Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/l8k1-cBasCsgLtW30GmNrlO0fTE.roa
File: l8k1-cBasCsgLtW30GmNrlO0fTE.roa (raw, json)
Hash identifier: ICVp4l+f98R3/30dMB6y9kBszavx44ywTnZnMUgWfcU=
Subject key identifier: 97:C9:35:F9:C0:5A:B0:2B:20:2E:D5:B7:D0:69:8D:AE:53:B4:7D:31
Certificate issuer: /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial: 018D13D7EB70E6E900122280D76B967D104D
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/l8k1-cBasCsgLtW30GmNrlO0fTE.roa
Signing time: Tue 16 Jan 2024 19:55:34 +0000
ROA not before: Tue 16 Jan 2024 19:55:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12722
IP address blocks: 45.89.68.0/24 maxlen: 24
45.89.71.0/24 maxlen: 24
212.115.48.0/24 maxlen: 24
212.115.50.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:eb:70:e6:e9:00:12:22:80:d7:6b:96:7d:10:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Validity
Not Before: Jan 16 19:55:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=97c935f9c05ab02b202ed5b7d0698dae53b47d31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:00:93:07:fc:56:04:54:6c:49:b9:6f:b4:2c:
c5:72:5b:c3:4e:c4:ec:34:e1:5e:ac:f7:a9:d2:73:
65:a4:e7:1b:83:36:4a:7d:c0:49:85:d8:7d:b4:53:
08:eb:65:62:02:b6:47:72:d5:fe:ad:14:cc:c6:bc:
0d:6c:ae:aa:99:f3:ed:0f:d7:d1:62:48:42:62:82:
51:ac:bf:c9:fe:da:21:90:ba:29:dd:13:5e:af:78:
fd:18:35:78:04:20:a1:05:c4:63:41:e2:f3:25:c8:
19:c1:d8:40:9f:f7:37:20:01:09:cd:86:16:dd:9b:
f5:8c:1e:e6:e7:1f:e5:16:c5:2a:fa:67:c8:02:69:
81:9c:71:48:55:78:60:07:70:da:92:e9:fc:a3:13:
f8:f4:cd:e1:c7:fe:a8:19:50:4c:a1:b2:0e:c4:12:
48:78:fd:2a:3d:47:7c:3e:ee:51:9c:c5:a2:ad:3c:
0b:4c:a6:e1:cc:2a:5c:df:2a:75:4b:51:eb:85:eb:
f6:a1:64:21:c1:32:da:5c:12:75:3d:b0:4a:1a:41:
95:9e:7f:91:4e:00:0f:25:b4:14:38:c4:4c:67:e3:
ce:c8:fb:ce:6b:39:c0:bb:b3:69:61:0d:8d:97:32:
3a:58:d5:17:f7:a9:43:1e:f6:3d:f6:9d:3e:ef:be:
80:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:C9:35:F9:C0:5A:B0:2B:20:2E:D5:B7:D0:69:8D:AE:53:B4:7D:31
X509v3 Authority Key Identifier:
keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/l8k1-cBasCsgLtW30GmNrlO0fTE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.68.0/24
45.89.71.0/24
212.115.48.0/24
212.115.50.0/24
Signature Algorithm: sha256WithRSAEncryption
57:e4:61:99:ca:54:87:cb:aa:22:20:f5:f5:68:d8:43:c3:51:
94:ee:c8:d8:ad:5f:89:4a:8e:a8:c3:97:6b:17:76:8e:bf:68:
9e:d9:44:0a:52:e1:34:8a:6b:a5:c3:bb:21:d5:92:de:a9:ba:
55:5d:cd:ca:51:76:76:76:da:40:f7:a9:d5:61:1b:85:59:83:
3b:2d:35:a9:4e:61:69:9c:fe:e6:20:60:a5:9d:bd:32:f0:57:
1b:65:a6:57:86:0a:26:c1:03:16:f9:38:26:d7:60:b6:0f:50:
59:dd:64:f0:41:b9:23:5a:f9:dc:52:41:e1:eb:c2:18:0b:e6:
95:04:34:d5:11:e4:fd:72:0d:0a:9d:da:e4:79:f9:c1:6d:93:
1e:87:78:aa:68:93:db:b5:87:eb:01:61:93:62:66:20:06:ab:
f5:30:29:de:89:77:9c:72:ed:c6:a4:da:e7:bd:e2:3e:a7:05:
5d:47:ae:f4:82:4d:2c:b3:ad:36:f2:f5:79:5e:69:06:64:ed:
c9:b3:7c:5a:d6:63:2d:56:1c:f1:76:83:43:e5:f8:a6:7e:b4:
fa:16:28:9b:44:a0:a2:19:35:f1:8e:07:61:4b:e6:fd:40:c0:
84:e3:3d:98:5f:73:32:de:62:dc:ba:65:3a:b4:b2:d6:75:34:
0b:5d:e6:de
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY0T1+tw5ukAEiKA12uWfRBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2M5MzVmOWMwNWFiMDJiMjAyZWQ1YjdkMDY5OGRhZTUzYjQ3ZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQCTB/xWBFRsSblvtCzFclvDTsTs
NOFerPep0nNlpOcbgzZKfcBJhdh9tFMI62ViArZHctX+rRTMxrwNbK6qmfPtD9fR
YkhCYoJRrL/J/tohkLop3RNer3j9GDV4BCChBcRjQeLzJcgZwdhAn/c3IAEJzYYW
3Zv1jB7m5x/lFsUq+mfIAmmBnHFIVXhgB3Dakun8oxP49M3hx/6oGVBMobIOxBJI
eP0qPUd8Pu5RnMWirTwLTKbhzCpc3yp1S1Hrhev2oWQhwTLaXBJ1PbBKGkGVnn+R
TgAPJbQUOMRMZ+POyPvOaznAu7NpYQ2NlzI6WNUX96lDHvY99p0+776AQwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJfJNfnAWrArIC7Vt9Bpja5TtH0xMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvbDhrMS1jQmFzQ3NnTHRXMzBHbU5ybE8wZlRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALVlEAwQA
LVlHAwQA1HMwAwQA1HMyMA0GCSqGSIb3DQEBCwUAA4IBAQBX5GGZylSHy6oiIPX1
aNhDw1GU7sjYrV+JSo6ow5drF3aOv2ie2UQKUuE0imulw7sh1ZLeqbpVXc3KUXZ2
dtpA96nVYRuFWYM7LTWpTmFpnP7mIGClnb0y8FcbZaZXhgomwQMW+Tgm12C2D1BZ
3WTwQbkjWvncUkHh68IYC+aVBDTVEeT9cg0KndrkefnBbZMeh3iqaJPbtYfrAWGT
YmYgBqv1MCneiXeccu3GpNrnveI+pwVdR670gk0ss6028vV5XmkGZO3Js3xa1mMt
VhzxdoND5fimfrT6FiibRKCiGTXxjgdhS+b9QMCE4z2YX3My3mLcumU6tLLWdTQL
Xebe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:17 2024 by rpki-client on console-fra.rpki-client.org