Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/WRziB5ZDi1n94QC0uBPqRgeDB9U.roa
File: WRziB5ZDi1n94QC0uBPqRgeDB9U.roa (raw, json)
Hash identifier: ZBU3ATEGE2YuJ/rKkVaihihSztBkuSTLoovTvFZy+RY=
Subject key identifier: 59:1C:E2:07:96:43:8B:59:FD:E1:00:B4:B8:13:EA:46:07:83:07:D5
Certificate issuer: /CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Certificate serial: 3871C803
Authority key identifier: 7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/WRziB5ZDi1n94QC0uBPqRgeDB9U.roa
Signing time: Fri 25 Feb 2022 09:56:42 +0000
ROA not before: Fri 25 Feb 2022 09:56:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41381
IP address blocks: 89.105.64.0/19 maxlen: 24
89.105.64.0/21 maxlen: 24
89.105.72.0/21 maxlen: 24
89.105.80.0/21 maxlen: 24
89.105.88.0/21 maxlen: 24
2a01:7000::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 946980867 (0x3871c803)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Validity
Not Before: Feb 25 09:56:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=591ce20796438b59fde100b4b813ea46078307d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:76:95:00:da:48:04:cd:65:01:c8:bd:c7:ff:
b4:4c:82:d8:7f:f9:56:a9:85:22:02:33:1c:b9:35:
8f:bd:24:cb:7d:99:79:18:87:19:07:05:cf:dc:c4:
41:fb:a7:de:94:a1:85:ae:99:89:33:8e:d4:c6:4d:
e7:ab:3c:8f:54:34:f2:73:cd:d3:b2:73:d1:df:8f:
0b:ad:ba:5e:7d:36:13:7f:66:21:77:29:2d:74:c8:
00:d2:2b:9a:fc:25:2b:9f:c1:c7:5b:7e:a8:d1:af:
1c:ff:ac:b3:a3:40:07:42:c5:c3:79:af:06:08:56:
d7:ac:b2:55:9a:a0:fd:16:89:bf:dd:45:f3:e7:03:
36:ac:ac:80:97:dc:d1:de:1f:12:3d:0a:dc:5e:55:
c2:5e:d3:43:d6:24:9f:29:93:8e:01:9d:de:bc:19:
a6:d7:8d:0d:e2:3d:92:98:62:3b:df:32:b1:a3:8e:
c4:c3:bc:1e:3c:28:5e:fe:b7:18:c7:66:12:83:63:
e1:5e:4c:d2:20:ea:c7:ba:3b:0d:a5:e3:91:eb:e2:
74:bd:f7:20:84:9a:e8:37:9f:2d:57:03:7b:13:29:
3e:68:d3:82:61:ff:f0:e1:44:41:aa:49:4b:1b:fd:
31:74:cd:7a:70:da:c5:1b:6d:ee:82:41:8e:02:a2:
d4:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:1C:E2:07:96:43:8B:59:FD:E1:00:B4:B8:13:EA:46:07:83:07:D5
X509v3 Authority Key Identifier:
keyid:7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/WRziB5ZDi1n94QC0uBPqRgeDB9U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/fiwMzx_7_NuLYdc4IBMBuHkRhOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.105.64.0/19
IPv6:
2a01:7000::/32
Signature Algorithm: sha256WithRSAEncryption
bf:b1:64:63:fe:3b:57:b0:43:39:31:3d:39:0c:b2:ff:62:a6:
05:fa:60:22:59:fe:7a:a7:be:1d:de:ac:10:50:36:2f:e3:c2:
c4:c0:60:4e:e6:74:a0:53:03:fb:e2:d3:da:63:91:79:23:bc:
39:f6:e8:d6:85:19:4f:1d:a3:78:75:5d:da:22:96:74:fa:10:
de:22:a7:82:9c:4f:28:da:c0:b8:62:fe:19:e8:f2:a3:4f:74:
a8:b7:b1:ff:77:42:77:10:66:02:ce:80:02:5b:00:1e:22:38:
2f:3b:c2:da:09:ff:06:1e:f5:d5:e5:42:b0:e5:f5:0b:eb:29:
98:1f:01:17:6e:de:17:4c:9a:26:c7:b7:03:c8:8b:56:f7:10:
81:41:75:f9:a5:22:35:d1:e3:76:04:f7:33:c6:20:66:ad:cc:
50:35:a8:12:6c:3c:fe:33:f9:28:4d:32:f1:0c:fe:2c:ea:03:
8d:ff:6e:57:ee:d7:ff:40:76:cb:78:75:23:22:f3:2b:e8:1d:
bc:31:23:e6:60:33:15:dd:ba:90:7f:52:a6:67:a1:1d:22:c1:
92:2a:db:5c:be:e4:92:5b:03:12:73:b6:ce:32:05:ff:03:8d:
44:b4:c5:04:ed:06:1f:e3:75:9b:22:4f:c5:53:41:52:99:cf:
96:dc:e5:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEOHHIAzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZTJjMGNjZjFmZmJmY2RiOGI2MWQ3MzgyMDEzMDFiODc5MTE4NGU4MB4XDTIyMDIy
NTA5NTY0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTkxY2UyMDc5NjQz
OGI1OWZkZTEwMGI0YjgxM2VhNDYwNzgzMDdkNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALJ2lQDaSATNZQHIvcf/tEyC2H/5VqmFIgIzHLk1j70ky32Z
eRiHGQcFz9zEQfun3pShha6ZiTOO1MZN56s8j1Q08nPN07Jz0d+PC626Xn02E39m
IXcpLXTIANIrmvwlK5/Bx1t+qNGvHP+ss6NAB0LFw3mvBghW16yyVZqg/RaJv91F
8+cDNqysgJfc0d4fEj0K3F5Vwl7TQ9YknymTjgGd3rwZpteNDeI9kphiO98ysaOO
xMO8HjwoXv63GMdmEoNj4V5M0iDqx7o7DaXjkevidL33IISa6DefLVcDexMpPmjT
gmH/8OFEQapJSxv9MXTNenDaxRtt7oJBjgKi1G8CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBRZHOIHlkOLWf3hALS4E+pGB4MH1TAfBgNVHSMEGDAWgBR+LAzPH/v824th
1zggEwG4eRGE6DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2Zpd016eF83X051TFlkYzRJQk1CdUhrUmhPZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTMvY2RmMmQ3LWIxMWUtNDdiMi05ZmM5LTc5MDkxYzc4YWI0OC8x
L1dSemlCNVpEaTFuOTRRQzB1QlBxUmdlREI5VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTMv
Y2RmMmQ3LWIxMWUtNDdiMi05ZmM5LTc5MDkxYzc4YWI0OC8xL2Zpd016eF83X051
TFlkYzRJQk1CdUhrUmhPZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEBVlpQDANBAIAAjAHAwUAKgFwADAN
BgkqhkiG9w0BAQsFAAOCAQEAv7FkY/47V7BDOTE9OQyy/2KmBfpgIln+eqe+Hd6s
EFA2L+PCxMBgTuZ0oFMD++LT2mOReSO8Ofbo1oUZTx2jeHVd2iKWdPoQ3iKngpxP
KNrAuGL+Gejyo090qLex/3dCdxBmAs6AAlsAHiI4LzvC2gn/Bh711eVCsOX1C+sp
mB8BF27eF0yaJse3A8iLVvcQgUF1+aUiNdHjdgT3M8YgZq3MUDWoEmw8/jP5KE0y
8Qz+LOoDjf9uV+7X/0B2y3h1IyLzK+gdvDEj5mAzFd26kH9SpmehHSLBkirbXL7k
klsDEnO2zjIF/wONRLTFBO0GH+N1myJPxVNBUpnPltzlnQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:37 2024 by rpki-client on console-fra.rpki-client.org