Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/b5GCYonJitby-TB-psacWcFV5FU.roa
File: b5GCYonJitby-TB-psacWcFV5FU.roa (raw, json)
Hash identifier: sKUtkPq6g1GeGgqBkWiiskRSQAu6/HoiSyLNlySodbI=
Subject key identifier: 6F:91:82:62:89:C9:8A:D6:F2:F9:30:7E:A6:C6:9C:59:C1:55:E4:55
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018C66B06B2B4870C8DDD100BD3838A519E8
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/b5GCYonJitby-TB-psacWcFV5FU.roa
Signing time: Thu 14 Dec 2023 04:58:06 +0000
ROA not before: Thu 14 Dec 2023 04:58:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 185.18.224.0/23 maxlen: 24
89.47.252.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
89.40.222.0/23 maxlen: 24
89.47.52.0/24 maxlen: 24
89.46.232.0/21 maxlen: 24
89.46.128.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:66:b0:6b:2b:48:70:c8:dd:d1:00:bd:38:38:a5:19:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Dec 14 04:58:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6f91826289c98ad6f2f9307ea6c69c59c155e455
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:f5:79:eb:ff:9c:f5:00:d7:b5:97:5c:c0:f2:
8d:3e:8b:3f:87:a8:c3:da:0a:6a:ba:67:a7:62:04:
d4:5b:b6:1b:43:dd:79:3d:fe:c8:05:bb:d4:44:3f:
76:70:61:5e:b8:b2:1d:03:5c:43:7b:7d:b6:32:ca:
ad:21:cf:ea:58:65:95:84:b5:30:4d:fd:3b:b5:6d:
a6:b3:0d:bf:95:b5:42:bf:82:8a:97:f1:7d:84:24:
0a:ae:eb:d3:46:02:20:92:23:c2:82:15:81:1b:6e:
cb:95:ed:26:ab:18:f0:3c:e1:9a:1c:6e:19:05:c3:
1f:28:0b:8e:f8:ff:b1:cc:2c:d5:a5:9d:5b:4c:9c:
d9:c6:22:7b:ea:07:71:b9:60:67:65:57:e1:78:d0:
9f:ed:72:d5:ec:27:a8:7f:32:f5:51:72:58:89:db:
ea:12:b7:93:96:9c:db:02:4c:4b:00:10:7c:93:ad:
45:72:b7:03:6a:f0:82:46:a4:cf:11:6d:05:b6:0a:
9e:fa:c8:f8:22:51:9d:bf:94:98:84:4b:4b:05:82:
e7:7d:03:33:07:d2:63:26:68:e3:f2:c3:ae:44:f7:
f1:c0:db:12:aa:af:28:36:51:9e:a0:02:05:86:a4:
90:87:d9:fc:78:bc:a9:53:f7:45:7e:0f:04:82:24:
9e:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:91:82:62:89:C9:8A:D6:F2:F9:30:7E:A6:C6:9C:59:C1:55:E4:55
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/b5GCYonJitby-TB-psacWcFV5FU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.222.0/23
89.46.128.0/22
89.46.232.0/21
89.47.52.0/24
89.47.252.0/24
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
7a:7f:3b:a1:bc:62:bf:ec:b8:80:9e:80:ef:e3:51:b0:0b:e9:
8c:d4:1e:fe:c0:58:bf:11:84:01:f5:9a:6d:01:3e:b1:cb:d2:
9d:9c:e4:8e:d9:30:97:3a:d9:08:14:1e:9a:cf:5a:d1:11:a5:
f4:f9:97:75:bd:9c:e6:bb:34:46:17:84:1b:1e:0e:b4:c5:cf:
78:d0:97:e7:f0:1a:35:1f:a2:6a:fd:a7:1f:16:70:db:b0:f1:
45:2b:c4:f6:d3:1a:ad:c8:9e:e9:63:62:b1:98:3a:59:ed:c0:
a7:f7:20:0a:dc:27:1d:79:7b:b7:6b:28:be:41:fe:07:e4:55:
95:d9:76:7b:ce:d2:08:9c:c8:a6:20:90:c5:8e:f4:be:8d:91:
f3:8d:5e:6a:03:bc:92:c1:59:36:83:7b:12:17:bd:14:fa:f2:
16:1d:b7:b0:24:1e:35:32:05:6a:eb:e3:95:82:36:00:3c:5c:
7e:8e:f1:2a:0a:34:1e:55:9e:7e:33:ea:61:ea:a6:0c:21:d4:
d0:25:42:56:83:4e:38:fd:59:c2:b8:38:64:6e:f1:37:fa:11:
89:e4:6c:52:70:d2:1f:1c:30:4f:84:e4:ec:b2:4f:71:f0:11:
0c:6d:40:de:a7:33:1f:76:f0:9d:dd:28:c3:e9:30:d1:40:6f:
c6:11:3d:56
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYxmsGsrSHDI3dEAvTg4pRnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMxMjE0MDQ1ODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjkxODI2Mjg5Yzk4YWQ2ZjJmOTMwN2VhNmM2OWM1OWMxNTVlNDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPV56/+c9QDXtZdcwPKNPos/h6jD
2gpqumenYgTUW7YbQ915Pf7IBbvURD92cGFeuLIdA1xDe322MsqtIc/qWGWVhLUw
Tf07tW2msw2/lbVCv4KKl/F9hCQKruvTRgIgkiPCghWBG27Lle0mqxjwPOGaHG4Z
BcMfKAuO+P+xzCzVpZ1bTJzZxiJ76gdxuWBnZVfheNCf7XLV7CeofzL1UXJYidvq
EreTlpzbAkxLABB8k61FcrcDavCCRqTPEW0Ftgqe+sj4IlGdv5SYhEtLBYLnfQMz
B9JjJmjj8sOuRPfxwNsSqq8oNlGeoAIFhqSQh9n8eLypU/dFfg8EgiSeEwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFG+RgmKJyYrW8vkwfqbGnFnBVeRVMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2I1R0NZb25KaXRieS1UQi1wc2FjV2NGVjVGVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMDAEAgABMCoDBAFZKN4D
BAJZLoADBANZLugDBABZLzQDBABZL/wDBAG5EuADBAK81ygwDQYJKoZIhvcNAQEL
BQADggEBAHp/O6G8Yr/suICegO/jUbAL6YzUHv7AWL8RhAH1mm0BPrHL0p2c5I7Z
MJc62QgUHprPWtERpfT5l3W9nOa7NEYXhBseDrTFz3jQl+fwGjUfomr9px8WcNuw
8UUrxPbTGq3InuljYrGYOlntwKf3IArcJx15e7drKL5B/gfkVZXZdnvO0gicyKYg
kMWO9L6NkfONXmoDvJLBWTaDexIXvRT68hYdt7AkHjUyBWrr45WCNgA8XH6O8SoK
NB5Vnn4z6mHqpgwh1NAlQlaDTjj9WcK4OGRu8Tf6EYnkbFJw0h8cME+E5OyyT3Hw
EQxtQN6nMx928J3dKMPpMNFAb8YRPVY=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:43:10 2025 by rpki-client