Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rFb02m5gTARa842--JyOICZ8Rc4.roa
File: rFb02m5gTARa842--JyOICZ8Rc4.roa (raw, json)
Hash identifier: eHQbAlnqD0nu7fCjmAkYLKhn8lyytVtc9u7t03xDVEE=
Subject key identifier: AC:56:F4:DA:6E:60:4C:04:5A:F3:8D:BE:F8:9C:8E:20:26:7C:45:CE
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018B867F1038F4EC8D032F184ECCCA84F8EF
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rFb02m5gTARa842--JyOICZ8Rc4.roa
Signing time: Tue 31 Oct 2023 16:09:15 +0000
ROA not before: Tue 31 Oct 2023 16:09:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 185.18.224.0/23 maxlen: 24
89.45.228.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
89.40.222.0/23 maxlen: 24
89.46.232.0/21 maxlen: 24
89.46.128.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:86:7f:10:38:f4:ec:8d:03:2f:18:4e:cc:ca:84:f8:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Oct 31 16:09:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac56f4da6e604c045af38dbef89c8e20267c45ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:3b:eb:4f:a4:0f:59:78:08:e4:83:97:b1:32:
f7:81:42:ff:c1:68:52:66:9c:5c:66:26:91:db:4e:
12:b6:45:e2:0c:54:d5:3f:9e:db:17:5d:f4:39:2f:
8c:c6:21:52:dd:7c:65:18:90:0e:25:5c:ad:88:2b:
80:91:38:71:1b:3c:a7:14:ff:af:cd:96:2f:ab:8f:
f2:5b:da:ff:af:07:13:c5:04:58:75:41:5b:5f:a7:
90:87:cc:12:2e:00:63:a1:69:33:c6:f6:ee:2f:12:
98:bd:2c:0f:60:9b:e7:48:41:cb:8a:4a:42:75:d7:
9d:06:aa:35:9f:bb:08:0e:d2:d0:f0:77:32:ec:01:
83:f8:48:d3:4d:ba:2e:a6:e5:b8:eb:f3:d5:3c:b1:
90:e2:24:ec:02:d5:7b:b9:06:9c:b3:79:9d:f2:2b:
43:bf:33:08:1f:de:87:8e:43:c5:44:9b:da:5e:95:
54:ad:a3:84:eb:7a:d6:66:7c:64:ba:75:42:ad:aa:
14:b9:c5:df:d3:e9:24:15:90:eb:74:9d:07:a1:f8:
f2:ac:b2:d3:ce:f3:64:48:8e:dd:14:4d:61:58:b1:
1b:06:f2:d5:a9:7c:28:d5:dd:aa:f0:46:58:25:e3:
1a:5b:84:f8:5d:38:81:e2:b2:43:19:90:53:b1:7e:
24:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:56:F4:DA:6E:60:4C:04:5A:F3:8D:BE:F8:9C:8E:20:26:7C:45:CE
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/rFb02m5gTARa842--JyOICZ8Rc4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.222.0/23
89.45.228.0/24
89.46.128.0/22
89.46.232.0/21
185.18.224.0/23
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
7e:9c:ae:6c:c9:b8:3c:b6:6f:ec:be:a3:26:3f:48:f0:a0:5b:
6a:7d:8f:89:da:aa:4c:56:a7:d2:6a:1e:4e:c3:a7:77:03:a1:
7e:13:58:88:52:6b:7c:97:3c:93:72:20:a8:2d:f2:f0:94:7b:
71:02:46:63:0f:2b:27:66:a5:95:3d:b8:af:54:c6:0f:48:bd:
cc:fa:03:86:9c:f4:98:f7:3f:6e:95:2a:7e:62:e0:6b:77:39:
b1:55:b3:9c:3e:90:7a:42:68:4f:64:b1:cf:b5:10:7e:b8:f1:
4d:b1:5e:70:22:f9:3b:6a:9d:4a:ab:d7:f5:d4:56:a4:54:14:
41:ad:a1:fc:97:c1:6b:59:8e:3d:0a:e1:fc:64:cc:95:c5:04:
5d:3e:0a:ba:d4:f7:e6:0d:d8:24:eb:5b:ba:73:57:eb:0c:68:
ea:5b:67:72:9d:57:25:35:63:fd:dd:dd:81:b4:6b:fd:d6:42:
cb:e1:66:a2:56:30:55:52:c9:3f:ee:e6:1d:4d:7e:ae:87:be:
6e:5d:71:ce:bd:03:e2:f5:1f:d8:7c:38:04:92:b7:66:80:45:
72:6c:3e:79:01:92:58:b2:96:96:13:fe:8d:2c:0d:22:3e:43:
57:6f:fb:05:7a:96:1d:13:77:80:83:ed:c3:21:6a:db:79:fc:
4e:09:24:90
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYuGfxA49OyNAy8YTszKhPjvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMxMDMxMTYwOTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzU2ZjRkYTZlNjA0YzA0NWFmMzhkYmVmODljOGUyMDI2N2M0NWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzvrT6QPWXgI5IOXsTL3gUL/wWhS
ZpxcZiaR204StkXiDFTVP57bF130OS+MxiFS3XxlGJAOJVytiCuAkThxGzynFP+v
zZYvq4/yW9r/rwcTxQRYdUFbX6eQh8wSLgBjoWkzxvbuLxKYvSwPYJvnSEHLikpC
ddedBqo1n7sIDtLQ8Hcy7AGD+EjTTboupuW46/PVPLGQ4iTsAtV7uQacs3md8itD
vzMIH96HjkPFRJvaXpVUraOE63rWZnxkunVCraoUucXf0+kkFZDrdJ0HofjyrLLT
zvNkSI7dFE1hWLEbBvLVqXwo1d2q8EZYJeMaW4T4XTiB4rJDGZBTsX4kaQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFKxW9NpuYEwEWvONvvicjiAmfEXOMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3JGYjAybTVnVEFSYTg0Mi0tSnlPSUNaOFJjNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMCoEAgABMCQDBAFZKN4D
BABZLeQDBAJZLoADBANZLugDBAG5EuADBAK81ygwDQYJKoZIhvcNAQELBQADggEB
AH6crmzJuDy2b+y+oyY/SPCgW2p9j4naqkxWp9JqHk7Dp3cDoX4TWIhSa3yXPJNy
IKgt8vCUe3ECRmMPKydmpZU9uK9Uxg9Ivcz6A4ac9Jj3P26VKn5i4Gt3ObFVs5w+
kHpCaE9ksc+1EH648U2xXnAi+TtqnUqr1/XUVqRUFEGtofyXwWtZjj0K4fxkzJXF
BF0+CrrU9+YN2CTrW7pzV+sMaOpbZ3KdVyU1Y/3d3YG0a/3WQsvhZqJWMFVSyT/u
5h1Nfq6Hvm5dcc69A+L1H9h8OASSt2aARXJsPnkBkliylpYT/o0sDSI+Q1dv+wV6
lh0Td4CD7cMhatt5/E4JJJA=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:32:21 2025 by rpki-client