Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/B8T1ujLjX_kOEwEBu8suClwL7B0.roa
File: B8T1ujLjX_kOEwEBu8suClwL7B0.roa (raw, json)
Hash identifier: Lh9kDkJB26pXRrUvC8wfxpauUHzWwlEVjQAhbrxmz98=
Subject key identifier: 07:C4:F5:BA:32:E3:5F:F9:0E:13:01:01:BB:CB:2E:0A:5C:0B:EC:1D
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018FCE6F97454E38D1E9F98D1F0895A1CE13
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/B8T1ujLjX_kOEwEBu8suClwL7B0.roa
Signing time: Fri 31 May 2024 11:36:10 +0000
ROA not before: Fri 31 May 2024 11:36:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 89.46.128.0/22 maxlen: 24
89.46.232.0/21 maxlen: 24
185.18.224.0/23 maxlen: 24
188.215.40.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:ce:6f:97:45:4e:38:d1:e9:f9:8d:1f:08:95:a1:ce:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: May 31 11:36:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=07c4f5ba32e35ff90e130101bbcb2e0a5c0bec1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:74:bd:2c:e5:9e:f8:aa:69:7b:96:6c:f3:aa:
44:53:1d:76:6d:22:7b:3c:76:68:e7:ca:ee:1f:6f:
34:13:f1:b3:34:6c:9e:b4:bb:b4:b9:f0:c4:79:92:
2e:b4:4d:50:22:96:44:69:f2:43:f5:66:d7:14:f0:
18:e3:90:f8:b8:48:17:3d:43:22:cf:a6:e4:b7:4c:
b6:9a:10:06:f0:24:ca:52:cc:bf:05:9b:6a:65:d2:
48:ac:87:ce:08:84:6b:12:8e:7a:4b:dc:0c:f5:7e:
d6:bf:01:46:c9:b4:d0:4e:9e:87:00:d9:5b:62:3f:
77:bb:5f:d5:2a:93:98:24:86:7d:cf:f7:57:c2:89:
db:e5:cd:81:33:18:44:28:77:83:c2:60:e6:f7:a2:
35:dc:a2:cd:a2:a7:70:81:59:ca:21:63:6b:96:3b:
96:99:78:bf:e6:8b:65:69:3a:7c:49:a3:a3:a1:c3:
5d:1e:12:e7:19:8b:b9:42:a9:82:35:75:b4:af:d3:
7c:0e:a0:06:5d:6e:0e:5f:5e:67:4a:7b:84:e3:5e:
e4:9d:2d:68:fd:59:10:5a:98:94:5f:40:b8:95:cc:
9b:eb:79:a3:bb:dd:3e:7a:47:de:0d:5d:c5:af:d8:
c4:eb:fc:af:52:bf:35:0d:63:c1:85:8c:c0:44:1e:
e3:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:C4:F5:BA:32:E3:5F:F9:0E:13:01:01:BB:CB:2E:0A:5C:0B:EC:1D
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/B8T1ujLjX_kOEwEBu8suClwL7B0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.128.0/22
89.46.232.0/21
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
66:99:ae:ff:28:57:81:a4:54:32:14:4c:7c:76:19:89:85:cb:
00:0e:0e:23:22:43:7a:01:9d:43:04:03:02:71:94:e6:2d:d9:
3f:1e:52:cb:60:d9:4f:ae:a5:2e:38:dc:d2:b0:7a:5f:f3:10:
c8:8e:45:b9:e8:25:1f:7e:c7:85:0a:2f:a4:8b:a1:a3:7a:ef:
62:f3:c7:96:92:c0:dc:72:4e:e1:b0:ab:9c:d3:9a:c4:37:fc:
b7:57:6d:76:34:df:fe:20:30:ea:0f:82:73:9b:99:d2:b0:fc:
cc:ed:62:2f:9c:b1:1c:7c:19:53:0c:67:40:5b:de:24:17:9a:
d6:ef:2d:1c:f8:bd:77:b6:b3:88:eb:06:cd:45:5e:12:c6:c7:
3b:85:29:77:84:cf:f2:10:fd:44:7a:0d:c2:e1:79:d4:14:92:
8f:bb:63:ab:e9:f4:09:25:5a:ef:72:7e:48:be:7d:c1:af:87:
d9:3c:0b:50:59:d5:e5:bf:d1:15:13:95:d3:6c:d1:a3:d5:c4:
fb:9d:da:b9:a2:1f:1c:93:34:35:c8:18:07:ea:9f:dc:94:d5:
46:d3:8b:aa:48:f6:54:00:98:b9:4d:79:e3:2a:77:de:15:de:
30:71:fb:87:79:dd:4d:1e:f7:8f:4c:cf:82:37:c9:15:d4:8c:
0b:37:29:6b
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY/Ob5dFTjjR6fmNHwiVoc4TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwNTMxMTEzNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2M0ZjViYTMyZTM1ZmY5MGUxMzAxMDFiYmNiMmUwYTVjMGJlYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnS9LOWe+Kppe5Zs86pEUx12bSJ7
PHZo58ruH280E/GzNGyetLu0ufDEeZIutE1QIpZEafJD9WbXFPAY45D4uEgXPUMi
z6bkt0y2mhAG8CTKUsy/BZtqZdJIrIfOCIRrEo56S9wM9X7WvwFGybTQTp6HANlb
Yj93u1/VKpOYJIZ9z/dXwonb5c2BMxhEKHeDwmDm96I13KLNoqdwgVnKIWNrljuW
mXi/5otlaTp8SaOjocNdHhLnGYu5QqmCNXW0r9N8DqAGXW4OX15nSnuE417knS1o
/VkQWpiUX0C4lcyb63mju90+ekfeDV3Fr9jE6/yvUr81DWPBhYzARB7j8wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAfE9boy41/5DhMBAbvLLgpcC+wdMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0I4VDF1akxqWF9rT0V3RUJ1OHN1Q2x3TDdCMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBAJZLoAD
BANZLugDBAG5EuADBAK81ygwDQYJKoZIhvcNAQELBQADggEBAGaZrv8oV4GkVDIU
THx2GYmFywAODiMiQ3oBnUMEAwJxlOYt2T8eUstg2U+upS443NKwel/zEMiORbno
JR9+x4UKL6SLoaN672Lzx5aSwNxyTuGwq5zTmsQ3/LdXbXY03/4gMOoPgnObmdKw
/MztYi+csRx8GVMMZ0Bb3iQXmtbvLRz4vXe2s4jrBs1FXhLGxzuFKXeEz/IQ/UR6
DcLhedQUko+7Y6vp9AklWu9yfki+fcGvh9k8C1BZ1eW/0RUTldNs0aPVxPud2rmi
HxyTNDXIGAfqn9yU1UbTi6pI9lQAmLlNeeMqd94V3jBx+4d53U0e949Mz4I3yRXU
jAs3KWs=
-----END CERTIFICATE-----
Generated at Mon Jun 17 17:38:11 2024 by rpki-client on console-fra.rpki-client.org