Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/SFCiuB4UVF15wnQ5oQhmULWJfcQ.roa
File: SFCiuB4UVF15wnQ5oQhmULWJfcQ.roa (raw, json)
Hash identifier: BMWFzUwLKsbFvqYVa3vnq5K4AXNNnQMQuqZ5faoE02E=
Subject key identifier: 48:50:A2:B8:1E:14:54:5D:79:C2:74:39:A1:08:66:50:B5:89:7D:C4
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B57C041AA1FF1F688E782AC2CBD9A7
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/SFCiuB4UVF15wnQ5oQhmULWJfcQ.roa
Signing time: Thu 02 Jan 2025 15:49:52 +0000
ROA not before: Thu 02 Jan 2025 15:49:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 4213
IP address blocks: 83.147.240.0/23 maxlen: 24
83.147.242.0/23 maxlen: 24
91.186.208.0/23 maxlen: 24
91.186.210.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:7c:04:1a:a1:ff:1f:68:8e:78:2a:c2:cb:d9:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4850a2b81e14545d79c27439a1086650b5897dc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:b6:7e:9d:1f:a4:8b:75:c9:c6:2e:6c:fb:5b:
21:95:4c:74:f9:55:a4:f7:90:1d:fa:6e:bc:0b:e4:
7a:44:79:b6:83:11:5d:81:e0:1c:23:33:a7:30:c1:
06:47:7e:a7:ff:0c:0b:58:6e:24:b5:46:f6:a3:87:
4c:13:3b:72:11:a4:fa:bc:e6:ec:68:e0:98:86:e2:
1b:8f:e1:6d:f1:3b:57:6c:00:27:f6:d4:2f:e8:65:
17:12:b0:03:a5:12:bb:08:f1:d4:d1:a3:d9:99:e4:
78:6f:84:40:d6:a1:fc:91:96:cf:66:48:7d:0f:c6:
85:6e:49:be:2f:cd:9b:de:4b:d7:02:21:b4:f5:1b:
40:b6:0c:4d:35:16:0c:2e:9d:40:4b:9a:2c:ca:71:
bc:e5:85:51:d2:0c:78:71:ee:13:20:6f:12:64:d2:
ca:27:32:1d:2c:eb:d0:b2:e4:de:f6:52:b0:ea:04:
ce:b4:a6:25:d9:11:25:7e:b5:e6:7b:55:89:12:dc:
15:38:ab:1d:b9:78:01:d9:3d:8f:41:1b:da:76:5b:
ae:6e:74:f6:7d:a9:be:e7:ee:cd:57:01:75:23:4e:
44:f4:23:c4:c8:60:ec:17:98:31:1c:2e:05:ae:00:
91:54:a0:3a:e9:e4:48:b4:fc:5c:be:66:5e:db:13:
30:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:50:A2:B8:1E:14:54:5D:79:C2:74:39:A1:08:66:50:B5:89:7D:C4
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/SFCiuB4UVF15wnQ5oQhmULWJfcQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.240.0/22
91.186.208.0/22
Signature Algorithm: sha256WithRSAEncryption
47:a2:49:79:d4:b0:64:58:2a:55:68:49:9f:ff:95:f5:81:0c:
e6:c6:0d:ba:6f:be:7d:e6:b9:64:1f:b1:b0:12:6f:c5:3a:d0:
4b:40:f5:3a:a9:3b:7e:e6:4e:ee:db:9a:de:4c:fd:47:92:55:
f6:00:cc:42:33:01:5b:8a:e7:7e:54:48:57:41:0e:44:0b:b1:
b3:99:51:cd:3d:cc:11:21:7f:cf:55:bf:7f:f1:4f:69:e3:37:
28:ef:ec:56:ca:db:43:e1:a0:0a:cf:7c:17:74:23:8d:4c:bc:
69:c6:4b:22:5b:36:78:f4:99:35:05:ab:97:8f:ca:b5:bd:5f:
25:93:3a:58:a3:69:fb:63:8a:2d:88:c7:30:9b:31:20:5d:3f:
e0:56:02:97:00:1f:74:fa:3d:8f:9d:2e:e3:df:ca:43:26:f2:
af:98:a5:40:57:f1:19:2b:a9:03:54:e7:27:40:ee:72:54:bf:
05:de:4a:d9:a2:36:dd:be:8f:ee:85:fa:5e:2a:00:aa:58:fe:
91:06:f1:b0:19:ce:68:01:fa:98:09:24:b6:22:bd:eb:da:99:
cc:ab:53:81:e7:82:56:ae:f2:23:86:93:a4:66:01:7c:7b:bf:
83:65:30:a4:b2:fb:c6:a5:2c:9a:d1:df:db:be:88:97:14:4e:
8b:d4:a3:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntXwEGqH/H2iOeCrCy9mnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODUwYTJiODFlMTQ1NDVkNzljMjc0MzlhMTA4NjY1MGI1ODk3ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprZ+nR+ki3XJxi5s+1shlUx0+VWk
95Ad+m68C+R6RHm2gxFdgeAcIzOnMMEGR36n/wwLWG4ktUb2o4dMEztyEaT6vObs
aOCYhuIbj+Ft8TtXbAAn9tQv6GUXErADpRK7CPHU0aPZmeR4b4RA1qH8kZbPZkh9
D8aFbkm+L82b3kvXAiG09RtAtgxNNRYMLp1AS5osynG85YVR0gx4ce4TIG8SZNLK
JzIdLOvQsuTe9lKw6gTOtKYl2RElfrXme1WJEtwVOKsduXgB2T2PQRvadluubnT2
fam+5+7NVwF1I05E9CPEyGDsF5gxHC4FrgCRVKA66eRItPxcvmZe2xMwIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEhQorgeFFRdecJ0OaEIZlC1iX3EMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvU0ZDaXVCNFVWRjE1d25RNW9RaG1VTFdKZmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5PwAwQC
W7rQMA0GCSqGSIb3DQEBCwUAA4IBAQBHokl51LBkWCpVaEmf/5X1gQzmxg26b759
5rlkH7GwEm/FOtBLQPU6qTt+5k7u25reTP1HklX2AMxCMwFbiud+VEhXQQ5EC7Gz
mVHNPcwRIX/PVb9/8U9p4zco7+xWyttD4aAKz3wXdCONTLxpxksiWzZ49Jk1BauX
j8q1vV8lkzpYo2n7Y4otiMcwmzEgXT/gVgKXAB90+j2PnS7j38pDJvKvmKVAV/EZ
K6kDVOcnQO5yVL8F3krZojbdvo/uhfpeKgCqWP6RBvGwGc5oAfqYCSS2Ir3r2pnM
q1OB54JWrvIjhpOkZgF8e7+DZTCksvvGpSya0d/bvoiXFE6L1KMp
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:53:17 2025 by rpki-client