Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/8wQb0bNKqJ9ajACrW5Ew--ynXl8.roa
File: 8wQb0bNKqJ9ajACrW5Ew--ynXl8.roa (raw, json)
Hash identifier: /ogEhWMaIVs/3zZuOKo7DxG176vMwOu5LetnCX6RISM=
Subject key identifier: F3:04:1B:D1:B3:4A:A8:9F:5A:8C:00:AB:5B:91:30:FB:EC:A7:5E:5F
Certificate issuer: /CN=e8206aa3252e3ea8d684eaec7a2993513b5d2307
Certificate serial: 01856C65EF3E3EF0028B9E87B89C5ED0E69E
Authority key identifier: E8:20:6A:A3:25:2E:3E:A8:D6:84:EA:EC:7A:29:93:51:3B:5D:23:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6CBqoyUuPqjWhOrseimTUTtdIwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/8wQb0bNKqJ9ajACrW5Ew--ynXl8.roa
Signing time: Sun 01 Jan 2023 08:14:57 +0000
ROA not before: Sun 01 Jan 2023 08:14:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15738
IP address blocks: 89.21.84.0/22 maxlen: 22
89.21.88.0/22 maxlen: 22
89.21.93.0/24 maxlen: 24
89.21.94.0/24 maxlen: 24
80.84.176.0/20 maxlen: 20
80.254.0.0/20 maxlen: 20
2a06:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:65:ef:3e:3e:f0:02:8b:9e:87:b8:9c:5e:d0:e6:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8206aa3252e3ea8d684eaec7a2993513b5d2307
Validity
Not Before: Jan 1 08:14:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f3041bd1b34aa89f5a8c00ab5b9130fbeca75e5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:1d:98:c7:a6:45:0b:f7:c6:63:a7:bc:c3:b2:
02:e1:1c:fa:77:26:57:5c:a5:83:3e:44:10:3a:6a:
45:44:83:81:1c:c2:ad:c1:3c:31:82:15:08:50:3f:
37:6f:11:0a:89:95:ef:d9:c8:e0:e0:96:6f:aa:8f:
1c:0a:9a:0f:75:f1:76:b3:f7:d9:17:4a:52:89:91:
c2:82:29:f7:6a:19:71:7f:3f:b5:ab:e5:6d:60:b4:
c7:ba:97:6d:14:56:42:8f:0e:70:0d:29:b9:b4:d0:
73:3b:56:b4:df:ba:9a:17:26:c6:e8:f9:4e:85:c1:
df:db:87:38:60:7e:96:9e:fd:74:a3:61:cc:16:93:
59:9a:ae:c0:85:af:5a:95:c4:09:0d:68:0f:20:52:
d1:de:c7:9a:d1:51:e3:5b:13:83:98:c1:67:b9:8a:
93:ab:e7:fc:ba:ab:17:01:4a:4a:d4:94:62:92:eb:
cc:27:1b:e5:29:04:16:86:43:8c:04:ca:ec:8a:a6:
0d:3c:96:73:dc:d3:dd:52:68:33:5a:5a:df:46:52:
61:3a:ea:3a:87:28:1e:79:69:47:f2:28:be:e0:72:
42:20:02:52:2c:4e:81:dc:5d:1e:1e:2e:3c:da:37:
c0:d5:7c:ef:26:46:f3:20:af:c0:41:1d:99:c4:f2:
a4:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:04:1B:D1:B3:4A:A8:9F:5A:8C:00:AB:5B:91:30:FB:EC:A7:5E:5F
X509v3 Authority Key Identifier:
keyid:E8:20:6A:A3:25:2E:3E:A8:D6:84:EA:EC:7A:29:93:51:3B:5D:23:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6CBqoyUuPqjWhOrseimTUTtdIwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/8wQb0bNKqJ9ajACrW5Ew--ynXl8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/47accb-6f3c-4c6c-9fd0-585eb84558f9/1/6CBqoyUuPqjWhOrseimTUTtdIwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.84.176.0/20
80.254.0.0/20
89.21.84.0-89.21.91.255
89.21.93.0-89.21.94.255
IPv6:
2a06:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
4d:73:0d:f8:88:dd:6e:eb:7a:92:53:c5:19:a2:f0:2e:8a:d0:
10:42:02:32:37:72:b1:d5:30:14:1d:18:e7:3a:18:b4:88:3c:
73:5e:e8:5f:a3:b9:5c:d7:2a:68:74:54:94:43:9d:81:a4:7c:
8a:47:0d:91:36:3e:9f:ea:6c:d2:f8:b6:78:ea:df:86:cb:e8:
d8:2b:e5:f3:ac:9a:e3:08:0c:7c:d7:a8:33:98:1c:99:b8:17:
c7:6c:ff:36:4c:33:8c:ca:4b:a3:be:5e:e0:69:db:96:bc:6c:
d9:5c:cb:3c:4a:c7:ad:18:7b:ee:f6:22:05:1d:37:71:15:d9:
da:0f:7e:68:45:5f:12:1e:bd:06:9b:3f:6d:62:8f:51:e3:44:
bc:34:57:d6:42:1f:20:a0:6e:44:d1:46:10:98:7d:8d:fe:1f:
36:97:5e:d6:d8:fe:bb:cc:e3:2c:37:1d:49:1e:d5:4f:d1:4f:
2c:e1:61:49:97:bd:66:2d:f2:e5:f7:ac:a7:d2:12:ee:36:0c:
72:21:34:cf:93:4f:95:2b:bf:1d:6d:67:06:9a:18:f3:b3:76:
a8:72:bd:89:12:e1:11:14:15:e1:0b:5e:d2:41:23:1e:96:ae:
d5:ec:86:ed:e2:1d:74:85:46:7c:b6:f7:24:4d:d8:c6:b5:78:
a6:a7:82:97
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYVsZe8+PvACi56HuJxe0OaeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MjA2YWEzMjUyZTNlYThkNjg0ZWFlYzdhMjk5MzUxM2I1
ZDIzMDcwHhcNMjMwMTAxMDgxNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzA0MWJkMWIzNGFhODlmNWE4YzAwYWI1YjkxMzBmYmVjYTc1ZTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArR2Yx6ZFC/fGY6e8w7IC4Rz6dyZX
XKWDPkQQOmpFRIOBHMKtwTwxghUIUD83bxEKiZXv2cjg4JZvqo8cCpoPdfF2s/fZ
F0pSiZHCgin3ahlxfz+1q+VtYLTHupdtFFZCjw5wDSm5tNBzO1a037qaFybG6PlO
hcHf24c4YH6Wnv10o2HMFpNZmq7Aha9alcQJDWgPIFLR3sea0VHjWxODmMFnuYqT
q+f8uqsXAUpK1JRikuvMJxvlKQQWhkOMBMrsiqYNPJZz3NPdUmgzWlrfRlJhOuo6
hygeeWlH8ii+4HJCIAJSLE6B3F0eHi482jfA1XzvJkbzIK/AQR2ZxPKklQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFPMEG9GzSqifWowAq1uRMPvsp15fMB8GA1UdIwQY
MBaAFOggaqMlLj6o1oTq7Hopk1E7XSMHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkNCcW95VXVQcWpXaE9yc2VpbVRVVHRkSXdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80N2FjY2ItNmYzYy00YzZjLTlmZDAt
NTg1ZWI4NDU1OGY5LzEvOHdRYjBiTktxSjlhakFDclc1RXctLXluWGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80N2FjY2ItNmYzYy00YzZjLTlmZDAtNTg1ZWI4NDU1OGY5
LzEvNkNCcW95VXVQcWpXaE9yc2VpbVRVVHRkSXdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwQEUFSwAwQE
UP4AMAwDBAJZFVQDBAJZFVgwDAMEAFkVXQMEAFkVXjANBAIAAjAHAwUDKgb/QDAN
BgkqhkiG9w0BAQsFAAOCAQEATXMN+Ijdbut6klPFGaLwLorQEEICMjdysdUwFB0Y
5zoYtIg8c17oX6O5XNcqaHRUlEOdgaR8ikcNkTY+n+ps0vi2eOrfhsvo2Cvl86ya
4wgMfNeoM5gcmbgXx2z/NkwzjMpLo75e4Gnblrxs2VzLPErHrRh77vYiBR03cRXZ
2g9+aEVfEh69Bps/bWKPUeNEvDRX1kIfIKBuRNFGEJh9jf4fNpde1tj+u8zjLDcd
SR7VT9FPLOFhSZe9Zi3y5fesp9IS7jYMciE0z5NPlSu/HW1nBpoY87N2qHK9iRLh
ERQV4Qte0kEjHpau1eyG7eIddIVGfLb3JE3YxrV4pqeClw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:54:06 2025 by rpki-client