Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/iJrK8FagugngeXs2dwdiuD7AM-U.roa
File: iJrK8FagugngeXs2dwdiuD7AM-U.roa (raw, json)
Hash identifier: P/QpC4Y9MylM0l+TMtXgJt5tVQNYTQ2NeMWamM1nIWw=
Subject key identifier: 88:9A:CA:F0:56:A0:BA:09:E0:79:7B:36:77:07:62:B8:3E:C0:33:E5
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 01852F4EBDFE6B6230821C75519896688BC5
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/iJrK8FagugngeXs2dwdiuD7AM-U.roa
Signing time: Tue 20 Dec 2022 11:32:47 +0000
ROA not before: Tue 20 Dec 2022 11:32:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211439
IP address blocks: 91.243.178.0/24 maxlen: 24
93.114.62.0/24 maxlen: 24
89.46.11.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2f:4e:bd:fe:6b:62:30:82:1c:75:51:98:96:68:8b:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Dec 20 11:32:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=889acaf056a0ba09e0797b36770762b83ec033e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:7a:b7:81:e6:13:c0:a7:69:c1:9a:fa:b6:f2:
5d:f7:73:da:01:20:ca:b1:25:81:54:9e:2b:be:a2:
87:04:16:28:03:53:3d:a4:3f:f1:04:78:12:48:e1:
9f:74:d0:63:59:b0:18:98:46:1c:12:a8:ad:c6:10:
76:6b:bb:d9:94:73:09:f8:e5:d7:33:08:a2:43:49:
37:bc:d6:30:0a:c8:32:c0:9e:b9:96:2d:63:c5:33:
7b:c7:00:c9:9c:5c:a3:2f:9b:fa:b0:d4:f2:6e:ad:
5d:3d:72:62:be:b9:ca:a6:7f:61:74:21:69:7f:7d:
15:86:a4:7a:9d:9f:a9:4e:bc:52:d5:d9:88:b6:df:
04:e6:b2:7c:81:29:15:91:fc:9a:d0:14:ba:d7:b5:
01:58:24:99:39:dc:a7:2d:02:cc:7f:a8:00:b9:a6:
14:b3:fa:1c:60:23:43:4c:b9:54:08:15:39:af:42:
11:5c:59:da:18:20:f7:6f:ef:9e:e2:74:b7:2c:d2:
c3:8b:6f:11:e2:cb:26:81:7d:b7:4c:60:0a:cd:cd:
c8:f0:e1:e9:be:ce:e6:23:78:a3:c8:4a:b9:a8:3c:
a3:b6:23:43:af:d8:a0:c6:24:45:2d:cf:62:2f:9a:
79:69:45:65:af:99:0c:48:e9:c6:76:36:5e:56:cf:
11:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:9A:CA:F0:56:A0:BA:09:E0:79:7B:36:77:07:62:B8:3E:C0:33:E5
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/iJrK8FagugngeXs2dwdiuD7AM-U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.11.0/24
91.243.178.0/24
93.114.62.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:b8:a7:26:a4:7a:6c:ce:88:31:37:99:5f:cb:7e:3a:1b:8e:
50:70:4b:eb:d8:62:19:a4:67:7a:b8:41:7d:dc:f1:1c:1f:11:
49:bd:3c:3f:a1:2c:cd:e9:02:12:ec:c4:e1:72:73:9f:82:60:
e8:1e:d9:23:26:0d:20:5a:57:e8:d4:ff:7c:85:6b:30:bb:0d:
45:ea:97:a7:32:d1:b5:ae:f0:0b:db:cc:06:07:0d:30:a1:4e:
da:9c:c5:7b:a8:fb:69:5f:67:46:3e:e8:33:41:51:49:04:75:
49:37:5e:40:e6:f4:d8:f4:01:d4:fc:91:5f:83:74:48:d2:e8:
cf:35:36:49:9c:4c:5a:c7:9e:29:4d:a3:a6:25:27:5d:0c:e0:
37:8e:99:3a:c9:d1:55:18:58:47:36:99:d2:fb:8e:8c:b3:7c:
04:22:ad:4b:ef:24:71:3d:00:88:10:cf:1a:02:5c:d2:cc:25:
57:82:72:4e:20:3e:de:d8:dc:9c:89:1a:18:65:64:32:df:10:
02:a2:35:22:35:ae:59:8e:a0:53:c6:0d:b6:5e:e6:3e:71:53:
34:14:7a:f8:f4:08:40:d3:bd:be:8a:09:b9:65:49:05:2a:e8:
d5:ba:9c:14:a2:f8:71:7b:5e:d1:41:b9:53:ae:65:d1:0b:a0:
9e:14:d6:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYUvTr3+a2Iwghx1UZiWaIvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjIxMjIwMTEzMjQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODlhY2FmMDU2YTBiYTA5ZTA3OTdiMzY3NzA3NjJiODNlYzAzM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnq3geYTwKdpwZr6tvJd93PaASDK
sSWBVJ4rvqKHBBYoA1M9pD/xBHgSSOGfdNBjWbAYmEYcEqitxhB2a7vZlHMJ+OXX
MwiiQ0k3vNYwCsgywJ65li1jxTN7xwDJnFyjL5v6sNTybq1dPXJivrnKpn9hdCFp
f30VhqR6nZ+pTrxS1dmItt8E5rJ8gSkVkfya0BS617UBWCSZOdynLQLMf6gAuaYU
s/ocYCNDTLlUCBU5r0IRXFnaGCD3b++e4nS3LNLDi28R4ssmgX23TGAKzc3I8OHp
vs7mI3ijyEq5qDyjtiNDr9igxiRFLc9iL5p5aUVlr5kMSOnGdjZeVs8RXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIiayvBWoLoJ4Hl7NncHYrg+wDPlMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvaUpySzhGYWd1Z25nZVhzMmR3ZGl1RDdBTS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWS4LAwQA
W/OyAwQAXXI+MA0GCSqGSIb3DQEBCwUAA4IBAQCNuKcmpHpszogxN5lfy346G45Q
cEvr2GIZpGd6uEF93PEcHxFJvTw/oSzN6QIS7MThcnOfgmDoHtkjJg0gWlfo1P98
hWswuw1F6penMtG1rvAL28wGBw0woU7anMV7qPtpX2dGPugzQVFJBHVJN15A5vTY
9AHU/JFfg3RI0ujPNTZJnExax54pTaOmJSddDOA3jpk6ydFVGFhHNpnS+46Ms3wE
Iq1L7yRxPQCIEM8aAlzSzCVXgnJOID7e2NyciRoYZWQy3xACojUiNa5ZjqBTxg22
XuY+cVM0FHr49AhA072+igm5ZUkFKujVupwUovhxe17RQblTrmXRC6CeFNZD
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:48:38 2025 by rpki-client