Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/D9w-CYjMym286fqVH3z_jJkXg_U.roa
File: D9w-CYjMym286fqVH3z_jJkXg_U.roa (raw, json)
Hash identifier: 5A8NlFwPicyWePuo17OYWBEPXk6DQZj0WAm128nwJl8=
Subject key identifier: 0F:DC:3E:09:88:CC:CA:6D:BC:E9:FA:95:1F:7C:FF:8C:99:17:83:F5
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 018A53811AB29594CF1487137A49D156B71F
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/D9w-CYjMym286fqVH3z_jJkXg_U.roa
Signing time: Sat 02 Sep 2023 01:28:04 +0000
ROA not before: Sat 02 Sep 2023 01:28:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208913
IP address blocks: 89.40.164.0/23 maxlen: 24
45.14.76.0/22 maxlen: 24
91.214.188.0/22 maxlen: 24
89.32.125.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:53:81:1a:b2:95:94:cf:14:87:13:7a:49:d1:56:b7:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Sep 2 01:28:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0fdc3e0988ccca6dbce9fa951f7cff8c991783f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:76:50:63:91:09:c3:60:51:63:eb:a8:89:d7:
4d:49:e0:d1:4f:98:58:bc:c2:c6:14:a5:9a:3a:99:
28:08:33:e7:f2:6b:04:03:97:ed:5a:74:35:f3:ce:
4c:25:fb:fb:a0:ea:df:ea:a3:39:f2:4d:1f:22:0c:
38:c8:56:cf:7f:c4:82:9e:e3:84:2e:29:30:99:12:
61:ce:cf:d7:9d:6b:21:bf:8e:65:8c:bf:6c:fb:ae:
e2:45:3d:8b:18:9f:a9:65:8d:eb:e7:6b:9a:d5:8e:
de:4d:03:ed:2b:00:36:3c:a6:f6:d5:6c:2e:19:2a:
11:2b:b0:00:74:4c:9f:7a:86:7f:f4:32:8e:b7:b0:
e2:be:48:7f:83:ee:c1:af:44:b5:62:73:57:fd:06:
71:d0:72:e1:30:cf:21:86:3e:86:f7:65:e2:ef:cf:
56:f1:8a:22:53:53:52:a4:1c:d3:ff:f3:bf:e8:5d:
68:8f:8a:40:8d:6b:b1:b2:38:28:c0:1e:63:f1:32:
5c:74:c0:a4:f5:ed:8a:ca:9e:ad:95:f9:b9:23:f4:
0c:fb:bd:8f:62:9e:8b:51:a4:6a:f4:f5:6e:c9:38:
bd:41:75:4e:66:fd:2f:f5:8e:1a:86:64:89:79:29:
af:83:ef:88:1f:77:8a:74:ed:44:28:a9:32:3e:1d:
d3:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:DC:3E:09:88:CC:CA:6D:BC:E9:FA:95:1F:7C:FF:8C:99:17:83:F5
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/D9w-CYjMym286fqVH3z_jJkXg_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.14.76.0/22
89.32.125.0/24
89.40.164.0/23
91.214.188.0/22
Signature Algorithm: sha256WithRSAEncryption
0f:e4:af:f1:43:e2:56:ab:27:b1:90:0f:0d:e9:cb:bb:c3:81:
ae:18:1d:10:89:f0:89:32:ef:12:45:f6:3c:9d:9f:6b:50:6b:
9f:72:4b:7a:14:02:b6:23:3d:19:29:ec:59:b5:24:54:23:05:
fd:6b:f5:86:26:63:d1:9d:35:40:0d:e9:3f:f1:a6:08:d3:c3:
01:d2:3f:1e:9e:c2:c3:19:2f:69:b5:cf:41:52:73:3b:e4:4a:
c5:94:0b:4f:97:7c:87:45:d3:56:ae:86:59:87:a0:86:9c:2b:
62:09:cc:d5:2e:85:83:26:16:f1:b3:62:9c:b0:03:ed:30:e4:
6b:b2:85:2e:d9:e5:34:e1:59:08:ec:e1:b2:69:d9:2c:86:cf:
81:e1:12:7d:8f:d7:70:8d:05:9a:d8:ad:3a:17:f7:d8:3b:6e:
80:91:e0:99:a8:1d:ad:28:a1:3e:08:e3:25:7d:8d:f1:f8:11:
ad:96:1e:19:12:92:25:26:21:c3:18:4c:ce:b4:02:5d:0e:94:
72:b6:7f:e5:dd:15:ce:a5:b2:4f:c3:e3:48:4f:9e:9c:26:ef:
be:62:0a:ad:b4:5a:43:c5:94:53:30:df:4c:7b:54:21:96:84:
6b:60:a1:55:a4:ce:9b:da:e1:71:8d:f0:72:13:90:7e:d2:85:
8b:2c:2e:14
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYpTgRqylZTPFIcTeknRVrcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwOTAyMDEyODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmRjM2UwOTg4Y2NjYTZkYmNlOWZhOTUxZjdjZmY4Yzk5MTc4M2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXZQY5EJw2BRY+uoiddNSeDRT5hY
vMLGFKWaOpkoCDPn8msEA5ftWnQ1885MJfv7oOrf6qM58k0fIgw4yFbPf8SCnuOE
LikwmRJhzs/XnWshv45ljL9s+67iRT2LGJ+pZY3r52ua1Y7eTQPtKwA2PKb21Wwu
GSoRK7AAdEyfeoZ/9DKOt7Divkh/g+7Br0S1YnNX/QZx0HLhMM8hhj6G92Xi789W
8YoiU1NSpBzT//O/6F1oj4pAjWuxsjgowB5j8TJcdMCk9e2Kyp6tlfm5I/QM+72P
Yp6LUaRq9PVuyTi9QXVOZv0v9Y4ahmSJeSmvg++IH3eKdO1EKKkyPh3T6QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFA/cPgmIzMptvOn6lR98/4yZF4P1MB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvRDl3LUNZak15bTI4NmZxVkgzel9qSmtYZ19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLQ5MAwQA
WSB9AwQBWSikAwQCW9a8MA0GCSqGSIb3DQEBCwUAA4IBAQAP5K/xQ+JWqyexkA8N
6cu7w4GuGB0QifCJMu8SRfY8nZ9rUGufckt6FAK2Iz0ZKexZtSRUIwX9a/WGJmPR
nTVADek/8aYI08MB0j8ensLDGS9ptc9BUnM75ErFlAtPl3yHRdNWroZZh6CGnCti
CczVLoWDJhbxs2KcsAPtMORrsoUu2eU04VkI7OGyadkshs+B4RJ9j9dwjQWa2K06
F/fYO26AkeCZqB2tKKE+COMlfY3x+BGtlh4ZEpIlJiHDGEzOtAJdDpRytn/l3RXO
pbJPw+NIT56cJu++YgqttFpDxZRTMN9Me1QhloRrYKFVpM6b2uFxjfByE5B+0oWL
LC4U
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:34 2024 by rpki-client on console-fra.rpki-client.org