Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/2_zwgpaSXA9-y2r_5kx0XN-1Wcc.roa
File: 2_zwgpaSXA9-y2r_5kx0XN-1Wcc.roa (raw, json)
Hash identifier: rsb5Un50YxxsrDYuOtcbQadQujL24p4/PVX5f67ZJ6M=
Subject key identifier: DB:FC:F0:82:96:92:5C:0F:7E:CB:6A:FF:E6:4C:74:5C:DF:B5:59:C7
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018DF54B612429A3DE661016DAFFB527B02A
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/2_zwgpaSXA9-y2r_5kx0XN-1Wcc.roa
Signing time: Thu 29 Feb 2024 14:36:14 +0000
ROA not before: Thu 29 Feb 2024 14:36:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 89.46.128.0/22 maxlen: 24
89.46.232.0/21 maxlen: 24
93.115.104.0/22 maxlen: 24
93.118.36.0/24 maxlen: 24
93.119.154.0/24 maxlen: 24
185.18.224.0/23 maxlen: 24
188.215.40.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f5:4b:61:24:29:a3:de:66:10:16:da:ff:b5:27:b0:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Feb 29 14:36:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dbfcf08296925c0f7ecb6affe64c745cdfb559c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:bc:6a:77:36:1c:26:c5:10:d7:50:ca:3d:26:
d4:11:1e:dd:5d:b7:1e:8b:42:6c:9e:1a:0b:2b:ef:
fc:ab:61:ad:5d:93:17:10:f5:43:f3:6c:93:b7:43:
3d:16:0c:9f:ca:b1:88:79:b5:24:4b:5c:e6:ac:2b:
cf:b9:de:11:37:76:38:06:63:05:8c:86:e5:48:73:
39:61:7d:20:e9:4c:e8:1e:29:8f:1f:a8:49:3b:c4:
11:d2:98:03:89:b0:03:b4:e9:42:5e:fc:9c:b4:ff:
5f:cb:15:85:92:b7:c1:7c:4e:a7:8c:73:b3:5c:52:
71:94:7e:6f:ae:df:01:c3:42:9d:3e:93:49:3b:42:
d8:e8:5c:c8:ed:df:e8:ad:47:ee:4c:e3:8d:bb:a6:
76:62:86:64:6c:80:7e:9d:90:76:1a:44:d3:ef:5e:
18:8b:ac:9e:bd:57:0f:a6:62:58:04:08:62:3e:3b:
6d:2f:4e:71:d0:09:c4:60:10:13:a2:12:d7:95:9a:
f6:c3:b0:72:b0:2b:87:6c:90:ad:67:29:e6:3d:ee:
76:de:ab:b2:d1:31:72:7f:db:4b:74:e8:d1:33:c2:
37:eb:69:92:c9:4d:bd:12:34:6e:cc:05:c1:e4:9c:
b3:7a:cb:22:73:49:5d:2b:76:68:b5:58:61:c2:04:
4e:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:FC:F0:82:96:92:5C:0F:7E:CB:6A:FF:E6:4C:74:5C:DF:B5:59:C7
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/2_zwgpaSXA9-y2r_5kx0XN-1Wcc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.128.0/22
89.46.232.0/21
93.115.104.0/22
93.118.36.0/24
93.119.154.0/24
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
4d:3f:7c:32:8a:75:b6:76:b8:13:b8:ff:86:c6:9b:24:9f:9b:
3d:24:ed:ca:37:71:a7:9c:19:4f:cf:bf:ca:4e:84:df:25:ec:
e8:4a:cb:75:b8:d8:f0:38:30:ed:15:6e:01:61:ee:ea:dc:23:
fa:0c:b8:5e:13:a0:e0:7c:20:49:c5:75:c1:3f:1d:65:d4:82:
c8:f8:bb:bb:05:52:1c:d0:b1:d7:ab:85:02:af:a5:24:c6:58:
7a:42:d3:70:91:9f:ce:e2:fd:86:71:23:df:22:37:4f:b6:06:
b5:8b:cd:7a:a3:6a:86:f0:f2:d5:13:3e:cc:95:ae:48:03:69:
22:f8:c9:12:03:8a:15:3c:a8:37:c0:3a:bf:58:5d:73:84:c5:
ea:bc:2b:5c:1d:25:78:be:27:7f:64:1b:98:8a:f8:e1:6e:d0:
0b:da:f6:78:6e:40:22:40:67:20:0c:52:42:b0:46:b5:f3:69:
4a:b9:35:a8:8a:75:4a:bb:b6:4d:84:97:f6:92:ca:01:23:85:
e0:b2:c1:94:05:e4:75:e9:c3:c7:2f:08:19:96:fe:6d:49:49:
5f:a6:d4:72:02:e5:96:6d:0f:3c:9f:34:43:6f:1c:f1:31:91:
3e:0d:ad:20:6f:20:03:1b:84:2e:e2:83:dd:3e:a1:82:80:91:
21:d9:2a:f0
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY31S2EkKaPeZhAW2v+1J7AqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMjI5MTQzNjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZjZjA4Mjk2OTI1YzBmN2VjYjZhZmZlNjRjNzQ1Y2RmYjU1OWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7xqdzYcJsUQ11DKPSbUER7dXbce
i0JsnhoLK+/8q2GtXZMXEPVD82yTt0M9FgyfyrGIebUkS1zmrCvPud4RN3Y4BmMF
jIblSHM5YX0g6UzoHimPH6hJO8QR0pgDibADtOlCXvyctP9fyxWFkrfBfE6njHOz
XFJxlH5vrt8Bw0KdPpNJO0LY6FzI7d/orUfuTOONu6Z2YoZkbIB+nZB2GkTT714Y
i6yevVcPpmJYBAhiPjttL05x0AnEYBATohLXlZr2w7BysCuHbJCtZynmPe523quy
0TFyf9tLdOjRM8I362mSyU29EjRuzAXB5Jyzessic0ldK3ZotVhhwgROxQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFNv88IKWklwPfstq/+ZMdFzftVnHMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzJfendncGFTWEE5LXkycl81a3gwWE4tMVdjYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMDAEAgABMCoDBAJZLoAD
BANZLugDBAJdc2gDBABddiQDBABdd5oDBAG5EuADBAK81ygwDQYJKoZIhvcNAQEL
BQADggEBAE0/fDKKdbZ2uBO4/4bGmySfmz0k7co3caecGU/Pv8pOhN8l7OhKy3W4
2PA4MO0VbgFh7urcI/oMuF4ToOB8IEnFdcE/HWXUgsj4u7sFUhzQsderhQKvpSTG
WHpC03CRn87i/YZxI98iN0+2BrWLzXqjaobw8tUTPsyVrkgDaSL4yRIDihU8qDfA
Or9YXXOExeq8K1wdJXi+J39kG5iK+OFu0Ava9nhuQCJAZyAMUkKwRrXzaUq5NaiK
dUq7tk2El/aSygEjheCywZQF5HXpw8cvCBmW/m1JSV+m1HIC5ZZtDzyfNENvHPEx
kT4NrSBvIAMbhC7ig90+oYKAkSHZKvA=
-----END CERTIFICATE-----
Generated at Wed Mar 13 16:50:37 2024 by rpki-client on console-fra.rpki-client.org