Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/fcC-W-kwmUzwloacGpW6uEP0Coo.roa
File: fcC-W-kwmUzwloacGpW6uEP0Coo.roa (raw, json)
Hash identifier: 1PNC5k7ouyPJnbP9Oda009j0PZBkxa0EcB+HmpoR93Y=
Subject key identifier: 7D:C0:BE:5B:E9:30:99:4C:F0:96:86:9C:1A:95:BA:B8:43:F4:0A:8A
Certificate issuer: /CN=18886007da1730b0770d8604db73d12fd264f3f9
Certificate serial: 018CC6B78E144600D7093F059ACD03B2B0E9
Authority key identifier: 18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/fcC-W-kwmUzwloacGpW6uEP0Coo.roa
Signing time: Mon 01 Jan 2024 20:29:27 +0000
ROA not before: Mon 01 Jan 2024 20:29:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47594
IP address blocks: 213.171.1.0/24 maxlen: 24
213.171.2.0/24 maxlen: 24
213.171.11.0/24 maxlen: 24
213.171.13.0/24 maxlen: 24
213.171.16.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:8e:14:46:00:d7:09:3f:05:9a:cd:03:b2:b0:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=18886007da1730b0770d8604db73d12fd264f3f9
Validity
Not Before: Jan 1 20:29:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7dc0be5be930994cf096869c1a95bab843f40a8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:bd:11:55:2e:15:02:29:05:84:21:a6:35:34:
a6:c2:79:84:59:dc:6a:da:be:54:f1:36:b7:ed:cc:
fb:c6:3d:fb:f7:ec:d9:5b:89:4a:79:81:41:12:6f:
23:34:c7:9d:3b:ee:5e:18:7f:4a:e8:4d:6b:4b:5b:
34:20:62:f0:19:cb:4a:43:9e:5c:fa:ec:6e:b1:55:
70:47:d1:28:bd:68:50:51:61:43:5f:d4:5b:6b:36:
20:b7:eb:ae:89:bc:2d:e2:da:3f:dd:da:cc:9c:57:
56:a7:1f:32:b0:67:48:b0:c0:a3:a3:4d:28:15:d1:
6b:76:3e:0f:2f:8e:44:29:09:04:20:7f:66:a1:8d:
4c:4d:66:72:0e:aa:fb:5b:8c:45:10:00:e9:3f:dc:
d9:6b:7f:d3:80:60:2c:ac:df:53:38:1c:a7:0d:4c:
ec:b7:03:6d:76:1f:17:36:b0:39:1c:0f:74:71:81:
94:9a:8c:0d:8f:b1:37:a5:84:02:03:52:95:d1:4a:
33:3b:73:6f:76:70:de:bc:63:45:6d:ba:d9:40:4f:
7c:7b:1d:37:bf:8c:82:8c:93:55:95:b6:b8:43:9b:
a6:50:05:db:69:5d:0e:99:56:b9:a0:4b:a5:f2:1d:
a6:5f:c1:d5:d7:2e:da:a4:6b:81:95:a2:d8:0f:e8:
98:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:C0:BE:5B:E9:30:99:4C:F0:96:86:9C:1A:95:BA:B8:43:F4:0A:8A
X509v3 Authority Key Identifier:
keyid:18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/fcC-W-kwmUzwloacGpW6uEP0Coo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.171.1.0-213.171.2.255
213.171.11.0/24
213.171.13.0/24
213.171.16.0/20
Signature Algorithm: sha256WithRSAEncryption
ab:18:e9:fa:25:f3:89:51:c9:03:46:c3:5d:56:29:64:11:da:
b4:e7:1b:b1:9c:7d:81:76:40:a0:58:ce:b6:64:d9:d8:59:98:
6c:7c:8a:66:38:b8:2e:98:f0:f2:be:23:54:60:7a:da:ed:a3:
ab:28:b5:bf:99:44:1b:49:1b:07:0a:50:f9:a5:a3:68:a0:2d:
fd:42:2f:94:ce:3e:4f:48:8c:21:54:5a:f5:ab:e7:be:09:d3:
92:67:53:57:52:67:48:09:c8:3a:e8:12:72:4a:46:87:1d:23:
1e:5f:dc:92:c7:11:97:57:5a:42:f6:50:47:62:76:7c:4b:85:
e2:b7:1d:c9:33:4e:5b:9d:fd:c9:c8:46:09:94:aa:bb:f9:12:
54:a7:c0:09:8c:3b:63:50:34:df:aa:1b:52:d0:a9:a5:27:2e:
a3:02:dd:99:26:bb:bd:be:fd:26:ef:73:85:24:21:88:0c:82:
ff:ce:73:1a:c8:db:db:b0:0f:50:9d:5e:34:86:35:ca:b2:0f:
53:61:c1:65:2d:95:d1:4d:cc:5b:01:58:c5:5d:ee:7c:ce:a4:
87:ef:ec:34:c0:75:ce:8b:96:3b:78:cb:ff:52:62:fa:5b:48:
73:b8:cc:b7:b5:3f:21:36:0a:c8:70:da:a3:70:4e:ed:7c:0b:
e1:16:bc:29
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzGt44URgDXCT8Fms0DsrDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ODg2MDA3ZGExNzMwYjA3NzBkODYwNGRiNzNkMTJmZDI2
NGYzZjkwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGMwYmU1YmU5MzA5OTRjZjA5Njg2OWMxYTk1YmFiODQzZjQwYThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh70RVS4VAikFhCGmNTSmwnmEWdxq
2r5U8Ta37cz7xj379+zZW4lKeYFBEm8jNMedO+5eGH9K6E1rS1s0IGLwGctKQ55c
+uxusVVwR9EovWhQUWFDX9RbazYgt+uuibwt4to/3drMnFdWpx8ysGdIsMCjo00o
FdFrdj4PL45EKQkEIH9moY1MTWZyDqr7W4xFEADpP9zZa3/TgGAsrN9TOBynDUzs
twNtdh8XNrA5HA90cYGUmowNj7E3pYQCA1KV0UozO3NvdnDevGNFbbrZQE98ex03
v4yCjJNVlba4Q5umUAXbaV0OmVa5oEul8h2mX8HV1y7apGuBlaLYD+iYFQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFH3AvlvpMJlM8JaGnBqVurhD9AqKMB8GA1UdIwQY
MBaAFBiIYAfaFzCwdw2GBNtz0S/SZPP5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEt
MTY5YzgzNmJkNmIwLzEvZmNDLVcta3dtVXp3bG9hY0dwVzZ1RVAwQ29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEtMTY5YzgzNmJkNmIw
LzEvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBADVqwED
BADVqwIDBADVqwsDBADVqw0DBATVqxAwDQYJKoZIhvcNAQELBQADggEBAKsY6fol
84lRyQNGw11WKWQR2rTnG7GcfYF2QKBYzrZk2dhZmGx8imY4uC6Y8PK+I1Rgetrt
o6sotb+ZRBtJGwcKUPmlo2igLf1CL5TOPk9IjCFUWvWr574J05JnU1dSZ0gJyDro
EnJKRocdIx5f3JLHEZdXWkL2UEdidnxLheK3HckzTlud/cnIRgmUqrv5ElSnwAmM
O2NQNN+qG1LQqaUnLqMC3Zkmu72+/Sbvc4UkIYgMgv/OcxrI29uwD1CdXjSGNcqy
D1NhwWUtldFNzFsBWMVd7nzOpIfv7DTAdc6Lljt4y/9SYvpbSHO4zLe1PyE2Cshw
2qNwTu18C+EWvCk=
-----END CERTIFICATE-----
Generated at Thu Feb 29 17:38:22 2024 by rpki-client on console.sobornost.net