Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/RQ8r98SiPEY8OEdUtO76bH-qiCY.roa
File: RQ8r98SiPEY8OEdUtO76bH-qiCY.roa (raw, json)
Hash identifier: P524VLTr2kvgKlCBWqz2neB5/rhIsfI49jZa6Uan0ck=
Subject key identifier: 45:0F:2B:F7:C4:A2:3C:46:3C:38:47:54:B4:EE:FA:6C:7F:AA:88:26
Certificate issuer: /CN=679a75debd65359a45317f203f11a321e14b2f2c
Certificate serial: 01891E3D22A44F38BF6FCEE70C6C6ADBED25
Authority key identifier: 67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/RQ8r98SiPEY8OEdUtO76bH-qiCY.roa
Signing time: Tue 04 Jul 2023 00:11:10 +0000
ROA not before: Tue 04 Jul 2023 00:11:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 94.176.96.0/24 maxlen: 24
89.44.77.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:1e:3d:22:a4:4f:38:bf:6f:ce:e7:0c:6c:6a:db:ed:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=679a75debd65359a45317f203f11a321e14b2f2c
Validity
Not Before: Jul 4 00:11:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=450f2bf7c4a23c463c384754b4eefa6c7faa8826
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:48:9b:82:e6:e2:de:33:eb:39:6d:3d:25:e8:
69:25:20:0c:0c:b5:d7:fb:e3:dc:60:8e:ae:74:52:
5c:6e:a3:33:22:0b:c2:f2:72:6b:2e:c5:e2:f8:f1:
46:9b:a6:9a:5a:17:9a:c8:d9:43:bf:eb:4c:61:1a:
a4:7d:e2:a1:4e:70:06:4e:9b:ea:27:2c:71:c6:d7:
bb:d2:82:3c:65:a2:3e:cc:41:91:2b:14:72:6b:51:
95:b0:c6:55:0c:fc:0e:65:51:64:cf:ae:5d:2b:82:
65:86:49:91:40:26:16:6a:d1:d1:ed:8a:e9:43:b3:
14:d5:1b:6c:a8:1b:a8:6c:d8:07:b4:de:a1:f5:87:
b5:da:1f:d2:6f:68:e8:9f:22:48:1a:40:c3:10:96:
0d:50:86:03:20:77:19:f8:e0:f3:0b:bc:00:9e:72:
ea:f1:f9:24:52:ab:29:7b:93:3b:62:8e:1e:bc:7a:
73:42:e9:68:82:e7:0d:46:4d:b8:fd:9d:55:a2:34:
d8:e6:ff:19:4e:62:16:8e:f2:fe:a3:99:13:8d:7d:
46:c9:6c:53:6f:e8:c3:90:d5:65:74:30:1f:97:1d:
b4:a2:c2:f2:34:0c:a2:9d:44:f5:34:ef:38:cb:ea:
70:2f:4c:e1:0d:4d:44:bd:f5:5d:8f:39:9b:31:d0:
fd:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:0F:2B:F7:C4:A2:3C:46:3C:38:47:54:B4:EE:FA:6C:7F:AA:88:26
X509v3 Authority Key Identifier:
keyid:67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/RQ8r98SiPEY8OEdUtO76bH-qiCY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/Z5p13r1lNZpFMX8gPxGjIeFLLyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.44.77.0/24
94.176.96.0/24
Signature Algorithm: sha256WithRSAEncryption
97:ba:42:3f:18:0f:c8:ed:d2:b3:76:94:1e:c1:a8:d9:65:43:
8e:6b:d6:30:cb:08:29:f4:aa:d4:7e:bf:e8:db:c3:8e:51:54:
e7:aa:8a:9c:11:6c:47:11:eb:ff:a0:5d:3e:c1:ea:15:23:9f:
7b:15:6d:cb:be:5b:89:07:d7:36:21:f5:87:ab:67:96:f4:06:
db:ff:8e:67:59:01:b9:ac:3c:bf:b0:f6:d4:72:b4:4d:e3:cc:
57:64:5a:62:dc:de:93:cc:25:4b:1a:93:c3:f0:09:4f:05:bc:
af:7d:0c:71:a3:ea:e9:6a:ee:6b:1d:af:c2:2f:2c:fb:1b:d3:
53:c8:1a:99:eb:e5:82:15:15:67:53:21:31:b2:87:f3:8c:15:
5a:9d:2f:cb:de:86:b1:09:19:06:36:12:15:28:4b:05:be:3a:
6c:69:24:88:ba:9e:49:15:44:30:42:3a:1a:10:d0:85:bf:35:
24:59:65:6b:93:54:e0:1d:81:87:19:2f:d9:f6:15:9b:6d:9e:
db:a7:ed:0b:cf:95:3c:79:38:2e:70:a0:71:fc:9c:05:12:d2:
1c:3c:7b:9f:a0:28:2a:0a:18:4c:c0:c1:62:db:f5:1e:08:0f:
1b:2e:0d:6a:26:79:c9:b0:bf:d9:86:37:3c:f4:ae:b1:f4:8d:
49:43:fe:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYkePSKkTzi/b87nDGxq2+0lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OWE3NWRlYmQ2NTM1OWE0NTMxN2YyMDNmMTFhMzIxZTE0
YjJmMmMwHhcNMjMwNzA0MDAxMTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTBmMmJmN2M0YTIzYzQ2M2MzODQ3NTRiNGVlZmE2YzdmYWE4ODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkibgubi3jPrOW09JehpJSAMDLXX
++PcYI6udFJcbqMzIgvC8nJrLsXi+PFGm6aaWheayNlDv+tMYRqkfeKhTnAGTpvq
Jyxxxte70oI8ZaI+zEGRKxRya1GVsMZVDPwOZVFkz65dK4JlhkmRQCYWatHR7Yrp
Q7MU1RtsqBuobNgHtN6h9Ye12h/Sb2jonyJIGkDDEJYNUIYDIHcZ+ODzC7wAnnLq
8fkkUqspe5M7Yo4evHpzQulogucNRk24/Z1VojTY5v8ZTmIWjvL+o5kTjX1GyWxT
b+jDkNVldDAflx20osLyNAyinUT1NO84y+pwL0zhDU1EvfVdjzmbMdD9jQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEUPK/fEojxGPDhHVLTu+mx/qogmMB8GA1UdIwQY
MBaAFGeadd69ZTWaRTF/ID8RoyHhSy8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVwMTNyMWxOWnBGTVg4Z1B4R2pJZUZMTHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS83YTM5YjEtMWQxYy00OTE5LWIxOWMt
M2VlYmU3MTk2OTcyLzEvUlE4cjk4U2lQRVk4T0VkVXRPNzZiSC1xaUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS83YTM5YjEtMWQxYy00OTE5LWIxOWMtM2VlYmU3MTk2OTcy
LzEvWjVwMTNyMWxOWnBGTVg4Z1B4R2pJZUZMTHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSxNAwQA
XrBgMA0GCSqGSIb3DQEBCwUAA4IBAQCXukI/GA/I7dKzdpQewajZZUOOa9Ywywgp
9KrUfr/o28OOUVTnqoqcEWxHEev/oF0+weoVI597FW3LvluJB9c2IfWHq2eW9Abb
/45nWQG5rDy/sPbUcrRN48xXZFpi3N6TzCVLGpPD8AlPBbyvfQxxo+rpau5rHa/C
Lyz7G9NTyBqZ6+WCFRVnUyExsofzjBVanS/L3oaxCRkGNhIVKEsFvjpsaSSIup5J
FUQwQjoaENCFvzUkWWVrk1TgHYGHGS/Z9hWbbZ7bp+0Lz5U8eTgucKBx/JwFEtIc
PHufoCgqChhMwMFi2/UeCA8bLg1qJnnJsL/Zhjc89K6x9I1JQ/7U
-----END CERTIFICATE-----
Generated at Wed Oct 11 11:54:30 2023 by rpki-client on console-fra.rpki-client.org