Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/8Zqb2kBfY9638PRHDrVmm5ae76A.roa
File: 8Zqb2kBfY9638PRHDrVmm5ae76A.roa (raw, json)
Hash identifier: HfwbGUe8c62ekLNPm6frX9QUzX+JTL5zaFoQgLmdNVU=
Subject key identifier: F1:9A:9B:DA:40:5F:63:DE:B7:F0:F4:47:0E:B5:66:9B:96:9E:EF:A0
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 0187BDC794443A1F3557F9DA7F16026B7D82
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/8Zqb2kBfY9638PRHDrVmm5ae76A.roa
Signing time: Wed 26 Apr 2023 13:36:26 +0000
ROA not before: Wed 26 Apr 2023 13:36:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34661
IP address blocks: 45.149.24.0/22 maxlen: 22
89.28.200.0/21 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:bd:c7:94:44:3a:1f:35:57:f9:da:7f:16:02:6b:7d:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Apr 26 13:36:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f19a9bda405f63deb7f0f4470eb5669b969eefa0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:cb:7d:33:2a:99:0a:34:6a:cb:b4:1e:05:5e:
a8:5c:90:bf:8a:c2:59:1e:6d:ff:fd:da:22:57:f0:
cb:89:0b:6f:ed:70:95:7b:47:02:62:33:ed:76:41:
d7:45:c1:f6:ae:c7:54:84:c5:d0:03:55:a4:c9:e9:
b6:cf:10:0a:07:4c:3e:06:df:2a:3f:04:0a:ba:06:
ce:ec:17:b5:6e:24:39:f1:a8:40:5a:ea:7f:c2:a6:
fb:a3:f1:61:a5:0a:20:a1:5b:60:45:38:9e:93:97:
34:52:02:89:90:6c:49:c1:52:13:60:24:ad:f0:15:
45:17:50:72:56:d9:eb:e9:94:9d:be:59:25:fd:71:
84:c9:17:48:83:f7:5f:5b:2a:c8:39:54:93:60:e5:
3c:2f:75:01:8a:e7:5b:f3:3d:06:ea:49:f1:a8:b8:
0d:36:21:31:ee:87:ee:8a:8c:cc:14:55:6e:1c:21:
0c:56:00:64:18:4e:8b:67:a6:93:cf:1a:cf:87:24:
14:58:06:5f:6c:6f:31:54:cc:ac:c1:90:33:cd:62:
55:6a:fe:48:81:ff:23:85:8e:57:1c:d3:4a:83:5f:
05:93:36:9d:09:44:30:3d:ad:7f:33:31:a3:06:aa:
14:49:2e:08:7e:de:e5:e2:65:80:25:2b:85:cc:6d:
65:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:9A:9B:DA:40:5F:63:DE:B7:F0:F4:47:0E:B5:66:9B:96:9E:EF:A0
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/8Zqb2kBfY9638PRHDrVmm5ae76A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.24.0/22
89.28.200.0/21
Signature Algorithm: sha256WithRSAEncryption
71:30:ea:35:25:68:0e:33:de:ce:eb:ab:1e:d0:91:c2:26:f3:
e1:04:32:b9:f4:90:0e:53:f9:92:84:3c:b1:30:38:ca:dd:13:
25:7c:26:e2:1a:e5:b3:5a:78:e5:93:bf:59:91:01:a0:09:2d:
1f:74:40:57:f0:2e:50:0a:55:fa:e3:98:f3:98:21:0e:98:6d:
59:9f:7f:e4:de:97:f5:60:10:5f:b9:37:fe:de:1d:e9:05:62:
eb:0e:e4:34:3c:35:39:c3:a6:25:ab:00:e9:69:3d:0e:b4:e0:
d1:b1:23:10:7e:45:f7:c5:b5:32:3e:4e:ca:74:7a:14:3a:56:
6f:ca:ef:a8:50:46:a7:87:be:67:bf:ba:09:11:3e:92:73:4b:
eb:ee:7f:1d:c7:1a:e3:58:4e:26:fe:82:14:40:a4:2f:9a:48:
fc:af:9a:36:07:5a:5b:6c:63:c6:92:ca:30:3a:fa:a9:25:a5:
8b:dc:7f:fe:e2:d5:cb:b6:3a:f0:3d:b6:dd:1d:ad:bc:b4:54:
e7:a9:2d:b2:f7:a0:4f:80:1a:3e:26:84:2a:56:11:01:08:c2:
e1:78:00:5c:c1:15:73:5b:eb:ba:59:88:02:ac:6b:55:1b:69:
22:05:61:e8:a1:dd:c0:80:17:64:11:a2:dc:32:2c:43:dd:77:
38:8d:dd:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYe9x5REOh81V/nafxYCa32CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjMwNDI2MTMzNjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTlhOWJkYTQwNWY2M2RlYjdmMGY0NDcwZWI1NjY5Yjk2OWVlZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkct9MyqZCjRqy7QeBV6oXJC/isJZ
Hm3//doiV/DLiQtv7XCVe0cCYjPtdkHXRcH2rsdUhMXQA1Wkyem2zxAKB0w+Bt8q
PwQKugbO7Be1biQ58ahAWup/wqb7o/FhpQogoVtgRTiek5c0UgKJkGxJwVITYCSt
8BVFF1ByVtnr6ZSdvlkl/XGEyRdIg/dfWyrIOVSTYOU8L3UBiudb8z0G6knxqLgN
NiEx7ofuiozMFFVuHCEMVgBkGE6LZ6aTzxrPhyQUWAZfbG8xVMyswZAzzWJVav5I
gf8jhY5XHNNKg18FkzadCUQwPa1/MzGjBqoUSS4Ift7l4mWAJSuFzG1ltQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPGam9pAX2Pet/D0Rw61ZpuWnu+gMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvOFpxYjJrQmZZOTYzOFBSSERyVm1tNWFlNzZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZUYAwQD
WRzIMA0GCSqGSIb3DQEBCwUAA4IBAQBxMOo1JWgOM97O66se0JHCJvPhBDK59JAO
U/mShDyxMDjK3RMlfCbiGuWzWnjlk79ZkQGgCS0fdEBX8C5QClX645jzmCEOmG1Z
n3/k3pf1YBBfuTf+3h3pBWLrDuQ0PDU5w6YlqwDpaT0OtODRsSMQfkX3xbUyPk7K
dHoUOlZvyu+oUEanh75nv7oJET6Sc0vr7n8dxxrjWE4m/oIUQKQvmkj8r5o2B1pb
bGPGksowOvqpJaWL3H/+4tXLtjrwPbbdHa28tFTnqS2y96BPgBo+JoQqVhEBCMLh
eABcwRVzW+u6WYgCrGtVG2kiBWHood3AgBdkEaLcMixD3Xc4jd0c
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:22 2024 by rpki-client on console-fra.rpki-client.org