Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Z8UYnMBMfV-Y6BK6FRbtXXZRqOA.roa
File: Z8UYnMBMfV-Y6BK6FRbtXXZRqOA.roa (raw, json)
Hash identifier: diG1OBINU4I+lH8gMz//8T2HFqMtU5MC1f2sgfsj+Ls=
Subject key identifier: 67:C5:18:9C:C0:4C:7D:5F:98:E8:12:BA:15:16:ED:5D:76:51:A8:E0
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 01917FF83054CBF08161953BAD1E2FAC07D5
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Z8UYnMBMfV-Y6BK6FRbtXXZRqOA.roa
Signing time: Fri 23 Aug 2024 16:00:57 +0000
ROA not before: Fri 23 Aug 2024 16:00:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204157
IP address blocks: 77.81.99.0/24 maxlen: 24
89.33.247.0/24 maxlen: 24
89.45.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:7f:f8:30:54:cb:f0:81:61:95:3b:ad:1e:2f:ac:07:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Aug 23 16:00:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67c5189cc04c7d5f98e812ba1516ed5d7651a8e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fc:69:9d:c6:a2:d0:f6:a1:82:eb:e4:b8:fc:77:
69:6a:85:48:1d:8c:73:ae:21:27:03:d7:40:96:19:
69:c9:7d:8f:97:4e:bf:6f:84:c9:80:90:bf:1d:06:
d2:df:3a:f7:e2:81:07:bd:37:65:b7:7f:d3:31:34:
cc:2c:38:93:86:ee:2d:77:d7:d6:8a:8d:dd:a8:10:
54:8b:f8:fd:a9:bc:a1:72:0e:da:b1:28:5b:2f:7d:
e2:ba:c6:3e:ad:43:e2:cd:d6:ae:db:ad:a0:fd:a0:
32:0b:28:04:a0:21:7f:4a:f0:5e:8a:0a:84:3d:08:
32:89:3d:fd:e3:21:95:7c:f4:4a:6b:80:61:15:4c:
96:b8:11:ed:a9:2e:70:95:a3:d0:99:8f:d1:81:e1:
a6:28:9d:d5:b9:da:05:e6:88:09:00:bc:4d:3d:57:
00:38:e7:be:e3:6a:de:75:35:e9:e4:f8:e4:11:b0:
0e:a9:b1:82:61:b3:72:c1:78:97:bf:61:12:46:a0:
ed:7a:34:a2:31:b4:6b:a9:57:0a:8a:fe:73:65:6f:
fb:70:56:83:f4:c3:0d:c0:84:e4:41:2d:21:16:1e:
a6:39:e1:7b:f2:c0:3c:6e:c2:67:be:2d:0b:2c:13:
7f:d5:b7:f1:dc:53:4a:25:3a:fd:cd:82:60:38:3b:
3c:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:C5:18:9C:C0:4C:7D:5F:98:E8:12:BA:15:16:ED:5D:76:51:A8:E0
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Z8UYnMBMfV-Y6BK6FRbtXXZRqOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.81.99.0/24
89.33.247.0/24
89.45.91.0/24
Signature Algorithm: sha256WithRSAEncryption
bd:d6:3e:f5:16:01:2a:57:b7:f2:e1:b6:1b:2b:0c:ae:82:f0:
d6:9e:27:1f:95:ee:9a:d3:bb:df:0d:c3:2a:03:7e:b4:46:81:
c3:43:40:ec:da:84:be:3e:d8:2b:c7:3f:f8:c6:33:06:3f:0c:
05:6b:b7:db:73:a6:6c:cf:73:eb:84:e0:b4:21:25:b9:a8:8e:
8f:6f:d3:eb:fe:64:a2:ee:44:d4:70:c3:8a:a2:81:04:6b:5c:
9b:12:63:14:dd:3c:de:94:30:7c:c7:4f:63:b6:b6:ea:6e:80:
03:4c:de:32:b3:59:2b:ad:cb:15:8a:84:b4:af:47:c3:c6:fc:
4a:49:af:94:ea:fc:c3:08:b3:e2:24:b5:47:3c:f3:f4:1b:fe:
c8:ba:80:9b:39:41:1e:6d:da:cc:d9:6f:56:59:80:81:fc:07:
68:96:a7:50:57:90:73:4a:7b:b3:a6:f4:58:13:72:5d:8e:fd:
22:23:36:79:24:f7:9f:d9:86:b1:9e:3d:3a:ad:b6:d9:9d:a0:
4f:1c:2b:a2:93:19:60:87:65:59:f2:74:26:bc:28:98:d0:7e:
f3:9a:17:c3:44:e5:85:80:3b:81:30:5b:90:9e:32:39:b9:91:
af:f8:06:e1:4e:33:52:f3:97:e5:18:ab:33:65:cb:ca:e8:d7:
2a:21:6c:5d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZF/+DBUy/CBYZU7rR4vrAfVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwODIzMTYwMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2M1MTg5Y2MwNGM3ZDVmOThlODEyYmExNTE2ZWQ1ZDc2NTFhOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/GmdxqLQ9qGC6+S4/HdpaoVIHYxz
riEnA9dAlhlpyX2Pl06/b4TJgJC/HQbS3zr34oEHvTdlt3/TMTTMLDiThu4td9fW
io3dqBBUi/j9qbyhcg7asShbL33iusY+rUPizdau262g/aAyCygEoCF/SvBeigqE
PQgyiT394yGVfPRKa4BhFUyWuBHtqS5wlaPQmY/RgeGmKJ3VudoF5ogJALxNPVcA
OOe+42redTXp5PjkEbAOqbGCYbNywXiXv2ESRqDtejSiMbRrqVcKiv5zZW/7cFaD
9MMNwITkQS0hFh6mOeF78sA8bsJnvi0LLBN/1bfx3FNKJTr9zYJgODs8MQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGfFGJzATH1fmOgSuhUW7V12UajgMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1o4VVluTUJNZlYtWTZCSzZGUmJ0WFhaUnFPQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABNUWMD
BABZIfcDBABZLVswDQYJKoZIhvcNAQELBQADggEBAL3WPvUWASpXt/LhthsrDK6C
8NaeJx+V7prTu98NwyoDfrRGgcNDQOzahL4+2CvHP/jGMwY/DAVrt9tzpmzPc+uE
4LQhJbmojo9v0+v+ZKLuRNRww4qigQRrXJsSYxTdPN6UMHzHT2O2tupugANM3jKz
WSutyxWKhLSvR8PG/EpJr5Tq/MMIs+IktUc88/Qb/si6gJs5QR5t2szZb1ZZgIH8
B2iWp1BXkHNKe7Om9FgTcl2O/SIjNnkk95/ZhrGePTqtttmdoE8cK6KTGWCHZVny
dCa8KJjQfvOaF8NE5YWAO4EwW5CeMjm5ka/4BuFOM1Lzl+UYqzNly8ro1yohbF0=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:31:34 2025 by rpki-client