Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/H8UF-t-MEcm5LTcKc3Q834-Tryk.roa
File: H8UF-t-MEcm5LTcKc3Q834-Tryk.roa (raw, json)
Hash identifier: HdgU6x+fRRXWRb6VcyTVA+Vj7gfa2TQugLGRIuo9JDI=
Subject key identifier: 1F:C5:05:FA:DF:8C:11:C9:B9:2D:37:0A:73:74:3C:DF:8F:93:AF:29
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 01856FD5107AE662FB9CAF44DC52588C3154
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/H8UF-t-MEcm5LTcKc3Q834-Tryk.roa
Signing time: Mon 02 Jan 2023 00:15:12 +0000
ROA not before: Mon 02 Jan 2023 00:15:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12302
IP address blocks: 31.14.34.0/24 maxlen: 24
89.45.228.0/24 maxlen: 24
89.45.44.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:d5:10:7a:e6:62:fb:9c:af:44:dc:52:58:8c:31:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Jan 2 00:15:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1fc505fadf8c11c9b92d370a73743cdf8f93af29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:fe:dc:65:cd:70:84:f5:a7:af:37:0a:7f:32:
e5:ad:b3:be:d3:d0:4b:51:56:23:4d:c0:b1:2b:f5:
aa:01:47:ae:e1:de:88:23:45:ca:5c:aa:e1:a4:8b:
db:f4:c7:0f:41:e9:e2:03:61:15:cd:39:b1:62:dd:
d1:95:1d:ef:d0:8f:9c:96:b1:2d:ce:5a:89:0c:10:
bc:07:98:05:2d:05:f0:10:f8:be:64:fc:b6:d8:94:
1d:38:0a:92:e3:d3:8f:87:9e:c1:98:c2:13:2d:3f:
34:05:ee:d1:77:08:2d:2f:84:9b:69:df:5c:e3:da:
0f:1d:cb:a7:f4:f3:3b:3b:ad:06:3f:e5:9d:26:ec:
e9:af:b0:1c:95:9a:bf:70:29:84:4d:13:fe:93:a6:
2a:92:3a:e8:1a:77:67:80:92:f6:a5:ac:ab:b0:b8:
66:d0:93:6a:22:61:ea:dd:63:6a:95:91:6d:a2:e2:
c6:61:7b:cb:d3:6c:db:c9:06:d9:60:37:8b:bd:17:
47:04:c8:7a:f1:0f:3b:2e:29:96:7a:b0:a4:a5:16:
fc:f8:79:6d:e5:b2:ca:8b:0c:2e:1d:ab:38:a7:0c:
03:76:b2:43:69:a0:14:a2:d0:6a:d5:a7:01:53:7c:
12:cc:3f:55:04:e1:4a:21:da:e5:22:72:fd:88:40:
30:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:C5:05:FA:DF:8C:11:C9:B9:2D:37:0A:73:74:3C:DF:8F:93:AF:29
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/H8UF-t-MEcm5LTcKc3Q834-Tryk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.34.0/24
89.45.44.0/23
89.45.228.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:c8:d0:76:e9:78:db:e6:ba:ef:9d:5c:f9:20:0e:ab:d1:df:
df:73:8f:aa:50:7b:8a:cd:62:47:c3:5f:cd:1d:17:77:3d:98:
51:b0:75:cd:e6:bb:0f:f2:65:40:53:bf:e4:c2:0d:55:a7:3d:
6d:cb:50:de:1d:ef:03:71:85:00:ce:db:8e:e0:ad:e3:18:9e:
34:ee:81:fc:f4:a4:ce:9f:7a:80:d7:74:ee:e8:88:39:3e:de:
28:c9:9b:da:43:8f:db:7f:a9:0f:ba:b2:2a:1c:d7:8b:63:32:
08:5f:db:25:bc:5d:be:cc:26:ad:f7:a1:cc:59:7d:9f:9c:90:
5c:3d:ca:e6:00:33:d5:92:19:32:9e:31:c0:7c:8e:11:11:d5:
5d:ee:38:12:17:47:0f:98:01:66:e9:28:4b:bb:f2:59:53:af:
94:35:ea:f0:de:07:0b:9f:11:96:6f:0c:b5:15:aa:3f:e4:8a:
a0:a3:44:72:c0:c0:56:fb:87:05:17:ab:b9:f1:64:5b:56:c2:
96:32:8e:85:70:4d:fd:a8:1c:4a:8b:43:0a:b8:f6:9f:45:04:
59:44:2c:77:fb:19:d9:f6:f2:45:62:b4:1d:6e:6e:fb:9b:d9:
46:3e:a7:af:00:84:bf:da:37:56:d0:90:c3:00:8e:60:00:a4:
fc:8f:8d:13
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVv1RB65mL7nK9E3FJYjDFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwMTAyMDAxNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmM1MDVmYWRmOGMxMWM5YjkyZDM3MGE3Mzc0M2NkZjhmOTNhZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv7cZc1whPWnrzcKfzLlrbO+09BL
UVYjTcCxK/WqAUeu4d6II0XKXKrhpIvb9McPQeniA2EVzTmxYt3RlR3v0I+clrEt
zlqJDBC8B5gFLQXwEPi+ZPy22JQdOAqS49OPh57BmMITLT80Be7RdwgtL4Sbad9c
49oPHcun9PM7O60GP+WdJuzpr7AclZq/cCmETRP+k6YqkjroGndngJL2payrsLhm
0JNqImHq3WNqlZFtouLGYXvL02zbyQbZYDeLvRdHBMh68Q87LimWerCkpRb8+Hlt
5bLKiwwuHas4pwwDdrJDaaAUotBq1acBU3wSzD9VBOFKIdrlInL9iEAwJQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFB/FBfrfjBHJuS03CnN0PN+Pk68pMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0g4VUYtdC1NRWNtNUxUY0tjM1E4MzQtVHJ5ay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAAfDiID
BAFZLSwDBABZLeQwDQYJKoZIhvcNAQELBQADggEBAF/I0HbpeNvmuu+dXPkgDqvR
399zj6pQe4rNYkfDX80dF3c9mFGwdc3muw/yZUBTv+TCDVWnPW3LUN4d7wNxhQDO
247greMYnjTugfz0pM6feoDXdO7oiDk+3ijJm9pDj9t/qQ+6sioc14tjMghf2yW8
Xb7MJq33ocxZfZ+ckFw9yuYAM9WSGTKeMcB8jhER1V3uOBIXRw+YAWbpKEu78llT
r5Q16vDeBwufEZZvDLUVqj/kiqCjRHLAwFb7hwUXq7nxZFtWwpYyjoVwTf2oHEqL
Qwq49p9FBFlELHf7Gdn28kVitB1ubvub2UY+p68AhL/aN1bQkMMAjmAApPyPjRM=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:38:16 2025 by rpki-client