Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lFqqTl5f9IuAMj2hQfzKMbiBzrQ.roa
File: lFqqTl5f9IuAMj2hQfzKMbiBzrQ.roa (raw, json)
Hash identifier: 6jU185KQvK6wGplSDqQMi7WnpQyZngCQgO1Vuz8zt9Q=
Subject key identifier: 94:5A:AA:4E:5E:5F:F4:8B:80:32:3D:A1:41:FC:CA:31:B8:81:CE:B4
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018E379BF820C886B6F89B8F1C2BBC88A537
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lFqqTl5f9IuAMj2hQfzKMbiBzrQ.roa
Signing time: Wed 13 Mar 2024 11:39:12 +0000
ROA not before: Wed 13 Mar 2024 11:39:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 89.46.128.0/22 maxlen: 24
89.46.232.0/21 maxlen: 24
185.18.224.0/23 maxlen: 24
188.215.40.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:37:9b:f8:20:c8:86:b6:f8:9b:8f:1c:2b:bc:88:a5:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Mar 13 11:39:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=945aaa4e5e5ff48b80323da141fcca31b881ceb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:91:b4:7d:1f:d5:86:54:99:a8:5c:e0:5e:7e:
3f:10:07:0f:6f:7b:48:b4:5b:bf:c9:1d:44:84:68:
af:ec:38:95:a0:f6:f8:7f:3d:81:a0:74:73:af:e6:
d6:38:a9:c2:dc:72:84:0f:78:b6:b5:5a:4b:be:a7:
de:a8:19:00:58:60:17:ee:93:0c:e0:1e:48:85:03:
4e:ea:b1:02:fe:52:38:64:b5:76:c5:94:53:44:8b:
89:ed:c1:f4:35:77:d1:d2:ff:7e:10:37:aa:72:7a:
2c:d4:35:de:87:78:55:91:08:d4:3f:6c:16:a2:48:
b4:ca:9b:36:b7:f7:36:d6:70:9f:99:0d:5c:d7:e7:
a3:3d:36:9c:33:2e:84:79:aa:51:1a:54:f3:7e:c4:
e7:74:25:fc:2e:34:72:e0:9b:9a:97:f7:f3:94:c5:
59:b9:7e:eb:f9:36:55:f5:88:d1:cd:e5:cf:ae:36:
c2:c0:ed:25:53:a1:d0:e6:9a:04:ff:ec:17:43:61:
dc:88:13:15:76:c4:2b:69:79:6c:07:f1:15:83:22:
ee:d2:97:9d:fa:51:23:d2:53:35:6a:fd:55:e5:82:
85:c8:6d:0d:c7:cd:8c:69:de:33:b7:93:ed:91:bd:
ce:91:a3:a7:a9:a8:af:7e:22:1a:1a:62:93:7f:b1:
a0:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:5A:AA:4E:5E:5F:F4:8B:80:32:3D:A1:41:FC:CA:31:B8:81:CE:B4
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lFqqTl5f9IuAMj2hQfzKMbiBzrQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.128.0/22
89.46.232.0/21
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
69:c3:bb:77:65:27:87:d1:71:bd:d3:ff:b6:92:33:04:93:ee:
84:93:94:dc:08:d8:12:15:09:73:13:9c:03:d8:01:7f:e6:ad:
82:29:e1:af:e4:7a:51:7f:df:11:d5:45:1a:c9:56:04:62:64:
c2:0d:72:71:05:42:de:47:31:8d:b5:bf:1b:58:04:15:cc:49:
7a:51:e9:a4:ca:95:a3:33:f5:e5:59:f9:3c:61:28:55:4b:06:
46:48:bd:5e:6d:c3:7f:74:bf:57:58:18:4a:a7:48:b6:45:c4:
f3:15:99:56:4b:ec:11:38:86:b4:52:15:8d:4c:34:57:02:1a:
a0:8d:11:21:a1:10:24:ab:41:b8:0f:32:7b:d7:96:5f:86:be:
da:08:61:9c:43:18:97:ea:a6:20:74:1f:ce:95:62:53:cf:5a:
46:f8:95:74:02:e5:01:b5:97:24:97:a6:29:d4:4c:0b:2a:24:
01:f8:19:6e:f4:a1:ba:4b:61:ba:f5:c3:c6:37:bc:9d:e5:92:
f4:e9:96:e5:cf:80:aa:d1:fa:fb:5b:f9:e6:cb:e2:94:85:88:
f0:2c:23:4e:d6:82:2d:21:67:13:e2:1d:bf:4e:75:ff:3b:bd:
a1:2e:93:d0:fa:2f:93:dd:56:f8:33:c6:65:95:8a:3b:29:25:
62:47:3e:8c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY43m/ggyIa2+JuPHCu8iKU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMzEzMTEzOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDVhYWE0ZTVlNWZmNDhiODAzMjNkYTE0MWZjY2EzMWI4ODFjZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJG0fR/VhlSZqFzgXn4/EAcPb3tI
tFu/yR1EhGiv7DiVoPb4fz2BoHRzr+bWOKnC3HKED3i2tVpLvqfeqBkAWGAX7pMM
4B5IhQNO6rEC/lI4ZLV2xZRTRIuJ7cH0NXfR0v9+EDeqcnos1DXeh3hVkQjUP2wW
oki0yps2t/c21nCfmQ1c1+ejPTacMy6EeapRGlTzfsTndCX8LjRy4Jual/fzlMVZ
uX7r+TZV9YjRzeXPrjbCwO0lU6HQ5poE/+wXQ2HciBMVdsQraXlsB/EVgyLu0ped
+lEj0lM1av1V5YKFyG0Nx82Mad4zt5Ptkb3OkaOnqaivfiIaGmKTf7GgVwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJRaqk5eX/SLgDI9oUH8yjG4gc60MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2xGcXFUbDVmOUl1QU1qMmhRZnpLTWJpQnpyUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBAJZLoAD
BANZLugDBAG5EuADBAK81ygwDQYJKoZIhvcNAQELBQADggEBAGnDu3dlJ4fRcb3T
/7aSMwST7oSTlNwI2BIVCXMTnAPYAX/mrYIp4a/kelF/3xHVRRrJVgRiZMINcnEF
Qt5HMY21vxtYBBXMSXpR6aTKlaMz9eVZ+TxhKFVLBkZIvV5tw390v1dYGEqnSLZF
xPMVmVZL7BE4hrRSFY1MNFcCGqCNESGhECSrQbgPMnvXll+GvtoIYZxDGJfqpiB0
H86VYlPPWkb4lXQC5QG1lySXpinUTAsqJAH4GW70obpLYbr1w8Y3vJ3lkvTpluXP
gKrR+vtb+ebL4pSFiPAsI07Wgi0hZxPiHb9Odf87vaEuk9D6L5PdVvgzxmWVijsp
JWJHPow=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:36:33 2025 by rpki-client