Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/H-Upa-KWCrLb_iz_MRYIQRJiD9k.roa
File: H-Upa-KWCrLb_iz_MRYIQRJiD9k.roa (raw, json)
Hash identifier: Cjs9k6qSsyKSgycw5YcyAjxyPzViG6A5GuZrkKB/ltw=
Subject key identifier: 1F:E5:29:6B:E2:96:0A:B2:DB:FE:2C:FF:31:16:08:41:12:62:0F:D9
Certificate issuer: /CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Certificate serial: 018DF59F36292BE1650FAD6D80A767124020
Authority key identifier: 7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/H-Upa-KWCrLb_iz_MRYIQRJiD9k.roa
Signing time: Thu 29 Feb 2024 16:07:48 +0000
ROA not before: Thu 29 Feb 2024 16:07:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41381
IP address blocks: 89.105.64.0/21 maxlen: 24
89.105.72.0/21 maxlen: 24
89.105.72.0/22 maxlen: 24
2a01:7000::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f5:9f:36:29:2b:e1:65:0f:ad:6d:80:a7:67:12:40:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Validity
Not Before: Feb 29 16:07:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1fe5296be2960ab2dbfe2cff3116084112620fd9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:02:ce:d2:15:ff:16:30:6c:69:6b:8d:94:bf:
e9:c1:35:b7:9c:7f:93:7a:fa:45:7f:b4:69:b8:2d:
ea:b4:0a:f7:98:06:49:19:f5:4a:51:a9:59:6f:4b:
0f:1e:21:be:d6:ee:65:38:7b:7c:2a:59:fa:e2:68:
da:35:32:d1:40:f4:48:54:71:60:3c:aa:8f:74:ed:
75:70:ae:12:96:69:76:a4:98:9a:7c:02:43:42:fa:
d2:4b:fb:90:e6:b4:74:ec:20:f9:29:5b:e0:46:60:
46:c7:09:5e:3b:4d:46:ce:8a:89:c2:7d:84:04:12:
5b:da:b2:2f:05:2e:44:33:2f:f7:19:73:24:d0:af:
1a:3d:2d:7d:8e:94:69:07:66:f1:67:9b:9d:63:fd:
b9:09:ae:95:5f:68:d4:3d:80:ea:49:b6:6c:12:b1:
2d:7e:ac:d3:b1:2c:3e:b8:34:b8:f7:6b:a5:64:cc:
d3:ea:43:aa:03:b6:c5:71:4b:0b:a4:34:07:c6:79:
4e:bd:02:82:95:52:4a:c5:64:80:af:f0:1e:7c:4d:
37:4a:f9:7e:4a:01:29:38:e6:88:32:2f:e1:86:fa:
ef:2e:ef:72:8e:6d:2f:a6:7c:4a:d6:4d:35:a0:b2:
09:23:31:73:f0:b4:d0:01:46:a6:6c:ef:98:f8:a5:
1d:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:E5:29:6B:E2:96:0A:B2:DB:FE:2C:FF:31:16:08:41:12:62:0F:D9
X509v3 Authority Key Identifier:
keyid:7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/H-Upa-KWCrLb_iz_MRYIQRJiD9k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/fiwMzx_7_NuLYdc4IBMBuHkRhOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.105.64.0/20
IPv6:
2a01:7000::/32
Signature Algorithm: sha256WithRSAEncryption
d9:3e:23:ef:54:73:b3:d6:be:fe:dd:8d:d9:a5:b3:02:07:f2:
75:4d:91:5e:cd:ed:b6:1a:ce:34:65:ae:43:1f:76:73:83:ec:
ea:2b:be:1e:cb:81:bf:42:ca:41:80:4a:8e:88:92:93:4f:f0:
2c:ed:48:46:a3:58:bd:65:16:86:5e:af:60:2d:c4:27:7c:9c:
d0:60:cb:2d:e3:c8:bb:a5:ea:cd:b7:ae:97:c0:1f:62:20:b4:
93:11:bd:f7:82:33:53:e8:93:41:80:78:48:2c:c2:fd:bb:86:
57:92:84:26:ca:50:a1:43:66:de:e5:fa:64:01:b5:cb:fe:e1:
de:ea:23:18:ad:41:5d:dc:7f:80:4e:8e:87:6a:b2:71:3e:39:
06:ef:f7:3c:81:77:cc:cf:ed:2d:fd:14:94:53:bc:ff:7b:7d:
9c:a2:07:80:a0:3e:44:92:50:81:76:da:63:c2:75:c6:a6:f6:
48:fe:d8:9d:2e:d3:9f:09:47:d0:8f:5e:5e:ac:35:95:77:d6:
88:1b:fe:53:d8:3f:de:72:77:da:30:da:ad:f9:18:a6:9a:c4:
25:07:95:72:76:50:88:33:e1:3d:c4:3d:c2:e5:35:ea:1c:23:
7e:b6:30:ca:03:ba:26:0d:7d:86:a8:32:b7:0d:99:bd:c3:50:
5d:f0:e6:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY31nzYpK+FlD61tgKdnEkAgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmMwY2NmMWZmYmZjZGI4YjYxZDczODIwMTMwMWI4Nzkx
MTg0ZTgwHhcNMjQwMjI5MTYwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmU1Mjk2YmUyOTYwYWIyZGJmZTJjZmYzMTE2MDg0MTEyNjIwZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjALO0hX/FjBsaWuNlL/pwTW3nH+T
evpFf7RpuC3qtAr3mAZJGfVKUalZb0sPHiG+1u5lOHt8Kln64mjaNTLRQPRIVHFg
PKqPdO11cK4Slml2pJiafAJDQvrSS/uQ5rR07CD5KVvgRmBGxwleO01GzoqJwn2E
BBJb2rIvBS5EMy/3GXMk0K8aPS19jpRpB2bxZ5udY/25Ca6VX2jUPYDqSbZsErEt
fqzTsSw+uDS492ulZMzT6kOqA7bFcUsLpDQHxnlOvQKClVJKxWSAr/AefE03Svl+
SgEpOOaIMi/hhvrvLu9yjm0vpnxK1k01oLIJIzFz8LTQAUambO+Y+KUdawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB/lKWvilgqy2/4s/zEWCEESYg/ZMB8GA1UdIwQY
MBaAFH4sDM8f+/zbi2HXOCATAbh5EYToMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZml3TXp4XzdfTnVMWWRjNElCTUJ1SGtSaE9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9jZGYyZDctYjExZS00N2IyLTlmYzkt
NzkwOTFjNzhhYjQ4LzEvSC1VcGEtS1dDckxiX2l6X01SWUlRUkppRDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9jZGYyZDctYjExZS00N2IyLTlmYzktNzkwOTFjNzhhYjQ4
LzEvZml3TXp4XzdfTnVMWWRjNElCTUJ1SGtSaE9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEWWlAMA0E
AgACMAcDBQAqAXAAMA0GCSqGSIb3DQEBCwUAA4IBAQDZPiPvVHOz1r7+3Y3ZpbMC
B/J1TZFeze22Gs40Za5DH3Zzg+zqK74ey4G/QspBgEqOiJKTT/As7UhGo1i9ZRaG
Xq9gLcQnfJzQYMst48i7perNt66XwB9iILSTEb33gjNT6JNBgHhILML9u4ZXkoQm
ylChQ2be5fpkAbXL/uHe6iMYrUFd3H+ATo6HarJxPjkG7/c8gXfMz+0t/RSUU7z/
e32cogeAoD5EklCBdtpjwnXGpvZI/tidLtOfCUfQj15erDWVd9aIG/5T2D/ecnfa
MNqt+RimmsQlB5VydlCIM+E9xD3C5TXqHCN+tjDKA7omDX2GqDK3DZm9w1Bd8Oay
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:20 2024 by rpki-client on console-ams.rpki-client.org