Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/0frvsADlpa9aPv7ZBH6ZsTzAjfk.roa
File: 0frvsADlpa9aPv7ZBH6ZsTzAjfk.roa (raw, json)
Hash identifier: abDMcWSVDvuv9bfIL/davdIfwbCCit00yr4xuPlr788=
Subject key identifier: D1:FA:EF:B0:00:E5:A5:AF:5A:3E:FE:D9:04:7E:99:B1:3C:C0:8D:F9
Certificate issuer: /CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Certificate serial: 018CC56EB08EFEC38FAF6EC69926549158AB
Authority key identifier: F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/0frvsADlpa9aPv7ZBH6ZsTzAjfk.roa
Signing time: Mon 01 Jan 2024 14:30:14 +0000
ROA not before: Mon 01 Jan 2024 14:30:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44318
IP address blocks: 91.201.144.0/22 maxlen: 23
46.173.96.0/19 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:b0:8e:fe:c3:8f:af:6e:c6:99:26:54:91:58:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Validity
Not Before: Jan 1 14:30:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d1faefb000e5a5af5a3efed9047e99b13cc08df9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:ce:99:fd:ec:66:ae:8c:8c:4c:e4:73:84:1b:
cb:fd:f5:21:98:e0:75:c7:52:fb:8f:c5:f6:4f:fe:
39:05:c3:71:7c:2b:90:1d:93:5a:90:9f:3b:80:07:
9c:b2:fb:64:63:56:a7:5c:c6:03:01:56:24:69:7e:
b2:ff:4f:2c:29:eb:b9:b6:99:6b:7c:ee:68:af:81:
39:8c:99:9f:17:f1:c0:26:6d:19:ed:4d:59:e5:63:
e7:ce:5a:ec:90:a1:0d:1b:57:9f:e2:de:73:8b:b0:
bb:e3:cd:c4:e7:64:1c:d7:92:81:87:f2:8f:5e:ec:
7c:37:8b:6e:f6:0e:34:8c:be:01:eb:13:ad:ce:22:
54:55:4b:32:48:ee:84:36:ec:b4:eb:7f:bc:86:14:
84:a7:aa:8e:33:7c:c0:9e:e8:85:48:72:c7:53:5c:
71:df:4f:b1:e5:1a:c2:97:51:97:c5:03:c5:fe:47:
c4:5d:79:74:b6:c4:ea:fe:87:d9:a5:bd:f4:92:32:
54:98:cd:76:80:73:67:72:32:06:a5:f7:4b:bd:f5:
b3:74:88:38:6c:98:0b:c5:f8:2d:57:99:0d:8b:0e:
c1:2a:b7:46:bd:94:7d:43:4f:94:89:01:37:f5:c1:
21:17:39:52:a4:e8:56:76:bf:48:ee:5d:be:4a:f2:
4a:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:FA:EF:B0:00:E5:A5:AF:5A:3E:FE:D9:04:7E:99:B1:3C:C0:8D:F9
X509v3 Authority Key Identifier:
keyid:F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/0frvsADlpa9aPv7ZBH6ZsTzAjfk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.173.96.0/19
91.201.144.0/22
Signature Algorithm: sha256WithRSAEncryption
04:51:7e:25:c8:9a:df:30:d7:5f:28:5d:2a:10:12:ef:16:ec:
ca:30:22:63:75:d7:d2:8f:22:97:37:b4:95:d8:d0:47:a1:69:
a6:5a:1d:d2:ca:94:c3:24:a2:a5:e3:a2:b4:97:df:67:12:52:
aa:4d:e7:bd:8c:cc:5f:c9:a9:62:39:26:21:d8:4b:18:a8:1c:
36:e1:08:e0:04:da:57:80:0e:c5:26:cf:ec:ce:c3:5b:76:cc:
f9:bf:3f:e4:0b:52:2c:09:06:41:0a:8e:a4:a6:a8:a3:28:f4:
9e:11:c2:fb:36:0a:07:63:dd:e0:73:60:56:88:66:ac:05:1f:
f7:b7:5a:f9:f1:f5:77:15:b8:3b:b9:cb:e7:ea:26:8b:9a:4b:
0b:6c:4a:1e:61:72:90:a9:2a:cd:d3:6b:e4:28:72:0b:fe:cb:
1f:e5:07:6d:68:57:cc:df:62:8c:d2:2d:fe:93:71:97:57:7f:
ec:d4:0e:8f:db:14:e7:70:61:18:fd:f2:8a:b5:d8:c6:af:f9:
6b:d2:f3:d1:c6:76:04:11:cc:c9:e5:34:49:04:90:b6:b8:31:
e6:0e:fd:bf:11:45:f2:c9:40:30:3a:20:22:33:41:4a:e8:f4:
f5:cf:ec:35:61:30:58:6e:4e:8f:4e:1b:83:2a:2b:b9:c1:72:
c3:98:b5:9e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbrCO/sOPr27GmSZUkVirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NDEyODE0NmI3YmVjOGJkMTE4NWJiZTBjM2I5MzQwYWFm
NWI3MTQwHhcNMjQwMTAxMTQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWZhZWZiMDAwZTVhNWFmNWEzZWZlZDkwNDdlOTliMTNjYzA4ZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmc6Z/exmroyMTORzhBvL/fUhmOB1
x1L7j8X2T/45BcNxfCuQHZNakJ87gAecsvtkY1anXMYDAVYkaX6y/08sKeu5tplr
fO5or4E5jJmfF/HAJm0Z7U1Z5WPnzlrskKENG1ef4t5zi7C7483E52Qc15KBh/KP
Xux8N4tu9g40jL4B6xOtziJUVUsySO6ENuy063+8hhSEp6qOM3zAnuiFSHLHU1xx
30+x5RrCl1GXxQPF/kfEXXl0tsTq/ofZpb30kjJUmM12gHNncjIGpfdLvfWzdIg4
bJgLxfgtV5kNiw7BKrdGvZR9Q0+UiQE39cEhFzlSpOhWdr9I7l2+SvJKlwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNH677AA5aWvWj7+2QR+mbE8wI35MB8GA1UdIwQY
MBaAFPhBKBRre+yL0Rhbvgw7k0Cq9bcUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FRW9GR3Q3N0l2UkdGdS1ERHVUUUtyMXR4US5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQx
LTEzODM5NjQwYTYwNC8xLzBmcnZzQURscGE5YVB2N1pCSDZac1R6QWpmay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQxLTEzODM5NjQwYTYw
NC8xLzEtRUVvRkd0NzdJdlJHRnUtRER1VFFLcjF0eFEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAUurWAD
BAJbyZAwDQYJKoZIhvcNAQELBQADggEBAARRfiXImt8w118oXSoQEu8W7MowImN1
19KPIpc3tJXY0EehaaZaHdLKlMMkoqXjorSX32cSUqpN572MzF/JqWI5JiHYSxio
HDbhCOAE2leADsUmz+zOw1t2zPm/P+QLUiwJBkEKjqSmqKMo9J4Rwvs2Cgdj3eBz
YFaIZqwFH/e3Wvnx9XcVuDu5y+fqJouaSwtsSh5hcpCpKs3Ta+Qocgv+yx/lB21o
V8zfYozSLf6TcZdXf+zUDo/bFOdwYRj98oq12Mav+WvS89HGdgQRzMnlNEkEkLa4
MeYO/b8RRfLJQDA6ICIzQUro9PXP7DVhMFhuTo9OG4MqK7nBcsOYtZ4=
-----END CERTIFICATE-----
Generated at Thu Feb 22 13:04:10 2024 by rpki-client on console-ams.rpki-client.org