Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/aB9PCcw7sb_ubc8hEqJ5vt5sqGg.roa
File: aB9PCcw7sb_ubc8hEqJ5vt5sqGg.roa (raw, json)
Hash identifier: 9hMe5lWhVPKo5AtbWkD9mo7xMKkY/l+1X9lPp1A8Gzk=
Subject key identifier: 68:1F:4F:09:CC:3B:B1:BF:EE:6D:CF:21:12:A2:79:BE:DE:6C:A8:68
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018C14EEC554FEC6A66468E614940FE6418E
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/aB9PCcw7sb_ubc8hEqJ5vt5sqGg.roa
Signing time: Tue 28 Nov 2023 07:57:21 +0000
ROA not before: Tue 28 Nov 2023 07:57:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12302
IP address blocks: 31.14.34.0/24 maxlen: 24
31.14.49.0/24 maxlen: 24
89.45.44.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:14:ee:c5:54:fe:c6:a6:64:68:e6:14:94:0f:e6:41:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Nov 28 07:57:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=681f4f09cc3bb1bfee6dcf2112a279bede6ca868
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:08:f6:f1:6a:93:b6:17:7c:d6:ef:e0:68:68:
fd:c5:88:d2:14:da:40:b3:66:b9:fc:a6:d2:7d:64:
6a:b8:b1:88:4a:0e:18:b2:f0:f2:c2:80:5a:32:0e:
19:48:6a:ec:ae:a5:61:a1:dd:60:eb:1c:7d:3e:0f:
d1:82:a2:29:e3:4f:2e:b9:6a:da:db:3d:ff:db:72:
f1:df:73:86:37:f9:fa:75:cb:75:a3:b0:75:6d:2b:
51:79:cd:4c:d3:d8:56:eb:51:68:d5:1a:2f:e4:c6:
f1:28:a5:9b:70:a4:b0:d4:c5:57:2d:f8:cb:02:33:
9d:75:ca:bd:5b:a7:fd:be:81:f2:60:4d:d3:61:e0:
6e:85:34:23:0a:f3:b7:84:60:2d:2d:1f:49:ee:b7:
fd:fb:ea:af:0b:99:fa:e6:dd:80:88:81:77:a2:17:
79:93:26:39:0b:d7:21:a0:ca:6d:c8:b7:d0:d9:2f:
17:2a:a1:3b:b7:bd:7d:38:8f:1b:72:b3:30:88:ec:
10:9e:45:2e:aa:c7:fc:88:74:1e:9c:6e:8d:72:65:
ab:97:01:72:4f:2e:79:7d:25:3f:d8:6f:e1:89:3a:
81:89:05:d9:f2:2f:14:97:b5:f6:fd:f9:ea:76:c3:
d6:2d:78:7e:00:8f:27:d2:cc:3a:5e:68:73:b2:ec:
a2:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:1F:4F:09:CC:3B:B1:BF:EE:6D:CF:21:12:A2:79:BE:DE:6C:A8:68
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/aB9PCcw7sb_ubc8hEqJ5vt5sqGg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.34.0/24
31.14.49.0/24
89.45.44.0/23
Signature Algorithm: sha256WithRSAEncryption
49:07:35:07:b9:65:71:f1:f3:1e:3f:1c:7f:ef:20:86:93:8d:
cc:57:3b:2f:10:cc:e6:70:b4:78:f0:44:08:3a:79:8e:e0:82:
9a:7d:7d:9b:d8:86:b4:27:e4:90:0a:2f:04:17:f7:54:52:2c:
60:17:c7:e2:d7:aa:ff:c8:17:b2:46:12:9a:f9:82:5c:c8:e2:
99:93:ba:55:02:c8:de:43:d3:20:7a:b1:6c:77:65:89:d4:af:
71:80:6a:f3:b3:3a:84:1b:3e:6c:15:7f:0d:9f:17:d9:63:da:
06:f8:78:7e:f3:2f:fa:1a:6b:55:01:79:89:ff:32:4b:09:ed:
f6:17:0c:71:39:fb:27:0e:08:e3:40:3c:a6:ea:c6:06:fd:d7:
95:97:b6:72:c4:82:82:b3:ce:e2:7e:e4:56:13:82:52:13:bd:
2a:3f:cb:ab:3a:e2:0a:1e:d0:1d:04:54:bc:b1:11:92:e1:d8:
92:3b:ab:ad:66:09:42:d6:7c:27:46:df:ae:88:41:2a:91:0e:
a3:50:d0:0d:cb:6c:c9:d7:03:57:93:96:06:33:3e:0d:09:74:
d8:ba:11:1d:78:e3:5f:f6:d6:27:b3:64:08:cc:14:0a:36:e2:
85:dd:2a:bc:05:61:c6:00:5e:d8:a5:aa:f2:99:74:38:bb:c4:
0c:61:73:ee
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYwU7sVU/samZGjmFJQP5kGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMxMTI4MDc1NzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODFmNGYwOWNjM2JiMWJmZWU2ZGNmMjExMmEyNzliZWRlNmNhODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgj28WqTthd81u/gaGj9xYjSFNpA
s2a5/KbSfWRquLGISg4YsvDywoBaMg4ZSGrsrqVhod1g6xx9Pg/RgqIp408uuWra
2z3/23Lx33OGN/n6dct1o7B1bStRec1M09hW61Fo1Rov5MbxKKWbcKSw1MVXLfjL
AjOddcq9W6f9voHyYE3TYeBuhTQjCvO3hGAtLR9J7rf9++qvC5n65t2AiIF3ohd5
kyY5C9choMptyLfQ2S8XKqE7t719OI8bcrMwiOwQnkUuqsf8iHQenG6NcmWrlwFy
Ty55fSU/2G/hiTqBiQXZ8i8Ul7X2/fnqdsPWLXh+AI8n0sw6XmhzsuyiewIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGgfTwnMO7G/7m3PIRKieb7ebKhoMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2FCOVBDY3c3c2JfdWJjOGhFcUo1dnQ1c3FHZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAfDiID
BAAfDjEDBAFZLSwwDQYJKoZIhvcNAQELBQADggEBAEkHNQe5ZXHx8x4/HH/vIIaT
jcxXOy8QzOZwtHjwRAg6eY7ggpp9fZvYhrQn5JAKLwQX91RSLGAXx+LXqv/IF7JG
Epr5glzI4pmTulUCyN5D0yB6sWx3ZYnUr3GAavOzOoQbPmwVfw2fF9lj2gb4eH7z
L/oaa1UBeYn/MksJ7fYXDHE5+ycOCONAPKbqxgb915WXtnLEgoKzzuJ+5FYTglIT
vSo/y6s64goe0B0EVLyxEZLh2JI7q61mCULWfCdG366IQSqRDqNQ0A3LbMnXA1eT
lgYzPg0JdNi6ER1441/21iezZAjMFAo24oXdKrwFYcYAXtilqvKZdDi7xAxhc+4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:42 2024 by rpki-client on console-fra.rpki-client.org