Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/358416-2752-4159-add6-cc3fb351e336/1/DKRXjeM9flU1JMJDLegBsjXPrAo.roa
File: DKRXjeM9flU1JMJDLegBsjXPrAo.roa (raw, json)
Hash identifier: 3/HQJL+wkru+7pz6XKtv059oc5dtR7N3Z+D54pvxUlw=
Subject key identifier: 0C:A4:57:8D:E3:3D:7E:55:35:24:C2:43:2D:E8:01:B2:35:CF:AC:0A
Certificate issuer: /CN=059b86f99e2d6bde14fa8799de71ce41b98020b9
Certificate serial: 01948DE6724593AAA93E8AE80A25722DCBA5
Authority key identifier: 05:9B:86:F9:9E:2D:6B:DE:14:FA:87:99:DE:71:CE:41:B9:80:20:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BZuG-Z4ta94U-oeZ3nHOQbmAILk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/358416-2752-4159-add6-cc3fb351e336/1/DKRXjeM9flU1JMJDLegBsjXPrAo.roa
Signing time: Wed 22 Jan 2025 12:04:37 +0000
ROA not before: Wed 22 Jan 2025 12:04:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209984
IP address blocks: 89.40.238.0/24 maxlen: 24
89.43.72.0/24 maxlen: 24
89.43.198.0/24 maxlen: 24
89.44.145.0/24 maxlen: 24
185.237.136.0/22 maxlen: 24
185.249.232.0/24 maxlen: 24
185.253.145.0/24 maxlen: 24
185.253.146.0/24 maxlen: 24
193.39.95.0/24 maxlen: 24
194.15.219.0/24 maxlen: 24
194.15.232.0/24 maxlen: 24
194.15.236.0/24 maxlen: 24
194.26.1.0/24 maxlen: 24
2a06:ce00::/29 maxlen: 29
2a0c:1380::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8d:e6:72:45:93:aa:a9:3e:8a:e8:0a:25:72:2d:cb:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=059b86f99e2d6bde14fa8799de71ce41b98020b9
Validity
Not Before: Jan 22 12:04:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ca4578de33d7e553524c2432de801b235cfac0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:05:1a:7c:12:38:8d:00:c1:a4:9a:33:9b:b1:
78:98:85:ba:b3:f4:49:11:e1:0c:09:0b:67:b5:24:
5d:ae:df:7d:1c:19:7f:80:cb:82:50:e4:a5:f1:cd:
a4:de:09:2f:a7:83:32:4d:9c:ab:6b:b7:ae:ce:c5:
5d:75:98:16:f1:67:da:4c:5a:cb:d9:56:ed:75:3a:
a4:f9:17:98:33:8c:c1:97:c1:5c:50:3d:d5:bf:53:
e3:4d:eb:c0:b1:b9:4f:4e:07:38:37:91:2a:63:4f:
d6:76:79:f4:0d:ff:62:91:00:4a:6a:5b:dd:b9:44:
73:68:48:f5:33:e5:d6:23:40:62:e7:5d:f9:11:f5:
55:ac:5b:c6:85:9f:98:bd:ca:a9:74:4b:be:90:2b:
89:62:34:5f:d6:d9:8d:ed:3e:e2:95:9f:f8:03:5e:
62:a9:3b:03:26:3a:12:85:17:e8:e0:5d:11:bf:b4:
d5:24:d4:2c:a3:7c:65:d7:52:91:a2:6b:f8:c1:0c:
28:f9:0d:0e:95:17:53:8c:b2:aa:72:4b:df:1f:05:
eb:91:5c:d3:67:e8:19:bb:88:c2:88:90:dc:a7:9a:
f6:17:01:27:60:a2:0a:0f:da:10:1b:f5:2b:ff:ba:
c6:e9:c3:4d:59:ea:19:ee:12:96:63:89:ee:2f:ed:
8d:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:A4:57:8D:E3:3D:7E:55:35:24:C2:43:2D:E8:01:B2:35:CF:AC:0A
X509v3 Authority Key Identifier:
keyid:05:9B:86:F9:9E:2D:6B:DE:14:FA:87:99:DE:71:CE:41:B9:80:20:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZuG-Z4ta94U-oeZ3nHOQbmAILk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/358416-2752-4159-add6-cc3fb351e336/1/DKRXjeM9flU1JMJDLegBsjXPrAo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/358416-2752-4159-add6-cc3fb351e336/1/BZuG-Z4ta94U-oeZ3nHOQbmAILk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.238.0/24
89.43.72.0/24
89.43.198.0/24
89.44.145.0/24
185.237.136.0/22
185.249.232.0/24
185.253.145.0-185.253.146.255
193.39.95.0/24
194.15.219.0/24
194.15.232.0/24
194.15.236.0/24
194.26.1.0/24
IPv6:
2a06:ce00::/29
2a0c:1380::/29
Signature Algorithm: sha256WithRSAEncryption
4d:32:66:53:91:c3:18:ac:ca:b5:2d:64:14:93:71:b8:9a:b2:
00:4d:be:23:34:b1:1a:3b:36:0c:18:39:c7:66:f6:72:40:7c:
8f:22:0b:ff:2d:9f:9e:05:f3:aa:30:8d:ee:ad:66:18:ba:ce:
26:44:3e:12:6d:8a:a9:70:3d:72:2d:f7:f9:8f:83:9a:29:0f:
c6:ca:4c:4f:ef:ab:e2:8e:79:d3:01:ab:d0:98:79:7a:c7:36:
51:5d:4a:bb:62:49:35:8b:13:a4:95:e8:0f:33:e7:68:13:70:
ad:7f:8f:93:ce:94:d5:7f:77:a1:a4:18:12:68:be:f4:d5:a9:
4e:02:1b:12:ba:46:7b:df:81:da:ac:ed:5c:fd:a7:0f:58:28:
91:cf:a9:f4:9f:55:6b:65:13:e0:d4:68:59:be:a9:d7:ea:ed:
a7:6b:cf:b1:74:89:18:f2:62:32:fa:db:c2:04:a2:9c:4e:3d:
4c:c0:c5:90:22:af:ed:72:b1:e5:03:d8:3d:b6:0f:66:69:7a:
87:8d:e0:1a:4e:55:9a:ab:d5:39:45:55:4e:e5:e2:4a:78:7f:
05:35:69:c0:cd:93:8c:c5:1e:3f:c6:c4:ce:68:64:46:70:c1:
fa:50:b3:2c:14:45:ba:c8:c4:80:a1:2b:90:8e:95:00:62:3a:
9b:fc:39:0c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZSN5nJFk6qpPoroCiVyLculMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OWI4NmY5OWUyZDZiZGUxNGZhODc5OWRlNzFjZTQxYjk4
MDIwYjkwHhcNMjUwMTIyMTIwNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2E0NTc4ZGUzM2Q3ZTU1MzUyNGMyNDMyZGU4MDFiMjM1Y2ZhYzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwUafBI4jQDBpJozm7F4mIW6s/RJ
EeEMCQtntSRdrt99HBl/gMuCUOSl8c2k3gkvp4MyTZyra7euzsVddZgW8WfaTFrL
2VbtdTqk+ReYM4zBl8FcUD3Vv1PjTevAsblPTgc4N5EqY0/Wdnn0Df9ikQBKalvd
uURzaEj1M+XWI0Bi5135EfVVrFvGhZ+YvcqpdEu+kCuJYjRf1tmN7T7ilZ/4A15i
qTsDJjoShRfo4F0Rv7TVJNQso3xl11KRomv4wQwo+Q0OlRdTjLKqckvfHwXrkVzT
Z+gZu4jCiJDcp5r2FwEnYKIKD9oQG/Ur/7rG6cNNWeoZ7hKWY4nuL+2NywIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFAykV43jPX5VNSTCQy3oAbI1z6wKMB8GA1UdIwQY
MBaAFAWbhvmeLWveFPqHmd5xzkG5gCC5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlp1Ry1aNHRhOTRVLW9lWjNuSE9RYm1BSUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zNTg0MTYtMjc1Mi00MTU5LWFkZDYt
Y2MzZmIzNTFlMzM2LzEvREtSWGplTTlmbFUxSk1KRExlZ0JzalhQckFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zNTg0MTYtMjc1Mi00MTU5LWFkZDYtY2MzZmIzNTFlMzM2
LzEvQlp1Ry1aNHRhOTRVLW9lWjNuSE9RYm1BSUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQAwQAWSjuAwQA
WStIAwQAWSvGAwQAWSyRAwQCue2IAwQAufnoMAwDBAC5/ZEDBAC5/ZIDBADBJ18D
BADCD9sDBADCD+gDBADCD+wDBADCGgEwFAQCAAIwDgMFAyoGzgADBQMqDBOAMA0G
CSqGSIb3DQEBCwUAA4IBAQBNMmZTkcMYrMq1LWQUk3G4mrIATb4jNLEaOzYMGDnH
ZvZyQHyPIgv/LZ+eBfOqMI3urWYYus4mRD4SbYqpcD1yLff5j4OaKQ/GykxP76vi
jnnTAavQmHl6xzZRXUq7Ykk1ixOklegPM+doE3Ctf4+TzpTVf3ehpBgSaL701alO
AhsSukZ734HarO1c/acPWCiRz6n0n1VrZRPg1GhZvqnX6u2na8+xdIkY8mIy+tvC
BKKcTj1MwMWQIq/tcrHlA9g9tg9maXqHjeAaTlWaq9U5RVVO5eJKeH8FNWnAzZOM
xR4/xsTOaGRGcMH6ULMsFEW6yMSAoSuQjpUAYjqb/DkM
-----END CERTIFICATE-----
Generated at Tue Apr 15 11:56:49 2025 by rpki-client