Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ieOb2o8zOqzfWXtmip5Y1SUxCUQ.roa
File: ieOb2o8zOqzfWXtmip5Y1SUxCUQ.roa (raw, json)
Hash identifier: bqblY1N8fripd7OlGiJm0ItMiEGoQRsFk2KPz1nukZc=
Subject key identifier: 89:E3:9B:DA:8F:33:3A:AC:DF:59:7B:66:8A:9E:58:D5:25:31:09:44
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 018C255A4B3BD5E189B15BD43A76A2F86E35
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ieOb2o8zOqzfWXtmip5Y1SUxCUQ.roa
Signing time: Fri 01 Dec 2023 12:28:43 +0000
ROA not before: Fri 01 Dec 2023 12:28:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29300
IP address blocks: 81.88.64.0/20 maxlen: 20
82.148.160.0/19 maxlen: 19
109.169.96.0/19 maxlen: 19
2a02:2828::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:25:5a:4b:3b:d5:e1:89:b1:5b:d4:3a:76:a2:f8:6e:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: Dec 1 12:28:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=89e39bda8f333aacdf597b668a9e58d525310944
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:64:58:51:4f:05:d6:99:98:63:8f:90:2a:f1:
47:3a:33:51:05:42:00:93:0a:d8:65:ff:70:ff:d2:
83:b1:c8:7e:87:05:ea:8b:3f:73:a2:4e:e3:bd:9c:
14:d2:ca:3d:4e:f9:9f:62:f2:80:f2:a9:f0:c7:4b:
19:ba:78:80:e2:fa:1a:cc:b8:5a:1d:36:45:0a:af:
c8:18:66:63:ea:97:3c:13:93:e7:b5:ba:81:ea:d8:
74:c8:14:01:49:9d:ad:5d:d9:85:97:b4:42:ce:f8:
e7:0f:15:a0:31:5d:0a:e8:62:f8:12:1b:f4:53:5e:
8d:1b:a9:bc:2a:e8:a3:be:dc:89:9b:bd:9f:59:d5:
d3:f0:c3:2f:42:cc:16:61:b0:42:09:28:58:d5:0b:
e6:f8:70:1a:66:21:ab:fe:83:7b:91:89:01:46:bb:
a1:40:e0:42:ad:fb:26:56:92:2d:96:69:77:48:0c:
e3:38:3d:f0:a3:c0:03:9d:12:bc:b2:dc:53:f3:63:
7d:6b:a7:86:d8:0a:b8:2e:db:6a:1e:be:e1:d6:28:
fa:70:0a:5e:91:e4:11:a4:c1:45:bf:f8:62:7d:62:
45:96:ea:72:86:91:d4:c0:e8:34:a5:59:42:ce:cb:
45:78:86:42:4e:37:74:60:76:dd:1d:13:ed:18:a3:
0a:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:E3:9B:DA:8F:33:3A:AC:DF:59:7B:66:8A:9E:58:D5:25:31:09:44
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ieOb2o8zOqzfWXtmip5Y1SUxCUQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.64.0/20
82.148.160.0/19
109.169.96.0/19
IPv6:
2a02:2828::/32
Signature Algorithm: sha256WithRSAEncryption
24:fa:b1:e5:e0:24:58:c1:2a:60:00:03:6b:e3:c0:82:0c:4c:
fe:e8:7a:7d:cc:ec:ca:9d:f0:a0:91:d0:f1:59:df:92:38:fe:
a5:d3:c7:f8:66:a3:98:07:55:c0:80:bb:df:f5:65:2d:a1:e9:
e8:49:24:97:b6:e9:3f:12:08:cb:24:49:38:8a:b6:38:9d:7d:
4e:6d:19:de:af:89:8f:49:c1:f0:36:77:86:29:75:7b:e7:11:
d3:ca:03:05:0e:23:6e:ec:4a:90:a6:02:41:9e:5a:02:09:68:
8b:b8:ab:d5:68:d4:bb:e8:e6:ff:4a:9b:a9:b5:fd:b4:16:da:
eb:b4:46:00:dd:be:64:be:0b:12:61:4e:22:65:96:46:ba:4a:
e1:79:7e:90:4c:01:4f:0d:56:6b:c9:d0:7e:d7:3f:8a:f3:b3:
a3:72:0f:07:2c:cc:cc:da:ea:8f:cd:08:3a:30:f2:0b:25:b4:
84:10:d5:0f:b5:f4:ea:e1:55:f3:13:4b:71:c2:7f:49:54:52:
06:13:1f:a0:e3:3d:c1:6f:88:50:70:37:2c:7e:4a:9c:42:1d:
0a:9d:41:ee:17:66:ce:e8:98:2f:f5:28:f4:f2:c6:ad:25:02:
3b:f6:56:61:3e:fb:58:55:fb:0b:ac:c7:b1:f9:04:22:15:36:
3d:de:b5:e0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYwlWks71eGJsVvUOnai+G41MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjMxMjAxMTIyODQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWUzOWJkYThmMzMzYWFjZGY1OTdiNjY4YTllNThkNTI1MzEwOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGRYUU8F1pmYY4+QKvFHOjNRBUIA
kwrYZf9w/9KDsch+hwXqiz9zok7jvZwU0so9TvmfYvKA8qnwx0sZuniA4voazLha
HTZFCq/IGGZj6pc8E5PntbqB6th0yBQBSZ2tXdmFl7RCzvjnDxWgMV0K6GL4Ehv0
U16NG6m8KuijvtyJm72fWdXT8MMvQswWYbBCCShY1Qvm+HAaZiGr/oN7kYkBRruh
QOBCrfsmVpItlml3SAzjOD3wo8ADnRK8stxT82N9a6eG2Aq4LttqHr7h1ij6cApe
keQRpMFFv/hifWJFlupyhpHUwOg0pVlCzstFeIZCTjd0YHbdHRPtGKMKhQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFInjm9qPMzqs31l7ZoqeWNUlMQlEMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvaWVPYjJvOHpPcXpmV1h0bWlwNVkxU1V4Q1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEUVhAAwQF
UpSgAwQFbalgMA0EAgACMAcDBQAqAigoMA0GCSqGSIb3DQEBCwUAA4IBAQAk+rHl
4CRYwSpgAANr48CCDEz+6Hp9zOzKnfCgkdDxWd+SOP6l08f4ZqOYB1XAgLvf9WUt
oenoSSSXtuk/EgjLJEk4irY4nX1ObRner4mPScHwNneGKXV75xHTygMFDiNu7EqQ
pgJBnloCCWiLuKvVaNS76Ob/Spuptf20FtrrtEYA3b5kvgsSYU4iZZZGukrheX6Q
TAFPDVZrydB+1z+K87Ojcg8HLMzM2uqPzQg6MPILJbSEENUPtfTq4VXzE0txwn9J
VFIGEx+g4z3Bb4hQcDcsfkqcQh0KnUHuF2bO6Jgv9Sj08satJQI79lZhPvtYVfsL
rMex+QQiFTY93rXg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:46 2024 by rpki-client on console-fra.rpki-client.org