04:83:
35:08:91:06:58:23:d9:36:b5:50:b5:c1:7e:64:5c:
a4:5b:71:23:2e:ec:57:86:32:e2:7a:9f:1d:c9:57:
6d:ed:6f:d1:d0:37:32:13:48:5a:66:48:53:08:ea:
4e:ce:ad:84:f7:14:40:c7:24:14:be:0a:c6:1b:ea:
68:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:31:60:3A:14:34:C3:42:55:3B:BD:98:82:40:D3:09:65:42:66:08
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/FzFgOhQ0w0JVO72YgkDTCWVCZgg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.15.154.0/24
Signature Algorithm: sha256WithRSAEncryption
07:c2:fe:71:7f:4b:89:cc:b0:f4:b6:17:ac:dd:8f:ca:b2:9b:
a9:10:6d:80:ea:bc:75:f0:2d:52:0a:0a:22:9f:fb:46:cd:71:
36:45:14:2b:b4:2c:0f:d9:0a:e0:17:01:73:b8:ad:6a:c2:a4:
ba:c4:82:35:09:d9:9d:c2:a7:fd:7f:bb:48:fe:7c:29:74:bb:
7f:73:53:2f:8f:20:d7:ff:c8:90:56:27:f6:a7:82:9c:c6:e7:
74:09:cc:85:c1:c3:b2:c2:4b:50:20:03:d6:87:cb:96:44:8d:
dd:50:41:e6:51:5d:71:32:4b:3d:ea:d1:1b:54:c3:2a:b0:49:
85:9a:96:2d:31:c2:f8:17:6a:56:8c:a8:20:f8:e2:e7:9a:18:
dd:fc:cf:2b:e2:3e:b4:b0:c0:bb:41:8b:23:ee:d5:f3:55:36:
b6:c6:d2:bc:15:7c:23:17:6b:de:7b:3a:44:31:e7:6b:ba:27:
01:c0:e4:e1:af:e3:80:7d:59:07:b8:6f:2d:f6:81:ba:f7:2c:
b6:34:9a:ce:89:73:89:73:df:75:bc:4a:a6:c8:41:cf:69:72:
2b:92:28:a4:be:d9:de:cf:79:29:76:87:ee:5e:3f:4f:72:5d:
75:40:99:e0:67:68:18:9e:fc:33:17:53:ac:54:85:45:bf:02:
10:ff:1f:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYiglhwvE/r5N4Ct1ogF/nA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNjA5MTQzNjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzMxNjAzYTE0MzRjMzQyNTUzYmJkOTg4MjQwZDMwOTY1NDI2NjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxufxrPQTDinHC24CXJj0Zw4Ijgbd
90VpEulji+1ou4QiPh1+6cL4ZPj172PyYg/5myxykiyBwo3X0FLE3TZkBf88vCQ2
LWnkOdQSrV6HTGKN/iaz8FXiCHgPECOUsfxehuOYxpN3cwHxfVUfYIdpt70v3R0W
dhQvle4kEnwNEgakWE4AbRe2mLkogtzrYHcnZEzqghnu6fQrdMJHNuihtnJxGP/h
DuSsx6k7t+UguUdCn5IlF1rGMwRBpmr3kJ0uBIM1CJEGWCPZNrVQtcF+ZFykW3Ej
LuxXhjLiep8dyVdt7W/R0DcyE0haZkhTCOpOzq2E9xRAxyQUvgrGG+poEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcxYDoUNMNCVTu9mIJA0wllQmYIMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvRnpGZ09oUTB3MEpWTzcyWWdrRFRDV1ZDWmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg+aMA0G
CSqGSIb3DQEBCwUAA4IBAQAHwv5xf0uJzLD0thes3Y/KspupEG2A6rx18C1SCgoi
n/tGzXE2RRQrtCwP2QrgFwFzuK1qwqS6xII1Cdmdwqf9f7tI/nwpdLt/c1MvjyDX
/8iQVif2p4Kcxud0CcyFwcOywktQIAPWh8uWRI3dUEHmUV1xMks96tEbVMMqsEmF
mpYtMcL4F2pWjKgg+OLnmhjd/M8r4j60sMC7QYsj7tXzVTa2xtK8FXwjF2veezpE
MedruicBwOThr+OAfVkHuG8t9oG69yy2NJrOiXOJc991vEqmyEHPaXIrkiikvtne
z3kpdofuXj9Pcl11QJngZ2gYnvwzF1OsVIVFvwIQ/x/C
-----END CERTIFICATE-----
Generated at Tue Apr 22 05:46:06 2025 by rpki-client