Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/snp8Msc2ExBLk_gCZkTqvAnQlvk.roa
File: snp8Msc2ExBLk_gCZkTqvAnQlvk.roa (raw, json)
Hash identifier: BhKqC3MHIdySTuvxWiTrjNtNaVw+SV2jJShQ4/MtfiY=
Subject key identifier: B2:7A:7C:32:C7:36:13:10:4B:93:F8:02:66:44:EA:BC:09:D0:96:F9
Certificate issuer: /CN=5ceb0ebd878b77d42f2ca9dd08f70c323c5d03db
Certificate serial: 01859ABB38CA7AD487B865E08A255487E103
Authority key identifier: 5C:EB:0E:BD:87:8B:77:D4:2F:2C:A9:DD:08:F7:0C:32:3C:5D:03:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XOsOvYeLd9QvLKndCPcMMjxdA9s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/snp8Msc2ExBLk_gCZkTqvAnQlvk.roa
Signing time: Tue 10 Jan 2023 08:10:39 +0000
ROA not before: Tue 10 Jan 2023 08:10:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35548
IP address blocks: 93.89.12.0/24 maxlen: 24
93.89.4.0/24 maxlen: 24
2a02:17f9::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:9a:bb:38:ca:7a:d4:87:b8:65:e0:8a:25:54:87:e1:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ceb0ebd878b77d42f2ca9dd08f70c323c5d03db
Validity
Not Before: Jan 10 08:10:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b27a7c32c73613104b93f8026644eabc09d096f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:64:ff:cb:d4:e2:6c:d3:95:05:76:16:ea:5f:
a9:81:4d:c6:03:69:3f:86:98:6f:d9:66:66:59:4b:
5c:de:c4:84:d0:8c:3d:36:57:2d:76:5a:a5:9d:71:
32:38:eb:57:0a:8a:c1:6e:aa:61:80:36:40:41:d6:
74:fb:24:84:46:0b:81:2f:bb:9e:11:a2:5f:36:a0:
31:85:99:ce:87:40:4a:66:27:36:a4:63:dc:f4:af:
42:29:e2:93:ad:85:cf:9d:35:58:2f:ba:c0:ab:7e:
81:40:e6:80:07:40:b5:bb:7b:29:fd:ed:a7:b6:88:
39:76:55:cc:a0:21:75:6b:0d:34:35:44:a1:b0:7b:
27:e0:dc:d2:be:37:eb:83:bb:b2:a0:04:d6:ae:8c:
36:0d:a2:4f:8b:fa:10:92:80:97:6d:f9:ba:65:23:
a1:a4:1e:1d:d9:d9:97:1b:1f:74:5f:b7:0f:10:4c:
87:ca:db:ea:f9:71:50:a7:f3:e7:e5:58:0a:e2:f7:
22:a9:3d:16:27:74:a4:c0:ce:c2:30:94:1e:fe:e9:
76:56:05:62:78:f5:cf:f3:cc:6b:5b:71:7e:d6:f1:
fd:d4:2f:de:18:33:02:bf:1d:2f:a6:d9:1f:ab:d8:
60:16:fc:57:eb:35:8b:fd:93:3d:ab:95:70:28:09:
83:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:7A:7C:32:C7:36:13:10:4B:93:F8:02:66:44:EA:BC:09:D0:96:F9
X509v3 Authority Key Identifier:
keyid:5C:EB:0E:BD:87:8B:77:D4:2F:2C:A9:DD:08:F7:0C:32:3C:5D:03:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XOsOvYeLd9QvLKndCPcMMjxdA9s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/snp8Msc2ExBLk_gCZkTqvAnQlvk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/XOsOvYeLd9QvLKndCPcMMjxdA9s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.89.4.0/24
93.89.12.0/24
IPv6:
2a02:17f9::/32
Signature Algorithm: sha256WithRSAEncryption
b4:10:23:19:13:ec:d5:2f:64:f7:23:f0:c8:fa:0b:ec:5e:a2:
4b:02:aa:ad:51:7d:00:6e:4c:2a:bc:3b:bd:80:38:15:19:b3:
f7:31:83:a2:1a:18:02:49:e9:66:a0:b8:6f:23:d4:bf:96:6b:
f4:d6:68:3a:df:8e:cf:35:ee:98:23:88:36:ad:e9:ba:0e:da:
2c:f8:5a:23:a2:f4:e7:bd:8a:4e:c7:39:de:f9:ea:34:4c:a2:
4f:bb:aa:f9:fc:df:ac:c9:50:93:1d:f0:2c:f6:ff:92:b0:e0:
d6:87:26:91:5a:30:8b:52:9c:67:63:94:83:7f:a1:5d:63:3b:
e8:8e:37:7a:d6:85:46:65:47:f3:43:a5:4c:e2:3c:90:47:35:
35:ca:9d:24:2b:6d:40:a9:50:69:a6:23:55:53:e7:f2:ff:ed:
1a:5e:75:20:1c:40:32:f4:c2:04:57:54:fc:93:25:65:55:49:
eb:5c:b9:80:18:cf:8f:a2:b7:03:60:4c:f3:76:3f:3e:65:b6:
86:0c:8d:f7:79:dc:9b:08:95:14:ee:7e:53:36:b9:90:5f:46:
54:5d:35:b3:22:27:a8:4b:b1:d8:a1:b3:1e:1a:78:f0:66:d4:
1b:1b:d2:bb:f0:27:aa:f7:75:56:2a:2c:d7:b5:eb:6e:af:e2:
08:e7:39:ae
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYWauzjKetSHuGXgiiVUh+EDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZWIwZWJkODc4Yjc3ZDQyZjJjYTlkZDA4ZjcwYzMyM2M1
ZDAzZGIwHhcNMjMwMTEwMDgxMDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjdhN2MzMmM3MzYxMzEwNGI5M2Y4MDI2NjQ0ZWFiYzA5ZDA5NmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGT/y9TibNOVBXYW6l+pgU3GA2k/
hphv2WZmWUtc3sSE0Iw9NlctdlqlnXEyOOtXCorBbqphgDZAQdZ0+ySERguBL7ue
EaJfNqAxhZnOh0BKZic2pGPc9K9CKeKTrYXPnTVYL7rAq36BQOaAB0C1u3sp/e2n
tog5dlXMoCF1aw00NUShsHsn4NzSvjfrg7uyoATWrow2DaJPi/oQkoCXbfm6ZSOh
pB4d2dmXGx90X7cPEEyHytvq+XFQp/Pn5VgK4vciqT0WJ3SkwM7CMJQe/ul2VgVi
ePXP88xrW3F+1vH91C/eGDMCvx0vptkfq9hgFvxX6zWL/ZM9q5VwKAmD8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLJ6fDLHNhMQS5P4AmZE6rwJ0Jb5MB8GA1UdIwQY
MBaAFFzrDr2Hi3fULyyp3Qj3DDI8XQPbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE9zT3ZZZUxkOVF2TEtuZENQY01NanhkQTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8zZTcyZWQtMWQ2NS00OTgyLWFkOWEt
OWMzNzQ3OGE1OTNmLzEvc25wOE1zYzJFeEJMa19nQ1prVHF2QW5RbHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8zZTcyZWQtMWQ2NS00OTgyLWFkOWEtOWMzNzQ3OGE1OTNm
LzEvWE9zT3ZZZUxkOVF2TEtuZENQY01NanhkQTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAXVkEAwQA
XVkMMA0EAgACMAcDBQAqAhf5MA0GCSqGSIb3DQEBCwUAA4IBAQC0ECMZE+zVL2T3
I/DI+gvsXqJLAqqtUX0AbkwqvDu9gDgVGbP3MYOiGhgCSelmoLhvI9S/lmv01mg6
347PNe6YI4g2rem6Dtos+FojovTnvYpOxzne+eo0TKJPu6r5/N+syVCTHfAs9v+S
sODWhyaRWjCLUpxnY5SDf6FdYzvojjd61oVGZUfzQ6VM4jyQRzU1yp0kK21AqVBp
piNVU+fy/+0aXnUgHEAy9MIEV1T8kyVlVUnrXLmAGM+PorcDYEzzdj8+ZbaGDI33
edybCJUU7n5TNrmQX0ZUXTWzIieoS7HYobMeGnjwZtQbG9K78Ceq93VWKizXtetu
r+II5zmu
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:19 2025 by rpki-client