Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/3wI6uTfP0OA3X01WoBJjvszu2vE.roa
File: 3wI6uTfP0OA3X01WoBJjvszu2vE.roa (raw, json)
Hash identifier: 5LKzOnD4YdSR1bXDKtPZNoielNRoMhYmbjm3Q4Ch4hw=
Subject key identifier: DF:02:3A:B9:37:CF:D0:E0:37:5F:4D:56:A0:12:63:BE:CC:EE:DA:F1
Certificate issuer: /CN=96b8121d556df453456553dcb45c4143f4cdd213
Certificate serial: 018BF6BECE5B2F1E15B93734B35D587433DF
Authority key identifier: 96:B8:12:1D:55:6D:F4:53:45:65:53:DC:B4:5C:41:43:F4:CD:D2:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lrgSHVVt9FNFZVPctFxBQ_TN0hM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/3wI6uTfP0OA3X01WoBJjvszu2vE.roa
Signing time: Wed 22 Nov 2023 11:16:21 +0000
ROA not before: Wed 22 Nov 2023 11:16:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9123
IP address blocks: 89.19.213.0/24 maxlen: 24
89.19.208.0/24 maxlen: 24
89.19.209.0/24 maxlen: 24
89.19.210.0/24 maxlen: 24
89.19.211.0/24 maxlen: 24
89.19.212.0/24 maxlen: 24
89.19.214.0/24 maxlen: 24
89.19.215.0/24 maxlen: 24
89.19.216.0/24 maxlen: 24
89.19.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:f6:be:ce:5b:2f:1e:15:b9:37:34:b3:5d:58:74:33:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96b8121d556df453456553dcb45c4143f4cdd213
Validity
Not Before: Nov 22 11:16:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=df023ab937cfd0e0375f4d56a01263becceedaf1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:26:b6:ba:e1:5b:e4:12:a4:b7:e6:24:a6:d6:
41:2a:47:ad:b6:9c:94:e0:3e:4b:66:ef:46:95:f8:
37:9a:8c:9e:55:96:88:af:78:40:06:35:46:bf:62:
e6:a7:37:6f:37:31:10:f7:a8:31:8b:00:88:45:d7:
5a:3f:b5:d1:71:bf:74:a3:22:e4:af:88:3c:db:1a:
0b:32:6a:bc:7c:93:ca:f7:f1:18:29:ec:a2:4d:f1:
7f:e9:5a:5a:2b:a6:59:fe:c1:92:f4:7a:62:d4:a1:
ae:3b:c3:c2:5c:e5:fd:31:b5:86:23:e5:ff:e5:5a:
76:b7:b4:d2:8d:02:2b:14:57:e7:99:5c:e1:f5:36:
f7:9d:c5:14:57:68:04:a5:77:c6:b4:a2:a5:2d:35:
1a:65:e4:8b:25:20:24:59:71:32:9e:79:08:1e:02:
3f:71:54:df:e1:81:6b:05:1c:c5:8f:ba:4e:c5:f2:
ba:e0:98:ed:e5:23:a6:18:3c:30:66:bd:a9:6c:94:
7a:13:90:a7:dd:cd:ca:f0:5f:63:82:c9:ba:60:75:
13:0c:cd:f3:24:e0:37:a1:e8:64:18:f5:8b:8b:29:
08:ea:63:cf:1b:bc:c3:a0:6a:b1:34:3a:9d:cf:cc:
2b:b3:67:2e:8d:b5:52:c2:d7:89:a9:7c:2a:18:f8:
25:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:02:3A:B9:37:CF:D0:E0:37:5F:4D:56:A0:12:63:BE:CC:EE:DA:F1
X509v3 Authority Key Identifier:
keyid:96:B8:12:1D:55:6D:F4:53:45:65:53:DC:B4:5C:41:43:F4:CD:D2:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lrgSHVVt9FNFZVPctFxBQ_TN0hM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/3wI6uTfP0OA3X01WoBJjvszu2vE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/lrgSHVVt9FNFZVPctFxBQ_TN0hM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.19.208.0-89.19.217.255
Signature Algorithm: sha256WithRSAEncryption
aa:6f:1e:25:07:06:36:55:ec:55:35:1f:6a:6a:fc:96:20:60:
52:e0:63:f8:0a:a5:9b:13:45:7e:3f:bf:57:fe:5c:34:40:50:
16:b6:6c:d1:aa:fa:1a:3f:6c:03:78:9e:a6:c6:24:c8:90:1d:
2b:1f:9a:63:17:0b:65:29:b5:ae:67:40:c1:b0:57:c2:8e:5d:
9a:06:32:71:5a:17:65:12:78:55:cd:7b:f6:05:59:33:53:de:
89:1c:29:57:b2:73:d4:65:37:51:b2:d0:55:74:9a:2e:31:67:
b1:bc:cf:75:e5:a3:17:76:a1:de:8c:06:88:e1:d5:25:94:e7:
11:d3:5e:33:bc:a6:53:e1:72:32:10:d2:84:b0:b0:fb:3d:04:
36:d8:a4:a7:a2:aa:97:d3:cb:40:41:0a:a1:8f:de:fc:f8:3a:
f2:fd:0b:42:48:17:71:a0:f4:5c:c8:11:8f:b1:85:dd:15:3f:
c9:3d:28:d7:66:68:f4:d5:49:9d:db:93:91:c0:b2:be:a5:aa:
b9:df:47:ba:7e:e2:da:06:cd:12:d5:42:38:14:96:34:09:76:
bb:99:3a:50:f1:88:f4:4d:1e:d9:79:8c:ee:8c:99:4c:f9:2a:
de:ca:a3:bb:49:fa:af:e7:15:39:89:9a:59:5c:32:43:ac:7d:
1e:4e:c7:b9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYv2vs5bLx4VuTc0s11YdDPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YjgxMjFkNTU2ZGY0NTM0NTY1NTNkY2I0NWM0MTQzZjRj
ZGQyMTMwHhcNMjMxMTIyMTExNjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjAyM2FiOTM3Y2ZkMGUwMzc1ZjRkNTZhMDEyNjNiZWNjZWVkYWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApia2uuFb5BKkt+YkptZBKkettpyU
4D5LZu9Glfg3moyeVZaIr3hABjVGv2LmpzdvNzEQ96gxiwCIRddaP7XRcb90oyLk
r4g82xoLMmq8fJPK9/EYKeyiTfF/6VpaK6ZZ/sGS9Hpi1KGuO8PCXOX9MbWGI+X/
5Vp2t7TSjQIrFFfnmVzh9Tb3ncUUV2gEpXfGtKKlLTUaZeSLJSAkWXEynnkIHgI/
cVTf4YFrBRzFj7pOxfK64Jjt5SOmGDwwZr2pbJR6E5Cn3c3K8F9jgsm6YHUTDM3z
JOA3oehkGPWLiykI6mPPG7zDoGqxNDqdz8wrs2cujbVSwteJqXwqGPglSwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFN8COrk3z9DgN19NVqASY77M7trxMB8GA1UdIwQY
MBaAFJa4Eh1VbfRTRWVT3LRcQUP0zdITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJnU0hWVnQ5Rk5GWlZQY3RGeEJRX1ROMGhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kNjY1ZTYtZjk1ZC00MzQ3LTg1NjUt
ZDRmNTMxN2M1ODMwLzEvM3dJNnVUZlAwT0EzWDAxV29CSmp2c3p1MnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kNjY1ZTYtZjk1ZC00MzQ3LTg1NjUtZDRmNTMxN2M1ODMw
LzEvbHJnU0hWVnQ5Rk5GWlZQY3RGeEJRX1ROMGhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARZE9AD
BAFZE9gwDQYJKoZIhvcNAQELBQADggEBAKpvHiUHBjZV7FU1H2pq/JYgYFLgY/gK
pZsTRX4/v1f+XDRAUBa2bNGq+ho/bAN4nqbGJMiQHSsfmmMXC2Upta5nQMGwV8KO
XZoGMnFaF2USeFXNe/YFWTNT3okcKVeyc9RlN1Gy0FV0mi4xZ7G8z3Xloxd2od6M
Bojh1SWU5xHTXjO8plPhcjIQ0oSwsPs9BDbYpKeiqpfTy0BBCqGP3vz4OvL9C0JI
F3Gg9FzIEY+xhd0VP8k9KNdmaPTVSZ3bk5HAsr6lqrnfR7p+4toGzRLVQjgUljQJ
druZOlDxiPRNHtl5jO6MmUz5Kt7Ko7tJ+q/nFTmJmllcMkOsfR5Ox7k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:54 2024 by rpki-client on console-ams.rpki-client.org