Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7rhdZz4qwt7sZ1TlD-0N146tnPw.roa
File: 7rhdZz4qwt7sZ1TlD-0N146tnPw.roa (raw, json)
Hash identifier: y1IqLjgR/bP+7krG+rK2s9HcQn68txRDxccIDGdE/IU=
Subject key identifier: EE:B8:5D:67:3E:2A:C2:DE:EC:67:54:E5:0F:ED:0D:D7:8E:AD:9C:FC
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018DEA30AF2DD79A14BE4B32EBBD71DB428E
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7rhdZz4qwt7sZ1TlD-0N146tnPw.roa
Signing time: Tue 27 Feb 2024 10:51:15 +0000
ROA not before: Tue 27 Feb 2024 10:51:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 89.46.128.0/22 maxlen: 24
89.46.232.0/21 maxlen: 24
93.115.9.0/24 maxlen: 24
93.115.104.0/22 maxlen: 24
93.118.36.0/24 maxlen: 24
93.119.154.0/24 maxlen: 24
185.18.224.0/23 maxlen: 24
188.215.40.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:ea:30:af:2d:d7:9a:14:be:4b:32:eb:bd:71:db:42:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Feb 27 10:51:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=eeb85d673e2ac2deec6754e50fed0dd78ead9cfc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:d6:e9:aa:b0:00:ef:a1:6b:10:99:22:d0:3e:
5a:b2:3f:c2:be:37:d6:d2:ec:70:ae:0b:73:1f:9a:
36:d6:fc:d7:97:ee:d8:85:c9:e8:79:1a:2b:2e:ac:
9b:52:3d:dc:2b:2b:66:0a:ff:f4:e2:50:50:c9:33:
9b:87:57:e0:f0:ea:a7:8f:e5:fe:26:24:eb:01:7c:
a1:b1:df:1b:89:18:1e:8f:5c:f9:3b:64:75:c6:42:
2e:c2:2c:04:67:62:c1:9a:84:37:b0:2f:87:e5:fe:
5c:50:2e:35:40:16:0f:e0:ed:50:4f:ae:78:9e:a1:
15:7f:a6:7a:1f:68:7f:aa:07:fe:0f:bf:47:7b:29:
70:c2:90:23:78:5f:10:ae:0c:0f:5d:03:d6:c3:ac:
50:2b:f7:42:32:e1:d1:82:20:ef:91:ad:bb:ae:10:
c7:f6:a0:4d:9e:05:39:d7:d2:d0:f0:d6:b9:8d:1f:
76:fe:ce:b0:50:f5:77:92:ff:c5:24:72:dc:ab:7a:
92:a3:f9:75:2e:25:2a:85:e2:3c:bb:d7:cb:5b:ac:
89:9b:63:a7:f2:bb:89:62:c8:82:ef:82:4d:17:b1:
df:bd:a0:dc:6d:d0:23:11:3d:3e:5a:e0:d2:42:da:
52:de:bd:1d:63:36:b1:db:8a:03:1a:64:9b:15:93:
11:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:B8:5D:67:3E:2A:C2:DE:EC:67:54:E5:0F:ED:0D:D7:8E:AD:9C:FC
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7rhdZz4qwt7sZ1TlD-0N146tnPw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.128.0/22
89.46.232.0/21
93.115.9.0/24
93.115.104.0/22
93.118.36.0/24
93.119.154.0/24
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
ca:5f:7c:4d:e5:c4:ba:01:63:ec:c6:68:12:4c:08:c7:73:b3:
e7:69:7d:20:8b:25:c3:77:6b:0e:c6:c6:80:d1:42:34:0d:b8:
d2:e9:21:60:d1:3c:94:8d:00:9f:8d:f5:03:85:e8:ad:a3:4d:
df:a6:3e:66:99:3c:11:2c:71:de:c0:be:fc:8c:48:94:6d:66:
fe:63:83:67:ad:a3:a3:72:33:4f:ae:ae:b1:84:3c:63:a9:d0:
1b:bb:96:74:11:15:75:6a:b3:3b:32:9b:04:33:51:16:03:0c:
2e:c7:22:4f:b9:da:98:0f:67:10:17:a6:50:fe:3f:7c:2d:f3:
6f:74:4f:92:5a:c2:b0:b3:ba:ae:58:89:59:db:74:6f:be:f8:
e0:95:ec:26:ea:57:27:fb:cf:27:1f:d7:dd:72:95:42:7c:55:
56:4b:1e:1d:7f:ec:d3:f9:4e:6d:7c:f7:e6:fb:bf:f1:2d:22:
d4:b2:cb:f2:94:ba:89:c3:99:73:ed:1a:ea:a3:16:ab:76:41:
f8:54:f1:74:ae:92:54:e7:32:2e:40:e5:b3:1f:ad:1e:75:b4:
58:8a:2b:8d:09:84:df:b9:c5:e1:84:49:e6:29:99:bf:ec:94:
a7:02:3e:0b:e9:e1:0b:a3:79:72:3a:03:aa:8e:a6:07:fc:25:
5d:40:47:8c
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY3qMK8t15oUvksy671x20KOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMjI3MTA1MTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWI4NWQ2NzNlMmFjMmRlZWM2NzU0ZTUwZmVkMGRkNzhlYWQ5Y2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9bpqrAA76FrEJki0D5asj/CvjfW
0uxwrgtzH5o21vzXl+7YhcnoeRorLqybUj3cKytmCv/04lBQyTObh1fg8Oqnj+X+
JiTrAXyhsd8biRgej1z5O2R1xkIuwiwEZ2LBmoQ3sC+H5f5cUC41QBYP4O1QT654
nqEVf6Z6H2h/qgf+D79HeylwwpAjeF8QrgwPXQPWw6xQK/dCMuHRgiDvka27rhDH
9qBNngU519LQ8Na5jR92/s6wUPV3kv/FJHLcq3qSo/l1LiUqheI8u9fLW6yJm2On
8ruJYsiC74JNF7HfvaDcbdAjET0+WuDSQtpS3r0dYzax24oDGmSbFZMRaQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFO64XWc+KsLe7GdU5Q/tDdeOrZz8MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzdyaGRaejRxd3Q3c1oxVGxELTBOMTQ2dG5Qdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBAJZLoAD
BANZLugDBABdcwkDBAJdc2gDBABddiQDBABdd5oDBAG5EuADBAK81ygwDQYJKoZI
hvcNAQELBQADggEBAMpffE3lxLoBY+zGaBJMCMdzs+dpfSCLJcN3aw7GxoDRQjQN
uNLpIWDRPJSNAJ+N9QOF6K2jTd+mPmaZPBEscd7AvvyMSJRtZv5jg2eto6NyM0+u
rrGEPGOp0Bu7lnQRFXVqszsymwQzURYDDC7HIk+52pgPZxAXplD+P3wt8290T5Ja
wrCzuq5YiVnbdG+++OCV7CbqVyf7zycf191ylUJ8VVZLHh1/7NP5Tm189+b7v/Et
ItSyy/KUuonDmXPtGuqjFqt2QfhU8XSuklTnMi5A5bMfrR51tFiKK40JhN+5xeGE
SeYpmb/slKcCPgvp4QujeXI6A6qOpgf8JV1AR4w=
-----END CERTIFICATE-----
Generated at Thu Feb 29 19:02:01 2024 by rpki-client on console-fra.rpki-client.org