Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/5cZtukYRmfKzCG4qtAi1NxYM5lI.roa
File: 5cZtukYRmfKzCG4qtAi1NxYM5lI.roa (raw, json)
Hash identifier: 19srI/HSqYDxXDGEKmiW0oFY3QE6OsI93n4b3q0dTmQ=
Subject key identifier: E5:C6:6D:BA:46:11:99:F2:B3:08:6E:2A:B4:08:B5:37:16:0C:E6:52
Certificate issuer: /CN=e8206aa3252e3ea8d684eaec7a2993513b5d2307
Certificate serial: 01856C65F082DF759E3347691A88EF59ADF1
Authority key identifier: E8:20:6A:A3:25:2E:3E:A8:D6:84:EA:EC:7A:29:93:51:3B:5D:23:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6CBqoyUuPqjWhOrseimTUTtdIwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/5cZtukYRmfKzCG4qtAi1NxYM5lI.roa
Signing time: Sun 01 Jan 2023 08:14:57 +0000
ROA not before: Sun 01 Jan 2023 08:14:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208494
IP address blocks: 89.21.76.0/22 maxlen: 22
89.21.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:65:f0:82:df:75:9e:33:47:69:1a:88:ef:59:ad:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8206aa3252e3ea8d684eaec7a2993513b5d2307
Validity
Not Before: Jan 1 08:14:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e5c66dba461199f2b3086e2ab408b537160ce652
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:8d:17:b8:46:b3:35:96:1e:0c:c0:95:a4:ef:
54:15:ae:dc:02:d3:9f:8b:5f:62:d4:b0:79:da:5d:
0e:44:3a:d1:25:7c:92:8c:dc:c3:12:18:dc:68:14:
d5:0d:39:2f:12:f6:e4:3e:86:a2:54:64:74:f3:6b:
a4:b9:ca:48:89:70:d1:dc:2d:ad:2c:8c:30:52:d0:
56:86:fc:1e:51:1b:cf:f4:62:9e:98:a4:4e:f1:54:
c5:0a:3a:f4:e0:43:65:a3:2b:e6:1b:49:d5:75:dc:
47:c3:b3:32:b8:73:75:73:96:d2:27:29:f8:fc:d7:
9e:b4:22:8e:59:d5:54:d2:ad:b0:69:5e:a5:c4:0c:
f4:20:10:bc:2f:9b:f0:0f:d4:b5:4f:03:73:14:a9:
ee:bf:1e:84:5e:6c:93:21:41:88:d4:a2:87:66:02:
b2:66:72:10:7d:ec:ff:90:84:56:4d:d9:a9:c7:da:
9b:30:3d:dd:47:2b:03:7f:6c:c4:36:f7:08:a9:67:
9c:f3:6c:72:09:e3:7e:22:70:e9:2f:84:d3:d1:75:
07:58:40:73:ec:24:67:61:e5:50:d2:8b:e1:48:bd:
8a:5f:29:bb:15:89:2d:26:a8:bc:99:ba:a8:e7:43:
d0:22:80:25:15:9e:7a:17:ae:d9:66:e6:07:2c:e1:
6b:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:C6:6D:BA:46:11:99:F2:B3:08:6E:2A:B4:08:B5:37:16:0C:E6:52
X509v3 Authority Key Identifier:
keyid:E8:20:6A:A3:25:2E:3E:A8:D6:84:EA:EC:7A:29:93:51:3B:5D:23:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6CBqoyUuPqjWhOrseimTUTtdIwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/5cZtukYRmfKzCG4qtAi1NxYM5lI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/6CBqoyUuPqjWhOrseimTUTtdIwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.21.76.0/22
89.21.95.0/24
Signature Algorithm: sha256WithRSAEncryption
cf:a4:f9:5b:c1:b3:fe:52:e2:e4:3e:da:3e:94:38:f9:8c:6c:
aa:db:71:62:28:c9:59:5f:f8:77:c6:e9:36:11:2d:cc:6f:0a:
e4:61:4b:e6:f1:d6:15:24:f5:02:ff:5f:48:20:22:15:b2:c8:
f5:b5:5e:bc:eb:ca:08:1e:6d:26:db:f2:4d:55:d6:84:1f:50:
31:bf:aa:0d:c5:1e:48:72:fe:36:27:0e:20:94:10:48:45:c6:
90:b7:69:bb:34:c6:16:97:41:bd:68:a0:80:b9:7f:c1:22:9d:
b2:b3:bb:cb:d8:4a:68:a0:9f:ca:57:68:dc:09:62:e6:29:83:
ec:58:14:eb:42:c6:d5:d1:df:9c:35:a0:c1:1d:95:6e:e6:75:
73:e9:6b:5f:33:03:2c:8c:4f:8f:c9:91:a4:38:31:0d:2e:29:
4c:9f:bb:49:c7:d4:68:7a:3a:91:3d:c1:de:b6:f8:97:44:9e:
24:44:52:dd:e5:75:bf:f0:b9:2d:a8:c2:5f:9c:65:0a:7a:30:
f3:ec:d4:f3:d1:2d:5f:ad:c1:0e:24:03:41:02:c6:a2:84:b0:
92:cc:ca:1b:51:50:6e:ac:b1:11:85:dc:d4:57:05:14:c4:f2:
8b:1f:b3:99:4b:9a:a4:e6:38:ad:b0:17:b2:98:49:bd:9c:f8:
68:3b:fb:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVsZfCC33WeM0dpGojvWa3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MjA2YWEzMjUyZTNlYThkNjg0ZWFlYzdhMjk5MzUxM2I1
ZDIzMDcwHhcNMjMwMTAxMDgxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWM2NmRiYTQ2MTE5OWYyYjMwODZlMmFiNDA4YjUzNzE2MGNlNjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY0XuEazNZYeDMCVpO9UFa7cAtOf
i19i1LB52l0ORDrRJXySjNzDEhjcaBTVDTkvEvbkPoaiVGR082ukucpIiXDR3C2t
LIwwUtBWhvweURvP9GKemKRO8VTFCjr04ENloyvmG0nVddxHw7MyuHN1c5bSJyn4
/NeetCKOWdVU0q2waV6lxAz0IBC8L5vwD9S1TwNzFKnuvx6EXmyTIUGI1KKHZgKy
ZnIQfez/kIRWTdmpx9qbMD3dRysDf2zENvcIqWec82xyCeN+InDpL4TT0XUHWEBz
7CRnYeVQ0ovhSL2KXym7FYktJqi8mbqo50PQIoAlFZ56F67ZZuYHLOFrwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOXGbbpGEZnyswhuKrQItTcWDOZSMB8GA1UdIwQY
MBaAFOggaqMlLj6o1oTq7Hopk1E7XSMHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkNCcW95VXVQcWpXaE9yc2VpbVRVVHRkSXdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80N2FjY2ItNmYzYy00YzZjLTlmZDAt
NTg1ZWI4NDU1OGY5LzEvNWNadHVrWVJtZkt6Q0c0cXRBaTFOeFlNNWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80N2FjY2ItNmYzYy00YzZjLTlmZDAtNTg1ZWI4NDU1OGY5
LzEvNkNCcW95VXVQcWpXaE9yc2VpbVRVVHRkSXdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWRVMAwQA
WRVfMA0GCSqGSIb3DQEBCwUAA4IBAQDPpPlbwbP+UuLkPto+lDj5jGyq23FiKMlZ
X/h3xuk2ES3MbwrkYUvm8dYVJPUC/19IICIVssj1tV6868oIHm0m2/JNVdaEH1Ax
v6oNxR5Icv42Jw4glBBIRcaQt2m7NMYWl0G9aKCAuX/BIp2ys7vL2EpooJ/KV2jc
CWLmKYPsWBTrQsbV0d+cNaDBHZVu5nVz6WtfMwMsjE+PyZGkODENLilMn7tJx9Ro
ejqRPcHetviXRJ4kRFLd5XW/8LktqMJfnGUKejDz7NTz0S1frcEOJANBAsaihLCS
zMobUVBurLERhdzUVwUUxPKLH7OZS5qk5jitsBeymEm9nPhoO/vc
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:29:13 2025 by rpki-client