Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/MqXKk9fU34u5kJQu0pP8IIVo_E4.roa
File: MqXKk9fU34u5kJQu0pP8IIVo_E4.roa (raw, json)
Hash identifier: tLYGmSZ1UijmF8cCG8xd2vuxGF09HVkEaD0gb7REbEQ=
Subject key identifier: 32:A5:CA:93:D7:D4:DF:8B:B9:90:94:2E:D2:93:FC:20:85:68:FC:4E
Certificate issuer: /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial: 0184BCEBF662FB31294EE2E77318BFCAF286
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/MqXKk9fU34u5kJQu0pP8IIVo_E4.roa
Signing time: Mon 28 Nov 2022 06:28:11 +0000
ROA not before: Mon 28 Nov 2022 06:28:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207141
IP address blocks: 89.44.240.0/22 maxlen: 22
89.44.240.0/24 maxlen: 24
89.44.241.0/24 maxlen: 24
89.44.243.0/24 maxlen: 24
89.44.242.0/24 maxlen: 24
89.41.184.0/22 maxlen: 22
89.41.185.0/24 maxlen: 24
89.41.184.0/24 maxlen: 24
89.41.186.0/24 maxlen: 24
89.41.187.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:bc:eb:f6:62:fb:31:29:4e:e2:e7:73:18:bf:ca:f2:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Validity
Not Before: Nov 28 06:28:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=32a5ca93d7d4df8bb990942ed293fc208568fc4e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:84:25:41:b4:0c:02:aa:28:e6:ec:11:cd:ce:
a6:11:32:2f:08:90:88:fe:9a:80:b5:2e:cb:c1:09:
d2:24:f8:9d:02:28:b9:ad:00:b7:52:e5:34:bf:92:
2b:ed:f5:5f:e2:7a:c9:f9:5f:e1:97:7b:4e:88:1a:
cb:1a:85:21:c5:33:ab:34:cc:c7:0d:85:85:ef:cc:
9f:80:19:bf:6e:cb:c0:47:98:7e:ae:6f:d9:7e:98:
16:19:51:73:4f:0f:81:bf:a4:da:7b:da:f2:ab:4c:
71:91:b7:e0:f8:95:ad:40:ce:7c:ab:d5:9e:39:73:
a6:16:c8:ed:fd:c4:ce:24:58:08:c6:d5:d8:7b:68:
1e:9b:f6:64:d8:7c:34:87:6b:7d:0e:b6:f3:59:ed:
01:83:05:5e:52:bf:c3:87:35:1c:c3:4b:81:7e:c3:
75:b6:d7:a4:b3:fa:08:fe:af:63:cb:bd:1f:57:7a:
a4:4d:01:49:81:76:0a:8b:38:d0:0b:8f:0e:42:3e:
15:ff:15:5f:14:52:56:48:ff:74:a4:a1:36:f5:20:
f7:29:62:89:60:e4:49:bc:8d:b7:4a:29:00:87:ce:
49:46:4a:f7:ea:06:d8:ed:4e:c5:a1:d6:f1:8a:a5:
94:8f:6e:d7:c1:f3:a4:a7:68:03:e4:1e:97:15:54:
d5:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:A5:CA:93:D7:D4:DF:8B:B9:90:94:2E:D2:93:FC:20:85:68:FC:4E
X509v3 Authority Key Identifier:
keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/MqXKk9fU34u5kJQu0pP8IIVo_E4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.41.184.0/22
89.44.240.0/22
Signature Algorithm: sha256WithRSAEncryption
0a:16:6e:1b:b4:95:70:e5:9c:3f:a3:c0:67:bd:f5:8a:b7:05:
27:d0:62:aa:b7:1a:5e:91:f8:6c:6b:7e:ec:5f:48:00:26:cd:
1c:22:01:f3:83:cd:3b:10:10:34:48:6c:86:c6:31:01:49:fa:
c8:11:18:aa:3b:db:85:78:06:0b:af:f5:26:63:12:af:73:d8:
e0:50:8e:07:21:d9:41:90:21:97:dd:56:c1:7c:74:c6:4d:30:
a0:5c:53:c7:1f:bf:89:e7:4e:72:df:9d:fb:0a:ac:2f:42:92:
d8:00:22:c9:b9:bb:f5:4f:b3:d3:00:03:78:5f:b4:00:86:1a:
49:d3:99:35:68:ee:d7:79:9e:aa:0b:db:88:00:60:31:9a:fd:
c8:53:d3:b3:95:dc:ea:f2:02:2b:96:23:9b:05:e8:a0:7c:89:
7c:8c:db:4c:f9:df:29:7b:b2:ba:87:fd:4f:24:3e:b4:06:dd:
aa:7a:62:4e:d4:24:0d:82:56:1a:4f:86:f7:17:71:2d:31:34:
17:02:6d:27:75:0b:84:23:74:83:7d:b6:ee:b1:f1:7f:b5:1a:
64:d9:12:f0:ad:45:d6:b9:47:0a:30:f0:57:6a:35:b5:1c:e5:
24:b9:ee:80:45:04:db:6a:b0:bd:d0:8f:b8:c0:a6:a5:bd:8a:
23:0d:b1:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYS86/Zi+zEpTuLncxi/yvKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjIxMTI4MDYyODExWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmE1Y2E5M2Q3ZDRkZjhiYjk5MDk0MmVkMjkzZmMyMDg1NjhmYzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4QlQbQMAqoo5uwRzc6mETIvCJCI
/pqAtS7LwQnSJPidAii5rQC3UuU0v5Ir7fVf4nrJ+V/hl3tOiBrLGoUhxTOrNMzH
DYWF78yfgBm/bsvAR5h+rm/ZfpgWGVFzTw+Bv6Tae9ryq0xxkbfg+JWtQM58q9We
OXOmFsjt/cTOJFgIxtXYe2gem/Zk2Hw0h2t9DrbzWe0BgwVeUr/DhzUcw0uBfsN1
tteks/oI/q9jy70fV3qkTQFJgXYKizjQC48OQj4V/xVfFFJWSP90pKE29SD3KWKJ
YORJvI23SikAh85JRkr36gbY7U7FodbxiqWUj27XwfOkp2gD5B6XFVTVTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDKlypPX1N+LuZCULtKT/CCFaPxOMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvTXFYS2s5ZlUzNHU1a0pRdTBwUDhJSVZvX0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWSm4AwQC
WSzwMA0GCSqGSIb3DQEBCwUAA4IBAQAKFm4btJVw5Zw/o8BnvfWKtwUn0GKqtxpe
kfhsa37sX0gAJs0cIgHzg807EBA0SGyGxjEBSfrIERiqO9uFeAYLr/UmYxKvc9jg
UI4HIdlBkCGX3VbBfHTGTTCgXFPHH7+J505y3537CqwvQpLYACLJubv1T7PTAAN4
X7QAhhpJ05k1aO7XeZ6qC9uIAGAxmv3IU9Ozldzq8gIrliObBeigfIl8jNtM+d8p
e7K6h/1PJD60Bt2qemJO1CQNglYaT4b3F3EtMTQXAm0ndQuEI3SDfbbusfF/tRpk
2RLwrUXWuUcKMPBXajW1HOUkue6ARQTbarC90I+4wKalvYojDbFB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:51 2024 by rpki-client on console-fra.rpki-client.org