Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-ICgVRfyu-11rjJyhNsIZKGklzM.roa
File: 1-ICgVRfyu-11rjJyhNsIZKGklzM.roa (raw, json)
Hash identifier: uTP2pgVsDI3yucSWEKISNHCtEt+nrg7dYzIT+x+d5bs=
Subject key identifier: F8:80:A0:55:17:F2:BB:ED:75:AE:32:72:84:DB:08:64:A1:A4:97:33
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018E6B730AD2DA2E1B9FAC677DA1FC0AFFE3
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-ICgVRfyu-11rjJyhNsIZKGklzM.roa
Signing time: Sat 23 Mar 2024 13:14:45 +0000
ROA not before: Sat 23 Mar 2024 13:14:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 89.46.128.0/22 maxlen: 24
89.46.232.0/21 maxlen: 24
185.18.224.0/23 maxlen: 24
188.208.110.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:6b:73:0a:d2:da:2e:1b:9f:ac:67:7d:a1:fc:0a:ff:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Mar 23 13:14:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f880a05517f2bbed75ae327284db0864a1a49733
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:49:47:a2:07:0f:f6:62:e0:47:c8:b0:98:40:
b6:37:58:bb:c1:d1:89:ad:a7:79:27:3c:66:51:0b:
06:7a:28:f0:7e:1d:25:34:94:f6:53:18:71:a4:a1:
a0:e4:0d:b8:92:4b:02:25:f9:ac:65:c9:ef:d5:c8:
c2:48:81:49:3f:92:a3:0f:bc:e5:0d:84:85:9d:04:
c2:a8:73:0d:33:3b:83:8e:80:50:2d:80:00:5c:b4:
fe:83:4c:5d:88:2e:59:df:eb:59:8e:7b:0d:1c:d3:
6c:13:6e:5a:71:57:35:5a:e6:5b:f5:6d:7c:ec:9c:
b2:89:ba:eb:3a:71:72:6b:21:99:1c:1e:08:21:69:
02:8b:bf:0e:7f:d7:b3:88:72:f1:e8:ea:d3:69:df:
b8:d9:43:9f:89:f5:4e:ec:17:86:b1:73:d1:28:79:
5b:80:45:82:25:f2:2e:2b:ac:61:db:0e:a8:53:65:
58:c1:79:22:fc:45:de:ee:de:75:f7:19:15:4b:24:
7d:be:76:b0:c6:24:a9:d4:1c:1b:85:3b:17:0f:1e:
20:5b:bc:a1:9c:d5:06:f4:6b:9c:a1:98:1d:f6:fb:
92:cc:60:eb:d2:c4:31:b3:13:81:a0:ea:23:68:6b:
69:2a:75:37:ec:09:0f:fd:90:a7:91:63:d5:10:40:
39:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:80:A0:55:17:F2:BB:ED:75:AE:32:72:84:DB:08:64:A1:A4:97:33
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-ICgVRfyu-11rjJyhNsIZKGklzM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.128.0/22
89.46.232.0/21
185.18.224.0/23
188.208.110.0/24
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
ed:0b:d4:82:7e:2d:94:d3:2a:83:42:da:8e:ef:6a:2b:bc:05:
a0:7e:52:72:ec:0d:26:b8:b6:fe:d0:7f:fa:41:99:d8:fc:88:
8f:66:87:1f:34:d0:96:d6:91:9f:ec:b8:25:25:ba:1d:9a:d7:
29:69:81:2c:41:87:07:73:01:6a:59:cd:0a:78:8d:22:88:54:
f1:f2:e3:54:ea:0a:84:9d:37:37:da:ac:82:96:48:85:59:ee:
de:fe:aa:cd:66:34:f1:d7:4e:62:83:cc:cb:37:94:ad:59:8a:
05:3a:87:60:96:66:4f:b2:f8:50:d5:ae:b6:28:de:fa:0a:c1:
9d:4f:5c:15:03:d1:dc:1a:16:33:97:73:bd:61:48:17:b2:c6:
54:bd:2c:c9:40:07:33:e1:6d:78:97:fc:30:59:62:32:fe:40:
8d:f3:bb:03:77:4e:6f:ce:77:05:03:b8:5e:83:d8:16:34:77:
3b:16:27:5a:3b:3c:21:3b:49:65:d8:3d:90:86:aa:81:86:b9:
2f:68:3e:85:06:15:eb:87:a4:9a:1d:7c:11:43:59:98:66:24:
a7:e5:88:60:82:80:e8:9e:94:66:17:d7:3c:8c:f5:ce:2e:6d:
94:f7:f1:77:42:7f:1b:ae:ad:da:5a:d5:2d:31:56:7e:ab:c7:
43:6d:7a:7b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY5rcwrS2i4bn6xnfaH8Cv/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMzIzMTMxNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODgwYTA1NTE3ZjJiYmVkNzVhZTMyNzI4NGRiMDg2NGExYTQ5NzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0lHogcP9mLgR8iwmEC2N1i7wdGJ
rad5JzxmUQsGeijwfh0lNJT2UxhxpKGg5A24kksCJfmsZcnv1cjCSIFJP5KjD7zl
DYSFnQTCqHMNMzuDjoBQLYAAXLT+g0xdiC5Z3+tZjnsNHNNsE25acVc1WuZb9W18
7JyyibrrOnFyayGZHB4IIWkCi78Of9eziHLx6OrTad+42UOfifVO7BeGsXPRKHlb
gEWCJfIuK6xh2w6oU2VYwXki/EXe7t519xkVSyR9vnawxiSp1BwbhTsXDx4gW7yh
nNUG9GucoZgd9vuSzGDr0sQxsxOBoOojaGtpKnU37AkP/ZCnkWPVEEA55QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPiAoFUX8rvtda4ycoTbCGShpJczMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY4GCCsGAQUFBwELBIGBMH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzEtSUNnVlJmeXUtMTFyakp5aE5zSVpLR2tsek0ucm9h
MIGCBgNVHR8EezB5MHegdaBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxULzc4L2RhMzM5OC02Njk4LTQ1ZjItYmFhZS05MmUyNWZlMTYz
MzEvMS8xLU9ZbU5PRzlVVE9wM2tVU3JwakswYklobTFrLmNybDAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS6A
AwQDWS7oAwQBuRLgAwQAvNBuAwQCvNcoMA0GCSqGSIb3DQEBCwUAA4IBAQDtC9SC
fi2U0yqDQtqO72orvAWgflJy7A0muLb+0H/6QZnY/IiPZocfNNCW1pGf7LglJbod
mtcpaYEsQYcHcwFqWc0KeI0iiFTx8uNU6gqEnTc32qyClkiFWe7e/qrNZjTx105i
g8zLN5StWYoFOodglmZPsvhQ1a62KN76CsGdT1wVA9HcGhYzl3O9YUgXssZUvSzJ
QAcz4W14l/wwWWIy/kCN87sDd05vzncFA7heg9gWNHc7FidaOzwhO0ll2D2QhqqB
hrkvaD6FBhXrh6SaHXwRQ1mYZiSn5YhggoDonpRmF9c8jPXOLm2U9/F3Qn8brq3a
WtUtMVZ+q8dDbXp7
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:33:09 2025 by rpki-client