Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rERuUAXQ3hU5way3-Vq4B-s0tsI.roa
File: rERuUAXQ3hU5way3-Vq4B-s0tsI.roa (raw, json)
Hash identifier: 3T1NKIK6OmgzEUffiewqocDFOFTVRLbArK1s/+uHiXE=
Subject key identifier: AC:44:6E:50:05:D0:DE:15:39:C1:AC:B7:F9:5A:B8:07:EB:34:B6:C2
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018AAD1FCB9D78F081BCD75479CE90F854A3
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rERuUAXQ3hU5way3-Vq4B-s0tsI.roa
Signing time: Tue 19 Sep 2023 11:07:36 +0000
ROA not before: Tue 19 Sep 2023 11:07:36 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 89.39.94.0/23 maxlen: 24
185.18.224.0/23 maxlen: 24
89.45.228.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
89.40.222.0/23 maxlen: 24
93.115.108.0/24 maxlen: 24
89.46.232.0/21 maxlen: 24
89.46.128.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ad:1f:cb:9d:78:f0:81:bc:d7:54:79:ce:90:f8:54:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Sep 19 11:07:36 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac446e5005d0de1539c1acb7f95ab807eb34b6c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:c0:e4:0b:73:b7:90:53:16:87:d5:1f:b4:70:
3a:15:d1:07:24:f7:f8:64:35:bb:93:b9:04:c3:aa:
18:76:c9:58:82:7e:0f:35:ef:be:9b:e0:0a:e5:91:
e9:05:93:29:57:5e:b8:49:7d:56:c6:77:fa:d0:86:
da:50:cb:ce:7c:07:4e:0d:a4:23:30:c1:32:36:d0:
63:11:77:25:23:58:47:c0:f3:b7:1f:bd:9e:f8:bb:
a5:7a:82:cd:29:d1:87:cf:b1:43:5d:ac:23:ed:d8:
cc:fe:12:00:d2:48:69:5b:1b:53:1e:ef:6b:9a:78:
d9:64:2d:03:ba:ef:8e:47:47:88:de:74:c8:2b:cb:
9a:28:75:c7:19:31:81:62:29:e8:56:02:7a:9d:f1:
f4:53:a9:15:69:5b:55:50:f1:e8:c4:ec:77:bd:8f:
1c:42:b1:47:9b:4a:ca:eb:10:b7:dc:a6:db:f4:87:
cc:46:aa:47:8d:5c:ae:2a:ea:69:28:74:33:2a:1c:
32:8e:3b:a1:f3:a6:c5:de:74:54:b2:dc:82:a0:37:
15:c5:fc:d8:48:df:29:05:96:eb:81:1a:af:ab:a8:
ed:45:65:5f:f9:79:58:3c:6c:19:4d:6d:50:37:4c:
e7:ed:0c:43:bc:8f:11:e6:d7:7c:c4:b4:54:67:94:
71:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:44:6E:50:05:D0:DE:15:39:C1:AC:B7:F9:5A:B8:07:EB:34:B6:C2
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rERuUAXQ3hU5way3-Vq4B-s0tsI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.39.94.0/23
89.40.222.0/23
89.45.228.0/24
89.46.128.0/22
89.46.232.0/21
93.115.108.0/24
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
47:13:ef:ce:24:7c:91:ba:57:58:51:04:81:1c:04:dd:bc:f1:
3d:0e:b8:a7:f6:5d:12:45:e3:68:0c:87:57:ee:9f:67:54:c6:
10:2b:08:8b:91:3b:72:f0:26:9b:ac:47:4b:b3:12:ea:d5:d0:
9f:5b:1d:f1:15:03:19:bf:94:e5:f7:4f:43:e2:7a:67:75:96:
89:55:be:5f:fe:7b:68:c7:ce:38:5e:37:58:5f:86:95:d9:e8:
6a:30:96:a6:e0:6f:1c:3b:b4:cd:55:31:7c:7c:9e:94:a0:29:
f4:d8:ee:e4:06:11:33:ab:e2:5f:9c:b0:5f:a5:40:d2:f8:39:
f6:07:8d:f0:75:dd:e9:7e:7f:d9:63:74:92:92:3e:d3:f4:86:
0b:f0:f2:7e:1f:d4:ba:74:4d:87:8b:f3:98:2b:80:62:58:ee:
53:3f:56:f6:0b:33:2f:3d:4c:11:f3:a3:f0:ad:87:22:32:7b:
5c:69:23:c6:a2:74:90:8e:70:1d:55:94:a1:ee:c1:a9:f4:b5:
77:11:ac:1e:aa:19:49:be:7a:24:88:57:2e:9f:ac:41:42:04:
6c:9c:6f:1d:31:d1:6a:17:e1:16:ce:7d:b8:58:50:c7:8f:48:
4e:fe:a8:3c:75:06:28:3a:a7:be:d1:8e:8e:83:ae:e7:55:fb:
e2:80:ef:0c
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYqtH8udePCBvNdUec6Q+FSjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwOTE5MTEwNzM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ0NmU1MDA1ZDBkZTE1MzljMWFjYjdmOTVhYjgwN2ViMzRiNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8DkC3O3kFMWh9UftHA6FdEHJPf4
ZDW7k7kEw6oYdslYgn4PNe++m+AK5ZHpBZMpV164SX1Wxnf60IbaUMvOfAdODaQj
MMEyNtBjEXclI1hHwPO3H72e+LuleoLNKdGHz7FDXawj7djM/hIA0khpWxtTHu9r
mnjZZC0Duu+OR0eI3nTIK8uaKHXHGTGBYinoVgJ6nfH0U6kVaVtVUPHoxOx3vY8c
QrFHm0rK6xC33Kbb9IfMRqpHjVyuKuppKHQzKhwyjjuh86bF3nRUstyCoDcVxfzY
SN8pBZbrgRqvq6jtRWVf+XlYPGwZTW1QN0zn7QxDvI8R5td8xLRUZ5RxEwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKxEblAF0N4VOcGst/lauAfrNLbCMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3JFUnVVQVhRM2hVNXdheTMtVnE0Qi1zMHRzSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBAFZJ14D
BAFZKN4DBABZLeQDBAJZLoADBANZLugDBABdc2wDBAG5EuADBAK81ygwDQYJKoZI
hvcNAQELBQADggEBAEcT784kfJG6V1hRBIEcBN288T0OuKf2XRJF42gMh1fun2dU
xhArCIuRO3LwJpusR0uzEurV0J9bHfEVAxm/lOX3T0Piemd1lolVvl/+e2jHzjhe
N1hfhpXZ6Gowlqbgbxw7tM1VMXx8npSgKfTY7uQGETOr4l+csF+lQNL4OfYHjfB1
3el+f9ljdJKSPtP0hgvw8n4f1Lp0TYeL85grgGJY7lM/VvYLMy89TBHzo/CthyIy
e1xpI8aidJCOcB1VlKHuwan0tXcRrB6qGUm+eiSIVy6frEFCBGycbx0x0WoX4RbO
fbhYUMePSE7+qDx1Big6p77Rjo6DrudV++KA7ww=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:53 2024 by rpki-client on console-ams.rpki-client.org