Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/vwPVg9MBS-t4Ac4AuKHWTd5ZI9s.roa
File: vwPVg9MBS-t4Ac4AuKHWTd5ZI9s.roa (raw, json)
Hash identifier: W7xxP0r45pqW/V1Tw99W9bs9o98/M55OrNJ5Gy26OAA=
Subject key identifier: BF:03:D5:83:D3:01:4B:EB:78:01:CE:00:B8:A1:D6:4D:DE:59:23:DB
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 018BFB9E190F27842770E0296DBAF3DE4145
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/vwPVg9MBS-t4Ac4AuKHWTd5ZI9s.roa
Signing time: Thu 23 Nov 2023 09:58:44 +0000
ROA not before: Thu 23 Nov 2023 09:58:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 185.18.224.0/23 maxlen: 24
89.45.228.0/24 maxlen: 24
188.215.40.0/22 maxlen: 24
89.40.222.0/23 maxlen: 24
89.47.52.0/24 maxlen: 24
188.208.135.0/24 maxlen: 24
89.46.232.0/21 maxlen: 24
89.46.128.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:fb:9e:19:0f:27:84:27:70:e0:29:6d:ba:f3:de:41:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Nov 23 09:58:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bf03d583d3014beb7801ce00b8a1d64dde5923db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:6f:96:cc:d2:c2:4e:2a:d7:87:5e:93:01:f7:
9c:48:e4:06:df:4c:12:12:3d:8b:46:f2:3d:b7:46:
01:29:23:01:64:aa:07:61:65:0c:bc:e1:40:e8:be:
75:6c:91:7f:ed:9c:ad:31:b7:bd:c6:69:5f:03:eb:
b0:a1:c8:3e:28:c0:17:f2:b4:f8:c8:f3:89:65:28:
19:1d:ec:c9:ed:e4:16:70:d9:81:a0:cd:91:fe:85:
66:28:d3:6b:62:ae:81:06:66:db:04:78:3b:5e:af:
55:8b:a0:2d:2c:14:69:5d:91:a4:93:ee:b4:34:9d:
5d:46:8e:80:51:2b:23:ad:5a:a9:71:28:d1:c2:67:
d6:98:46:7b:6c:0b:d6:14:53:61:b7:96:1d:20:f5:
25:05:ab:94:32:70:c0:f9:b1:45:ef:26:1a:f5:de:
48:4e:cf:ee:bd:1b:1b:fe:89:36:fb:5a:38:1f:4a:
7b:e9:60:4e:97:91:33:a0:95:56:8b:12:7c:2f:22:
9b:05:a5:ef:e5:80:7b:55:dd:8e:1f:49:f6:d0:ae:
f7:b4:d0:2b:9e:d5:e9:ac:56:70:d4:dc:cf:91:32:
93:68:f9:4e:54:63:12:e9:19:8a:a5:b3:a4:23:4c:
93:12:fe:2b:bf:99:43:1b:f7:b0:ca:14:c8:1c:bd:
27:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:03:D5:83:D3:01:4B:EB:78:01:CE:00:B8:A1:D6:4D:DE:59:23:DB
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/vwPVg9MBS-t4Ac4AuKHWTd5ZI9s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.222.0/23
89.45.228.0/24
89.46.128.0/22
89.46.232.0/21
89.47.52.0/24
185.18.224.0/23
188.208.135.0/24
188.215.40.0/22
Signature Algorithm: sha256WithRSAEncryption
42:cd:66:a0:3d:ce:da:6d:b9:f2:c5:c7:a4:d0:e4:0b:9a:f3:
6a:2d:36:31:7c:6b:6a:4e:e3:be:21:02:06:bf:ae:bb:0d:32:
d3:28:0c:26:80:6c:7d:10:e9:54:a5:19:b5:5b:d2:05:5f:3e:
7f:70:bd:6e:ef:c4:42:ce:34:0b:2f:84:e5:2e:dd:e4:3f:91:
b5:50:29:52:c5:da:69:5d:98:6c:a8:0f:35:20:db:28:37:8a:
1a:3e:fe:d3:3c:33:dd:b4:62:cb:6f:16:5c:53:a3:1a:e9:e7:
ea:0d:27:68:4e:27:a6:99:0e:a2:69:44:9a:6c:20:1a:df:83:
38:0a:0e:3e:a1:9c:e3:83:5a:b3:84:a8:46:cd:9b:e3:64:c7:
fe:f5:9a:2f:1a:a0:41:56:4e:b8:2f:a7:40:82:86:00:05:31:
cd:a2:4f:70:e5:d5:0a:d4:69:0e:59:51:18:ac:7f:68:96:3e:
97:a5:6c:39:fc:a1:d6:ff:75:9e:0a:70:b2:3b:8c:6d:fb:d2:
b5:cc:61:d4:e2:4b:88:57:c4:69:db:61:ce:8b:2f:d0:b2:85:
39:e6:17:70:f9:2c:5b:6d:4f:60:a6:38:62:d0:66:e0:d2:17:
7b:40:e1:86:ed:33:bb:ae:b8:8d:5b:6c:64:db:40:e3:f4:a1:
15:30:07:a8
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYv7nhkPJ4QncOApbbrz3kFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMxMTIzMDk1ODQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjAzZDU4M2QzMDE0YmViNzgwMWNlMDBiOGExZDY0ZGRlNTkyM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2m+WzNLCTirXh16TAfecSOQG30wS
Ej2LRvI9t0YBKSMBZKoHYWUMvOFA6L51bJF/7ZytMbe9xmlfA+uwocg+KMAX8rT4
yPOJZSgZHezJ7eQWcNmBoM2R/oVmKNNrYq6BBmbbBHg7Xq9Vi6AtLBRpXZGkk+60
NJ1dRo6AUSsjrVqpcSjRwmfWmEZ7bAvWFFNht5YdIPUlBauUMnDA+bFF7yYa9d5I
Ts/uvRsb/ok2+1o4H0p76WBOl5EzoJVWixJ8LyKbBaXv5YB7Vd2OH0n20K73tNAr
ntXprFZw1NzPkTKTaPlOVGMS6RmKpbOkI0yTEv4rv5lDG/ewyhTIHL0nhwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFL8D1YPTAUvreAHOALih1k3eWSPbMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3Z3UFZnOU1CUy10NEFjNEF1S0hXVGQ1Wkk5cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBAFZKN4D
BABZLeQDBAJZLoADBANZLugDBABZLzQDBAG5EuADBAC80IcDBAK81ygwDQYJKoZI
hvcNAQELBQADggEBAELNZqA9ztptufLFx6TQ5Aua82otNjF8a2pO474hAga/rrsN
MtMoDCaAbH0Q6VSlGbVb0gVfPn9wvW7vxELONAsvhOUu3eQ/kbVQKVLF2mldmGyo
DzUg2yg3iho+/tM8M920YstvFlxToxrp5+oNJ2hOJ6aZDqJpRJpsIBrfgzgKDj6h
nOODWrOEqEbNm+Nkx/71mi8aoEFWTrgvp0CChgAFMc2iT3Dl1QrUaQ5ZURisf2iW
PpelbDn8odb/dZ4KcLI7jG370rXMYdTiS4hXxGnbYc6LL9CyhTnmF3D5LFttT2Cm
OGLQZuDSF3tA4YbtM7uuuI1bbGTbQOP0oRUwB6g=
-----END CERTIFICATE-----
Generated at Fri Nov 24 14:44:51 2023 by rpki-client on console-ams.rpki-client.org