Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/_vWzRilbaMWFJ6O5VFD7IZzqqFU.roa
File: _vWzRilbaMWFJ6O5VFD7IZzqqFU.roa (raw, json)
Hash identifier: +AdeG2RW0T4rKX979GfRc3czwf7pT+KiMJhI4EM5ZNg=
Subject key identifier: FE:F5:B3:46:29:5B:68:C5:85:27:A3:B9:54:50:FB:21:9C:EA:A8:55
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 018CC802C70219693A73B90D1B8A6B11D8AE
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/_vWzRilbaMWFJ6O5VFD7IZzqqFU.roa
Signing time: Tue 02 Jan 2024 02:31:14 +0000
ROA not before: Tue 02 Jan 2024 02:31:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41055
IP address blocks: 89.38.27.0/24 maxlen: 24
89.36.229.0/24 maxlen: 24
93.113.170.0/24 maxlen: 24
77.81.190.0/24 maxlen: 24
89.38.100.0/24 maxlen: 24
89.39.70.0/24 maxlen: 24
89.39.191.0/24 maxlen: 24
89.39.82.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:02:c7:02:19:69:3a:73:b9:0d:1b:8a:6b:11:d8:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Jan 2 02:31:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fef5b346295b68c58527a3b95450fb219ceaa855
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:5e:ac:ec:1c:c8:eb:96:33:16:fe:54:6b:5d:
07:5e:59:5a:05:17:c2:ed:30:10:46:34:2f:07:df:
09:35:31:44:1f:72:68:21:4e:5f:2e:5c:c9:98:88:
27:e0:16:fc:7d:c6:0a:06:cf:11:54:78:70:fa:66:
44:99:15:9f:e9:b4:ed:2c:2e:35:67:d6:19:8a:74:
0e:65:79:2e:94:ae:c8:d3:b4:06:d0:22:ca:7f:49:
49:4e:58:c0:00:31:9e:9c:cd:e2:d2:50:56:b1:7d:
64:7d:56:62:81:a8:10:b9:91:18:72:ba:bb:bf:3d:
8e:61:11:0d:89:2a:b1:4b:a5:8d:00:0e:4b:42:67:
60:82:0f:d1:c4:b9:8d:23:68:9c:4e:86:64:0f:82:
41:09:eb:f6:04:f7:df:40:80:5c:89:40:24:32:52:
16:0f:bc:96:1f:ef:65:c3:5b:89:c5:9c:e0:11:a6:
25:5f:13:cd:b4:6c:5b:27:ae:bb:fc:99:54:b1:eb:
b5:e7:fa:42:11:34:3a:5b:b2:97:34:83:a8:1d:4d:
11:7c:eb:ac:de:8f:7b:d9:19:2d:bb:1e:b7:dd:ad:
34:de:68:97:b1:a2:1e:77:92:fd:f6:f4:50:b0:4e:
d1:aa:8a:8e:1b:2b:d4:87:7c:36:06:d8:0b:64:98:
ff:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:F5:B3:46:29:5B:68:C5:85:27:A3:B9:54:50:FB:21:9C:EA:A8:55
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/_vWzRilbaMWFJ6O5VFD7IZzqqFU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.81.190.0/24
89.36.229.0/24
89.38.27.0/24
89.38.100.0/24
89.39.70.0/24
89.39.82.0/24
89.39.191.0/24
93.113.170.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:07:59:e5:13:f5:df:27:e3:82:17:86:3d:31:c8:b0:b0:25:
72:a6:2f:47:74:3a:5b:f7:c1:03:59:ac:2b:87:5d:63:52:52:
ce:75:85:46:6d:17:f4:90:7d:0c:64:da:e8:ab:33:b7:78:b4:
fd:d6:9f:b3:2f:a0:55:04:e8:cc:ff:af:9c:85:bc:96:ca:44:
7b:09:87:7b:36:e9:3e:9f:f3:4c:94:54:a4:5d:1d:89:a2:c3:
73:75:96:bf:9a:48:96:e1:0a:d2:cc:61:1a:e1:35:65:7b:3a:
72:fe:02:b4:4d:3c:08:30:a1:ed:b3:b5:e8:58:e3:fb:c1:e8:
9c:98:b7:ec:8b:69:29:04:d6:21:2f:bd:c6:aa:98:3c:82:d6:
0d:3e:78:36:d9:3f:68:91:a8:6d:e5:16:80:e3:cf:af:10:0c:
4c:c2:11:9c:ba:9d:e0:47:4c:25:c8:03:a7:0e:bc:ad:2a:5b:
ec:89:6e:55:a8:fe:54:14:79:cd:8b:78:4b:3b:c2:73:e3:fa:
ba:06:a7:35:72:10:d9:83:fe:e8:76:44:e7:03:ee:f5:bc:bc:
5a:3f:13:37:e5:22:cb:04:73:44:33:33:0c:0e:e0:3f:23:3c:
0d:e2:7c:78:3c:e0:f3:52:b7:ac:e5:dd:b5:31:3a:14:4e:81:
61:b4:3f:2e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzIAscCGWk6c7kNG4prEdiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWY1YjM0NjI5NWI2OGM1ODUyN2EzYjk1NDUwZmIyMTljZWFhODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl16s7BzI65YzFv5Ua10HXllaBRfC
7TAQRjQvB98JNTFEH3JoIU5fLlzJmIgn4Bb8fcYKBs8RVHhw+mZEmRWf6bTtLC41
Z9YZinQOZXkulK7I07QG0CLKf0lJTljAADGenM3i0lBWsX1kfVZigagQuZEYcrq7
vz2OYRENiSqxS6WNAA5LQmdggg/RxLmNI2icToZkD4JBCev2BPffQIBciUAkMlIW
D7yWH+9lw1uJxZzgEaYlXxPNtGxbJ667/JlUseu15/pCETQ6W7KXNIOoHU0RfOus
3o972Rktux633a003miXsaIed5L99vRQsE7RqoqOGyvUh3w2BtgLZJj/1QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFP71s0YpW2jFhSejuVRQ+yGc6qhVMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvX3ZXelJpbGJhTVdGSjZPNVZGRDdJWnpxcUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATVG+AwQA
WSTlAwQAWSYbAwQAWSZkAwQAWSdGAwQAWSdSAwQAWSe/AwQAXXGqMA0GCSqGSIb3
DQEBCwUAA4IBAQANB1nlE/XfJ+OCF4Y9MciwsCVypi9HdDpb98EDWawrh11jUlLO
dYVGbRf0kH0MZNroqzO3eLT91p+zL6BVBOjM/6+chbyWykR7CYd7Nuk+n/NMlFSk
XR2JosNzdZa/mkiW4QrSzGEa4TVlezpy/gK0TTwIMKHts7XoWOP7weicmLfsi2kp
BNYhL73Gqpg8gtYNPng22T9okaht5RaA48+vEAxMwhGcup3gR0wlyAOnDrytKlvs
iW5VqP5UFHnNi3hLO8Jz4/q6Bqc1chDZg/7odkTnA+71vLxaPxM35SLLBHNEMzMM
DuA/IzwN4nx4PODzUres5d21MToUToFhtD8u
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:31 2025 by rpki-client