Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Cc0sS8b3yhldsYb-QO6hcmgQfxw.roa
File: Cc0sS8b3yhldsYb-QO6hcmgQfxw.roa (raw, json)
Hash identifier: 4l7KLqtHyg5PJsgETvUM8lwgjx8oLbXlpwEO5enj32o=
Subject key identifier: 09:CD:2C:4B:C6:F7:CA:19:5D:B1:86:FE:40:EE:A1:72:68:10:7F:1C
Certificate issuer: /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial: 01856C6EF3989FC8CF6D373D104345F86087
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Cc0sS8b3yhldsYb-QO6hcmgQfxw.roa
Signing time: Sun 01 Jan 2023 08:24:48 +0000
ROA not before: Sun 01 Jan 2023 08:24:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9050
IP address blocks: 89.39.1.0/24 maxlen: 24
89.39.2.0/24 maxlen: 24
89.39.0.0/24 maxlen: 24
89.39.4.0/24 maxlen: 24
89.39.3.0/24 maxlen: 24
89.34.101.0/24 maxlen: 24
89.39.5.0/24 maxlen: 24
89.34.238.0/24 maxlen: 24
188.241.72.0/24 maxlen: 24
89.40.226.0/24 maxlen: 24
185.248.138.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:6e:f3:98:9f:c8:cf:6d:37:3d:10:43:45:f8:60:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Validity
Not Before: Jan 1 08:24:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=09cd2c4bc6f7ca195db186fe40eea17268107f1c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:f5:c1:82:35:6e:22:df:84:e7:8a:3a:b5:ac:
86:d5:21:6a:72:1d:57:2d:84:a1:91:59:ac:9d:85:
79:55:15:9d:90:e8:65:e8:45:9c:29:e5:f4:6f:18:
d6:a1:25:53:b2:e5:ed:35:0f:48:cc:24:d4:7e:ee:
f9:41:ee:6c:65:b5:5d:ff:a1:82:94:2b:4d:1c:34:
ad:b6:cb:3c:6c:93:44:1e:ca:ff:21:8f:6d:01:b8:
af:73:1a:13:e2:78:2b:85:d2:49:8b:68:2d:b7:04:
ed:d8:89:b2:cd:80:0d:ca:91:83:75:c1:47:df:99:
65:e3:01:d4:dd:a0:6d:d4:35:b7:57:af:4c:00:13:
5c:4e:da:56:c5:01:00:5f:65:8a:41:8b:6a:37:22:
dc:44:91:f4:d6:3b:3b:8e:3f:af:3e:b4:f3:9b:5c:
ab:80:12:39:f2:26:f3:f0:a5:8e:f0:7e:86:08:e5:
fc:ae:98:e8:91:38:3c:24:8c:84:57:bc:78:e2:4d:
6a:70:07:1e:f0:8b:38:7c:b7:83:60:b4:e3:17:cb:
94:5c:ad:4c:98:4b:9e:98:2b:dc:af:8b:30:17:5d:
66:d5:24:dd:1b:8e:a4:2c:5b:c1:ed:fe:1a:84:c9:
00:c3:7e:6f:92:17:00:c2:6f:3a:ae:86:a6:98:d5:
e9:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:CD:2C:4B:C6:F7:CA:19:5D:B1:86:FE:40:EE:A1:72:68:10:7F:1C
X509v3 Authority Key Identifier:
keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Cc0sS8b3yhldsYb-QO6hcmgQfxw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.101.0/24
89.34.238.0/24
89.39.0.0-89.39.5.255
89.40.226.0/24
185.248.138.0/24
188.241.72.0/24
Signature Algorithm: sha256WithRSAEncryption
92:cb:fc:61:6a:27:b6:92:ac:2d:b8:1d:70:43:8e:f1:bf:13:
89:b7:50:bb:97:52:04:ac:de:12:f3:5f:45:c4:c4:92:8e:9d:
9c:cc:06:f9:80:ae:83:88:68:63:52:88:c6:52:15:44:32:2e:
b4:5e:a2:c7:5c:aa:b6:2e:04:b4:1d:e7:0d:3f:25:25:9b:d4:
e8:7b:54:5d:64:e3:08:4b:13:fb:16:57:da:13:53:50:ab:cf:
2e:3c:6b:5f:d7:7f:d0:44:03:ad:a3:57:e6:2c:a8:66:09:ee:
65:4f:cc:c5:74:8e:03:06:79:e3:5f:9d:db:45:b5:e8:79:63:
13:47:1c:97:96:94:42:1a:1c:f8:d0:4d:d0:a3:7b:04:2a:92:
cf:c5:7d:f5:09:8f:17:3f:27:50:ef:52:3a:8d:4b:00:07:7b:
1c:70:ae:cd:6d:a7:df:b2:9e:51:dd:ab:a9:0c:e5:8d:eb:67:
7a:a0:5f:e4:2e:c8:d2:78:bd:e8:79:2d:31:1c:3b:73:38:93:
93:fd:a3:f2:dc:e3:69:f7:e5:36:3b:73:54:1b:e1:cf:33:1a:
dc:92:be:95:ba:88:d1:51:49:3c:f4:4c:c2:72:a2:6e:5f:71:
fb:e4:53:de:de:91:e6:45:5d:4a:0a:be:8c:c8:79:bc:6b:37:
69:84:12:c4
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYVsbvOYn8jPbTc9EENF+GCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjMwMTAxMDgyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWNkMmM0YmM2ZjdjYTE5NWRiMTg2ZmU0MGVlYTE3MjY4MTA3ZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvXBgjVuIt+E54o6tayG1SFqch1X
LYShkVmsnYV5VRWdkOhl6EWcKeX0bxjWoSVTsuXtNQ9IzCTUfu75Qe5sZbVd/6GC
lCtNHDSttss8bJNEHsr/IY9tAbivcxoT4ngrhdJJi2gttwTt2ImyzYANypGDdcFH
35ll4wHU3aBt1DW3V69MABNcTtpWxQEAX2WKQYtqNyLcRJH01js7jj+vPrTzm1yr
gBI58ibz8KWO8H6GCOX8rpjokTg8JIyEV7x44k1qcAce8Is4fLeDYLTjF8uUXK1M
mEuemCvcr4swF11m1STdG46kLFvB7f4ahMkAw35vkhcAwm86roammNXpYQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFAnNLEvG98oZXbGG/kDuoXJoEH8cMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvQ2Mwc1M4YjN5aGxkc1liLVFPNmhjbWdRZnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAxBAIAATArAwQAWSJlAwQA
WSLuMAsDAwBZJwMEAVknBAMEAFko4gMEALn4igMEALzxSDANBgkqhkiG9w0BAQsF
AAOCAQEAksv8YWontpKsLbgdcEOO8b8TibdQu5dSBKzeEvNfRcTEko6dnMwG+YCu
g4hoY1KIxlIVRDIutF6ix1yqti4EtB3nDT8lJZvU6HtUXWTjCEsT+xZX2hNTUKvP
LjxrX9d/0EQDraNX5iyoZgnuZU/MxXSOAwZ541+d20W16HljE0ccl5aUQhoc+NBN
0KN7BCqSz8V99QmPFz8nUO9SOo1LAAd7HHCuzW2n37KeUd2rqQzljetneqBf5C7I
0ni96HktMRw7cziTk/2j8tzjafflNjtzVBvhzzMa3JK+lbqI0VFJPPRMwnKibl9x
++RT3t6R5kVdSgq+jMh5vGs3aYQSxA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:01 2023 by rpki-client on console-fra.rpki-client.org