Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/zI8d12tkfo8dM01CTzPkFoB2g_A.roa
File: zI8d12tkfo8dM01CTzPkFoB2g_A.roa (raw, json)
Hash identifier: LZRu76OTBGrlAot3anIXX5UmT1qjro8nDJhDIezp/T0=
Subject key identifier: CC:8F:1D:D7:6B:64:7E:8F:1D:33:4D:42:4F:33:E4:16:80:76:83:F0
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 1755EDC5
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/zI8d12tkfo8dM01CTzPkFoB2g_A.roa
Signing time: Sat 01 Jan 2022 16:03:56 +0000
ROA not before: Sat 01 Jan 2022 16:03:56 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59856
IP address blocks: 89.40.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 391507397 (0x1755edc5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Jan 1 16:03:56 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cc8f1dd76b647e8f1d334d424f33e416807683f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:78:a0:01:f2:b4:49:08:1d:d4:3e:ea:25:73:
94:48:59:37:c5:d9:a4:3c:b4:5d:f1:cf:48:9f:f5:
d4:0d:9a:e6:30:42:23:da:b0:1d:21:b2:1c:a2:2e:
9a:42:4c:6c:f4:dc:8f:6a:0c:16:61:6f:2a:70:b0:
2b:98:65:95:f5:96:fe:73:45:f3:54:3d:48:86:ef:
76:4b:59:54:36:c2:93:21:f0:df:7e:40:dc:70:86:
17:1c:94:1c:86:f6:49:c8:9e:e7:ff:ac:71:49:c8:
ec:8b:df:2e:2e:e0:52:1d:18:74:38:2d:49:f7:28:
b5:32:2e:19:09:c8:42:d4:55:8f:c4:56:a9:ca:83:
55:50:51:27:21:04:84:8e:86:f9:7a:23:04:af:92:
9c:9d:9d:ea:b6:20:9d:c5:b4:9a:f4:e7:d0:18:27:
27:8d:03:7e:0a:a2:42:09:76:bf:49:50:aa:fd:b4:
01:12:4d:f4:bc:5d:90:55:fa:77:4a:bf:80:38:1e:
3b:44:96:90:2f:8a:22:2c:ba:77:74:13:d0:63:02:
82:58:ea:22:23:2c:ed:84:9e:af:e5:a8:ae:5a:98:
94:72:17:a3:9c:81:3d:10:2f:23:f2:ea:3e:a1:13:
1c:5c:a3:dd:1a:12:a2:b5:17:fa:b3:05:db:7c:ed:
ca:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:8F:1D:D7:6B:64:7E:8F:1D:33:4D:42:4F:33:E4:16:80:76:83:F0
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/zI8d12tkfo8dM01CTzPkFoB2g_A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.75.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:74:9e:6d:7a:42:36:e6:08:9a:f8:f6:8e:ff:76:94:4f:8e:
f9:7c:fb:3b:4a:5a:ec:98:13:16:88:13:65:25:bb:9f:07:37:
74:b5:da:e4:9c:b9:2e:b0:78:e4:0b:ad:60:aa:19:87:11:e8:
20:a3:7a:de:2d:80:25:c8:97:ed:c3:47:45:4e:fb:dd:75:60:
42:2d:f5:6a:75:0e:88:b9:ab:9a:8e:39:e9:e9:1b:c6:8a:3b:
86:24:c1:f9:5c:f5:14:3f:2e:e1:96:85:b7:50:e7:53:d2:56:
eb:73:bd:7f:6b:94:9f:82:b7:d9:ed:00:36:7c:87:d7:a7:09:
48:a7:82:6a:56:3c:77:b9:d1:3d:93:87:f8:cc:91:c8:7e:26:
e8:bb:fe:cd:f7:39:10:99:65:ce:7a:1c:d9:9c:94:d4:c2:e1:
87:d7:a3:c9:44:b3:2e:48:c3:a9:c7:d8:68:62:56:f7:fb:95:
f6:6e:16:49:b5:f6:4f:35:a7:3b:d8:6d:7c:3c:f2:f3:27:47:
a8:5e:a4:d4:89:21:35:6f:9a:a3:8d:44:61:c5:f3:b2:78:37:
69:bb:a8:27:b2:91:0d:cf:28:64:f4:4c:79:43:bc:29:8f:5c:
79:ef:68:5b:fc:de:1b:71:ef:01:93:5e:53:06:1a:24:b2:90:
a4:fc:05:7b
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEF1XtxTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZGYxMzJkZjEzZTRiZTUzZDgyNTBjOGM0ODQyMDI2NGVlZjZjMTRjMB4XDTIyMDEw
MTE2MDM1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2M4ZjFkZDc2YjY0
N2U4ZjFkMzM0ZDQyNGYzM2U0MTY4MDc2ODNmMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANl4oAHytEkIHdQ+6iVzlEhZN8XZpDy0XfHPSJ/11A2a5jBC
I9qwHSGyHKIumkJMbPTcj2oMFmFvKnCwK5hllfWW/nNF81Q9SIbvdktZVDbCkyHw
335A3HCGFxyUHIb2Scie5/+scUnI7IvfLi7gUh0YdDgtSfcotTIuGQnIQtRVj8RW
qcqDVVBRJyEEhI6G+XojBK+SnJ2d6rYgncW0mvTn0BgnJ40DfgqiQgl2v0lQqv20
ARJN9LxdkFX6d0q/gDgeO0SWkC+KIiy6d3QT0GMCgljqIiMs7YSer+WorlqYlHIX
o5yBPRAvI/LqPqETHFyj3RoSorUX+rMF23ztyiMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTMjx3Xa2R+jx0zTUJPM+QWgHaD8DAfBgNVHSMEGDAWgBR98TLfE+S+U9gl
DIxIQgJk7vbBTDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZmRXkzeFBrdmxQWUpReU1TRUlDWk83MndVdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvYzM3NDk3LTYzNzYtNDYxZS05M2M2LTk3Nzg2NzRlZGM5Ny8x
L3pJOGQxMnRrZm84ZE0wMUNUelBrRm9CMmdfQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
YzM3NDk3LTYzNzYtNDYxZS05M2M2LTk3Nzg2NzRlZGM5Ny8xL2ZmRXkzeFBrdmxQ
WUpReU1TRUlDWk83MndVdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFkoSzANBgkqhkiG9w0BAQsFAAOC
AQEAonSebXpCNuYImvj2jv92lE+O+Xz7O0pa7JgTFogTZSW7nwc3dLXa5Jy5LrB4
5AutYKoZhxHoIKN63i2AJciX7cNHRU773XVgQi31anUOiLmrmo456ekbxoo7hiTB
+Vz1FD8u4ZaFt1DnU9JW63O9f2uUn4K32e0ANnyH16cJSKeCalY8d7nRPZOH+MyR
yH4m6Lv+zfc5EJllznoc2ZyU1MLhh9ejyUSzLkjDqcfYaGJW9/uV9m4WSbX2TzWn
O9htfDzy8ydHqF6k1IkhNW+ao41EYcXzsng3abuoJ7KRDc8oZPRMeUO8KY9cee9o
W/zeG3HvAZNeUwYaJLKQpPwFew==
-----END CERTIFICATE-----
Generated at Thu Apr 17 14:51:48 2025 by rpki-client