Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/40543e-195a-4332-a8ed-37374e396c7d/1/35qBbVjjOC_jD_CkZKwtKPe9AVc.roa
File: 35qBbVjjOC_jD_CkZKwtKPe9AVc.roa (raw, json)
Hash identifier: L44P44YQfKcJOw2VPcHbcXJ1cGUSbkuIwTc2cTCcxM0=
Subject key identifier: DF:9A:81:6D:58:E3:38:2F:E3:0F:F0:A4:64:AC:2D:28:F7:BD:01:57
Certificate issuer: /CN=09ef0b8e5bbab29a1330fa0e7493f2a179847bb2
Certificate serial: 019299ED94194B7ED2E1A3691C12F6782605
Authority key identifier: 09:EF:0B:8E:5B:BA:B2:9A:13:30:FA:0E:74:93:F2:A1:79:84:7B:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ce8Ljlu6spoTMPoOdJPyoXmEe7I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/40543e-195a-4332-a8ed-37374e396c7d/1/35qBbVjjOC_jD_CkZKwtKPe9AVc.roa
Signing time: Thu 17 Oct 2024 10:02:16 +0000
ROA not before: Thu 17 Oct 2024 10:02:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198331
IP address blocks: 89.145.176.0/21 maxlen: 21
194.0.213.0/24 maxlen: 24
2a02:7b80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:99:ed:94:19:4b:7e:d2:e1:a3:69:1c:12:f6:78:26:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=09ef0b8e5bbab29a1330fa0e7493f2a179847bb2
Validity
Not Before: Oct 17 10:02:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=df9a816d58e3382fe30ff0a464ac2d28f7bd0157
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:55:7d:fd:5a:07:70:2a:d4:cc:53:0c:66:07:
f4:34:37:15:23:0e:88:51:d7:1f:27:55:69:fd:5e:
f0:9d:99:3c:c2:48:f0:59:7d:d1:e0:f8:8e:1e:56:
58:b1:c1:66:89:0f:91:87:a9:59:c0:a0:98:d9:d7:
e6:73:2c:8e:df:78:82:b7:68:0b:86:23:5b:79:bd:
38:83:24:f5:3d:1f:37:03:c8:4c:6e:74:bb:c8:9d:
50:4f:ee:d9:fb:94:21:f3:56:4c:cb:63:4c:29:48:
05:fa:cc:eb:fb:00:91:3c:88:cd:09:74:0f:59:a3:
10:21:39:20:65:fd:18:9f:98:74:82:5e:ed:f0:10:
8e:30:d7:9c:ed:11:ab:67:b2:8c:58:d6:30:15:24:
98:d4:85:7c:d8:88:df:24:50:88:72:21:9e:e9:0a:
8d:64:26:e4:e1:be:73:95:9b:a6:fc:6a:90:44:3e:
ed:7b:47:de:52:b0:ad:08:01:d2:17:3e:67:96:3c:
db:c5:2e:7b:9f:c2:a8:f1:3a:3d:0c:c3:30:f7:67:
dc:b9:70:70:29:a6:b2:25:3a:15:32:a4:03:e9:94:
f1:00:f7:7a:f2:53:b1:3c:c8:be:01:61:d1:ec:5c:
47:bb:ba:e7:51:1a:f9:f4:25:85:24:90:a4:24:48:
4f:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:9A:81:6D:58:E3:38:2F:E3:0F:F0:A4:64:AC:2D:28:F7:BD:01:57
X509v3 Authority Key Identifier:
keyid:09:EF:0B:8E:5B:BA:B2:9A:13:30:FA:0E:74:93:F2:A1:79:84:7B:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ce8Ljlu6spoTMPoOdJPyoXmEe7I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/40543e-195a-4332-a8ed-37374e396c7d/1/35qBbVjjOC_jD_CkZKwtKPe9AVc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/40543e-195a-4332-a8ed-37374e396c7d/1/Ce8Ljlu6spoTMPoOdJPyoXmEe7I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.145.176.0/21
194.0.213.0/24
IPv6:
2a02:7b80::/32
Signature Algorithm: sha256WithRSAEncryption
0b:d0:26:93:92:6d:75:f6:27:33:fb:90:c8:75:c6:93:ca:2b:
f6:8a:15:9a:e5:53:9f:7e:a0:e0:3e:69:6b:f1:51:b2:c1:df:
ab:dc:ad:49:c9:59:2b:89:d5:cb:d9:2e:70:ee:04:68:8b:c8:
fa:8f:41:54:70:e5:37:46:c2:1f:e8:8d:d1:26:d0:31:26:d6:
7b:cc:3d:c7:fb:b6:30:bc:70:66:c7:09:35:53:78:de:50:53:
ff:2d:2f:3b:8b:3a:41:b0:b9:73:c1:34:9f:b4:bd:ff:0d:23:
f5:d6:c1:d1:f7:4b:33:d3:2e:47:e9:6c:f3:78:26:3d:c8:cd:
d8:c4:9c:4d:f6:66:25:00:1b:06:09:84:df:99:52:5b:5f:89:
8f:e3:2b:49:bf:d5:d1:25:04:10:e0:8c:ab:97:b1:c2:dc:6d:
ff:ba:ac:14:24:72:40:13:49:49:83:fd:4d:a9:77:23:3b:7d:
e1:9c:46:77:59:5c:ca:92:11:4a:d4:31:b9:9c:e0:fb:03:d2:
90:38:19:6b:0f:ae:fd:b6:c3:31:b6:a9:2e:0c:47:d8:b2:8f:
1f:c0:10:7d:2c:21:a8:de:c0:44:6b:a8:ac:59:b4:cd:ff:72:
70:6e:1c:48:36:8a:15:4c:13:84:47:93:78:b9:a7:39:ca:62:
d2:28:b3:fb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZKZ7ZQZS37S4aNpHBL2eCYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZWYwYjhlNWJiYWIyOWExMzMwZmEwZTc0OTNmMmExNzk4
NDdiYjIwHhcNMjQxMDE3MTAwMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjlhODE2ZDU4ZTMzODJmZTMwZmYwYTQ2NGFjMmQyOGY3YmQwMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFV9/VoHcCrUzFMMZgf0NDcVIw6I
UdcfJ1Vp/V7wnZk8wkjwWX3R4PiOHlZYscFmiQ+Rh6lZwKCY2dfmcyyO33iCt2gL
hiNbeb04gyT1PR83A8hMbnS7yJ1QT+7Z+5Qh81ZMy2NMKUgF+szr+wCRPIjNCXQP
WaMQITkgZf0Yn5h0gl7t8BCOMNec7RGrZ7KMWNYwFSSY1IV82IjfJFCIciGe6QqN
ZCbk4b5zlZum/GqQRD7te0feUrCtCAHSFz5nljzbxS57n8Ko8To9DMMw92fcuXBw
KaayJToVMqQD6ZTxAPd68lOxPMi+AWHR7FxHu7rnURr59CWFJJCkJEhPDQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN+agW1Y4zgv4w/wpGSsLSj3vQFXMB8GA1UdIwQY
MBaAFAnvC45burKaEzD6DnST8qF5hHuyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2U4TGpsdTZzcG9UTVBvT2RKUHlvWG1FZTdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC80MDU0M2UtMTk1YS00MzMyLWE4ZWQt
MzczNzRlMzk2YzdkLzEvMzVxQmJWampPQ19qRF9Da1pLd3RLUGU5QVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC80MDU0M2UtMTk1YS00MzMyLWE4ZWQtMzczNzRlMzk2Yzdk
LzEvQ2U4TGpsdTZzcG9UTVBvT2RKUHlvWG1FZTdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDWZGwAwQA
wgDVMA0EAgACMAcDBQAqAnuAMA0GCSqGSIb3DQEBCwUAA4IBAQAL0CaTkm119icz
+5DIdcaTyiv2ihWa5VOffqDgPmlr8VGywd+r3K1JyVkridXL2S5w7gRoi8j6j0FU
cOU3RsIf6I3RJtAxJtZ7zD3H+7YwvHBmxwk1U3jeUFP/LS87izpBsLlzwTSftL3/
DSP11sHR90sz0y5H6WzzeCY9yM3YxJxN9mYlABsGCYTfmVJbX4mP4ytJv9XRJQQQ
4Iyrl7HC3G3/uqwUJHJAE0lJg/1NqXcjO33hnEZ3WVzKkhFK1DG5nOD7A9KQOBlr
D679tsMxtqkuDEfYso8fwBB9LCGo3sBEa6isWbTN/3JwbhxINooVTBOER5N4uac5
ymLSKLP7
-----END CERTIFICATE-----
Generated at Mon Nov 11 17:00:12 2024 by rpki-client on console-ams.rpki-client.org