Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/BnOUQGRrfv4_GgQMfarqy5EwYtg.roa
File: BnOUQGRrfv4_GgQMfarqy5EwYtg.roa (raw, json)
Hash identifier: ZfnS8vQ8HWwwfN26ET/80y0WHi/qY0LXeZgrRzaS588=
Subject key identifier: 06:73:94:40:64:6B:7E:FE:3F:1A:04:0C:7D:AA:EA:CB:91:30:62:D8
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018F26EAA51D37BBE3A00418C804D5CB8430
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/BnOUQGRrfv4_GgQMfarqy5EwYtg.roa
Signing time: Sun 28 Apr 2024 22:54:22 +0000
ROA not before: Sun 28 Apr 2024 22:54:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 89.46.128.0/22 maxlen: 24
89.46.232.0/21 maxlen: 24
93.113.255.0/24 maxlen: 24
185.18.224.0/23 maxlen: 24
188.215.40.0/22 maxlen: 24
188.240.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:26:ea:a5:1d:37:bb:e3:a0:04:18:c8:04:d5:cb:84:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Apr 28 22:54:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=06739440646b7efe3f1a040c7daaeacb913062d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:6c:ae:b9:73:96:d4:09:76:4d:c7:fa:9f:79:
ff:dc:e4:02:26:69:82:e2:0c:d0:97:27:68:3c:e6:
6b:76:04:23:3a:01:f1:75:03:c7:22:20:22:b9:0f:
68:16:f6:dd:86:e7:49:04:bb:d1:ef:a9:5c:03:91:
63:8a:24:4b:33:73:19:1d:22:54:4e:aa:eb:dc:3e:
d8:98:c7:54:6e:7f:c0:77:69:42:40:b5:4a:39:f7:
0d:c9:38:0f:89:8b:6f:d4:65:63:ba:ab:c4:fe:37:
63:5a:b6:21:4a:d0:81:ac:52:e7:15:9e:99:3f:d4:
d3:d4:3b:b4:ad:97:23:73:4a:a5:7f:0b:11:68:ee:
f9:45:25:4b:bf:d9:88:1c:49:bb:5a:39:1e:d0:7e:
8e:76:07:16:e8:23:2a:9e:80:23:fe:03:94:ff:d5:
98:7a:f9:1d:6d:7e:ec:41:61:b8:cb:51:94:b9:58:
a5:47:e6:70:08:c9:0e:02:8b:b4:65:24:80:20:2e:
3b:b7:84:2b:44:5c:cf:d4:b4:67:46:c6:ae:14:aa:
38:75:f4:fd:e1:50:67:18:4c:c8:52:2a:af:67:53:
65:a5:b1:f7:78:46:83:46:16:f4:fd:5b:68:c8:95:
ff:f9:16:e4:16:82:6d:cf:01:52:85:29:05:62:3d:
30:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:73:94:40:64:6B:7E:FE:3F:1A:04:0C:7D:AA:EA:CB:91:30:62:D8
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/BnOUQGRrfv4_GgQMfarqy5EwYtg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.128.0/22
89.46.232.0/21
93.113.255.0/24
185.18.224.0/23
188.215.40.0/22
188.240.213.0/24
Signature Algorithm: sha256WithRSAEncryption
50:8c:9a:27:65:da:0e:d8:90:8d:7a:13:0c:93:81:7f:bc:1f:
f6:74:f0:c5:c0:3e:a2:b8:9d:0b:81:20:44:2a:37:cf:2b:42:
b7:a5:f4:23:3d:47:88:4b:45:2c:1a:33:95:98:46:9d:43:c7:
54:53:cd:a5:09:57:61:fa:c6:b4:43:2f:c9:4e:67:53:6e:93:
86:e8:6b:14:bd:d5:03:fc:d2:55:bb:a3:1e:b9:86:34:39:50:
e5:25:dd:07:02:cf:ad:e5:d7:06:25:41:65:2f:f2:dc:8e:0d:
e3:8b:5b:52:b9:0b:c8:ed:ee:0b:25:04:12:13:90:da:47:ac:
fa:8f:50:2f:c9:89:33:d6:b8:06:68:0c:ca:16:9f:55:94:9e:
34:bd:4a:b6:25:dd:1e:e7:68:32:7b:73:62:99:e1:5f:c2:bd:
4f:08:34:ac:a1:6e:92:40:0c:e2:e0:92:a3:97:60:b3:71:4b:
8b:84:72:81:80:8b:4e:51:84:7f:1b:13:aa:45:ba:6e:9b:11:
a4:58:7c:36:51:f5:24:20:49:c6:49:51:83:fc:67:60:17:a2:
cd:cf:6c:fa:98:e0:54:d4:e9:36:59:55:92:4f:75:5e:72:e5:
67:fc:b7:b0:0d:20:6f:cf:bb:25:c0:c4:61:62:4e:e4:d1:67:
66:b7:84:81
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAY8m6qUdN7vjoAQYyATVy4QwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwNDI4MjI1NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjczOTQ0MDY0NmI3ZWZlM2YxYTA0MGM3ZGFhZWFjYjkxMzA2MmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2yuuXOW1Al2Tcf6n3n/3OQCJmmC
4gzQlydoPOZrdgQjOgHxdQPHIiAiuQ9oFvbdhudJBLvR76lcA5FjiiRLM3MZHSJU
Tqrr3D7YmMdUbn/Ad2lCQLVKOfcNyTgPiYtv1GVjuqvE/jdjWrYhStCBrFLnFZ6Z
P9TT1Du0rZcjc0qlfwsRaO75RSVLv9mIHEm7Wjke0H6OdgcW6CMqnoAj/gOU/9WY
evkdbX7sQWG4y1GUuVilR+ZwCMkOAou0ZSSAIC47t4QrRFzP1LRnRsauFKo4dfT9
4VBnGEzIUiqvZ1NlpbH3eEaDRhb0/VtoyJX/+RbkFoJtzwFShSkFYj0w0QIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFAZzlEBka37+PxoEDH2q6suRMGLYMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0JuT1VRR1JyZnY0X0dnUU1mYXJxeTVFd1l0Zy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMCoEAgABMCQDBAJZLoAD
BANZLugDBABdcf8DBAG5EuADBAK81ygDBAC88NUwDQYJKoZIhvcNAQELBQADggEB
AFCMmidl2g7YkI16EwyTgX+8H/Z08MXAPqK4nQuBIEQqN88rQrel9CM9R4hLRSwa
M5WYRp1Dx1RTzaUJV2H6xrRDL8lOZ1Nuk4boaxS91QP80lW7ox65hjQ5UOUl3QcC
z63l1wYlQWUv8tyODeOLW1K5C8jt7gslBBITkNpHrPqPUC/JiTPWuAZoDMoWn1WU
njS9SrYl3R7naDJ7c2KZ4V/CvU8INKyhbpJADOLgkqOXYLNxS4uEcoGAi05RhH8b
E6pFum6bEaRYfDZR9SQgScZJUYP8Z2AXos3PbPqY4FTU6TZZVZJPdV5y5Wf8t7AN
IG/PuyXAxGFiTuTRZ2a3hIE=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:36:00 2025 by rpki-client