Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/vnI-iQ4daV54Ax94-u5gVpNNyjI.roa
File: vnI-iQ4daV54Ax94-u5gVpNNyjI.roa (raw, json)
Hash identifier: jrf9eIXYwcC7Djpvr2WCdNFMz4nAEq2iZljqZI0plG4=
Subject key identifier: BE:72:3E:89:0E:1D:69:5E:78:03:1F:78:FA:EE:60:56:93:4D:CA:32
Certificate issuer: /CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Certificate serial: 01872239F5B5C6226263F29841601C7CED48
Authority key identifier: 7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/vnI-iQ4daV54Ax94-u5gVpNNyjI.roa
Signing time: Mon 27 Mar 2023 08:40:36 +0000
ROA not before: Mon 27 Mar 2023 08:40:36 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41381
IP address blocks: 89.105.64.0/21 maxlen: 24
89.105.72.0/21 maxlen: 24
2a01:7000::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:22:39:f5:b5:c6:22:62:63:f2:98:41:60:1c:7c:ed:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e2c0ccf1ffbfcdb8b61d738201301b8791184e8
Validity
Not Before: Mar 27 08:40:36 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=be723e890e1d695e78031f78faee6056934dca32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:fb:50:8d:b7:8e:db:f7:fa:86:6e:34:ed:e3:
67:55:07:91:83:8e:55:40:1c:6c:66:3f:cd:0a:47:
92:19:af:ce:17:4f:37:0e:90:fe:88:bb:bf:2e:49:
6a:92:42:5c:d4:0e:79:fd:af:a7:e6:12:af:dd:05:
b8:e4:89:64:c6:6f:c3:df:78:1d:23:6d:ba:18:c2:
30:f0:c0:7e:fa:57:1c:7c:ff:cd:cb:c8:ff:13:38:
de:60:07:2a:e4:54:1e:e4:8d:fe:4b:e4:d5:10:9f:
b1:2f:ef:a0:77:13:ab:c1:72:b4:3f:df:45:58:a4:
bf:58:5a:67:07:84:07:c8:39:03:40:33:d2:c2:aa:
46:c4:3d:9e:f8:ba:bd:6e:32:29:96:8b:31:98:5f:
9d:0d:cc:c2:92:84:18:0e:06:ca:78:99:81:c1:ac:
ce:ef:4d:3f:51:d4:e6:14:a6:29:d1:ab:81:fb:51:
97:6b:f7:ef:be:89:8d:b1:5b:89:d7:30:29:ba:80:
5f:91:a6:79:f3:50:e3:6d:55:1f:74:f8:0b:dd:76:
32:c2:41:3f:d8:79:42:7d:38:b2:be:74:e1:d2:96:
01:75:03:6f:c4:04:c2:0c:1c:a5:21:50:61:5c:18:
96:b4:bf:34:80:38:1f:c0:b8:2e:9e:8c:3a:05:52:
4b:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:72:3E:89:0E:1D:69:5E:78:03:1F:78:FA:EE:60:56:93:4D:CA:32
X509v3 Authority Key Identifier:
keyid:7E:2C:0C:CF:1F:FB:FC:DB:8B:61:D7:38:20:13:01:B8:79:11:84:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiwMzx_7_NuLYdc4IBMBuHkRhOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/vnI-iQ4daV54Ax94-u5gVpNNyjI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cdf2d7-b11e-47b2-9fc9-79091c78ab48/1/fiwMzx_7_NuLYdc4IBMBuHkRhOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.105.64.0/20
IPv6:
2a01:7000::/32
Signature Algorithm: sha256WithRSAEncryption
44:9f:6e:ed:20:e6:27:da:75:dd:98:4b:52:be:cb:9d:ac:4f:
6f:fe:48:47:ee:17:12:a5:58:45:43:7f:aa:25:2b:3a:7b:d0:
af:ee:0b:e5:a5:32:09:49:c6:31:9e:df:fb:e1:df:7a:dd:2e:
b0:9b:1b:09:9e:08:e2:0d:60:72:32:43:b2:42:48:28:54:72:
7f:c1:23:e6:8a:76:75:ce:56:c3:e2:7f:dc:97:75:c7:57:1f:
f1:56:1b:2c:b6:ba:65:ee:39:6d:24:a7:39:52:6f:40:2e:93:
8e:23:20:c1:86:58:8f:99:e6:48:19:c8:37:0b:29:04:54:fa:
04:34:da:c3:83:91:5b:e8:05:40:46:1b:54:25:70:23:2b:07:
2c:8e:6f:73:bb:9b:36:21:84:f5:a4:3d:c1:91:d8:97:ae:d1:
cc:c0:38:b9:a4:86:69:92:5b:76:38:99:41:bc:04:6f:6e:8b:
eb:10:17:34:1e:49:cc:60:40:12:b8:87:5d:29:c2:5f:e0:47:
46:ca:8f:37:34:7f:f0:17:7a:bb:aa:56:e4:eb:48:3d:f8:22:
2a:56:af:14:a4:84:35:c5:00:14:4c:2f:e4:c8:fb:f6:1e:d4:
0f:dc:13:32:04:61:55:e4:ce:1f:a6:fe:1b:47:4d:40:91:46:
bb:0e:9d:0f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYciOfW1xiJiY/KYQWAcfO1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmMwY2NmMWZmYmZjZGI4YjYxZDczODIwMTMwMWI4Nzkx
MTg0ZTgwHhcNMjMwMzI3MDg0MDM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTcyM2U4OTBlMWQ2OTVlNzgwMzFmNzhmYWVlNjA1NjkzNGRjYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvtQjbeO2/f6hm407eNnVQeRg45V
QBxsZj/NCkeSGa/OF083DpD+iLu/LklqkkJc1A55/a+n5hKv3QW45Ilkxm/D33gd
I226GMIw8MB++lccfP/Ny8j/EzjeYAcq5FQe5I3+S+TVEJ+xL++gdxOrwXK0P99F
WKS/WFpnB4QHyDkDQDPSwqpGxD2e+Lq9bjIplosxmF+dDczCkoQYDgbKeJmBwazO
700/UdTmFKYp0auB+1GXa/fvvomNsVuJ1zApuoBfkaZ581DjbVUfdPgL3XYywkE/
2HlCfTiyvnTh0pYBdQNvxATCDBylIVBhXBiWtL80gDgfwLgunow6BVJLhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL5yPokOHWleeAMfePruYFaTTcoyMB8GA1UdIwQY
MBaAFH4sDM8f+/zbi2HXOCATAbh5EYToMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZml3TXp4XzdfTnVMWWRjNElCTUJ1SGtSaE9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9jZGYyZDctYjExZS00N2IyLTlmYzkt
NzkwOTFjNzhhYjQ4LzEvdm5JLWlRNGRhVjU0QXg5NC11NWdWcE5OeWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9jZGYyZDctYjExZS00N2IyLTlmYzktNzkwOTFjNzhhYjQ4
LzEvZml3TXp4XzdfTnVMWWRjNElCTUJ1SGtSaE9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEWWlAMA0E
AgACMAcDBQAqAXAAMA0GCSqGSIb3DQEBCwUAA4IBAQBEn27tIOYn2nXdmEtSvsud
rE9v/khH7hcSpVhFQ3+qJSs6e9Cv7gvlpTIJScYxnt/74d963S6wmxsJngjiDWBy
MkOyQkgoVHJ/wSPminZ1zlbD4n/cl3XHVx/xVhsstrpl7jltJKc5Um9ALpOOIyDB
hliPmeZIGcg3CykEVPoENNrDg5Fb6AVARhtUJXAjKwcsjm9zu5s2IYT1pD3BkdiX
rtHMwDi5pIZpklt2OJlBvARvbovrEBc0HknMYEASuIddKcJf4EdGyo83NH/wF3q7
qlbk60g9+CIqVq8UpIQ1xQAUTC/kyPv2HtQP3BMyBGFV5M4fpv4bR01AkUa7Dp0P
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:10:47 2025 by rpki-client