Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/cMk86fKF88x7-87K-W6hDCrUYcI.roa
File: cMk86fKF88x7-87K-W6hDCrUYcI.roa (raw, json)
Hash identifier: hmsLAhIwfRC/jz/vRM69XwYUamNgXz9QD8OUL7LX0D4=
Subject key identifier: 70:C9:3C:E9:F2:85:F3:CC:7B:FB:CE:CA:F9:6E:A1:0C:2A:D4:61:C2
Certificate issuer: /CN=a1f7882861c29ed599be4a937480c4d13e25bfc2
Certificate serial: 0182F9F421F3EBA2194CB4B8CB71FB0B3D53
Authority key identifier: A1:F7:88:28:61:C2:9E:D5:99:BE:4A:93:74:80:C4:D1:3E:25:BF:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/cMk86fKF88x7-87K-W6hDCrUYcI.roa
Signing time: Thu 01 Sep 2022 16:48:22 +0000
ROA not before: Thu 01 Sep 2022 16:48:22 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202617
IP address blocks: 84.247.18.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:f9:f4:21:f3:eb:a2:19:4c:b4:b8:cb:71:fb:0b:3d:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a1f7882861c29ed599be4a937480c4d13e25bfc2
Validity
Not Before: Sep 1 16:48:22 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=70c93ce9f285f3cc7bfbcecaf96ea10c2ad461c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:e8:f2:8b:3a:0d:40:0e:08:97:40:89:89:c0:
66:2b:95:b9:87:6a:ee:b2:0f:ae:54:b8:65:59:d5:
64:d2:58:41:6a:9e:6e:9f:01:67:57:25:01:14:76:
6c:dc:04:3c:f2:c2:7d:6c:6b:16:8f:f9:53:4d:93:
57:cf:03:f7:00:d2:9f:6f:f9:71:77:57:b3:67:a1:
9f:07:c1:f7:88:55:5a:1a:ea:29:a8:88:85:60:13:
82:aa:ca:a4:8c:ad:bc:5a:51:59:8e:b0:6b:71:41:
b4:1b:1c:87:a8:10:55:58:e3:dc:76:b3:c1:4f:ba:
7f:30:50:66:fe:2b:ab:35:2f:1a:a4:d9:04:4a:df:
55:7b:f1:f7:dd:a4:33:78:45:5d:ab:24:3f:1a:dd:
bc:5f:c7:ba:5c:aa:80:62:36:9b:77:a8:05:6e:d1:
68:3e:51:74:0d:87:2a:bd:60:62:d7:cf:7e:e5:a8:
e3:a4:ae:92:1f:c3:d3:f5:35:0f:23:aa:43:1e:f3:
8c:15:ec:27:b6:12:a5:20:42:c9:9c:bb:2f:e4:11:
3d:47:bd:52:e8:d0:d9:06:3b:4d:1c:71:34:bb:d0:
06:3d:a0:8c:3f:c4:ba:09:30:30:b3:b2:3a:5b:66:
4b:da:5f:c3:42:5c:b7:23:a5:0d:9c:10:f9:a6:4d:
42:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:C9:3C:E9:F2:85:F3:CC:7B:FB:CE:CA:F9:6E:A1:0C:2A:D4:61:C2
X509v3 Authority Key Identifier:
keyid:A1:F7:88:28:61:C2:9E:D5:99:BE:4A:93:74:80:C4:D1:3E:25:BF:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/cMk86fKF88x7-87K-W6hDCrUYcI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ofeIKGHCntWZvkqTdIDE0T4lv8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.247.18.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:d8:1f:27:02:6b:bf:c8:ad:6e:90:fa:f6:f3:62:93:95:06:
0c:72:94:cc:f1:92:4f:41:55:2d:61:e9:ae:6f:a7:c5:02:fb:
46:6b:7b:45:7a:11:08:d3:38:6d:43:39:7f:09:ac:27:8d:f0:
57:cd:e4:71:d2:ba:c8:fe:77:fc:fc:2e:0d:04:ec:a3:dc:19:
0a:b8:29:3b:4c:3b:ba:fb:f1:07:e3:c3:03:93:a3:ab:ac:d5:
e8:3e:5f:50:33:03:3b:d9:78:3b:c8:7e:30:e3:6c:9a:28:b9:
0c:62:e3:79:6a:3e:88:66:b9:a0:1d:fe:13:2e:74:1e:50:9f:
27:e6:89:30:60:bc:1a:d7:04:5c:1a:bc:cb:14:bf:a8:0d:24:
fb:67:b8:c7:29:68:2c:be:86:2b:15:dc:67:6d:cb:98:4b:45:
a7:e4:57:8e:ef:0a:b5:8e:99:d0:f4:7a:d8:b0:dc:c8:ca:54:
68:67:c1:a1:bb:36:fa:d6:96:d9:f8:af:27:9c:df:bc:0f:e7:
2f:24:b3:03:ea:0d:57:c7:ed:31:f8:11:13:4b:b3:03:f7:26:
34:aa:3f:f0:64:a7:a7:80:ab:a0:65:e7:19:08:cd:55:87:36:
d3:9c:71:62:00:d2:91:de:1d:17:22:c1:ff:8d:5a:8b:bb:0c:
58:0a:a4:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYL59CHz66IZTLS4y3H7Cz1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZjc4ODI4NjFjMjllZDU5OWJlNGE5Mzc0ODBjNGQxM2Uy
NWJmYzIwHhcNMjIwOTAxMTY0ODIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGM5M2NlOWYyODVmM2NjN2JmYmNlY2FmOTZlYTEwYzJhZDQ2MWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ujyizoNQA4Il0CJicBmK5W5h2ru
sg+uVLhlWdVk0lhBap5unwFnVyUBFHZs3AQ88sJ9bGsWj/lTTZNXzwP3ANKfb/lx
d1ezZ6GfB8H3iFVaGuopqIiFYBOCqsqkjK28WlFZjrBrcUG0GxyHqBBVWOPcdrPB
T7p/MFBm/iurNS8apNkESt9Ve/H33aQzeEVdqyQ/Gt28X8e6XKqAYjabd6gFbtFo
PlF0DYcqvWBi189+5ajjpK6SH8PT9TUPI6pDHvOMFewnthKlIELJnLsv5BE9R71S
6NDZBjtNHHE0u9AGPaCMP8S6CTAws7I6W2ZL2l/DQly3I6UNnBD5pk1CxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDJPOnyhfPMe/vOyvluoQwq1GHCMB8GA1UdIwQY
MBaAFKH3iChhwp7Vmb5Kk3SAxNE+Jb/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2ZlSUtHSENudFdadmtxVGRJREUwVDRsdjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8wM2JhYjgtNmM0My00YTIwLWE5NjAt
YzM3YTU5ODJmNDY2LzEvY01rODZmS0Y4OHg3LTg3Sy1XNmhEQ3JVWWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8wM2JhYjgtNmM0My00YTIwLWE5NjAtYzM3YTU5ODJmNDY2
LzEvb2ZlSUtHSENudFdadmtxVGRJREUwVDRsdjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPcSMA0G
CSqGSIb3DQEBCwUAA4IBAQCa2B8nAmu/yK1ukPr282KTlQYMcpTM8ZJPQVUtYemu
b6fFAvtGa3tFehEI0zhtQzl/CawnjfBXzeRx0rrI/nf8/C4NBOyj3BkKuCk7TDu6
+/EH48MDk6OrrNXoPl9QMwM72Xg7yH4w42yaKLkMYuN5aj6IZrmgHf4TLnQeUJ8n
5okwYLwa1wRcGrzLFL+oDST7Z7jHKWgsvoYrFdxnbcuYS0Wn5FeO7wq1jpnQ9HrY
sNzIylRoZ8Ghuzb61pbZ+K8nnN+8D+cvJLMD6g1Xx+0x+BETS7MD9yY0qj/wZKen
gKugZecZCM1VhzbTnHFiANKR3h0XIsH/jVqLuwxYCqSf
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:23:22 2025 by rpki-client