Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Mak55IZwpGWStsIZnLUG0sF0Y34.roa
File: Mak55IZwpGWStsIZnLUG0sF0Y34.roa (raw, json)
Hash identifier: 2XqNqUkG11LHXXLqlJJamWhNEe/Kp/pVJokp0veN+Vs=
Subject key identifier: 31:A9:39:E4:86:70:A4:65:92:B6:C2:19:9C:B5:06:D2:C1:74:63:7E
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018CF2D5B56163EAE498009E950631C6D7AE
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Mak55IZwpGWStsIZnLUG0sF0Y34.roa
Signing time: Wed 10 Jan 2024 10:05:40 +0000
ROA not before: Wed 10 Jan 2024 10:05:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48955
IP address blocks: 89.35.80.0/23 maxlen: 24
89.45.124.0/23 maxlen: 24
89.40.222.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f2:d5:b5:61:63:ea:e4:98:00:9e:95:06:31:c6:d7:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Jan 10 10:05:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=31a939e48670a46592b6c2199cb506d2c174637e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:03:62:8e:1a:2e:37:94:f8:6a:46:bf:da:c4:
81:66:98:6b:7e:c9:95:91:0e:1f:bf:8f:05:d9:46:
94:fc:1b:26:75:08:a6:54:61:4b:7d:1c:6b:72:d9:
a9:4b:bc:9c:c8:58:ea:6a:98:ab:96:00:34:cf:52:
40:7b:e2:1e:70:91:c9:c0:b4:62:d4:ab:0c:47:33:
e5:b4:4e:4e:f7:d6:82:b2:33:68:24:49:c7:33:73:
cb:9e:4c:9d:97:c1:f7:07:50:40:7a:70:0b:52:2d:
41:a2:12:e1:92:38:c4:24:4a:25:d3:11:5d:89:30:
02:f6:3d:4a:6d:3f:c7:95:ff:ab:51:1c:7f:6d:a9:
b0:8c:83:4b:fc:d1:a8:91:eb:a0:5d:50:b2:99:65:
fb:48:75:fa:88:05:41:ac:1f:9e:9b:16:6f:84:d0:
d1:c7:39:c4:8c:61:4d:86:18:4d:17:97:84:63:53:
d3:50:d0:14:83:05:d8:b7:a0:61:a1:84:27:17:16:
a9:20:3b:39:ad:2a:63:f5:8c:19:27:34:ff:a6:75:
7b:a4:c3:a9:4a:84:46:f3:dc:31:56:d4:1a:b0:6c:
13:bb:83:d9:ca:ad:89:63:5b:75:a1:93:28:70:9e:
38:f1:dc:b0:c5:26:f8:ce:0e:4c:54:82:00:93:ee:
63:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:A9:39:E4:86:70:A4:65:92:B6:C2:19:9C:B5:06:D2:C1:74:63:7E
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Mak55IZwpGWStsIZnLUG0sF0Y34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.80.0/23
89.40.222.0/23
89.45.124.0/23
Signature Algorithm: sha256WithRSAEncryption
25:38:58:9f:a7:37:45:30:e1:98:43:f1:1d:88:a4:c5:bb:13:
24:72:93:97:0c:31:38:c4:0b:bb:98:11:b7:bf:92:f1:7f:19:
27:5f:f8:c0:a4:03:fa:40:8a:3f:8f:2d:aa:0c:fc:eb:95:29:
84:35:6e:90:72:61:27:e0:12:69:f0:f0:e4:02:6f:4c:23:a4:
a8:6a:7a:36:38:bf:22:08:5b:21:ac:65:15:32:64:8d:d0:0e:
27:68:dd:39:bf:8b:29:39:e2:4d:59:50:cb:0c:92:c3:41:23:
f5:18:67:89:ab:3f:3e:a5:85:66:c2:14:52:23:61:9e:d4:34:
30:2b:13:0b:07:13:57:de:a7:3b:32:9a:bc:39:c4:39:25:b6:
ef:75:85:18:ee:f6:ea:32:1c:a0:98:d8:91:0c:a6:01:92:bd:
70:b2:2f:23:8b:44:f5:3a:db:fc:15:0b:24:69:bc:c3:a6:53:
1a:67:24:da:50:fc:a2:12:70:09:26:ba:bf:28:af:18:0b:ce:
e7:b3:98:32:70:69:9a:2b:1e:2f:0f:ec:03:9e:bf:ba:93:71:
40:73:40:c8:64:26:52:57:34:a4:6b:0f:ea:ea:4b:1d:16:a9:
39:99:5d:0d:b5:8c:05:25:40:27:df:98:98:ba:a1:2b:6f:bc:
18:76:29:27
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzy1bVhY+rkmACelQYxxteuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTEwMTAwNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWE5MzllNDg2NzBhNDY1OTJiNmMyMTk5Y2I1MDZkMmMxNzQ2MzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwNijhouN5T4aka/2sSBZphrfsmV
kQ4fv48F2UaU/BsmdQimVGFLfRxrctmpS7ycyFjqapirlgA0z1JAe+IecJHJwLRi
1KsMRzPltE5O99aCsjNoJEnHM3PLnkydl8H3B1BAenALUi1BohLhkjjEJEol0xFd
iTAC9j1KbT/Hlf+rURx/bamwjINL/NGokeugXVCymWX7SHX6iAVBrB+emxZvhNDR
xznEjGFNhhhNF5eEY1PTUNAUgwXYt6BhoYQnFxapIDs5rSpj9YwZJzT/pnV7pMOp
SoRG89wxVtQasGwTu4PZyq2JY1t1oZMocJ448dywxSb4zg5MVIIAk+5jVwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDGpOeSGcKRlkrbCGZy1BtLBdGN+MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL01hazU1SVp3cEdXU3RzSVpuTFVHMHNGMFkzNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAFZI1AD
BAFZKN4DBAFZLXwwDQYJKoZIhvcNAQELBQADggEBACU4WJ+nN0Uw4ZhD8R2IpMW7
EyRyk5cMMTjEC7uYEbe/kvF/GSdf+MCkA/pAij+PLaoM/OuVKYQ1bpByYSfgEmnw
8OQCb0wjpKhqejY4vyIIWyGsZRUyZI3QDido3Tm/iyk54k1ZUMsMksNBI/UYZ4mr
Pz6lhWbCFFIjYZ7UNDArEwsHE1fepzsymrw5xDkltu91hRju9uoyHKCY2JEMpgGS
vXCyLyOLRPU62/wVCyRpvMOmUxpnJNpQ/KIScAkmur8orxgLzuezmDJwaZorHi8P
7AOev7qTcUBzQMhkJlJXNKRrD+rqSx0WqTmZXQ21jAUlQCffmJi6oStvvBh2KSc=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:30:39 2025 by rpki-client