Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/u_UktGvPn2tsXsQALSRyrctEjsg.roa
File: u_UktGvPn2tsXsQALSRyrctEjsg.roa (raw, json)
Hash identifier: pERRZ8uQD7OGCikA9aEL5HfkRErflw6XV9+SLNK10ZA=
Subject key identifier: BB:F5:24:B4:6B:CF:9F:6B:6C:5E:C4:00:2D:24:72:AD:CB:44:8E:C8
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018E52BBD52EF9E5229CA6528ADE8770FB50
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/u_UktGvPn2tsXsQALSRyrctEjsg.roa
Signing time: Mon 18 Mar 2024 18:03:45 +0000
ROA not before: Mon 18 Mar 2024 18:03:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12325
IP address blocks: 89.36.137.0/24 maxlen: 24
89.46.128.0/22 maxlen: 24
89.46.232.0/21 maxlen: 24
128.0.1.0/24 maxlen: 24
185.18.224.0/23 maxlen: 24
188.208.110.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
188.240.81.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:52:bb:d5:2e:f9:e5:22:9c:a6:52:8a:de:87:70:fb:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Mar 18 18:03:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bbf524b46bcf9f6b6c5ec4002d2472adcb448ec8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:6c:82:ae:72:f1:19:85:3b:41:15:ff:13:90:
9c:11:72:3e:1d:d7:be:31:35:0e:ae:af:db:13:72:
da:00:54:6f:04:21:08:a4:a1:4a:64:62:e3:d3:21:
6e:b7:1a:bc:29:ed:38:5d:7c:02:b9:93:8e:05:19:
8b:84:7d:75:38:2e:b0:18:a5:1e:b3:9c:a8:a5:8c:
79:70:f4:a7:9c:26:71:4c:90:fc:1d:47:8d:f2:f9:
f8:a4:db:92:26:70:c2:9f:91:61:81:4c:8e:12:fe:
fb:e2:94:f6:d0:db:ac:46:e8:c4:0f:23:10:5d:80:
49:9c:e6:63:86:4c:dd:bb:c9:b1:d5:7f:05:f7:8d:
7f:ec:12:44:72:9e:7c:68:4f:b9:b5:5e:38:e0:c0:
7d:92:b4:d3:49:db:72:85:05:8e:f4:1d:b8:31:9e:
36:79:f7:df:54:76:dc:91:6e:d9:28:b9:b9:7c:25:
4f:42:e5:48:77:dd:da:85:e7:e9:ca:0f:c2:0b:3b:
68:18:15:40:aa:85:33:5b:47:a5:cb:72:40:ed:11:
d7:36:01:1b:e5:1a:e3:82:9d:da:33:c9:c8:d8:5d:
69:ad:d6:93:9b:70:9e:01:b6:45:de:65:e5:e8:73:
a3:42:e5:6e:54:e9:4e:e9:6a:ac:7a:c2:7d:f0:e2:
fc:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:F5:24:B4:6B:CF:9F:6B:6C:5E:C4:00:2D:24:72:AD:CB:44:8E:C8
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/u_UktGvPn2tsXsQALSRyrctEjsg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.36.137.0/24
89.46.128.0/22
89.46.232.0/21
128.0.1.0/24
185.18.224.0/23
188.208.110.0/24
188.215.40.0/22
188.240.81.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:85:9d:78:a8:f2:00:b2:ff:e7:9a:8e:e0:2f:74:e5:ff:8d:
7d:3a:a9:a3:69:10:70:b9:fd:4f:4c:70:86:6c:42:8f:c4:65:
76:eb:6f:2c:a1:ed:60:db:b8:8e:ef:48:d9:de:a8:51:57:9b:
ba:f1:ef:33:6c:78:c4:5f:b8:ef:80:3f:de:57:1e:35:40:d1:
5c:b0:27:79:7e:fd:3f:af:0a:4c:02:c8:a7:dc:78:28:76:ab:
6b:ea:e5:bb:92:7c:82:76:9f:4e:78:94:24:02:09:78:87:37:
25:f1:52:58:29:82:75:30:4a:98:bb:9e:c7:ef:5f:01:3b:c4:
d9:f6:95:f1:b9:b4:51:72:27:62:6a:d7:98:f3:90:73:b2:f2:
99:ca:6a:e1:31:8c:5a:eb:bf:79:0a:28:d1:1a:90:a9:55:9c:
e4:b1:ab:ce:cc:a3:d3:75:61:22:7d:a1:0e:43:f8:68:d1:bc:
1c:25:fe:e1:a4:10:02:8b:a9:64:9f:94:ec:70:63:52:02:ec:
42:f9:13:e8:54:8f:1f:be:32:5b:31:38:95:23:43:5b:7f:f1:
ad:4f:71:b0:2e:70:4c:ad:d4:36:84:d7:66:75:59:d1:42:1b:
33:49:74:bd:72:c8:35:22:25:3a:d5:fe:2d:5e:4d:c0:bf:be:
58:e9:f8:d9
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY5Su9Uu+eUinKZSit6HcPtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMzE4MTgwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmY1MjRiNDZiY2Y5ZjZiNmM1ZWM0MDAyZDI0NzJhZGNiNDQ4ZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2yCrnLxGYU7QRX/E5CcEXI+Hde+
MTUOrq/bE3LaAFRvBCEIpKFKZGLj0yFutxq8Ke04XXwCuZOOBRmLhH11OC6wGKUe
s5yopYx5cPSnnCZxTJD8HUeN8vn4pNuSJnDCn5FhgUyOEv774pT20NusRujEDyMQ
XYBJnOZjhkzdu8mx1X8F941/7BJEcp58aE+5tV444MB9krTTSdtyhQWO9B24MZ42
efffVHbckW7ZKLm5fCVPQuVId93ahefpyg/CCztoGBVAqoUzW0ely3JA7RHXNgEb
5Rrjgp3aM8nI2F1prdaTm3CeAbZF3mXl6HOjQuVuVOlO6WqsesJ98OL81wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLv1JLRrz59rbF7EAC0kcq3LRI7IMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3VfVWt0R3ZQbjJ0c1hzUUFMU1J5cmN0RWpzZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBABZJIkD
BAJZLoADBANZLugDBACAAAEDBAG5EuADBAC80G4DBAK81ygDBAC88FEwDQYJKoZI
hvcNAQELBQADggEBAA6FnXio8gCy/+eajuAvdOX/jX06qaNpEHC5/U9McIZsQo/E
ZXbrbyyh7WDbuI7vSNneqFFXm7rx7zNseMRfuO+AP95XHjVA0VywJ3l+/T+vCkwC
yKfceCh2q2vq5buSfIJ2n054lCQCCXiHNyXxUlgpgnUwSpi7nsfvXwE7xNn2lfG5
tFFyJ2Jq15jzkHOy8pnKauExjFrrv3kKKNEakKlVnOSxq87Mo9N1YSJ9oQ5D+GjR
vBwl/uGkEAKLqWSflOxwY1IC7EL5E+hUjx++MlsxOJUjQ1t/8a1PcbAucEyt1DaE
12Z1WdFCGzNJdL1yyDUiJTrV/i1eTcC/vljp+Nk=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:45:24 2025 by rpki-client