Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/PwiXLnc_UClswbp9hGe7A75EC3c.roa
File: PwiXLnc_UClswbp9hGe7A75EC3c.roa (raw, json)
Hash identifier: Qex8yjjgchk3hB4Zl8lTRfnFoSOLg8GiEE8vevGZhtg=
Subject key identifier: 3F:08:97:2E:77:3F:50:29:6C:C1:BA:7D:84:67:BB:03:BE:44:0B:77
Certificate issuer: /CN=a1f7882861c29ed599be4a937480c4d13e25bfc2
Certificate serial: 018CC72658E9F3CDA642EE897B0EA8BC13A2
Authority key identifier: A1:F7:88:28:61:C2:9E:D5:99:BE:4A:93:74:80:C4:D1:3E:25:BF:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/PwiXLnc_UClswbp9hGe7A75EC3c.roa
Signing time: Mon 01 Jan 2024 22:30:28 +0000
ROA not before: Mon 01 Jan 2024 22:30:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202617
IP address blocks: 84.247.18.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:26:58:e9:f3:cd:a6:42:ee:89:7b:0e:a8:bc:13:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a1f7882861c29ed599be4a937480c4d13e25bfc2
Validity
Not Before: Jan 1 22:30:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3f08972e773f50296cc1ba7d8467bb03be440b77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:60:33:4a:5e:d7:90:81:67:20:b5:d3:92:66:
04:86:c4:4c:0a:27:5a:ae:42:8b:a3:1d:f3:f2:df:
33:a1:8a:b4:fa:76:91:f0:fa:33:8b:d8:75:dc:d7:
f4:19:e4:47:49:64:89:96:76:cc:b4:01:75:2f:48:
04:b8:ea:82:b0:25:ed:61:85:c5:5a:e5:4f:61:76:
f3:12:d1:4b:4e:84:50:64:2f:67:3b:6e:b5:52:62:
2a:5b:90:c8:27:61:73:6e:40:31:19:53:d0:eb:94:
d6:e6:33:57:cb:fd:27:d0:e2:d0:ee:f2:0b:8d:23:
cd:ce:96:5e:36:c6:fb:e7:44:49:0a:c7:42:75:ef:
d6:ba:06:77:8a:c9:89:bc:f2:75:07:82:da:ba:c2:
be:31:ba:62:c1:c4:8e:05:bd:62:6b:a7:db:85:ce:
06:0a:ad:ce:e7:37:5c:84:72:c0:ac:c5:c2:62:6c:
47:d1:df:40:35:01:55:b4:cc:41:8e:29:cd:6e:23:
eb:6d:ae:90:79:15:61:ac:b5:aa:62:ef:1c:33:e5:
37:30:63:47:49:90:0b:6a:c2:a7:36:3c:e2:d9:c2:
b6:b2:d8:17:b8:46:93:c4:fc:ba:86:50:98:52:d8:
42:a6:1a:1c:bd:8b:93:9d:60:cd:b9:47:9d:1d:f5:
6a:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:08:97:2E:77:3F:50:29:6C:C1:BA:7D:84:67:BB:03:BE:44:0B:77
X509v3 Authority Key Identifier:
keyid:A1:F7:88:28:61:C2:9E:D5:99:BE:4A:93:74:80:C4:D1:3E:25:BF:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/PwiXLnc_UClswbp9hGe7A75EC3c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ofeIKGHCntWZvkqTdIDE0T4lv8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.247.18.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:3a:c2:8f:48:b7:9f:a8:66:de:5e:81:bd:82:7f:8a:e1:2e:
ef:b4:f4:9e:26:5e:0e:bb:37:ab:7e:b3:6b:f6:0c:75:a4:58:
d5:f4:ae:ed:bc:e8:1e:85:cf:a1:10:53:70:03:4d:5a:c6:30:
60:94:32:8c:b1:fb:52:0a:cc:5d:3c:81:bd:a9:e9:f8:ec:8c:
de:d1:46:42:4b:29:a7:b3:03:12:fa:15:6c:c6:f9:df:b9:d3:
2e:87:89:be:73:80:c1:46:a1:7b:5b:2a:ee:23:30:f8:42:63:
38:71:58:2a:d3:f6:bb:7f:7f:3f:bf:bf:ac:55:8a:8d:3f:e7:
14:85:2b:27:1d:75:8e:a3:c1:08:96:38:97:71:b2:8b:d9:cf:
76:d5:9e:c1:4d:f9:43:55:b1:f7:a1:ce:2b:0c:39:12:e6:0e:
d3:db:ef:48:ae:f9:03:04:02:0d:ff:fb:d1:0f:25:c6:24:5f:
aa:24:8a:33:5a:9e:3a:d4:27:80:c8:97:96:04:95:35:41:26:
1c:e2:43:89:c9:48:0b:a9:35:14:4e:67:f5:55:cf:55:70:12:
f4:b2:cb:e9:cd:f3:25:23:8c:df:8a:18:aa:f5:90:b0:41:f9:
fd:e9:87:c2:89:b4:7a:1a:f2:d8:5c:07:c9:75:6f:78:08:4f:
f0:0e:c6:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJljp882mQu6Jew6ovBOiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZjc4ODI4NjFjMjllZDU5OWJlNGE5Mzc0ODBjNGQxM2Uy
NWJmYzIwHhcNMjQwMTAxMjIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjA4OTcyZTc3M2Y1MDI5NmNjMWJhN2Q4NDY3YmIwM2JlNDQwYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmAzSl7XkIFnILXTkmYEhsRMCida
rkKLox3z8t8zoYq0+naR8Pozi9h13Nf0GeRHSWSJlnbMtAF1L0gEuOqCsCXtYYXF
WuVPYXbzEtFLToRQZC9nO261UmIqW5DIJ2FzbkAxGVPQ65TW5jNXy/0n0OLQ7vIL
jSPNzpZeNsb750RJCsdCde/WugZ3ismJvPJ1B4LausK+MbpiwcSOBb1ia6fbhc4G
Cq3O5zdchHLArMXCYmxH0d9ANQFVtMxBjinNbiPrba6QeRVhrLWqYu8cM+U3MGNH
SZALasKnNjzi2cK2stgXuEaTxPy6hlCYUthCphocvYuTnWDNuUedHfVqNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8Ily53P1ApbMG6fYRnuwO+RAt3MB8GA1UdIwQY
MBaAFKH3iChhwp7Vmb5Kk3SAxNE+Jb/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2ZlSUtHSENudFdadmtxVGRJREUwVDRsdjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8wM2JhYjgtNmM0My00YTIwLWE5NjAt
YzM3YTU5ODJmNDY2LzEvUHdpWExuY19VQ2xzd2JwOWhHZTdBNzVFQzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8wM2JhYjgtNmM0My00YTIwLWE5NjAtYzM3YTU5ODJmNDY2
LzEvb2ZlSUtHSENudFdadmtxVGRJREUwVDRsdjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPcSMA0G
CSqGSIb3DQEBCwUAA4IBAQCPOsKPSLefqGbeXoG9gn+K4S7vtPSeJl4OuzerfrNr
9gx1pFjV9K7tvOgehc+hEFNwA01axjBglDKMsftSCsxdPIG9qen47Ize0UZCSymn
swMS+hVsxvnfudMuh4m+c4DBRqF7WyruIzD4QmM4cVgq0/a7f38/v7+sVYqNP+cU
hSsnHXWOo8EIljiXcbKL2c921Z7BTflDVbH3oc4rDDkS5g7T2+9IrvkDBAIN//vR
DyXGJF+qJIozWp461CeAyJeWBJU1QSYc4kOJyUgLqTUUTmf1Vc9VcBL0ssvpzfMl
I4zfihiq9ZCwQfn96YfCibR6GvLYXAfJdW94CE/wDsb+
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:09:08 2025 by rpki-client