Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/Wzu657uwqGwLWxiYZtj7XUvL_tY.roa
File: Wzu657uwqGwLWxiYZtj7XUvL_tY.roa (raw, json)
Hash identifier: 14cAMpy/Wvqn6ngw8yEGQz36W6B2x9TPzTlZLF9Es4o=
Subject key identifier: 5B:3B:BA:E7:BB:B0:A8:6C:0B:5B:18:98:66:D8:FB:5D:4B:CB:FE:D6
Certificate issuer: /CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Certificate serial: 01856D5D094F5FB6D7B32A73CFB09B4C250D
Authority key identifier: 7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/Wzu657uwqGwLWxiYZtj7XUvL_tY.roa
Signing time: Sun 01 Jan 2023 12:44:51 +0000
ROA not before: Sun 01 Jan 2023 12:44:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41381
IP address blocks: 89.105.64.0/21 maxlen: 24
89.105.72.0/21 maxlen: 24
89.105.80.0/21 maxlen: 24
2a01:7000::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:5d:09:4f:5f:b6:d7:b3:2a:73:cf:b0:9b:4c:25:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Validity
Not Before: Jan 1 12:44:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5b3bbae7bbb0a86c0b5b189866d8fb5d4bcbfed6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:da:3e:50:63:c2:5f:f6:81:ac:34:27:96:38:
10:93:11:0e:45:07:79:52:0f:db:c6:0f:6c:2f:fa:
ba:f3:4c:fa:37:99:13:2d:02:b1:09:92:0c:c9:48:
27:db:9a:f4:25:bf:9e:9f:5e:5c:73:2e:0e:c7:09:
b0:38:28:c7:b7:a4:d2:9d:e6:0a:09:0e:9b:eb:72:
e7:ca:42:34:8f:9e:ed:a2:1f:5f:f5:31:71:a0:40:
fe:7a:2c:74:78:90:87:f5:e0:43:10:da:e5:15:aa:
cc:fd:89:57:f4:e5:a4:8a:79:07:11:13:b7:d4:fa:
80:d6:37:46:1c:2d:f2:e2:bc:fd:37:3b:9a:e6:ad:
81:06:54:93:5e:b5:7e:e2:3a:07:a4:6c:85:79:a3:
18:04:24:39:d0:f9:2b:27:3a:d0:c0:9b:45:03:ac:
c9:0e:8d:85:37:c8:28:97:01:3f:e2:a8:96:43:e5:
41:ed:6c:6c:5a:16:aa:7f:70:7c:a5:eb:07:2e:72:
ef:c7:02:f9:f1:98:ac:17:c3:25:10:cf:6f:e6:4a:
4a:f5:64:ed:d6:27:1a:eb:9a:25:4e:87:bc:25:1c:
99:a0:7e:b2:b5:bb:50:b8:06:ba:85:de:64:bc:b0:
22:20:69:61:72:93:3d:16:70:e5:bb:1e:12:de:4f:
00:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:3B:BA:E7:BB:B0:A8:6C:0B:5B:18:98:66:D8:FB:5D:4B:CB:FE:D6
X509v3 Authority Key Identifier:
keyid:7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/Wzu657uwqGwLWxiYZtj7XUvL_tY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/fiwMzx_7_NuLYdc4IBMBuHkRhOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.105.64.0-89.105.87.255
IPv6:
2a01:7000::/32
Signature Algorithm: sha256WithRSAEncryption
ad:8e:8c:d5:0d:12:f6:86:1c:b1:61:b3:0c:42:94:62:0d:23:
1c:c9:93:a7:04:8c:e2:ee:5c:c8:0d:b0:1b:7c:18:b3:62:95:
18:98:3c:e1:80:cd:41:91:93:3d:a2:cc:03:38:87:01:2a:03:
10:8b:ba:2f:57:0c:b3:2c:1d:23:76:69:16:71:6e:c4:69:e3:
02:66:f4:ed:c9:40:c6:b3:71:99:43:05:f1:f1:11:e5:68:39:
80:d1:1d:f3:ce:b3:65:46:57:22:3e:1a:92:88:48:9e:e5:23:
d0:e4:f3:53:aa:c5:82:1e:ec:5a:ef:8f:d0:d3:21:7c:bd:5d:
a4:d0:ab:79:7d:a6:5d:71:37:4d:0e:b5:10:9d:18:f8:b0:0d:
6d:db:ba:8a:ed:0e:51:0b:d3:33:85:d7:1c:42:1a:cd:05:ce:
59:14:c3:6f:ce:50:f8:d5:21:a9:ec:5d:b7:2a:83:b3:67:fe:
a2:5e:f7:17:cf:e1:cd:bd:b2:85:69:61:ae:b0:47:94:a9:b2:
de:32:eb:e7:a4:f2:89:3c:f8:3b:e9:c9:f2:f0:a8:f5:0b:d0:
98:36:fa:24:2f:cc:77:1c:9e:e0:9d:87:f4:30:a3:95:5b:03:
a7:28:f2:6a:1a:45:0b:4b:55:f6:d2:e1:a2:31:22:dd:44:c9:
c5:f5:21:f6
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVtXQlPX7bXsypzz7CbTCUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmMwY2NmMWZmYmZjZGI4YjYxZDczODIwMTMwMWI4Nzkx
MTg0ZTgwHhcNMjMwMTAxMTI0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjNiYmFlN2JiYjBhODZjMGI1YjE4OTg2NmQ4ZmI1ZDRiY2JmZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtto+UGPCX/aBrDQnljgQkxEORQd5
Ug/bxg9sL/q680z6N5kTLQKxCZIMyUgn25r0Jb+en15ccy4OxwmwOCjHt6TSneYK
CQ6b63LnykI0j57toh9f9TFxoED+eix0eJCH9eBDENrlFarM/YlX9OWkinkHERO3
1PqA1jdGHC3y4rz9Nzua5q2BBlSTXrV+4joHpGyFeaMYBCQ50PkrJzrQwJtFA6zJ
Do2FN8golwE/4qiWQ+VB7WxsWhaqf3B8pesHLnLvxwL58ZisF8MlEM9v5kpK9WTt
1ica65olToe8JRyZoH6ytbtQuAa6hd5kvLAiIGlhcpM9FnDlux4S3k8AOQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFs7uue7sKhsC1sYmGbY+11Ly/7WMB8GA1UdIwQY
MBaAFH4sDM8f+/zbi2HXOCATAbh5EYToMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZml3TXp4XzdfTnVMWWRjNElCTUJ1SGtSaE9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9jZGYyZDctYjExZS00N2IyLTlmYzkt
NzkwOTFjNzhhYjQ4LzEvV3p1NjU3dXdxR3dMV3hpWVp0ajdYVXZMX3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9jZGYyZDctYjExZS00N2IyLTlmYzktNzkwOTFjNzhhYjQ4
LzEvZml3TXp4XzdfTnVMWWRjNElCTUJ1SGtSaE9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAZZaUAD
BANZaVAwDQQCAAIwBwMFACoBcAAwDQYJKoZIhvcNAQELBQADggEBAK2OjNUNEvaG
HLFhswxClGINIxzJk6cEjOLuXMgNsBt8GLNilRiYPOGAzUGRkz2izAM4hwEqAxCL
ui9XDLMsHSN2aRZxbsRp4wJm9O3JQMazcZlDBfHxEeVoOYDRHfPOs2VGVyI+GpKI
SJ7lI9Dk81OqxYIe7Frvj9DTIXy9XaTQq3l9pl1xN00OtRCdGPiwDW3buortDlEL
0zOF1xxCGs0FzlkUw2/OUPjVIansXbcqg7Nn/qJe9xfP4c29soVpYa6wR5Spst4y
6+ek8ok8+DvpyfLwqPUL0Jg2+iQvzHccnuCdh/Qwo5VbA6co8moaRQtLVfbS4aIx
It1EycX1IfY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:37 2024 by rpki-client on console-fra.rpki-client.org