Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1P2ljDmiPvMywtjl24pcnvvQG9g.roa
File: 1P2ljDmiPvMywtjl24pcnvvQG9g.roa (raw, json)
Hash identifier: JDiN7IO+FzFM0LoS+821jNIqbpI7k409qhInmdM7Kkc=
Subject key identifier: D4:FD:A5:8C:39:A2:3E:F3:32:C2:D8:E5:DB:8A:5C:9E:FB:D0:1B:D8
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018CC56E1D6D5FA121FA1080FACA3641FB5C
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1P2ljDmiPvMywtjl24pcnvvQG9g.roa
Signing time: Mon 01 Jan 2024 14:29:37 +0000
ROA not before: Mon 01 Jan 2024 14:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 21859
IP address blocks: 195.242.243.0/24 maxlen: 24
89.46.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:1d:6d:5f:a1:21:fa:10:80:fa:ca:36:41:fb:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jan 1 14:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d4fda58c39a23ef332c2d8e5db8a5c9efbd01bd8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:fa:d2:d7:c2:7e:f5:e0:74:46:39:ee:23:cf:
cc:b6:db:5e:7b:14:85:37:93:43:c6:13:ca:e1:a8:
56:8d:a2:1b:07:3e:b1:a4:be:53:63:b6:95:a1:33:
83:3e:c2:d5:2f:d2:f2:ee:5a:73:16:a9:3b:50:9a:
b3:b0:9f:f7:93:7c:52:68:4d:d5:18:48:91:50:26:
a4:3e:f7:57:f6:e2:6d:96:f1:5e:de:18:c7:06:f1:
9a:c3:05:e9:f0:1a:ac:30:1f:5a:92:25:92:db:73:
ae:ef:0d:b2:f7:89:bc:64:8e:97:b3:6a:62:cf:cc:
64:a0:31:7f:35:97:06:96:f6:d4:67:30:d3:7d:aa:
2f:db:5d:e1:4b:96:3d:c1:c9:dd:c6:01:e6:fd:18:
1d:ba:45:fc:87:cd:c5:35:3f:9b:fe:24:52:35:e5:
98:26:07:32:a3:24:e5:f1:64:87:10:2c:71:f7:31:
36:f1:9f:b8:45:6d:2b:fc:7f:74:61:57:58:fa:a2:
f9:fd:f9:24:99:ac:9d:89:a0:a1:2a:df:5c:ac:df:
24:00:a1:bf:1f:ee:70:34:96:4c:b0:35:31:78:52:
d3:14:d9:34:f2:d8:5c:7c:66:8f:3b:92:89:43:42:
ff:5d:9a:8c:b2:f9:d2:a0:ea:2a:ec:00:46:d6:b8:
ba:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:FD:A5:8C:39:A2:3E:F3:32:C2:D8:E5:DB:8A:5C:9E:FB:D0:1B:D8
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1P2ljDmiPvMywtjl24pcnvvQG9g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.10.0/24
195.242.243.0/24
Signature Algorithm: sha256WithRSAEncryption
11:5a:71:d9:e1:0f:ba:1f:be:d8:a2:42:0a:0e:9c:87:29:4f:
fc:74:c6:73:9c:99:74:af:38:ea:b4:eb:27:ed:94:0d:26:40:
bb:b0:d2:e8:11:33:74:fa:21:4d:1d:4e:36:ae:90:97:76:2b:
82:40:cd:63:86:ac:3b:31:a7:08:fc:50:1b:1d:53:3e:85:d9:
71:9c:42:ef:f1:57:94:f3:f1:f4:b5:6c:5f:3f:94:bc:a2:60:
ed:b4:8a:82:45:e2:ef:ef:63:12:65:b0:91:5d:19:42:f0:c2:
cf:74:3b:c7:12:22:1f:29:aa:bb:71:d0:f3:9c:ca:c7:51:1d:
34:f4:b6:a4:54:ee:31:48:8a:4d:4d:b0:f1:73:1a:f5:bc:5d:
c7:78:9c:2d:15:09:9d:37:96:a5:39:61:13:87:65:14:30:a6:
67:5f:79:dd:7f:39:42:9c:3b:fd:3d:91:e2:b9:56:12:b6:36:
92:42:79:c3:b9:20:73:a6:32:09:db:b1:e0:0b:d0:c9:1a:8a:
bd:11:20:b7:79:23:af:c9:58:d8:0b:04:90:11:74:66:af:68:
cf:3a:d0:c5:51:b7:bb:e2:be:2f:7b:a9:e4:27:3b:26:cf:ed:
52:88:1f:c4:9c:49:45:8e:9f:67:11:f1:b4:d7:4f:fe:80:fc:
b0:9d:7b:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbh1tX6Eh+hCA+so2QftcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGZkYTU4YzM5YTIzZWYzMzJjMmQ4ZTVkYjhhNWM5ZWZiZDAxYmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvrS18J+9eB0RjnuI8/MttteexSF
N5NDxhPK4ahWjaIbBz6xpL5TY7aVoTODPsLVL9Ly7lpzFqk7UJqzsJ/3k3xSaE3V
GEiRUCakPvdX9uJtlvFe3hjHBvGawwXp8BqsMB9akiWS23Ou7w2y94m8ZI6Xs2pi
z8xkoDF/NZcGlvbUZzDTfaov213hS5Y9wcndxgHm/RgdukX8h83FNT+b/iRSNeWY
JgcyoyTl8WSHECxx9zE28Z+4RW0r/H90YVdY+qL5/fkkmaydiaChKt9crN8kAKG/
H+5wNJZMsDUxeFLTFNk08thcfGaPO5KJQ0L/XZqMsvnSoOoq7ABG1ri6wQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNT9pYw5oj7zMsLY5duKXJ770BvYMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvMVAybGpEbWlQdk15d3RqbDI0cGNudnZRRzlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS4KAwQA
w/LzMA0GCSqGSIb3DQEBCwUAA4IBAQARWnHZ4Q+6H77YokIKDpyHKU/8dMZznJl0
rzjqtOsn7ZQNJkC7sNLoETN0+iFNHU42rpCXdiuCQM1jhqw7MacI/FAbHVM+hdlx
nELv8VeU8/H0tWxfP5S8omDttIqCReLv72MSZbCRXRlC8MLPdDvHEiIfKaq7cdDz
nMrHUR009LakVO4xSIpNTbDxcxr1vF3HeJwtFQmdN5alOWETh2UUMKZnX3ndfzlC
nDv9PZHiuVYStjaSQnnDuSBzpjIJ27HgC9DJGoq9ESC3eSOvyVjYCwSQEXRmr2jP
OtDFUbe74r4ve6nkJzsmz+1SiB/EnElFjp9nEfG010/+gPywnXvA
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:14:13 2025 by rpki-client