Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/lE34CofpcsuhMnCl1yCV0G3XupI.roa
File: lE34CofpcsuhMnCl1yCV0G3XupI.roa (raw, json)
Hash identifier: dtSd6oBhBzlspY57QT5SfWXWmSEMq6M64EBK/gdtp6w=
Subject key identifier: 94:4D:F8:0A:87:E9:72:CB:A1:32:70:A5:D7:20:95:D0:6D:D7:BA:92
Certificate issuer: /CN=96b8121d556df453456553dcb45c4143f4cdd213
Certificate serial: 0192D1540336A65807C3887A2F478C8D369D
Authority key identifier: 96:B8:12:1D:55:6D:F4:53:45:65:53:DC:B4:5C:41:43:F4:CD:D2:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lrgSHVVt9FNFZVPctFxBQ_TN0hM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/lE34CofpcsuhMnCl1yCV0G3XupI.roa
Signing time: Mon 28 Oct 2024 04:13:16 +0000
ROA not before: Mon 28 Oct 2024 04:13:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41465
IP address blocks: 89.19.192.0/20 maxlen: 20
89.19.192.0/24 maxlen: 24
89.19.193.0/24 maxlen: 24
89.19.194.0/24 maxlen: 24
89.19.195.0/24 maxlen: 24
89.19.196.0/24 maxlen: 24
89.19.197.0/24 maxlen: 24
89.19.198.0/24 maxlen: 24
89.19.199.0/24 maxlen: 24
89.19.200.0/24 maxlen: 24
89.19.201.0/24 maxlen: 24
89.19.202.0/24 maxlen: 24
89.19.203.0/24 maxlen: 24
89.19.204.0/24 maxlen: 24
89.19.205.0/24 maxlen: 24
89.19.206.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:d1:54:03:36:a6:58:07:c3:88:7a:2f:47:8c:8d:36:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=96b8121d556df453456553dcb45c4143f4cdd213
Validity
Not Before: Oct 28 04:13:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=944df80a87e972cba13270a5d72095d06dd7ba92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:9a:da:47:55:6f:ed:6d:79:e6:61:8a:b3:e8:
d3:d5:36:57:6a:36:fc:36:c4:0b:1e:30:97:50:7c:
23:7d:99:ef:e5:9b:cb:a9:23:a1:9b:4e:ca:d9:b9:
7f:c1:79:fc:94:b1:cd:fd:b4:5d:eb:2b:db:a5:df:
2d:86:ef:df:54:21:e1:f4:b2:38:b8:e1:0e:c8:ed:
3c:7e:e2:16:38:38:65:ba:7d:4c:a3:b7:12:3c:05:
b1:92:f3:63:93:02:55:8e:b2:0d:9f:3f:79:f5:36:
63:fa:5f:45:d5:84:7e:dd:e4:ac:08:95:08:73:36:
8c:61:e2:d3:54:c1:c7:5e:1b:27:89:76:48:ad:ad:
3d:24:e2:e1:e6:e4:a7:df:92:cb:a3:34:f3:78:5d:
14:db:b4:c3:10:f8:71:c2:86:48:0f:80:c1:da:ed:
83:d5:d8:33:39:21:e7:87:f7:a3:8b:98:a5:0a:bf:
d6:e7:15:d9:b2:f5:1d:37:78:50:85:d9:85:16:10:
44:a0:f8:17:7d:d2:9d:cd:68:84:d6:f5:70:05:7b:
93:59:66:e0:d4:df:ec:6a:0c:3c:f6:10:e5:0f:40:
bd:82:77:ee:26:e1:3e:be:07:fb:0f:09:7c:21:48:
61:7e:c9:ee:74:2c:c1:82:22:b7:cd:5e:03:13:f8:
f8:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:4D:F8:0A:87:E9:72:CB:A1:32:70:A5:D7:20:95:D0:6D:D7:BA:92
X509v3 Authority Key Identifier:
keyid:96:B8:12:1D:55:6D:F4:53:45:65:53:DC:B4:5C:41:43:F4:CD:D2:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lrgSHVVt9FNFZVPctFxBQ_TN0hM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/lE34CofpcsuhMnCl1yCV0G3XupI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d665e6-f95d-4347-8565-d4f5317c5830/1/lrgSHVVt9FNFZVPctFxBQ_TN0hM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.19.192.0/20
Signature Algorithm: sha256WithRSAEncryption
1f:aa:0a:8a:dd:94:77:73:c8:63:cb:fe:55:3e:dd:f2:ff:df:
33:d5:6f:00:b5:ae:c4:55:bb:85:92:86:94:28:45:20:8f:26:
76:a2:32:3e:8f:ef:68:26:24:75:98:ca:3e:40:e1:21:1b:7f:
74:51:95:a0:7c:04:5e:bb:c5:6f:86:a2:a4:1f:38:27:65:1c:
6c:d4:9f:83:d9:fb:43:9f:8b:aa:54:71:79:ac:0c:3a:c2:0f:
da:97:6f:6c:01:b3:b2:78:76:2b:12:7d:31:95:d3:4c:8a:e0:
19:8e:49:02:38:1b:94:8e:00:cf:14:6a:a2:79:92:87:60:4f:
94:09:73:7f:28:91:09:dc:7f:ae:fb:97:7d:b6:32:cc:df:2a:
eb:38:c1:03:c8:3e:82:27:d3:46:15:dc:24:0c:ae:ab:f8:4a:
21:a5:bc:7a:ba:49:c9:26:0c:c7:ea:7a:f9:88:a6:a2:50:9c:
b2:df:21:29:64:47:96:15:b0:d8:ac:db:62:fc:14:88:87:5a:
fa:f1:a8:28:d3:28:a8:42:27:34:18:92:c4:16:7c:d9:0d:b4:
73:f0:be:81:3f:5e:0b:32:e3:51:ca:e6:ef:40:a9:83:5f:4a:
23:46:65:3f:6d:bd:75:6d:de:d7:3e:67:ba:d5:ac:52:80:5b:
77:d4:5b:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLRVAM2plgHw4h6L0eMjTadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YjgxMjFkNTU2ZGY0NTM0NTY1NTNkY2I0NWM0MTQzZjRj
ZGQyMTMwHhcNMjQxMDI4MDQxMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDRkZjgwYTg3ZTk3MmNiYTEzMjcwYTVkNzIwOTVkMDZkZDdiYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpraR1Vv7W155mGKs+jT1TZXajb8
NsQLHjCXUHwjfZnv5ZvLqSOhm07K2bl/wXn8lLHN/bRd6yvbpd8thu/fVCHh9LI4
uOEOyO08fuIWODhlun1Mo7cSPAWxkvNjkwJVjrINnz959TZj+l9F1YR+3eSsCJUI
czaMYeLTVMHHXhsniXZIra09JOLh5uSn35LLozTzeF0U27TDEPhxwoZID4DB2u2D
1dgzOSHnh/eji5ilCr/W5xXZsvUdN3hQhdmFFhBEoPgXfdKdzWiE1vVwBXuTWWbg
1N/sagw89hDlD0C9gnfuJuE+vgf7Dwl8IUhhfsnudCzBgiK3zV4DE/j4XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRN+AqH6XLLoTJwpdcgldBt17qSMB8GA1UdIwQY
MBaAFJa4Eh1VbfRTRWVT3LRcQUP0zdITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJnU0hWVnQ5Rk5GWlZQY3RGeEJRX1ROMGhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kNjY1ZTYtZjk1ZC00MzQ3LTg1NjUt
ZDRmNTMxN2M1ODMwLzEvbEUzNENvZnBjc3VoTW5DbDF5Q1YwRzNYdXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kNjY1ZTYtZjk1ZC00MzQ3LTg1NjUtZDRmNTMxN2M1ODMw
LzEvbHJnU0hWVnQ5Rk5GWlZQY3RGeEJRX1ROMGhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWRPAMA0G
CSqGSIb3DQEBCwUAA4IBAQAfqgqK3ZR3c8hjy/5VPt3y/98z1W8Ata7EVbuFkoaU
KEUgjyZ2ojI+j+9oJiR1mMo+QOEhG390UZWgfAReu8VvhqKkHzgnZRxs1J+D2ftD
n4uqVHF5rAw6wg/al29sAbOyeHYrEn0xldNMiuAZjkkCOBuUjgDPFGqieZKHYE+U
CXN/KJEJ3H+u+5d9tjLM3yrrOMEDyD6CJ9NGFdwkDK6r+Eohpbx6uknJJgzH6nr5
iKaiUJyy3yEpZEeWFbDYrNti/BSIh1r68ago0yioQic0GJLEFnzZDbRz8L6BP14L
MuNRyubvQKmDX0ojRmU/bb11bd7XPme61axSgFt31Fu0
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:30:53 2025 by rpki-client