Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RRtDCjSENOwzb3tT__VShDFeixg.roa
File: RRtDCjSENOwzb3tT__VShDFeixg.roa (raw, json)
Hash identifier: tsFZQ0+3rUCDDOadKc54q/zFfCfQZbTcrKRKfAXq6QY=
Subject key identifier: 45:1B:43:0A:34:84:34:EC:33:6F:7B:53:FF:F5:52:84:31:5E:8B:18
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018DD0D702BF72F83D8CE9D19FFB4F03270D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RRtDCjSENOwzb3tT__VShDFeixg.roa
Signing time: Thu 22 Feb 2024 12:42:48 +0000
ROA not before: Thu 22 Feb 2024 12:42:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 89.46.128.0/22 maxlen: 24
89.46.232.0/21 maxlen: 24
93.115.9.0/24 maxlen: 24
93.115.104.0/22 maxlen: 24
94.176.97.0/24 maxlen: 24
185.18.224.0/23 maxlen: 24
188.215.40.0/22 maxlen: 24
188.241.220.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:d0:d7:02:bf:72:f8:3d:8c:e9:d1:9f:fb:4f:03:27:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Feb 22 12:42:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=451b430a348434ec336f7b53fff55284315e8b18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:c8:c3:7f:d4:ff:eb:6f:c8:db:e3:78:98:43:
f3:c3:ef:db:43:45:9b:b2:11:a4:c8:f2:5d:85:6e:
15:39:56:67:43:6c:19:97:f9:a0:f4:db:79:ff:fc:
c0:6d:53:fe:5c:5b:f3:18:66:b6:b3:89:42:1e:05:
70:67:84:2d:05:0f:65:d0:f9:17:0c:47:bc:f3:77:
99:1b:e7:df:e5:8a:19:6e:1e:cb:f6:36:a7:37:3b:
91:e0:88:68:c4:2c:f1:e6:d2:4e:5f:23:5e:99:e3:
02:67:d0:5a:6f:e6:f7:96:fc:c6:91:0d:8a:53:8b:
e5:a8:12:68:85:85:64:b8:c7:a7:51:ab:87:40:13:
f4:26:80:fe:d8:f9:4e:34:c3:5b:56:96:62:a9:6e:
d6:99:8a:e8:66:f0:73:e5:7c:ae:d8:fe:bc:ad:45:
48:96:19:e3:f7:36:fc:f2:d5:da:6f:2e:82:07:c4:
5a:04:fa:41:ec:41:a8:0f:4b:90:6a:6a:f5:76:c2:
c6:99:ba:62:c6:de:d7:43:79:0b:cb:7e:1d:31:3d:
9d:d4:c0:95:70:bd:2d:16:7e:4d:7f:2a:53:16:86:
84:f0:bd:81:f2:a4:db:eb:89:72:13:be:bf:a1:af:
24:a3:94:08:8a:30:4c:c2:93:b9:35:ae:90:3b:30:
46:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:1B:43:0A:34:84:34:EC:33:6F:7B:53:FF:F5:52:84:31:5E:8B:18
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/RRtDCjSENOwzb3tT__VShDFeixg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.128.0/22
89.46.232.0/21
93.115.9.0/24
93.115.104.0/22
94.176.97.0/24
185.18.224.0/23
188.215.40.0/22
188.241.220.0/23
Signature Algorithm: sha256WithRSAEncryption
4b:aa:08:5f:f7:b9:68:be:27:dd:00:58:98:c8:1b:d4:08:c9:
dd:7c:37:00:82:ba:fa:dc:c0:19:d4:c7:ab:0e:3b:9d:b2:38:
42:ef:d2:11:1a:2c:14:62:8a:d3:5a:fc:f4:97:19:bc:74:e7:
00:f7:8c:24:9a:5f:e6:61:62:cd:7c:5a:bd:d5:06:66:37:05:
81:c8:fb:28:24:d5:99:ea:47:fe:27:dc:50:1b:74:8a:db:5f:
c3:2a:34:9f:02:3d:04:0b:e8:90:ff:8c:fb:bb:f1:02:df:e1:
c2:fa:8e:76:4e:57:e3:b7:57:c7:3b:2b:2b:21:0e:92:ca:ae:
fa:df:b6:aa:7b:6b:34:ab:62:6e:c6:88:22:71:62:ee:bd:9a:
68:21:7f:1c:c6:86:a6:47:6e:2e:79:51:3a:32:a5:1f:41:07:
13:77:46:6b:2c:a1:7f:f6:56:51:8e:7f:40:98:7c:5b:4d:03:
e3:5e:cb:c7:e8:cc:d1:b3:81:97:28:91:1d:e1:8a:f4:1b:0d:
08:cd:17:58:62:0d:12:30:43:31:a6:2d:e1:79:36:64:67:38:
e1:89:d1:d8:06:6d:45:b3:2f:d2:1e:e3:af:d4:e7:6b:4c:11:
d0:72:90:1f:e3:fb:72:0e:46:ec:d7:a9:6f:af:ab:e5:4c:ec:
7f:9d:1a:88
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY3Q1wK/cvg9jOnRn/tPAycNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMjIyMTI0MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTFiNDMwYTM0ODQzNGVjMzM2ZjdiNTNmZmY1NTI4NDMxNWU4YjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cjDf9T/62/I2+N4mEPzw+/bQ0Wb
shGkyPJdhW4VOVZnQ2wZl/mg9Nt5//zAbVP+XFvzGGa2s4lCHgVwZ4QtBQ9l0PkX
DEe883eZG+ff5YoZbh7L9janNzuR4IhoxCzx5tJOXyNemeMCZ9Bab+b3lvzGkQ2K
U4vlqBJohYVkuMenUauHQBP0JoD+2PlONMNbVpZiqW7WmYroZvBz5Xyu2P68rUVI
lhnj9zb88tXaby6CB8RaBPpB7EGoD0uQamr1dsLGmbpixt7XQ3kLy34dMT2d1MCV
cL0tFn5NfypTFoaE8L2B8qTb64lyE76/oa8ko5QIijBMwpO5Na6QOzBGZwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFEUbQwo0hDTsM297U//1UoQxXosYMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1JSdERDalNFTk93emIzdFRfX1ZTaERGZWl4Zy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBAJZLoAD
BANZLugDBABdcwkDBAJdc2gDBABesGEDBAG5EuADBAK81ygDBAG88dwwDQYJKoZI
hvcNAQELBQADggEBAEuqCF/3uWi+J90AWJjIG9QIyd18NwCCuvrcwBnUx6sOO52y
OELv0hEaLBRiitNa/PSXGbx05wD3jCSaX+ZhYs18Wr3VBmY3BYHI+ygk1ZnqR/4n
3FAbdIrbX8MqNJ8CPQQL6JD/jPu78QLf4cL6jnZOV+O3V8c7KyshDpLKrvrftqp7
azSrYm7GiCJxYu69mmghfxzGhqZHbi55UToypR9BBxN3RmssoX/2VlGOf0CYfFtN
A+Ney8fozNGzgZcokR3hivQbDQjNF1hiDRIwQzGmLeF5NmRnOOGJ0dgGbUWzL9Ie
46/U52tMEdBykB/j+3IORuzXqW+vq+VM7H+dGog=
-----END CERTIFICATE-----
Generated at Fri Feb 23 16:25:35 2024 by rpki-client on console-fra.rpki-client.org