Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/FMCinmEYkP3OA--OLKvZTrobwHk.roa
File: FMCinmEYkP3OA--OLKvZTrobwHk.roa (raw, json)
Hash identifier: 78SGTM+GmPKq3QuUqBaSi3w0DuWCLbX5IlN6KoTpv9M=
Subject key identifier: 14:C0:A2:9E:61:18:90:FD:CE:03:EF:8E:2C:AB:D9:4E:BA:1B:C0:79
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018551A8650CAD7BD6E10F75A95E37D8C885
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/FMCinmEYkP3OA--OLKvZTrobwHk.roa
Signing time: Tue 27 Dec 2022 03:37:48 +0000
ROA not before: Tue 27 Dec 2022 03:37:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 93.115.155.0/24 maxlen: 24
212.237.224.0/22 maxlen: 24
86.104.209.0/24 maxlen: 24
217.19.1.0/24 maxlen: 24
89.42.40.0/24 maxlen: 24
93.115.111.0/24 maxlen: 24
185.77.249.0/24 maxlen: 24
84.247.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:51:a8:65:0c:ad:7b:d6:e1:0f:75:a9:5e:37:d8:c8:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Dec 27 03:37:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=14c0a29e611890fdce03ef8e2cabd94eba1bc079
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:c1:6f:ac:ac:38:87:5e:5e:a2:dc:35:3b:10:
d7:81:a9:73:8c:0a:16:2e:ca:12:86:25:82:c0:0e:
4b:a8:d0:8d:90:29:ec:1b:a7:f0:41:6e:d4:68:85:
83:4f:27:44:be:06:a9:9b:8a:ee:12:ad:a4:c2:85:
9a:a7:e2:1f:f8:d8:de:22:68:ac:f4:da:ca:52:13:
a6:46:9d:c8:ef:27:2b:84:d6:ad:07:ba:17:7c:0e:
d0:3c:78:ef:0d:7d:64:af:3b:e4:b3:49:29:7b:2b:
46:06:4b:a8:39:25:20:d6:99:82:a5:7d:7a:04:cb:
97:ce:3c:9a:67:83:2a:f6:77:d0:83:67:d3:ed:f4:
c2:d4:b3:57:5a:44:7e:fe:06:03:24:45:45:99:e3:
31:b0:d5:35:5b:47:5d:b4:a5:1d:38:68:ef:a2:a2:
c6:c0:f4:6c:72:70:ae:cf:d3:ea:94:4c:77:5b:8d:
09:66:13:38:bf:7d:31:5e:31:b8:8a:fa:00:58:ce:
48:48:c4:22:7d:79:05:c7:8f:22:e1:da:e5:43:5a:
d6:6e:77:33:1f:3a:b7:73:72:8f:dc:a5:f1:f8:be:
85:87:32:8a:c3:96:d4:0d:d1:6f:8c:92:83:4a:f0:
ea:da:2b:55:02:3b:a5:97:1b:3c:1d:0f:62:8a:90:
59:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:C0:A2:9E:61:18:90:FD:CE:03:EF:8E:2C:AB:D9:4E:BA:1B:C0:79
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/FMCinmEYkP3OA--OLKvZTrobwHk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.247.59.0/24
86.104.209.0/24
89.42.40.0/24
93.115.111.0/24
93.115.155.0/24
185.77.249.0/24
212.237.224.0/22
217.19.1.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:d3:de:de:61:cb:1b:14:ad:ee:15:b5:d1:ab:26:14:f1:e2:
3d:cd:8e:1f:29:21:77:a6:cb:51:88:c0:fe:1b:2d:a1:6a:21:
58:3c:24:ce:c3:74:3e:25:98:be:21:3a:9c:74:5e:f0:7b:92:
96:19:e3:fd:4f:2d:7e:7a:9c:b6:fe:10:12:a9:e2:e9:e7:22:
2b:04:cc:b0:23:3b:40:9f:fb:6b:ce:7d:13:c4:ec:8c:56:9a:
0c:51:34:de:41:e1:40:00:eb:b4:e6:1d:81:81:30:a1:33:5b:
84:9e:4b:68:9a:0d:57:51:71:8d:51:11:c9:62:96:24:4f:61:
89:08:05:cb:36:27:a2:db:88:a8:9c:6e:0b:da:74:9c:e6:85:
50:10:b0:8c:e3:12:78:6e:fc:06:23:2f:88:2f:99:ca:56:54:
d3:5a:13:cb:78:df:8e:69:db:2d:16:d6:00:c8:8d:d0:ec:14:
3f:e1:63:03:64:a0:e6:1f:18:e6:9c:d9:de:ad:cd:92:b6:0f:
6d:6a:8d:6d:25:a7:47:e7:6e:5f:2d:44:16:4d:dc:e1:82:7d:
2f:ac:8b:97:20:56:2d:45:96:ed:54:54:be:7c:69:37:9c:c7:
08:78:7a:7d:10:3f:3c:40:b7:30:3e:4f:42:0c:35:0e:59:b9:
39:5c:11:b0
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVRqGUMrXvW4Q91qV432MiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjIxMjI3MDMzNzQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGMwYTI5ZTYxMTg5MGZkY2UwM2VmOGUyY2FiZDk0ZWJhMWJjMDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMFvrKw4h15eotw1OxDXgalzjAoW
LsoShiWCwA5LqNCNkCnsG6fwQW7UaIWDTydEvgapm4ruEq2kwoWap+If+NjeImis
9NrKUhOmRp3I7ycrhNatB7oXfA7QPHjvDX1krzvks0kpeytGBkuoOSUg1pmCpX16
BMuXzjyaZ4Mq9nfQg2fT7fTC1LNXWkR+/gYDJEVFmeMxsNU1W0ddtKUdOGjvoqLG
wPRscnCuz9PqlEx3W40JZhM4v30xXjG4ivoAWM5ISMQifXkFx48i4drlQ1rWbncz
Hzq3c3KP3KXx+L6FhzKKw5bUDdFvjJKDSvDq2itVAjullxs8HQ9iipBZdwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBTAop5hGJD9zgPvjiyr2U66G8B5MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvRk1DaW5tRVlrUDNPQS0tT0xLdlpUcm9id0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAVPc7AwQA
VmjRAwQAWSooAwQAXXNvAwQAXXObAwQAuU35AwQC1O3gAwQA2RMBMA0GCSqGSIb3
DQEBCwUAA4IBAQBM097eYcsbFK3uFbXRqyYU8eI9zY4fKSF3pstRiMD+Gy2haiFY
PCTOw3Q+JZi+ITqcdF7we5KWGeP9Ty1+epy2/hASqeLp5yIrBMywIztAn/trzn0T
xOyMVpoMUTTeQeFAAOu05h2BgTChM1uEnktomg1XUXGNURHJYpYkT2GJCAXLNiei
24ionG4L2nSc5oVQELCM4xJ4bvwGIy+IL5nKVlTTWhPLeN+OadstFtYAyI3Q7BQ/
4WMDZKDmHxjmnNnerc2Stg9tao1tJadH525fLUQWTdzhgn0vrIuXIFYtRZbtVFS+
fGk3nMcIeHp9ED88QLcwPk9CDDUOWbk5XBGw
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:04 2023 by rpki-client on console-fra.rpki-client.org