Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/fp_r23EPebX0b0paM9OffEo3Mtc.roa
File: fp_r23EPebX0b0paM9OffEo3Mtc.roa (raw, json)
Hash identifier: lACXCPjRPv8ON0OgIAzEYidDZCy+0BUMiL46HQcZ194=
Subject key identifier: 7E:9F:EB:DB:71:0F:79:B5:F4:6F:4A:5A:33:D3:9F:7C:4A:37:32:D7
Certificate issuer: /CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
Certificate serial: 018E9F1DA6B4C45F4439CBF64C86C80A371D
Authority key identifier: C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/fp_r23EPebX0b0paM9OffEo3Mtc.roa
Signing time: Tue 02 Apr 2024 14:01:44 +0000
ROA not before: Tue 02 Apr 2024 14:01:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 84.246.110.0/24 maxlen: 24
194.104.227.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:9f:1d:a6:b4:c4:5f:44:39:cb:f6:4c:86:c8:0a:37:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
Validity
Not Before: Apr 2 14:01:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7e9febdb710f79b5f46f4a5a33d39f7c4a3732d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:63:2f:a1:1f:88:40:0e:f0:c1:8e:66:b3:6f:
74:97:96:94:97:f0:c2:b1:55:7e:7f:3b:1a:77:54:
02:6b:d4:8d:8c:66:a9:8d:3a:cc:38:b2:2c:64:1a:
37:f1:f3:e4:e5:1f:e0:03:0f:a6:85:d3:f2:13:25:
ed:6a:97:8a:a3:59:0a:a7:8a:a3:65:e4:7f:a1:6a:
cd:a0:95:a0:81:ce:5b:64:e3:e7:fd:f8:96:a6:c1:
cd:7b:a6:2b:50:27:58:d1:e2:ca:bd:f1:f7:5e:83:
83:4e:1f:cb:23:31:8b:eb:fb:93:ef:8d:d9:c1:0a:
61:5a:75:db:4f:e0:6f:10:72:57:71:cc:da:bf:5b:
55:a6:7d:e5:90:76:e5:47:03:a8:94:ef:f7:f9:c6:
3f:54:ae:28:33:48:36:d1:38:3e:3d:98:1e:bb:15:
ec:dc:7f:27:8f:eb:cf:97:27:6c:cf:18:b9:09:1d:
63:49:fe:6b:d9:a3:12:4d:6d:20:9a:3d:8d:e8:d4:
11:4d:e2:d1:d6:7f:de:82:66:38:a8:af:71:72:8f:
7a:0a:03:d9:1d:7d:29:79:c6:0a:34:e7:f0:a9:2b:
6c:36:e5:dc:37:96:3c:5f:f8:5d:0f:10:fa:42:5a:
08:52:19:2d:56:f2:3c:5b:7a:e3:96:4b:2e:fa:fa:
f7:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:9F:EB:DB:71:0F:79:B5:F4:6F:4A:5A:33:D3:9F:7C:4A:37:32:D7
X509v3 Authority Key Identifier:
keyid:C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/fp_r23EPebX0b0paM9OffEo3Mtc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.246.110.0/24
194.104.227.0/24
Signature Algorithm: sha256WithRSAEncryption
77:63:ff:4a:ee:d9:54:9f:8c:85:13:11:11:11:d2:36:0f:03:
1d:14:02:25:c8:77:50:ef:7c:37:3c:02:0c:b6:50:08:e5:1e:
74:cb:62:10:69:a7:77:67:5f:a0:df:50:39:bb:4f:97:d0:f9:
e5:55:e0:5e:31:57:72:2a:dd:19:16:8b:6b:85:05:40:8c:39:
10:a3:40:ec:1c:07:30:29:d1:2d:de:89:0a:a9:34:38:72:1b:
5f:cb:d6:ac:21:fc:6e:3b:d4:38:ba:49:21:e8:50:26:e8:a0:
38:74:02:b7:a0:46:2d:f4:d4:97:e7:51:c2:a3:b6:0d:89:bf:
92:6a:4a:81:00:87:08:df:6b:25:14:79:15:bc:b0:7b:33:f9:
82:5f:56:bf:ac:3e:d5:ec:dc:0f:47:c9:ff:bf:66:02:95:d7:
41:e3:d5:46:ee:be:d2:b8:f9:1b:41:93:96:ce:28:81:63:d1:
d6:9e:2f:65:27:28:dc:7d:66:7a:5b:a1:47:53:20:f6:cb:10:
18:15:07:b9:98:bf:dc:e5:fe:16:2a:68:a7:49:ca:39:4e:cf:
58:06:cb:ed:1d:90:71:36:5c:67:fe:4b:a0:3c:43:02:45:1a:
f0:4a:49:ff:ae:cf:3d:2c:93:d1:60:c6:3e:b5:4c:bb:2d:e7:
4c:17:8c:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6fHaa0xF9EOcv2TIbICjcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYWJkY2M0OWY3ZDkwMzNiNTI5MDQ2NzlmM2M5Yjc4M2Q4
YzEzNTgwHhcNMjQwNDAyMTQwMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTlmZWJkYjcxMGY3OWI1ZjQ2ZjRhNWEzM2QzOWY3YzRhMzczMmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmMvoR+IQA7wwY5ms290l5aUl/DC
sVV+fzsad1QCa9SNjGapjTrMOLIsZBo38fPk5R/gAw+mhdPyEyXtapeKo1kKp4qj
ZeR/oWrNoJWggc5bZOPn/fiWpsHNe6YrUCdY0eLKvfH3XoODTh/LIzGL6/uT743Z
wQphWnXbT+BvEHJXcczav1tVpn3lkHblRwOolO/3+cY/VK4oM0g20Tg+PZgeuxXs
3H8nj+vPlydszxi5CR1jSf5r2aMSTW0gmj2N6NQRTeLR1n/egmY4qK9xco96CgPZ
HX0pecYKNOfwqStsNuXcN5Y8X/hdDxD6QloIUhktVvI8W3rjlksu+vr3aQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH6f69txD3m19G9KWjPTn3xKNzLXMB8GA1UdIwQY
MBaAFMOr3MSffZAztSkEZ588m3g9jBNYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAt
NGQ5MTI3ZmJhM2FkLzEvZnBfcjIzRVBlYlgwYjBwYU05T2ZmRW8zTXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAtNGQ5MTI3ZmJhM2Fk
LzEvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPZuAwQA
wmjjMA0GCSqGSIb3DQEBCwUAA4IBAQB3Y/9K7tlUn4yFExEREdI2DwMdFAIlyHdQ
73w3PAIMtlAI5R50y2IQaad3Z1+g31A5u0+X0PnlVeBeMVdyKt0ZFotrhQVAjDkQ
o0DsHAcwKdEt3okKqTQ4chtfy9asIfxuO9Q4ukkh6FAm6KA4dAK3oEYt9NSX51HC
o7YNib+SakqBAIcI32slFHkVvLB7M/mCX1a/rD7V7NwPR8n/v2YClddB49VG7r7S
uPkbQZOWziiBY9HWni9lJyjcfWZ6W6FHUyD2yxAYFQe5mL/c5f4WKminSco5Ts9Y
BsvtHZBxNlxn/kugPEMCRRrwSkn/rs89LJPRYMY+tUy7LedMF4xC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:35 2024 by rpki-client on console-ams.rpki-client.org