Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/FxtmQsRHdazXcugQ69ekB4q6Bdw.roa
File: FxtmQsRHdazXcugQ69ekB4q6Bdw.roa (raw, json)
Hash identifier: 90HyHq1bA9Iu1U71oRnDfM++3CcS9lnpBT4OEkzWdeg=
Subject key identifier: 17:1B:66:42:C4:47:75:AC:D7:72:E8:10:EB:D7:A4:07:8A:BA:05:DC
Certificate issuer: /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial: 018E28B7AE178E78C35D8F0F097FF9B637C5
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/FxtmQsRHdazXcugQ69ekB4q6Bdw.roa
Signing time: Sun 10 Mar 2024 14:15:09 +0000
ROA not before: Sun 10 Mar 2024 14:15:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 46.143.204.0/22 maxlen: 22
46.143.204.0/24 maxlen: 24
46.143.205.0/24 maxlen: 24
46.143.206.0/24 maxlen: 24
109.122.244.0/22 maxlen: 22
109.122.248.0/22 maxlen: 22
185.84.220.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:28:b7:ae:17:8e:78:c3:5d:8f:0f:09:7f:f9:b6:37:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Validity
Not Before: Mar 10 14:15:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=171b6642c44775acd772e810ebd7a4078aba05dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:42:ea:11:2e:c0:b6:f0:d7:63:f9:24:31:ca:
1a:74:97:3c:ec:8d:a7:02:c7:df:e0:74:a5:52:48:
99:28:48:c2:ba:e0:c5:29:cb:97:c4:ab:6e:13:9f:
9d:8d:e2:e2:b2:89:8f:2f:69:f3:e1:e7:40:6d:e0:
64:0d:e7:d9:a0:63:3c:19:07:68:d9:c8:e2:52:b5:
78:9c:32:a4:06:60:93:92:53:1a:a8:63:77:da:a2:
b7:37:5c:4f:02:b5:6e:52:22:1a:d3:47:ae:07:4f:
0d:f5:50:50:da:c3:4f:fe:37:ac:15:86:46:2e:eb:
2b:47:c4:3b:9a:58:1e:88:64:11:27:b4:c0:1c:ae:
43:60:a0:c3:bb:d2:e0:89:74:1f:99:b0:90:73:b0:
df:6a:75:33:e0:c7:5e:9d:b7:91:c6:d4:e9:13:29:
75:6d:93:c1:c4:a7:cb:ae:88:7b:d1:9a:53:47:2d:
23:ee:97:27:31:92:f3:9f:30:ac:05:6f:f3:2f:da:
e3:53:65:4d:29:cb:2c:d9:e1:a8:ba:66:84:30:1d:
60:72:ab:e8:95:92:4d:f4:48:8e:cc:a1:8d:54:54:
1b:92:97:ca:f9:05:a4:76:32:c0:60:52:36:75:b6:
7c:11:42:f7:b4:13:09:39:e8:4a:66:c4:73:fe:93:
f2:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:1B:66:42:C4:47:75:AC:D7:72:E8:10:EB:D7:A4:07:8A:BA:05:DC
X509v3 Authority Key Identifier:
keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/FxtmQsRHdazXcugQ69ekB4q6Bdw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.143.204.0/22
109.122.244.0-109.122.251.255
185.84.220.0/22
Signature Algorithm: sha256WithRSAEncryption
2a:d0:e3:f2:6b:a8:8e:c3:73:df:b4:4b:c4:6f:eb:68:88:e9:
20:0a:20:87:b8:08:82:9b:00:b8:b4:f9:d4:d2:c2:08:36:63:
0e:94:3c:12:d0:5c:0c:f8:73:ba:7c:2d:af:d2:fd:c8:98:28:
94:7f:96:e2:fb:b5:80:a4:70:6f:00:72:44:a9:7e:14:54:5a:
4d:e6:72:fa:2b:69:97:df:5a:df:85:3e:64:a1:38:3d:11:5c:
68:52:f9:04:71:ef:c1:9f:60:50:e9:84:cc:91:c0:4a:62:d5:
04:ba:33:1b:09:e5:d7:d4:d8:e4:12:e6:78:04:b7:30:45:1f:
74:2e:3d:47:88:5a:a5:f1:4b:24:bb:2c:bf:84:94:66:07:ca:
9b:40:43:a5:44:c0:4d:cd:f4:38:75:d5:df:31:22:9b:39:0c:
9e:89:46:ed:cb:de:44:ca:7d:14:ed:97:83:66:a6:1a:90:ea:
90:a1:3b:5d:81:f6:e5:04:5f:96:51:94:1e:fc:4e:55:96:9c:
45:c0:cd:86:6e:1b:4a:fe:9a:88:8b:60:40:b7:68:04:55:d6:
05:9b:72:c6:ea:8f:83:07:0d:a1:ab:4a:17:2f:8d:d1:b5:e1:
88:55:cd:20:1f:a1:70:35:8a:74:8f:52:b3:94:f2:93:ed:73:
f6:9c:3e:61
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY4ot64XjnjDXY8PCX/5tjfFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjQwMzEwMTQxNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzFiNjY0MmM0NDc3NWFjZDc3MmU4MTBlYmQ3YTQwNzhhYmEwNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkULqES7AtvDXY/kkMcoadJc87I2n
Asff4HSlUkiZKEjCuuDFKcuXxKtuE5+djeLisomPL2nz4edAbeBkDefZoGM8GQdo
2cjiUrV4nDKkBmCTklMaqGN32qK3N1xPArVuUiIa00euB08N9VBQ2sNP/jesFYZG
LusrR8Q7mlgeiGQRJ7TAHK5DYKDDu9LgiXQfmbCQc7DfanUz4MdenbeRxtTpEyl1
bZPBxKfLroh70ZpTRy0j7pcnMZLznzCsBW/zL9rjU2VNKcss2eGoumaEMB1gcqvo
lZJN9EiOzKGNVFQbkpfK+QWkdjLAYFI2dbZ8EUL3tBMJOehKZsRz/pPyvQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFBcbZkLER3Ws13LoEOvXpAeKugXcMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvRnh0bVFzUkhkYXpYY3VnUTY5ZWtCNHE2QmR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCLo/MMAwD
BAJtevQDBAJtevgDBAK5VNwwDQYJKoZIhvcNAQELBQADggEBACrQ4/JrqI7Dc9+0
S8Rv62iI6SAKIIe4CIKbALi0+dTSwgg2Yw6UPBLQXAz4c7p8La/S/ciYKJR/luL7
tYCkcG8AckSpfhRUWk3mcvoraZffWt+FPmShOD0RXGhS+QRx78GfYFDphMyRwEpi
1QS6MxsJ5dfU2OQS5ngEtzBFH3QuPUeIWqXxSyS7LL+ElGYHyptAQ6VEwE3N9Dh1
1d8xIps5DJ6JRu3L3kTKfRTtl4NmphqQ6pChO12B9uUEX5ZRlB78TlWWnEXAzYZu
G0r+moiLYEC3aARV1gWbcsbqj4MHDaGrShcvjdG14YhVzSAfoXA1inSPUrOU8pPt
c/acPmE=
-----END CERTIFICATE-----
Generated at Tue Sep 24 17:14:22 2024 by rpki-client on console-ams.rpki-client.org