Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/D8FDbCKLB5TNfln-k7FGnpL8Abo.roa
File: D8FDbCKLB5TNfln-k7FGnpL8Abo.roa (raw, json)
Hash identifier: IuhrGiJHcyt49zgII3OLb/isOVhSHJ4MivPQuRBq/n4=
Subject key identifier: 0F:C1:43:6C:22:8B:07:94:CD:7E:59:FE:93:B1:46:9E:92:FC:01:BA
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 018E3243C321B2C3D661B15F43B16959E797
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/D8FDbCKLB5TNfln-k7FGnpL8Abo.roa
Signing time: Tue 12 Mar 2024 10:44:45 +0000
ROA not before: Tue 12 Mar 2024 10:44:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49505
IP address blocks: 176.126.102.0/24 maxlen: 24
185.222.214.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:32:43:c3:21:b2:c3:d6:61:b1:5f:43:b1:69:59:e7:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Mar 12 10:44:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0fc1436c228b0794cd7e59fe93b1469e92fc01ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:65:e4:81:c6:a6:d0:01:13:39:f2:d7:6d:cc:
0d:15:2e:2f:ee:1e:ed:2a:62:c0:ba:8e:83:cb:70:
d5:8f:10:0e:c7:5c:f8:2e:4d:8d:b6:37:92:c4:30:
5f:ea:7f:15:bc:ea:8e:aa:07:44:3e:64:ad:d7:c6:
76:8d:12:62:cc:ad:3d:99:55:de:25:57:50:81:5f:
29:58:8b:42:31:9f:50:b4:05:b0:c5:68:95:58:48:
aa:c7:f5:25:d2:d2:fc:dd:60:c0:50:4f:96:5a:75:
a6:30:e8:4b:78:b3:58:d4:c7:ca:b1:30:dc:62:a8:
21:c9:d5:32:cd:25:91:81:4e:c0:48:4c:63:63:5b:
59:35:d8:41:ea:26:fc:23:7e:d9:4f:8d:c6:7c:95:
fc:75:db:d0:59:e2:8e:79:7b:78:6a:f1:13:b1:8b:
50:39:fc:d3:44:60:43:3e:f8:2a:db:20:f0:d3:bf:
34:15:77:2e:e4:16:77:20:c1:15:ce:0f:cf:59:08:
a8:b8:be:7f:02:7d:c6:46:2c:81:65:22:f6:79:42:
8a:8f:27:bb:14:d4:f1:19:bd:0b:17:b3:72:18:44:
79:86:2a:4a:51:39:98:6f:2d:76:fd:1b:5e:9d:5e:
01:1b:b6:59:0a:95:9b:a3:43:18:f2:b5:68:0a:90:
87:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:C1:43:6C:22:8B:07:94:CD:7E:59:FE:93:B1:46:9E:92:FC:01:BA
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/D8FDbCKLB5TNfln-k7FGnpL8Abo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.126.102.0/24
185.222.214.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:b8:74:56:c4:41:0d:63:15:5b:4e:b5:ef:30:0d:58:f8:6b:
4e:7d:00:6d:15:9c:bd:63:27:61:69:bf:85:0f:e3:6b:bf:d4:
c5:15:b8:0f:d0:59:cc:b1:1f:bc:a0:61:95:be:7a:f9:69:27:
54:8b:ca:b0:24:57:e4:5c:04:75:1c:47:5f:4c:c3:ba:91:e5:
67:2e:3d:8a:cf:b6:d7:2b:48:78:9c:37:24:08:15:dd:12:9a:
36:19:e2:b3:0f:3c:35:75:cf:8b:06:95:3d:1b:b2:ab:61:e0:
bf:ca:be:fa:44:35:d1:81:7c:37:4c:a6:12:f8:af:b1:77:f7:
ec:6e:6e:11:71:99:5a:e3:28:9f:d0:b5:2d:91:66:ec:e1:83:
c5:a3:d1:03:9b:57:86:23:01:59:a4:52:39:85:e8:c2:0c:d5:
af:a9:06:77:86:bd:b2:06:ea:49:b4:05:c1:97:8d:29:31:33:
63:0b:c4:f0:a7:82:32:5f:ed:fe:33:ec:98:e3:0f:ea:06:7f:
6f:bd:f9:63:c4:f3:2a:95:e4:14:60:65:0a:a2:28:89:c2:fc:
1a:b8:b3:88:c6:52:20:87:b3:a5:63:ac:9d:e6:6e:9d:28:7c:
56:22:54:82:37:9d:3b:32:b0:c8:28:3a:45:c5:a9:f2:93:aa:
61:94:27:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4yQ8MhssPWYbFfQ7FpWeeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmMxNDM2YzIyOGIwNzk0Y2Q3ZTU5ZmU5M2IxNDY5ZTkyZmMwMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGXkgcam0AETOfLXbcwNFS4v7h7t
KmLAuo6Dy3DVjxAOx1z4Lk2NtjeSxDBf6n8VvOqOqgdEPmSt18Z2jRJizK09mVXe
JVdQgV8pWItCMZ9QtAWwxWiVWEiqx/Ul0tL83WDAUE+WWnWmMOhLeLNY1MfKsTDc
YqghydUyzSWRgU7ASExjY1tZNdhB6ib8I37ZT43GfJX8ddvQWeKOeXt4avETsYtQ
OfzTRGBDPvgq2yDw0780FXcu5BZ3IMEVzg/PWQiouL5/An3GRiyBZSL2eUKKjye7
FNTxGb0LF7NyGER5hipKUTmYby12/RtenV4BG7ZZCpWbo0MY8rVoCpCHyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA/BQ2wiiweUzX5Z/pOxRp6S/AG6MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvRDhGRGJDS0xCNVROZmxuLWs3RkducEw4QWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsH5mAwQA
ud7WMA0GCSqGSIb3DQEBCwUAA4IBAQANuHRWxEENYxVbTrXvMA1Y+GtOfQBtFZy9
Yydhab+FD+Nrv9TFFbgP0FnMsR+8oGGVvnr5aSdUi8qwJFfkXAR1HEdfTMO6keVn
Lj2Kz7bXK0h4nDckCBXdEpo2GeKzDzw1dc+LBpU9G7KrYeC/yr76RDXRgXw3TKYS
+K+xd/fsbm4RcZla4yif0LUtkWbs4YPFo9EDm1eGIwFZpFI5hejCDNWvqQZ3hr2y
BupJtAXBl40pMTNjC8Twp4IyX+3+M+yY4w/qBn9vvfljxPMqleQUYGUKoiiJwvwa
uLOIxlIgh7OlY6yd5m6dKHxWIlSCN507MrDIKDpFxanyk6phlCd9
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:31 2024 by rpki-client on console-fra.rpki-client.org