Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7h9VGnO72UPwunf-fbmWzfQOlYM.roa
File: 7h9VGnO72UPwunf-fbmWzfQOlYM.roa (raw, json)
Hash identifier: zyH4rV+kLgzG6E16lScxjnAgBqedfAPx/tUnqw5x+E4=
Subject key identifier: EE:1F:55:1A:73:BB:D9:43:F0:BA:77:FE:7D:B9:96:CD:F4:0E:95:83
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018A4FDBF14A2C65FC7110090F20FD9BD997
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7h9VGnO72UPwunf-fbmWzfQOlYM.roa
Signing time: Fri 01 Sep 2023 08:28:48 +0000
ROA not before: Fri 01 Sep 2023 08:28:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 89.39.94.0/23 maxlen: 24
89.39.123.0/24 maxlen: 24
185.18.224.0/23 maxlen: 24
89.45.228.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
89.40.222.0/23 maxlen: 24
93.115.108.0/24 maxlen: 24
89.46.232.0/21 maxlen: 24
89.46.128.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:4f:db:f1:4a:2c:65:fc:71:10:09:0f:20:fd:9b:d9:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Sep 1 08:28:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ee1f551a73bbd943f0ba77fe7db996cdf40e9583
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:ec:79:f6:88:18:ee:62:23:bb:1e:f2:09:4d:
f0:eb:6b:92:fe:a2:34:25:71:da:e6:9f:0f:83:31:
77:0a:92:78:1a:33:b5:d5:90:91:12:23:e5:df:0c:
e0:c2:47:37:88:a6:41:6e:1b:4c:67:12:57:8f:f7:
dd:4b:f8:cc:e6:4a:a9:3b:9c:20:95:e2:a6:60:ec:
bd:ba:91:85:d3:a0:2e:70:03:bf:0c:f4:ef:d3:a0:
65:f6:50:31:46:8c:ec:7b:d6:2b:89:5b:b3:b8:48:
eb:5a:be:6b:bb:c7:9a:f6:72:ff:da:40:b6:86:93:
c8:bf:c7:69:52:4b:f5:a1:97:1b:40:68:c2:20:13:
1b:2c:3c:d5:ca:7e:85:67:6a:85:ba:e3:e9:cc:11:
ea:e0:72:55:ad:4a:20:e0:f0:44:e6:72:d8:05:1b:
30:fe:a9:90:b0:96:46:6e:dc:6b:da:d3:6c:92:77:
ce:97:db:bd:d6:b9:b8:bd:54:d3:e1:2c:84:6e:42:
2c:7b:57:2c:30:86:18:5b:c6:75:2d:82:3a:09:64:
be:1c:1c:a1:5b:43:3c:e4:44:90:4c:49:49:8c:16:
6f:45:52:59:a6:dc:2d:95:0f:9a:32:84:2d:dd:e7:
a3:df:af:94:3e:11:e0:4b:15:1b:7f:b4:ec:e4:39:
d9:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:1F:55:1A:73:BB:D9:43:F0:BA:77:FE:7D:B9:96:CD:F4:0E:95:83
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7h9VGnO72UPwunf-fbmWzfQOlYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.39.94.0/23
89.39.123.0/24
89.40.222.0/23
89.45.228.0/24
89.46.128.0/22
89.46.232.0/21
93.115.108.0/24
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
4c:35:c0:6d:2c:df:e9:32:c7:71:cd:63:f9:58:77:37:2a:77:
5c:21:af:4c:05:95:81:b2:42:12:87:83:72:bc:56:81:f1:f0:
4d:fb:d8:5f:a6:fd:5c:d3:fc:91:99:98:b9:37:b7:2d:2e:7c:
4c:86:0a:2c:43:eb:8f:82:10:4a:11:0f:4f:f5:81:f7:2b:32:
71:d7:e6:c4:c5:e8:0f:f1:f5:1a:fd:d8:36:d0:29:e3:8b:5e:
3e:5d:f1:e0:4b:cc:bf:d0:33:33:2f:05:45:61:f4:c5:fd:29:
cd:b9:0f:f6:a8:b4:17:01:e6:4e:8c:3e:30:bd:29:91:52:1e:
6a:fc:be:fd:ae:23:8a:18:a4:54:8c:e4:23:48:36:ce:51:21:
a4:4f:1f:13:86:64:10:d2:fc:27:ff:55:13:75:6b:88:06:21:
4b:cf:34:f5:ad:a7:d6:80:ef:88:91:6b:72:08:ef:f5:a0:a6:
b1:62:00:04:09:fe:bb:fb:47:8e:0a:98:bc:f0:0a:5c:81:8e:
c0:ca:fd:60:35:e8:43:e2:7d:00:7c:f5:b5:01:2e:a6:1e:e1:
50:c5:cc:94:a5:08:34:ba:3a:0c:85:79:c1:5a:7b:5d:d0:1f:
92:9f:c5:5f:66:ac:cd:38:48:93:17:94:ce:2d:07:5a:3e:45:
f8:0a:35:f0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYpP2/FKLGX8cRAJDyD9m9mXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwOTAxMDgyODQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTFmNTUxYTczYmJkOTQzZjBiYTc3ZmU3ZGI5OTZjZGY0MGU5NTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOx59ogY7mIjux7yCU3w62uS/qI0
JXHa5p8PgzF3CpJ4GjO11ZCREiPl3wzgwkc3iKZBbhtMZxJXj/fdS/jM5kqpO5wg
leKmYOy9upGF06AucAO/DPTv06Bl9lAxRozse9YriVuzuEjrWr5ru8ea9nL/2kC2
hpPIv8dpUkv1oZcbQGjCIBMbLDzVyn6FZ2qFuuPpzBHq4HJVrUog4PBE5nLYBRsw
/qmQsJZGbtxr2tNsknfOl9u91rm4vVTT4SyEbkIse1csMIYYW8Z1LYI6CWS+HByh
W0M85ESQTElJjBZvRVJZptwtlQ+aMoQt3eej36+UPhHgSxUbf7Ts5DnZKwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFO4fVRpzu9lD8Lp3/n25ls30DpWDMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzdoOVZHbk83MlVQd3VuZi1mYm1XemZRT2xZTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTwYIKwYBBQUHAQcBAf8EQDA+MDwEAgABMDYDBAFZJ14D
BABZJ3sDBAFZKN4DBABZLeQDBAJZLoADBANZLugDBABdc2wDBAG5EuADBAK81ygw
DQYJKoZIhvcNAQELBQADggEBAEw1wG0s3+kyx3HNY/lYdzcqd1whr0wFlYGyQhKH
g3K8VoHx8E372F+m/VzT/JGZmLk3ty0ufEyGCixD64+CEEoRD0/1gfcrMnHX5sTF
6A/x9Rr92DbQKeOLXj5d8eBLzL/QMzMvBUVh9MX9Kc25D/aotBcB5k6MPjC9KZFS
Hmr8vv2uI4oYpFSM5CNINs5RIaRPHxOGZBDS/Cf/VRN1a4gGIUvPNPWtp9aA74iR
a3II7/WgprFiAAQJ/rv7R44KmLzwClyBjsDK/WA16EPifQB89bUBLqYe4VDFzJSl
CDS6OgyFecFae13QH5KfxV9mrM04SJMXlM4tB1o+RfgKNfA=
-----END CERTIFICATE-----
Generated at Tue Sep 19 11:31:59 2023 by rpki-client on console-fra.rpki-client.org