Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/dtsw9GG5z5Pwsz7IaFtY56UEe9M.roa
File: dtsw9GG5z5Pwsz7IaFtY56UEe9M.roa (raw, json)
Hash identifier: Xpsv+zxhUz59fLJwiJukEswxLmQa3+sluFbpO2KE/aA=
Subject key identifier: 76:DB:30:F4:61:B9:CF:93:F0:B3:3E:C8:68:5B:58:E7:A5:04:7B:D3
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 01856E41D5F20B858ECD4BFC7A3A84BD48BC
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/dtsw9GG5z5Pwsz7IaFtY56UEe9M.roa
Signing time: Sun 01 Jan 2023 16:54:46 +0000
ROA not before: Sun 01 Jan 2023 16:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41055
IP address blocks: 89.38.27.0/24 maxlen: 24
89.36.229.0/24 maxlen: 24
93.113.170.0/24 maxlen: 24
77.81.190.0/24 maxlen: 24
89.38.100.0/24 maxlen: 24
89.39.70.0/24 maxlen: 24
89.39.191.0/24 maxlen: 24
89.39.82.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:41:d5:f2:0b:85:8e:cd:4b:fc:7a:3a:84:bd:48:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Jan 1 16:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=76db30f461b9cf93f0b33ec8685b58e7a5047bd3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:03:19:d7:b4:24:79:f2:92:ed:83:71:53:04:
81:90:aa:e1:66:3f:22:c1:63:2f:7b:6b:16:f1:f3:
dc:31:c0:ac:92:df:bc:48:c4:eb:2f:60:8c:0a:28:
f7:97:87:02:9b:11:83:16:d7:cd:51:18:28:a1:5b:
8c:7f:01:4d:4e:fa:a7:bb:1d:49:ce:d9:76:d4:5f:
75:98:05:38:bf:57:43:bc:e1:29:25:e2:d1:5e:17:
84:f6:0e:8f:c8:74:b7:38:c2:92:b3:16:8c:b4:d4:
00:fb:7f:44:5b:62:66:a7:b5:69:e9:49:04:df:8d:
d5:9e:e9:b6:a3:bd:b7:e0:20:8f:cc:e2:82:8b:68:
7a:34:a9:79:b8:7a:21:9c:8a:23:5a:47:60:30:d4:
0b:f4:b1:58:0e:90:79:64:34:fe:f5:9d:d6:59:91:
5f:03:9e:0a:72:f8:a7:f8:88:eb:2e:9b:0d:63:ca:
8e:01:77:9f:69:9d:06:87:19:2c:3b:30:23:22:0f:
9b:1a:19:73:59:76:1c:63:78:57:0d:87:86:b5:58:
30:db:64:1d:b5:2c:b8:7d:d1:d7:cc:f3:24:1d:37:
4c:74:b6:f3:a0:38:c5:e3:f2:e5:dc:4e:69:2e:2b:
10:ff:4c:aa:8f:b4:4d:43:ff:7f:da:f0:47:08:1a:
28:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:DB:30:F4:61:B9:CF:93:F0:B3:3E:C8:68:5B:58:E7:A5:04:7B:D3
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/dtsw9GG5z5Pwsz7IaFtY56UEe9M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.81.190.0/24
89.36.229.0/24
89.38.27.0/24
89.38.100.0/24
89.39.70.0/24
89.39.82.0/24
89.39.191.0/24
93.113.170.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:42:22:45:01:57:4d:b0:20:fa:3d:42:ed:94:41:70:10:29:
eb:a8:84:b9:a2:c0:7e:6d:ff:65:43:31:97:8b:93:31:c4:b3:
bb:c0:bd:80:4e:7a:2a:f8:52:9a:de:8c:32:13:6a:a0:ac:67:
6c:9f:b8:18:6c:6d:53:9d:f8:88:63:c5:8e:53:b8:f2:5b:f5:
ab:0f:1d:bc:a0:6c:9b:95:6c:d5:14:6f:a3:b0:92:bc:e1:29:
93:e6:1b:44:a7:17:31:e5:90:53:24:4b:5f:77:72:3e:5e:ce:
99:1f:0b:b4:7a:dd:17:3e:4d:4e:45:33:13:fd:69:a6:d9:28:
40:f6:ae:6d:e6:fb:54:1b:5e:32:7a:6b:57:e5:c2:12:bb:76:
a0:16:4c:30:64:9b:3d:49:fd:6e:e8:26:ec:5a:10:c2:2a:08:
4d:ac:e3:40:40:04:da:42:a2:97:30:25:e0:6f:61:e4:ae:d7:
2b:e6:cb:1f:bc:1f:11:d2:8b:bf:98:eb:8d:4f:7b:cf:42:c7:
fe:af:83:b3:f8:ae:1b:a6:6b:b3:20:d9:58:aa:66:1d:7c:5f:
4a:e9:4a:90:27:9f:75:d9:30:f6:6e:a3:1d:6c:83:a2:d5:2c:
79:1e:ca:5c:6d:4e:7f:90:04:5b:d2:5e:8e:a8:33:fa:54:4a:
62:0e:71:24
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVuQdXyC4WOzUv8ejqEvUi8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjMwMTAxMTY1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmRiMzBmNDYxYjljZjkzZjBiMzNlYzg2ODViNThlN2E1MDQ3YmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgMZ17QkefKS7YNxUwSBkKrhZj8i
wWMve2sW8fPcMcCskt+8SMTrL2CMCij3l4cCmxGDFtfNURgooVuMfwFNTvqnux1J
ztl21F91mAU4v1dDvOEpJeLRXheE9g6PyHS3OMKSsxaMtNQA+39EW2Jmp7Vp6UkE
343Vnum2o7234CCPzOKCi2h6NKl5uHohnIojWkdgMNQL9LFYDpB5ZDT+9Z3WWZFf
A54Kcvin+IjrLpsNY8qOAXefaZ0GhxksOzAjIg+bGhlzWXYcY3hXDYeGtVgw22Qd
tSy4fdHXzPMkHTdMdLbzoDjF4/Ll3E5pLisQ/0yqj7RNQ/9/2vBHCBoomwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHbbMPRhuc+T8LM+yGhbWOelBHvTMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvZHRzdzlHRzV6NVB3c3o3SWFGdFk1NlVFZTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATVG+AwQA
WSTlAwQAWSYbAwQAWSZkAwQAWSdGAwQAWSdSAwQAWSe/AwQAXXGqMA0GCSqGSIb3
DQEBCwUAA4IBAQCiQiJFAVdNsCD6PULtlEFwECnrqIS5osB+bf9lQzGXi5MxxLO7
wL2ATnoq+FKa3owyE2qgrGdsn7gYbG1TnfiIY8WOU7jyW/WrDx28oGyblWzVFG+j
sJK84SmT5htEpxcx5ZBTJEtfd3I+Xs6ZHwu0et0XPk1ORTMT/Wmm2ShA9q5t5vtU
G14yemtX5cISu3agFkwwZJs9Sf1u6CbsWhDCKghNrONAQATaQqKXMCXgb2Hkrtcr
5ssfvB8R0ou/mOuNT3vPQsf+r4Oz+K4bpmuzINlYqmYdfF9K6UqQJ5912TD2bqMd
bIOi1Sx5HspcbU5/kARb0l6OqDP6VEpiDnEk
-----END CERTIFICATE-----
Generated at Sat Apr 19 02:08:54 2025 by rpki-client