Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/5USzo3QIeG616IUlkHZLpPurObY.roa
File: 5USzo3QIeG616IUlkHZLpPurObY.roa (raw, json)
Hash identifier: 2G3n6XGUwz+szUPn6D5Ur5MPAi54shlDeZKbBV3SHik=
Subject key identifier: E5:44:B3:A3:74:08:78:6E:B5:E8:85:25:90:76:4B:A4:FB:AB:39:B6
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018D79640981516B3FE2472ABAAE28584A7D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/5USzo3QIeG616IUlkHZLpPurObY.roa
Signing time: Mon 05 Feb 2024 13:10:15 +0000
ROA not before: Mon 05 Feb 2024 13:10:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12302
IP address blocks: 31.14.34.0/24 maxlen: 24
31.14.49.0/24 maxlen: 24
86.104.193.0/24 maxlen: 24
89.37.142.0/24 maxlen: 24
89.45.44.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:79:64:09:81:51:6b:3f:e2:47:2a:ba:ae:28:58:4a:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Feb 5 13:10:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e544b3a37408786eb5e8852590764ba4fbab39b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:28:72:78:0c:ba:3f:be:be:5e:b2:1e:d9:e5:
99:8c:8f:c8:0f:17:1f:16:36:cb:14:4a:31:b7:ad:
e0:f0:f0:9e:22:2f:6f:0d:a0:8f:2c:9b:5b:b0:74:
a2:11:02:4e:b8:23:84:fb:04:fd:0b:5a:9f:7e:db:
ef:7f:67:7c:c0:22:2f:df:d3:21:ae:cc:a9:af:fc:
61:16:ce:d9:01:d8:a5:3e:0e:d0:c0:27:cf:e3:2c:
e7:f7:34:f4:f9:ad:18:b2:93:c0:b0:51:af:af:0c:
ce:c7:de:7c:3a:c3:dc:d5:d7:ba:83:f6:1c:25:93:
c1:fb:ef:02:34:a2:8c:83:46:c4:0f:4a:46:53:80:
f8:44:ec:90:2d:6f:48:77:e2:b3:2d:52:77:67:41:
40:5d:19:f6:ac:54:c8:4c:12:cc:f2:da:bc:b3:8e:
34:4b:06:77:6e:0b:6f:25:c3:83:ab:dc:cd:f5:69:
54:9f:42:4c:42:10:14:49:17:e7:90:5e:16:82:d5:
00:48:19:74:1e:0c:1c:c3:75:68:b7:cd:5a:19:48:
7e:71:b6:56:85:5f:34:7c:df:c5:12:12:fc:ea:9e:
7a:d8:f1:5e:65:79:64:00:84:38:71:8f:ea:ef:b8:
2b:9f:86:c7:e5:d1:34:c2:a7:b8:e2:24:0f:17:4b:
35:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:44:B3:A3:74:08:78:6E:B5:E8:85:25:90:76:4B:A4:FB:AB:39:B6
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/5USzo3QIeG616IUlkHZLpPurObY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.34.0/24
31.14.49.0/24
86.104.193.0/24
89.37.142.0/24
89.45.44.0/23
Signature Algorithm: sha256WithRSAEncryption
4f:0d:3a:44:b9:03:3b:b5:c7:59:8a:8f:7f:90:82:a1:33:76:
77:83:53:51:06:e3:49:fc:d6:ad:ba:88:6f:2f:9b:47:13:56:
3c:d0:51:f9:46:55:57:8e:f3:6c:2e:5d:48:ee:9b:fc:77:90:
20:c5:64:77:9d:dc:fd:1e:07:91:58:76:c8:68:88:01:62:b1:
bb:77:f3:70:ad:2f:ef:f3:95:25:4f:46:c5:60:a0:41:f1:f5:
ee:76:89:e2:07:30:d1:b8:f9:41:df:7f:65:b6:ac:73:6c:b4:
21:45:85:ad:a0:21:40:5c:4a:e0:06:91:ba:6c:cb:b1:2b:05:
57:3a:09:43:69:d9:66:63:93:d3:2f:21:f6:e4:c0:30:7b:7d:
10:32:85:32:f9:0c:48:97:4a:fd:4d:d6:dd:78:da:e3:ac:bd:
d1:cd:8b:3b:64:06:86:18:19:a7:fa:d9:f0:72:03:43:7c:9b:
a5:2f:e5:15:27:ab:6b:66:c8:c9:5a:78:fd:59:a9:39:87:33:
49:a2:08:d1:a5:c7:ef:fe:5b:90:78:5c:a5:01:8f:b0:77:a6:
85:57:a2:e1:58:5f:26:c6:12:5d:4e:29:3d:c9:1c:a4:87:bf:
92:9b:dc:4f:57:96:27:5c:2f:53:8e:cd:b6:2e:68:49:64:0f:
6a:88:0c:5d
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY15ZAmBUWs/4kcquq4oWEp9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMjA1MTMxMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTQ0YjNhMzc0MDg3ODZlYjVlODg1MjU5MDc2NGJhNGZiYWIzOWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvShyeAy6P76+XrIe2eWZjI/IDxcf
FjbLFEoxt63g8PCeIi9vDaCPLJtbsHSiEQJOuCOE+wT9C1qfftvvf2d8wCIv39Mh
rsypr/xhFs7ZAdilPg7QwCfP4yzn9zT0+a0YspPAsFGvrwzOx958OsPc1de6g/Yc
JZPB++8CNKKMg0bED0pGU4D4ROyQLW9Id+KzLVJ3Z0FAXRn2rFTITBLM8tq8s440
SwZ3bgtvJcODq9zN9WlUn0JMQhAUSRfnkF4WgtUASBl0Hgwcw3Vot81aGUh+cbZW
hV80fN/FEhL86p562PFeZXlkAIQ4cY/q77grn4bH5dE0wqe44iQPF0s13wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOVEs6N0CHhuteiFJZB2S6T7qzm2MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzVVU3pvM1FJZUc2MTZJVWxrSFpMcFB1ck9iWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBAAfDiID
BAAfDjEDBABWaMEDBABZJY4DBAFZLSwwDQYJKoZIhvcNAQELBQADggEBAE8NOkS5
Azu1x1mKj3+QgqEzdneDU1EG40n81q26iG8vm0cTVjzQUflGVVeO82wuXUjum/x3
kCDFZHed3P0eB5FYdshoiAFisbt383CtL+/zlSVPRsVgoEHx9e52ieIHMNG4+UHf
f2W2rHNstCFFha2gIUBcSuAGkbpsy7ErBVc6CUNp2WZjk9MvIfbkwDB7fRAyhTL5
DEiXSv1N1t142uOsvdHNiztkBoYYGaf62fByA0N8m6Uv5RUnq2tmyMlaeP1ZqTmH
M0miCNGlx+/+W5B4XKUBj7B3poVXouFYXybGEl1OKT3JHKSHv5Kb3E9XlidcL1OO
zbYuaElkD2qIDF0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:42 2024 by rpki-client on console-fra.rpki-client.org