Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8keuw7UjTY8iyWVdxkZGUjoTR8E.roa
File: 8keuw7UjTY8iyWVdxkZGUjoTR8E.roa (raw, json)
Hash identifier: UbWCeIBUHTQiibjzzsPh9gw7aGR8qq1rEqWWiBM19yo=
Subject key identifier: F2:47:AE:C3:B5:23:4D:8F:22:C9:65:5D:C6:46:46:52:3A:13:47:C1
Certificate issuer: /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial: 018D2D6E2F619FADDA8A1872549E0908C489
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8keuw7UjTY8iyWVdxkZGUjoTR8E.roa
Signing time: Sun 21 Jan 2024 19:10:12 +0000
ROA not before: Sun 21 Jan 2024 19:10:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212667
IP address blocks: 45.89.68.0/24 maxlen: 24
45.89.71.0/24 maxlen: 24
212.115.48.0/24 maxlen: 24
212.115.50.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2d:6e:2f:61:9f:ad:da:8a:18:72:54:9e:09:08:c4:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Validity
Not Before: Jan 21 19:10:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f247aec3b5234d8f22c9655dc64646523a1347c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:31:c8:69:02:63:95:1e:0d:fe:08:63:fe:83:
d2:c6:e2:8f:a4:4b:cb:b5:2c:5c:84:be:23:07:b9:
17:ad:07:1e:41:14:3f:db:ae:3d:33:47:7e:fc:d5:
28:bd:61:e5:58:10:b2:36:43:65:de:f5:b9:24:89:
49:35:a2:a4:58:b3:04:a6:35:6a:e6:cf:7b:dc:8f:
c9:d4:f6:1d:28:c5:40:f3:92:c8:1f:70:a5:8e:3c:
7b:7b:0a:e6:9b:b7:5c:0d:e3:00:ac:b9:29:75:4d:
33:48:40:62:fb:43:e9:05:9c:86:8a:28:7f:0f:41:
57:d3:cf:8f:fa:73:30:77:96:28:ad:4a:5c:15:11:
ea:cd:69:53:55:66:05:fd:b0:fc:14:71:7c:f4:ee:
b2:08:c8:dd:1f:87:70:45:bc:a7:82:cd:73:ab:d2:
63:0b:cb:1d:65:16:a2:05:55:1e:3e:b8:6f:86:d6:
c6:f4:5e:65:fd:8b:9d:67:80:75:a2:7f:d0:34:c4:
ed:9e:ca:bd:8b:34:68:6b:c5:df:91:b9:70:ed:dd:
f5:bf:47:34:22:81:78:f7:75:ed:da:8a:3f:b3:90:
4b:7e:54:bb:6b:af:05:a8:06:0b:2d:ce:a7:83:6f:
34:db:70:ed:3c:49:5d:b4:60:41:f5:8f:f4:a3:3b:
da:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:47:AE:C3:B5:23:4D:8F:22:C9:65:5D:C6:46:46:52:3A:13:47:C1
X509v3 Authority Key Identifier:
keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/8keuw7UjTY8iyWVdxkZGUjoTR8E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.68.0/24
45.89.71.0/24
212.115.48.0/24
212.115.50.0/24
Signature Algorithm: sha256WithRSAEncryption
44:5e:76:9b:ec:8d:91:4c:7f:e6:3c:20:eb:ab:7c:08:c6:07:
d3:5e:00:bf:e0:f7:95:a1:cd:f9:11:f3:6c:e0:33:3c:7d:a0:
77:3e:f2:77:1f:c4:87:81:ac:36:99:5e:31:7e:4f:b1:21:b2:
bf:51:0a:db:28:b6:2b:4e:3f:c1:fa:03:51:7b:72:a7:e9:68:
4b:3f:0a:a8:89:89:1f:b5:26:7d:f7:87:c9:44:75:9c:33:a3:
fb:b0:77:52:b4:5d:71:08:8a:a9:21:f0:f7:d8:df:48:a7:5a:
3b:0c:d9:ba:4b:c9:a5:aa:d8:3b:cf:2e:07:44:16:8c:52:a9:
88:95:c4:19:1d:e0:96:11:b5:4d:33:57:66:05:87:0e:9a:13:
e1:1e:99:5b:c5:3a:8f:19:30:54:00:cb:d6:70:ad:96:45:2c:
51:3b:bf:e6:2f:3d:b6:35:0e:24:ec:30:28:c0:1c:65:f7:90:
90:24:a3:f0:53:b5:41:70:d7:8e:2f:48:d1:e5:16:f2:ee:60:
e6:c2:33:ae:b1:4f:85:e9:51:90:12:4b:f3:99:a3:d8:11:19:
64:41:da:f8:a3:96:20:a8:ab:84:72:42:e7:6d:bc:ba:ab:d4:
d9:75:46:22:0e:14:6a:92:01:10:e3:ff:5b:59:24:01:d2:89:
43:42:f2:6f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY0tbi9hn63aihhyVJ4JCMSJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwMTIxMTkxMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ3YWVjM2I1MjM0ZDhmMjJjOTY1NWRjNjQ2NDY1MjNhMTM0N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDHIaQJjlR4N/ghj/oPSxuKPpEvL
tSxchL4jB7kXrQceQRQ/2649M0d+/NUovWHlWBCyNkNl3vW5JIlJNaKkWLMEpjVq
5s973I/J1PYdKMVA85LIH3Cljjx7ewrmm7dcDeMArLkpdU0zSEBi+0PpBZyGiih/
D0FX08+P+nMwd5YorUpcFRHqzWlTVWYF/bD8FHF89O6yCMjdH4dwRbyngs1zq9Jj
C8sdZRaiBVUePrhvhtbG9F5l/YudZ4B1on/QNMTtnsq9izRoa8Xfkblw7d31v0c0
IoF493Xt2oo/s5BLflS7a68FqAYLLc6ng28023DtPEldtGBB9Y/0ozvacwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPJHrsO1I02PIsllXcZGRlI6E0fBMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvOGtldXc3VWpUWThpeVdWZHhrWkdVam9UUjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALVlEAwQA
LVlHAwQA1HMwAwQA1HMyMA0GCSqGSIb3DQEBCwUAA4IBAQBEXnab7I2RTH/mPCDr
q3wIxgfTXgC/4PeVoc35EfNs4DM8faB3PvJ3H8SHgaw2mV4xfk+xIbK/UQrbKLYr
Tj/B+gNRe3Kn6WhLPwqoiYkftSZ994fJRHWcM6P7sHdStF1xCIqpIfD32N9Ip1o7
DNm6S8mlqtg7zy4HRBaMUqmIlcQZHeCWEbVNM1dmBYcOmhPhHplbxTqPGTBUAMvW
cK2WRSxRO7/mLz22NQ4k7DAowBxl95CQJKPwU7VBcNeOL0jR5Rby7mDmwjOusU+F
6VGQEkvzmaPYERlkQdr4o5YgqKuEckLnbby6q9TZdUYiDhRqkgEQ4/9bWSQB0olD
QvJv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:17 2024 by rpki-client on console-fra.rpki-client.org