Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/EpLc2i2-rjpC48UqIy6naPREbFg.roa
File: EpLc2i2-rjpC48UqIy6naPREbFg.roa (raw, json)
Hash identifier: PFKl6efLFOIlbTi6ywSPHPbTBVpghLfBp19hznPeb3o=
Subject key identifier: 12:92:DC:DA:2D:BE:AE:3A:42:E3:C5:2A:23:2E:A7:68:F4:44:6C:58
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 0188B241996F94C416AA675DE4A6B86AA577
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/EpLc2i2-rjpC48UqIy6naPREbFg.roa
Signing time: Tue 13 Jun 2023 00:57:03 +0000
ROA not before: Tue 13 Jun 2023 00:57:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.38.134.0/24 maxlen: 24
89.47.94.0/24 maxlen: 24
85.204.26.0/24 maxlen: 24
89.39.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b2:41:99:6f:94:c4:16:aa:67:5d:e4:a6:b8:6a:a5:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Jun 13 00:57:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1292dcda2dbeae3a42e3c52a232ea768f4446c58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:99:69:ac:fe:02:2f:d5:44:22:dd:e9:75:07:
38:96:0b:7b:e1:93:fb:47:66:91:11:02:4c:00:f2:
b1:f8:25:8e:e2:34:19:60:25:b3:f4:72:8c:a3:d5:
c2:55:04:df:73:a2:25:92:e7:71:3c:7b:a8:e9:8f:
2a:d1:da:15:6e:f7:ec:3b:e7:97:5f:05:24:dc:49:
a9:f6:ec:5e:0a:e6:0e:05:b8:38:81:5d:2d:bc:6a:
f7:fc:cc:96:a3:9b:52:6d:d0:a1:f8:1a:f9:a3:52:
b0:18:b5:55:4f:73:0c:fb:b1:7e:a4:1e:0d:83:2a:
fa:c8:d8:23:c3:d1:01:ab:15:31:e8:1f:1d:5f:b5:
20:d6:ff:12:f4:33:53:18:91:da:b6:70:83:27:2f:
02:29:6e:9a:ab:7a:60:d0:84:2d:8a:36:2a:47:e5:
8b:33:09:40:82:f1:fc:16:66:5b:a4:97:ee:f6:6b:
b6:c5:6b:20:cb:25:8d:af:54:5e:b6:fb:4e:5e:67:
2e:d3:fb:79:aa:be:1f:e0:ad:17:1b:a0:da:60:bc:
89:3a:70:b6:96:04:f8:7a:2d:fc:c8:d1:1f:65:35:
8c:60:2f:f3:47:ad:07:7e:e7:3d:9f:a1:21:4c:b0:
f4:80:b4:bc:6b:fb:33:aa:52:25:09:d7:72:7e:72:
83:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:92:DC:DA:2D:BE:AE:3A:42:E3:C5:2A:23:2E:A7:68:F4:44:6C:58
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/EpLc2i2-rjpC48UqIy6naPREbFg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.26.0/24
89.38.134.0/24
89.39.91.0/24
89.47.94.0/24
Signature Algorithm: sha256WithRSAEncryption
07:62:c8:47:dc:0c:b6:2e:6e:a6:1c:a3:73:e4:2d:69:b8:fa:
ea:6f:d0:a3:a5:cf:9a:c7:d5:32:9b:3e:70:7d:3d:3f:85:e6:
4e:07:0d:26:e8:cc:97:11:9c:b7:19:86:34:39:30:82:21:9a:
87:ad:f8:eb:04:ce:bb:83:1b:df:ae:1d:58:a4:d1:52:7e:21:
24:c4:95:6e:b8:b3:01:4f:f6:0b:e0:3c:30:fb:3a:81:db:32:
94:82:06:7a:43:60:f8:2f:0d:4e:ea:a0:79:29:5e:e4:16:3d:
d6:1a:30:62:07:67:52:02:60:ba:30:54:90:04:75:e3:fc:5f:
d3:5a:40:52:85:46:2c:0a:6c:d6:92:40:e1:a8:2d:cd:29:49:
92:61:0c:d4:37:25:55:87:8b:f0:71:8b:01:e4:4f:1b:e5:cc:
b5:30:59:3a:45:d3:11:65:60:ac:e7:18:84:fe:0c:ce:a3:ea:
e2:83:f9:eb:c1:1a:30:db:3c:f1:eb:aa:32:84:b6:47:74:8b:
13:54:3f:99:ae:b1:27:e8:dc:eb:42:06:c8:15:6e:58:f1:22:
57:06:5f:08:c5:bf:62:a4:25:5a:7b:a9:56:13:24:d9:c0:6a:
de:fb:5f:5c:16:f7:e3:ac:a3:8a:6d:48:2a:66:c5:22:34:4f:
9a:10:18:2c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYiyQZlvlMQWqmdd5Ka4aqV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwNjEzMDA1NzAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkyZGNkYTJkYmVhZTNhNDJlM2M1MmEyMzJlYTc2OGY0NDQ2YzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5lprP4CL9VEIt3pdQc4lgt74ZP7
R2aREQJMAPKx+CWO4jQZYCWz9HKMo9XCVQTfc6IlkudxPHuo6Y8q0doVbvfsO+eX
XwUk3Emp9uxeCuYOBbg4gV0tvGr3/MyWo5tSbdCh+Br5o1KwGLVVT3MM+7F+pB4N
gyr6yNgjw9EBqxUx6B8dX7Ug1v8S9DNTGJHatnCDJy8CKW6aq3pg0IQtijYqR+WL
MwlAgvH8FmZbpJfu9mu2xWsgyyWNr1RetvtOXmcu0/t5qr4f4K0XG6DaYLyJOnC2
lgT4ei38yNEfZTWMYC/zR60Hfuc9n6EhTLD0gLS8a/szqlIlCddyfnKDgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBKS3Notvq46QuPFKiMup2j0RGxYMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvRXBMYzJpMi1yanBDNDhVcUl5Nm5hUFJFYkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVcwaAwQA
WSaGAwQAWSdbAwQAWS9eMA0GCSqGSIb3DQEBCwUAA4IBAQAHYshH3Ay2Lm6mHKNz
5C1puPrqb9Cjpc+ax9Uymz5wfT0/heZOBw0m6MyXEZy3GYY0OTCCIZqHrfjrBM67
gxvfrh1YpNFSfiEkxJVuuLMBT/YL4Dww+zqB2zKUggZ6Q2D4Lw1O6qB5KV7kFj3W
GjBiB2dSAmC6MFSQBHXj/F/TWkBShUYsCmzWkkDhqC3NKUmSYQzUNyVVh4vwcYsB
5E8b5cy1MFk6RdMRZWCs5xiE/gzOo+rig/nrwRow2zzx66oyhLZHdIsTVD+ZrrEn
6NzrQgbIFW5Y8SJXBl8Ixb9ipCVae6lWEyTZwGre+19cFvfjrKOKbUgqZsUiNE+a
EBgs
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:05 2024 by rpki-client on console-ams.rpki-client.org