Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/cf4KxEcM8Mj9Tbxi5zyLeLmBDQg.roa
File: cf4KxEcM8Mj9Tbxi5zyLeLmBDQg.roa (raw, json)
Hash identifier: xkoX/EIB/RURG+RIxWxFkmOMTCaUWngHtjYkZfxvcD0=
Subject key identifier: 71:FE:0A:C4:47:0C:F0:C8:FD:4D:BC:62:E7:3C:8B:78:B9:81:0D:08
Certificate issuer: /CN=5ceb0ebd878b77d42f2ca9dd08f70c323c5d03db
Certificate serial: 01856C6EE08F592E545BD0D847CB66430951
Authority key identifier: 5C:EB:0E:BD:87:8B:77:D4:2F:2C:A9:DD:08:F7:0C:32:3C:5D:03:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XOsOvYeLd9QvLKndCPcMMjxdA9s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/cf4KxEcM8Mj9Tbxi5zyLeLmBDQg.roa
Signing time: Sun 01 Jan 2023 08:24:43 +0000
ROA not before: Sun 01 Jan 2023 08:24:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21461
IP address blocks: 93.89.0.0/24 maxlen: 24
93.89.5.0/24 maxlen: 24
93.89.6.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:6e:e0:8f:59:2e:54:5b:d0:d8:47:cb:66:43:09:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ceb0ebd878b77d42f2ca9dd08f70c323c5d03db
Validity
Not Before: Jan 1 08:24:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=71fe0ac4470cf0c8fd4dbc62e73c8b78b9810d08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:1b:da:c6:36:cf:f8:f4:81:87:bd:a0:69:3b:
67:33:6a:5f:c5:a9:ec:d2:da:c8:7e:de:58:f7:61:
4d:8e:3e:f4:f0:eb:13:4b:a2:dc:ae:9c:92:a9:7d:
6b:63:58:1c:dc:01:53:b5:98:7a:3f:58:e5:14:74:
3f:0b:9c:8f:25:f9:10:53:41:8c:b1:1d:7a:27:07:
f4:7f:f2:66:82:78:6e:0e:f3:b5:74:1e:dc:67:d7:
85:86:25:92:8a:93:e1:52:fe:28:78:19:d2:91:14:
19:fb:30:e0:0f:08:b7:90:1f:b9:75:60:5a:3e:ba:
85:d4:ac:66:ec:7f:56:55:a3:bf:2a:08:c4:c7:ca:
b4:38:d5:04:82:4a:8d:b1:a3:c1:fb:65:ad:96:9f:
71:53:8b:36:c3:33:b0:ee:e4:71:89:40:e6:d2:c7:
fc:e4:38:f2:93:4b:f7:69:cd:8d:49:4a:81:e4:32:
53:68:03:49:f6:2c:18:eb:dc:76:fd:8b:9a:b7:ad:
f9:f6:3b:96:50:a7:46:b0:f9:45:2b:0c:12:e7:f5:
87:a5:f5:c1:4b:7b:1e:ae:8d:56:37:56:5b:72:65:
b2:1e:6f:66:60:76:89:4d:4f:a0:8f:83:c7:48:ca:
35:cc:b2:5a:c6:29:af:60:ba:8e:30:6e:18:51:4a:
8c:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:FE:0A:C4:47:0C:F0:C8:FD:4D:BC:62:E7:3C:8B:78:B9:81:0D:08
X509v3 Authority Key Identifier:
keyid:5C:EB:0E:BD:87:8B:77:D4:2F:2C:A9:DD:08:F7:0C:32:3C:5D:03:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XOsOvYeLd9QvLKndCPcMMjxdA9s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/cf4KxEcM8Mj9Tbxi5zyLeLmBDQg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/XOsOvYeLd9QvLKndCPcMMjxdA9s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.89.0.0/24
93.89.5.0-93.89.7.255
Signature Algorithm: sha256WithRSAEncryption
9c:5e:c6:e3:9a:cd:41:c7:29:94:c0:b7:94:30:9f:fc:df:2b:
e5:fc:52:88:de:3d:3f:77:7b:ce:45:d8:6b:d4:47:b3:79:72:
96:12:0a:73:86:37:e5:67:6f:8b:6d:30:b4:ef:ff:4d:64:ac:
de:39:27:1a:8e:9a:af:ff:50:d1:1b:54:20:cc:cd:4a:c5:83:
8c:3e:ce:c3:6e:10:8d:38:17:d0:38:a9:da:79:75:ca:80:31:
6b:cc:39:43:e0:cb:42:90:7d:a2:ff:0d:84:11:92:0d:68:1c:
c2:37:a6:0b:5a:6f:3a:9f:7c:5f:7d:bf:c0:4a:6e:06:7f:96:
29:1a:19:1c:15:1a:7f:74:89:06:b9:fd:20:bb:5b:86:a7:5f:
29:3f:8e:91:b3:88:3e:e8:ab:b8:11:c6:35:6f:6c:10:7b:07:
de:7a:0b:9e:f8:f8:f1:1f:39:6b:69:eb:70:17:98:25:9b:36:
7c:5e:df:73:df:21:04:2d:19:b1:a0:07:dd:2b:3a:38:85:70:
19:13:f2:e3:3c:1b:e7:05:ed:43:e5:18:61:43:8e:ea:bc:d5:
85:28:f7:07:74:9d:9a:46:57:e7:22:59:f0:fc:6a:c6:18:64:
d6:72:e8:50:ac:d9:4e:e1:9b:f1:86:58:c0:98:b4:b8:c6:14:
10:00:ba:62
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVsbuCPWS5UW9DYR8tmQwlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZWIwZWJkODc4Yjc3ZDQyZjJjYTlkZDA4ZjcwYzMyM2M1
ZDAzZGIwHhcNMjMwMTAxMDgyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWZlMGFjNDQ3MGNmMGM4ZmQ0ZGJjNjJlNzNjOGI3OGI5ODEwZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRvaxjbP+PSBh72gaTtnM2pfxans
0trIft5Y92FNjj708OsTS6LcrpySqX1rY1gc3AFTtZh6P1jlFHQ/C5yPJfkQU0GM
sR16Jwf0f/JmgnhuDvO1dB7cZ9eFhiWSipPhUv4oeBnSkRQZ+zDgDwi3kB+5dWBa
PrqF1Kxm7H9WVaO/KgjEx8q0ONUEgkqNsaPB+2Wtlp9xU4s2wzOw7uRxiUDm0sf8
5Djyk0v3ac2NSUqB5DJTaANJ9iwY69x2/Yuat6359juWUKdGsPlFKwwS5/WHpfXB
S3sero1WN1ZbcmWyHm9mYHaJTU+gj4PHSMo1zLJaximvYLqOMG4YUUqM0wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHH+CsRHDPDI/U28Yuc8i3i5gQ0IMB8GA1UdIwQY
MBaAFFzrDr2Hi3fULyyp3Qj3DDI8XQPbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE9zT3ZZZUxkOVF2TEtuZENQY01NanhkQTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8zZTcyZWQtMWQ2NS00OTgyLWFkOWEt
OWMzNzQ3OGE1OTNmLzEvY2Y0S3hFY004TWo5VGJ4aTV6eUxlTG1CRFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8zZTcyZWQtMWQ2NS00OTgyLWFkOWEtOWMzNzQ3OGE1OTNm
LzEvWE9zT3ZZZUxkOVF2TEtuZENQY01NanhkQTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAXVkAMAwD
BABdWQUDBANdWQAwDQYJKoZIhvcNAQELBQADggEBAJxexuOazUHHKZTAt5Qwn/zf
K+X8UojePT93e85F2GvUR7N5cpYSCnOGN+Vnb4ttMLTv/01krN45JxqOmq//UNEb
VCDMzUrFg4w+zsNuEI04F9A4qdp5dcqAMWvMOUPgy0KQfaL/DYQRkg1oHMI3pgta
bzqffF99v8BKbgZ/likaGRwVGn90iQa5/SC7W4anXyk/jpGziD7oq7gRxjVvbBB7
B956C574+PEfOWtp63AXmCWbNnxe33PfIQQtGbGgB90rOjiFcBkT8uM8G+cF7UPl
GGFDjuq81YUo9wd0nZpGV+ciWfD8asYYZNZy6FCs2U7hm/GGWMCYtLjGFBAAumI=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:05:53 2025 by rpki-client