Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/fB-K0gijheUIDTMGMK8JNA_VOcU.roa
File: fB-K0gijheUIDTMGMK8JNA_VOcU.roa (raw, json)
Hash identifier: zdWxhFL26jPXcWT9IQSDWoX2mfYNo3Jw89ugKuPUsSw=
Subject key identifier: 7C:1F:8A:D2:08:A3:85:E5:08:0D:33:06:30:AF:09:34:0F:D5:39:C5
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018B5CB3C9DE55BFF3E55A93FE7595DC0151
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/fB-K0gijheUIDTMGMK8JNA_VOcU.roa
Signing time: Mon 23 Oct 2023 13:22:48 +0000
ROA not before: Mon 23 Oct 2023 13:22:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 89.39.94.0/23 maxlen: 24
185.18.224.0/23 maxlen: 24
89.45.228.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
89.40.222.0/23 maxlen: 24
89.46.232.0/21 maxlen: 24
89.46.128.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:5c:b3:c9:de:55:bf:f3:e5:5a:93:fe:75:95:dc:01:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Oct 23 13:22:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7c1f8ad208a385e5080d330630af09340fd539c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:25:d8:a5:56:21:96:77:65:37:1b:99:ac:66:
f2:36:a6:ba:ca:a4:4a:d4:96:dc:f8:a6:e6:57:7f:
6e:15:eb:ff:1e:1e:2a:11:79:a5:11:47:06:38:87:
50:35:98:e0:d6:bf:c5:af:80:30:f4:c5:f1:95:27:
b5:b4:03:73:bb:7a:42:8d:ee:eb:3e:c1:5e:49:19:
30:75:b2:a3:78:67:73:07:24:ba:f3:f7:00:a5:8b:
43:21:f1:29:96:8b:ea:88:86:5c:30:64:23:bd:9a:
8d:b3:0b:58:da:51:4b:82:b5:3c:4c:38:20:7b:bf:
e7:45:7d:f5:5f:79:f5:c0:d9:3e:0e:40:bf:41:a5:
90:70:83:25:b8:f4:d3:2e:53:ab:00:87:b5:20:f9:
41:20:46:7f:4a:1e:fe:1a:ca:4e:31:b2:fd:c9:ad:
7b:79:dd:df:9b:29:16:72:a6:cf:da:71:ad:37:25:
0b:65:2d:b2:08:09:ba:32:3e:fa:9c:05:76:81:c4:
48:3b:5d:c7:c7:f3:40:87:5e:74:81:eb:61:40:ce:
b5:eb:6f:95:0f:ff:f0:3d:c4:1d:1e:30:56:ee:07:
1b:4c:13:84:9c:df:ff:aa:de:be:fd:fb:d8:9a:bf:
4c:ce:62:10:69:65:cc:ca:1c:98:82:15:3c:3e:04:
77:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:1F:8A:D2:08:A3:85:E5:08:0D:33:06:30:AF:09:34:0F:D5:39:C5
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/fB-K0gijheUIDTMGMK8JNA_VOcU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.39.94.0/23
89.40.222.0/23
89.45.228.0/24
89.46.128.0/22
89.46.232.0/21
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
77:34:8c:da:93:a6:05:94:6b:41:e4:8b:16:0f:1c:20:86:b0:
2d:18:c0:1e:3c:90:04:c3:f0:e6:64:cc:55:59:75:a0:f0:fb:
81:cb:60:60:c0:d1:a4:1c:25:02:a5:f8:b9:f6:e5:4b:7c:c8:
42:5b:ad:c2:8d:51:63:42:47:12:09:b0:d5:a2:9a:e5:3b:7c:
94:d2:34:52:d7:64:c6:21:be:73:83:34:27:28:f2:3c:c2:1c:
f9:08:5a:8a:9f:cc:5c:70:bc:1e:b2:3f:0a:19:b1:9b:fc:55:
b9:e2:49:9f:9e:3c:8a:de:ca:ee:4b:d1:f6:ec:e2:75:f4:eb:
94:07:59:69:56:93:ac:77:c6:3a:17:88:8d:5e:3d:75:53:4a:
8a:8d:6f:72:e9:4a:51:63:97:a5:74:9e:17:80:75:a2:2c:16:
bb:16:de:be:94:12:32:c1:2b:bc:0a:a4:9e:c1:b0:c6:49:d4:
be:12:06:06:89:71:bf:63:b4:6e:33:c8:53:ed:d5:a8:6b:de:
a8:f2:fd:e6:b4:83:09:38:ad:6b:53:74:ae:6c:86:da:d7:ae:
c9:d7:e6:2c:79:6e:b3:b0:08:d8:29:46:0c:e5:45:1a:54:43:
3b:da:b1:cc:6d:21:a6:81:93:c5:e0:51:5c:b9:9a:d4:f4:be:
5c:f9:e6:52
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYtcs8neVb/z5VqT/nWV3AFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMxMDIzMTMyMjQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzFmOGFkMjA4YTM4NWU1MDgwZDMzMDYzMGFmMDkzNDBmZDUzOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCXYpVYhlndlNxuZrGbyNqa6yqRK
1Jbc+KbmV39uFev/Hh4qEXmlEUcGOIdQNZjg1r/Fr4Aw9MXxlSe1tANzu3pCje7r
PsFeSRkwdbKjeGdzByS68/cApYtDIfEplovqiIZcMGQjvZqNswtY2lFLgrU8TDgg
e7/nRX31X3n1wNk+DkC/QaWQcIMluPTTLlOrAIe1IPlBIEZ/Sh7+GspOMbL9ya17
ed3fmykWcqbP2nGtNyULZS2yCAm6Mj76nAV2gcRIO13Hx/NAh150gethQM6162+V
D//wPcQdHjBW7gcbTBOEnN//qt6+/fvYmr9MzmIQaWXMyhyYghU8PgR3hQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFHwfitIIo4XlCA0zBjCvCTQP1TnFMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2ZCLUswZ2lqaGVVSURUTUdNSzhKTkFfVk9jVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQwYIKwYBBQUHAQcBAf8ENDAyMDAEAgABMCoDBAFZJ14D
BAFZKN4DBABZLeQDBAJZLoADBANZLugDBAG5EuADBAK81ygwDQYJKoZIhvcNAQEL
BQADggEBAHc0jNqTpgWUa0HkixYPHCCGsC0YwB48kATD8OZkzFVZdaDw+4HLYGDA
0aQcJQKl+Ln25Ut8yEJbrcKNUWNCRxIJsNWimuU7fJTSNFLXZMYhvnODNCco8jzC
HPkIWoqfzFxwvB6yPwoZsZv8VbniSZ+ePIreyu5L0fbs4nX065QHWWlWk6x3xjoX
iI1ePXVTSoqNb3LpSlFjl6V0nheAdaIsFrsW3r6UEjLBK7wKpJ7BsMZJ1L4SBgaJ
cb9jtG4zyFPt1ahr3qjy/ea0gwk4rWtTdK5shtrXrsnX5ix5brOwCNgpRgzlRRpU
QzvascxtIaaBk8XgUVy5mtT0vlz55lI=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:43:57 2025 by rpki-client