Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/FTWRh9QGpm9Ke-BOSHshNakyyZQ.roa
File: FTWRh9QGpm9Ke-BOSHshNakyyZQ.roa (raw, json)
Hash identifier: v3oSXVlvfFPVwKlSCVzpi8ojC4gCSNLXOPL07Y6N1iw=
Subject key identifier: 15:35:91:87:D4:06:A6:6F:4A:7B:E0:4E:48:7B:21:35:A9:32:C9:94
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 01932AD87970C0FF1A8DEECA5C9561617C16
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/FTWRh9QGpm9Ke-BOSHshNakyyZQ.roa
Signing time: Thu 14 Nov 2024 13:24:10 +0000
ROA not before: Thu 14 Nov 2024 13:24:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 83.147.244.0/22 maxlen: 24
91.186.200.0/22 maxlen: 24
91.186.204.0/22 maxlen: 24
94.241.168.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:2a:d8:79:70:c0:ff:1a:8d:ee:ca:5c:95:61:61:7c:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Nov 14 13:24:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=15359187d406a66f4a7be04e487b2135a932c994
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:71:67:61:48:5b:cf:25:f0:4f:0d:2a:97:1d:
3a:6f:7a:51:19:4b:30:1a:80:31:1f:1e:dc:cd:fb:
f0:8a:a5:6a:3d:66:e3:30:6d:97:0b:08:e6:e2:76:
2a:7b:42:82:e0:09:73:23:0f:40:e2:85:fb:a3:a0:
79:73:0d:95:80:98:18:1a:fc:96:8e:13:92:71:90:
fe:ae:75:2b:c7:56:d8:34:03:a2:99:e9:fb:e2:a4:
03:71:f8:87:de:87:18:56:a0:10:d8:e9:73:1c:63:
d1:3e:f6:d9:2b:e9:8d:67:a8:b3:0c:52:95:c0:9d:
98:d5:55:29:0b:03:f8:84:9d:0b:d3:d2:59:b4:84:
1a:e7:82:e4:a1:e1:96:7e:a6:89:83:b1:a7:bb:40:
18:a3:47:a4:eb:6c:39:0e:bc:da:54:4c:bc:4a:e9:
e6:e8:28:52:0a:56:d0:0d:3f:18:f3:b2:54:a8:75:
2b:1d:70:f1:b1:a8:91:fd:39:54:f0:a3:00:48:84:
d4:56:91:9b:88:1a:c5:c8:51:b1:49:b0:fc:04:10:
32:8c:6c:44:c7:84:b2:61:62:4f:73:9a:44:8d:19:
de:da:ce:cf:de:96:76:be:63:8a:a3:56:17:ba:62:
81:80:4c:d5:bf:65:b0:95:7e:58:1e:a8:df:93:95:
68:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:35:91:87:D4:06:A6:6F:4A:7B:E0:4E:48:7B:21:35:A9:32:C9:94
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/FTWRh9QGpm9Ke-BOSHshNakyyZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.244.0/22
91.186.200.0/21
94.241.168.0/21
Signature Algorithm: sha256WithRSAEncryption
16:69:88:b0:cf:e6:be:cc:3a:9f:2a:fb:d9:f9:05:04:e9:1e:
28:74:c3:22:a0:15:61:5a:9e:bc:58:2d:fd:d7:66:99:3e:71:
0b:36:02:3a:3f:d1:9e:1f:ee:31:49:db:d4:aa:1f:40:d5:42:
4b:9c:12:c1:cb:c7:2e:5a:75:49:cf:35:99:8c:9a:45:cd:86:
91:53:f3:09:13:5f:3d:cf:e3:ec:42:53:ac:b5:e8:b1:12:c6:
d7:4b:d2:62:a4:54:a6:21:7b:03:13:3d:86:22:8f:3f:cb:16:
b6:0d:ea:fe:25:77:88:28:30:04:dc:d6:07:9c:0b:f2:e3:bf:
b1:ba:20:00:c8:43:be:57:c9:a0:da:f7:8a:4e:95:08:13:c5:
e5:eb:24:06:2b:fc:08:e5:ad:20:3f:6d:8e:2c:c2:3b:1e:ac:
09:5f:a6:43:50:f0:18:78:a0:d9:9b:50:50:9f:8b:79:27:53:
bc:43:0f:15:8e:82:2e:45:39:4f:e6:6f:ed:0f:c3:14:fa:b3:
8c:7b:30:73:e7:89:25:7f:9a:ec:1e:15:ef:99:12:c1:81:1d:
6b:81:58:cd:87:79:63:84:1a:fc:12:17:ab:51:98:1a:df:3b:
94:17:25:60:77:83:f3:cf:13:2a:ce:bd:1e:cf:39:d8:9b:f8:
5a:26:65:09
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMq2HlwwP8aje7KXJVhYXwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMTE0MTMyNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTM1OTE4N2Q0MDZhNjZmNGE3YmUwNGU0ODdiMjEzNWE5MzJjOTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3HFnYUhbzyXwTw0qlx06b3pRGUsw
GoAxHx7czfvwiqVqPWbjMG2XCwjm4nYqe0KC4AlzIw9A4oX7o6B5cw2VgJgYGvyW
jhOScZD+rnUrx1bYNAOimen74qQDcfiH3ocYVqAQ2OlzHGPRPvbZK+mNZ6izDFKV
wJ2Y1VUpCwP4hJ0L09JZtIQa54LkoeGWfqaJg7Gnu0AYo0ek62w5DrzaVEy8Sunm
6ChSClbQDT8Y87JUqHUrHXDxsaiR/TlU8KMASITUVpGbiBrFyFGxSbD8BBAyjGxE
x4SyYWJPc5pEjRne2s7P3pZ2vmOKo1YXumKBgEzVv2WwlX5YHqjfk5VoWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBU1kYfUBqZvSnvgTkh7ITWpMsmUMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvRlRXUmg5UUdwbTlLZS1CT1NIc2hOYWt5eVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCU5P0AwQD
W7rIAwQDXvGoMA0GCSqGSIb3DQEBCwUAA4IBAQAWaYiwz+a+zDqfKvvZ+QUE6R4o
dMMioBVhWp68WC3912aZPnELNgI6P9GeH+4xSdvUqh9A1UJLnBLBy8cuWnVJzzWZ
jJpFzYaRU/MJE189z+PsQlOsteixEsbXS9JipFSmIXsDEz2GIo8/yxa2Der+JXeI
KDAE3NYHnAvy47+xuiAAyEO+V8mg2veKTpUIE8Xl6yQGK/wI5a0gP22OLMI7HqwJ
X6ZDUPAYeKDZm1BQn4t5J1O8Qw8VjoIuRTlP5m/tD8MU+rOMezBz54klf5rsHhXv
mRLBgR1rgVjNh3ljhBr8EherUZga3zuUFyVgd4PzzxMqzr0ezznYm/haJmUJ
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:46:16 2025 by rpki-client