Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/GXAC4QUsgXjUBkNx0M1iS8lwS0o.roa
File: GXAC4QUsgXjUBkNx0M1iS8lwS0o.roa (raw, json)
Hash identifier: gSIK7V9Oz00VbH8rqdaMxViUTe17rXHtG4R8il1xNBs=
Subject key identifier: 19:70:02:E1:05:2C:81:78:D4:06:43:71:D0:CD:62:4B:C9:70:4B:4A
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018B6BB90B2447FC42FBBE70CABD138EE7C4
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/GXAC4QUsgXjUBkNx0M1iS8lwS0o.roa
Signing time: Thu 26 Oct 2023 11:22:50 +0000
ROA not before: Thu 26 Oct 2023 11:22:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 185.18.224.0/23 maxlen: 24
89.45.228.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
89.40.222.0/23 maxlen: 24
89.46.232.0/21 maxlen: 24
89.46.128.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:6b:b9:0b:24:47:fc:42:fb:be:70:ca:bd:13:8e:e7:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Oct 26 11:22:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=197002e1052c8178d4064371d0cd624bc9704b4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a7:ce:8e:38:1a:04:6c:1c:c2:e3:6c:b3:b2:
93:56:86:97:5b:9d:4a:3e:fb:7d:25:d0:9d:74:47:
2c:f6:a6:d4:d9:f2:25:5e:4f:5b:41:8b:08:7a:a3:
03:6a:98:ac:ed:c0:a1:d4:83:f1:d5:94:02:1a:5c:
5a:ae:28:44:c2:2d:7d:a6:3a:06:66:76:60:57:48:
c1:d6:e6:da:5a:5b:12:61:05:59:96:06:95:07:a2:
94:7e:5f:b3:9f:af:36:d3:5c:ef:d1:4a:ce:fe:bf:
4d:dc:00:90:5a:f7:62:db:ec:bd:98:fa:1e:ad:a7:
6f:7a:ef:88:76:03:3e:40:5a:54:90:d7:c5:e4:f2:
a4:f1:14:c0:03:55:64:0b:ec:a1:f3:9c:9d:ab:12:
0b:45:f0:6c:60:9d:89:8d:02:d3:b6:be:79:03:cd:
b5:26:25:9c:80:41:8d:a8:fe:88:24:20:45:e4:e5:
b9:24:a3:90:4f:c6:2f:9a:b2:90:64:73:9c:fa:6a:
80:c8:59:c4:b3:88:08:47:ec:ea:4c:3a:b2:72:8b:
32:19:5e:81:17:54:a9:20:66:f2:53:f7:3f:3e:ff:
ce:31:f2:3d:fb:16:90:08:9d:4b:cc:e4:01:45:59:
57:99:ae:b0:f2:08:84:c4:5e:55:51:79:89:e3:1e:
b4:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:70:02:E1:05:2C:81:78:D4:06:43:71:D0:CD:62:4B:C9:70:4B:4A
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/GXAC4QUsgXjUBkNx0M1iS8lwS0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.222.0/23
89.45.228.0/24
89.46.128.0/22
89.46.232.0/21
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
05:79:e6:a9:71:b8:ef:a0:09:31:ed:33:2b:4a:35:35:e4:ea:
9d:1e:22:ad:14:ef:23:4d:a2:82:17:f2:0f:21:81:e7:cd:f4:
c7:5b:37:b1:fa:63:93:94:5f:ee:08:b5:1e:5b:31:5d:69:1f:
35:6d:a3:dd:4f:60:24:a3:19:db:5b:03:bf:63:41:b9:60:ac:
fc:0c:0d:c6:0a:a3:c1:e4:d4:84:64:60:b0:0e:67:84:0b:d8:
89:09:3b:bb:b1:33:3b:03:5d:5d:30:d4:9b:c7:81:25:90:67:
f7:fd:3d:36:1d:99:cf:e7:1d:22:42:71:4d:7e:49:91:91:80:
c7:f2:dd:1c:98:b4:a0:65:0d:83:eb:44:4a:11:eb:eb:12:ac:
eb:66:70:64:e3:f8:2b:3e:6d:81:54:3d:41:36:29:e7:0f:eb:
76:af:aa:a0:9d:35:c6:ba:16:08:35:b7:71:f6:ab:22:4a:0b:
b6:f6:e4:72:2b:60:20:d3:ab:92:7e:cb:ff:f9:3c:32:5a:76:
a4:e3:36:8d:ab:ef:70:39:30:ab:1f:d0:57:62:d6:34:2e:ad:
61:96:29:3d:ad:7a:32:c0:dc:19:39:97:04:a2:48:23:3d:43:
84:67:57:ab:93:54:28:e0:fc:8b:e9:3b:98:de:3e:aa:ad:88:
1e:7e:79:68
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYtruQskR/xC+75wyr0TjufEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMxMDI2MTEyMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTcwMDJlMTA1MmM4MTc4ZDQwNjQzNzFkMGNkNjI0YmM5NzA0YjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKfOjjgaBGwcwuNss7KTVoaXW51K
Pvt9JdCddEcs9qbU2fIlXk9bQYsIeqMDapis7cCh1IPx1ZQCGlxarihEwi19pjoG
ZnZgV0jB1ubaWlsSYQVZlgaVB6KUfl+zn68201zv0UrO/r9N3ACQWvdi2+y9mPoe
radveu+IdgM+QFpUkNfF5PKk8RTAA1VkC+yh85ydqxILRfBsYJ2JjQLTtr55A821
JiWcgEGNqP6IJCBF5OW5JKOQT8YvmrKQZHOc+mqAyFnEs4gIR+zqTDqycosyGV6B
F1SpIGbyU/c/Pv/OMfI9+xaQCJ1LzOQBRVlXma6w8giExF5VUXmJ4x60LwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFBlwAuEFLIF41AZDcdDNYkvJcEtKMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0dYQUM0UVVzZ1hqVUJrTngwTTFpUzhsd1Mwby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMCoEAgABMCQDBAFZKN4D
BABZLeQDBAJZLoADBANZLugDBAG5EuADBAK81ygwDQYJKoZIhvcNAQELBQADggEB
AAV55qlxuO+gCTHtMytKNTXk6p0eIq0U7yNNooIX8g8hgefN9MdbN7H6Y5OUX+4I
tR5bMV1pHzVto91PYCSjGdtbA79jQblgrPwMDcYKo8Hk1IRkYLAOZ4QL2IkJO7ux
MzsDXV0w1JvHgSWQZ/f9PTYdmc/nHSJCcU1+SZGRgMfy3RyYtKBlDYPrREoR6+sS
rOtmcGTj+Cs+bYFUPUE2KecP63avqqCdNca6Fgg1t3H2qyJKC7b25HIrYCDTq5J+
y//5PDJadqTjNo2r73A5MKsf0Fdi1jQurWGWKT2tejLA3Bk5lwSiSCM9Q4RnV6uT
VCjg/IvpO5jePqqtiB5+eWg=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:45:40 2025 by rpki-client