Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/2nd_dkbP3L2HOsciJvNCjNP1w00.roa
File: 2nd_dkbP3L2HOsciJvNCjNP1w00.roa (raw, json)
Hash identifier: wur0RVvyv9Hs0xdDQSDWkiC7Fok3BHKE7qEZIZ86N4U=
Subject key identifier: DA:77:7F:76:46:CF:DC:BD:87:3A:C7:22:26:F3:42:8C:D3:F5:C3:4D
Certificate issuer: /CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
Certificate serial: 018E3243C3C7B986A43169466CF67BFD0F7B
Authority key identifier: C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/2nd_dkbP3L2HOsciJvNCjNP1w00.roa
Signing time: Tue 12 Mar 2024 10:44:45 +0000
ROA not before: Tue 12 Mar 2024 10:44:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 84.246.110.0/24 maxlen: 24
91.190.158.0/24 maxlen: 24
146.19.120.0/24 maxlen: 24
194.104.227.0/24 maxlen: 24
195.64.103.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:32:43:c3:c7:b9:86:a4:31:69:46:6c:f6:7b:fd:0f:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
Validity
Not Before: Mar 12 10:44:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=da777f7646cfdcbd873ac72226f3428cd3f5c34d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:61:51:c8:c1:e0:b9:9a:ac:89:76:c1:70:b0:
09:2c:a9:4b:a0:5f:7f:58:9c:39:0a:dd:c5:ed:04:
b0:18:d0:2f:d5:e8:ab:06:99:3d:b4:ab:87:a7:a5:
fd:7a:01:c6:e4:ec:4d:b9:14:ba:f4:a5:62:5c:d7:
73:b5:2a:5c:d6:71:f5:2c:10:30:56:c7:7b:49:b7:
ef:88:d9:92:ed:43:24:76:24:0c:1b:3e:27:f6:68:
76:ea:05:f1:e2:34:26:51:37:86:f4:b2:b3:ec:43:
17:0d:ed:b1:04:12:7d:bf:1a:b7:4e:c1:54:f3:cf:
7d:b4:2c:84:df:33:43:d2:c9:6a:a1:34:92:d0:ef:
0b:55:b6:84:09:ee:30:7a:bc:15:64:79:ab:c3:89:
f2:a2:82:69:7c:83:e7:03:c6:7c:7d:37:60:6e:bd:
c2:56:cc:91:aa:5a:1b:1b:f2:17:e0:e2:dc:fc:7d:
1c:20:49:51:59:b2:6b:12:8a:6d:65:3a:34:94:56:
4e:01:0d:d2:75:b8:39:60:fb:da:bc:9b:1d:66:36:
31:5b:95:73:5f:9b:0a:79:06:69:a6:0e:b0:77:d7:
4c:aa:00:dc:01:8f:0c:04:db:9c:b5:78:fe:e1:89:
e6:ce:45:59:20:16:51:53:37:b2:b0:a8:00:b1:b0:
58:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:77:7F:76:46:CF:DC:BD:87:3A:C7:22:26:F3:42:8C:D3:F5:C3:4D
X509v3 Authority Key Identifier:
keyid:C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/2nd_dkbP3L2HOsciJvNCjNP1w00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.246.110.0/24
91.190.158.0/24
146.19.120.0/24
194.104.227.0/24
195.64.103.0/24
Signature Algorithm: sha256WithRSAEncryption
97:04:de:a1:38:3d:43:3a:9f:15:22:ce:23:0b:a7:a0:7c:40:
8c:e7:f2:ef:84:ad:f2:2c:77:d2:04:6c:f7:10:77:46:16:22:
26:d8:08:23:54:c5:c4:0b:38:e6:00:66:50:e3:bb:69:77:3e:
ac:8d:ef:b8:e3:a6:30:65:8e:26:93:9e:fa:57:1b:57:2e:d6:
f3:cb:40:92:89:59:2f:1f:09:b6:59:ed:d7:d6:1c:d9:b1:32:
8c:04:15:17:33:c6:2c:db:72:0b:ce:f5:aa:88:c9:25:c5:37:
9f:e0:2a:06:1e:08:c2:55:ea:9b:6e:c6:6d:50:e4:d8:2e:aa:
c8:13:ab:0a:4a:d3:1a:c4:15:e1:6b:6a:64:f0:8a:00:36:56:
16:c4:2f:e5:6a:ff:80:c4:c2:e3:2a:b2:53:0f:bf:e7:1d:fd:
4c:3f:cb:66:a5:e0:2f:45:ba:69:d8:b7:4e:0f:48:20:e1:f2:
77:73:9a:cc:31:1d:79:5e:c7:6c:e1:09:c1:b2:ee:ac:8f:2e:
a7:3a:82:68:87:a8:c7:2e:97:22:9a:2d:94:56:c2:9b:09:55:
58:d8:0f:00:1e:28:e2:db:ce:5e:da:66:98:3c:4f:e5:a8:57:
e8:a5:66:c8:61:a6:46:f7:b6:1a:cb:e4:df:a6:60:08:ff:44:
4d:51:a1:80
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY4yQ8PHuYakMWlGbPZ7/Q97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYWJkY2M0OWY3ZDkwMzNiNTI5MDQ2NzlmM2M5Yjc4M2Q4
YzEzNTgwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTc3N2Y3NjQ2Y2ZkY2JkODczYWM3MjIyNmYzNDI4Y2QzZjVjMzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGFRyMHguZqsiXbBcLAJLKlLoF9/
WJw5Ct3F7QSwGNAv1eirBpk9tKuHp6X9egHG5OxNuRS69KViXNdztSpc1nH1LBAw
Vsd7SbfviNmS7UMkdiQMGz4n9mh26gXx4jQmUTeG9LKz7EMXDe2xBBJ9vxq3TsFU
8899tCyE3zND0slqoTSS0O8LVbaECe4werwVZHmrw4nyooJpfIPnA8Z8fTdgbr3C
VsyRqlobG/IX4OLc/H0cIElRWbJrEoptZTo0lFZOAQ3Sdbg5YPvavJsdZjYxW5Vz
X5sKeQZppg6wd9dMqgDcAY8MBNuctXj+4YnmzkVZIBZRUzeysKgAsbBYlQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNp3f3ZGz9y9hzrHIibzQozT9cNNMB8GA1UdIwQY
MBaAFMOr3MSffZAztSkEZ588m3g9jBNYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAt
NGQ5MTI3ZmJhM2FkLzEvMm5kX2RrYlAzTDJIT3NjaUp2TkNqTlAxdzAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAtNGQ5MTI3ZmJhM2Fk
LzEvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVPZuAwQA
W76eAwQAkhN4AwQAwmjjAwQAw0BnMA0GCSqGSIb3DQEBCwUAA4IBAQCXBN6hOD1D
Op8VIs4jC6egfECM5/LvhK3yLHfSBGz3EHdGFiIm2AgjVMXECzjmAGZQ47tpdz6s
je+446YwZY4mk576VxtXLtbzy0CSiVkvHwm2We3X1hzZsTKMBBUXM8Ys23ILzvWq
iMklxTef4CoGHgjCVeqbbsZtUOTYLqrIE6sKStMaxBXha2pk8IoANlYWxC/lav+A
xMLjKrJTD7/nHf1MP8tmpeAvRbpp2LdOD0gg4fJ3c5rMMR15Xsds4QnBsu6sjy6n
OoJoh6jHLpcimi2UVsKbCVVY2A8AHiji285e2maYPE/lqFfopWbIYaZG97Yay+Tf
pmAI/0RNUaGA
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:35 2024 by rpki-client on console-ams.rpki-client.org