Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/PxG53Wp9TLqE86EppksJiSR2nRQ.roa
File: PxG53Wp9TLqE86EppksJiSR2nRQ.roa (raw, json)
Hash identifier: zkJhZuchvDm2xS1dJu0MtxG0PxPzVJ8AdBEEzPVWXrM=
Subject key identifier: 3F:11:B9:DD:6A:7D:4C:BA:84:F3:A1:29:A6:4B:09:89:24:76:9D:14
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 0188370C2D0A2D251A8E089CB1A0C71C650A
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/PxG53Wp9TLqE86EppksJiSR2nRQ.roa
Signing time: Sat 20 May 2023 02:45:24 +0000
ROA not before: Sat 20 May 2023 02:45:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.38.134.0/24 maxlen: 24
85.204.26.0/24 maxlen: 24
86.106.108.0/24 maxlen: 24
89.39.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:37:0c:2d:0a:2d:25:1a:8e:08:9c:b1:a0:c7:1c:65:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: May 20 02:45:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3f11b9dd6a7d4cba84f3a129a64b098924769d14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:06:e3:41:e4:d8:8f:3f:dc:54:cf:92:37:e4:
3b:fe:66:19:00:6d:0f:dd:2e:86:09:4b:15:d7:4a:
6f:26:ec:bf:d1:64:0e:62:c9:49:dc:dc:36:12:0e:
15:f1:8c:ab:8d:63:49:b2:c7:d1:32:43:83:d8:58:
02:63:a3:a5:e6:a3:80:54:b9:e2:c5:59:0a:0c:6a:
3c:f1:a2:04:5f:23:62:37:83:66:2c:8e:7f:62:b6:
c0:6d:e5:4a:39:97:2f:16:86:44:7d:b4:fb:7a:8e:
b5:36:a1:7f:97:b2:87:af:aa:dc:f6:55:4a:96:ef:
bb:7b:d4:03:02:79:1f:5e:e1:b1:65:c5:25:30:37:
b5:6d:1c:c9:df:99:b1:5a:4d:fc:6f:6a:eb:07:66:
e1:da:14:c7:73:43:8e:1f:76:b4:52:91:1b:79:23:
6d:ab:36:3d:47:75:79:52:ca:5f:ab:44:6e:30:23:
88:e2:7c:10:a1:23:3c:d0:c2:83:1b:e4:93:84:c5:
5f:f1:fe:4a:eb:24:86:53:3b:72:12:af:e2:02:1a:
ba:39:97:38:63:a6:2a:1e:7a:db:cb:e8:a5:f8:d5:
31:cf:84:d3:2c:23:b9:b5:cd:fe:98:7b:df:99:86:
46:c6:61:85:4c:65:b6:d5:9b:64:aa:7f:04:d3:5b:
7a:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:11:B9:DD:6A:7D:4C:BA:84:F3:A1:29:A6:4B:09:89:24:76:9D:14
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/PxG53Wp9TLqE86EppksJiSR2nRQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.26.0/24
86.106.108.0/24
89.38.134.0/24
89.39.91.0/24
Signature Algorithm: sha256WithRSAEncryption
bc:dd:11:a9:83:11:b0:0e:65:be:27:f6:5e:42:a7:ca:80:13:
d6:a4:ff:fd:fe:b2:c8:e2:8b:35:86:58:d9:0a:49:86:13:ef:
24:2f:b1:2c:fc:da:75:f8:49:2e:b2:2f:9b:2b:54:23:b5:60:
6d:31:c1:ad:a5:cf:9f:82:5d:ac:5a:de:31:39:af:14:dc:59:
fd:ca:8e:4a:1b:93:65:54:45:76:20:83:40:01:db:99:c9:a3:
e5:c2:f6:80:3b:8b:8c:94:c2:10:98:86:b4:d1:67:31:10:f2:
3d:90:37:81:22:98:cb:60:d9:0c:c1:e8:c0:9a:a5:80:6b:f4:
11:a6:9e:eb:6a:69:dd:55:1a:8a:95:1e:ef:0a:63:db:cf:0c:
d0:82:36:c8:eb:94:f0:4b:c0:40:5b:fa:97:7f:7b:3a:ad:03:
17:80:79:f6:7d:d3:7d:33:fb:ae:19:f0:90:f0:3c:63:06:c5:
9a:e8:b9:b5:36:3c:43:53:b4:86:54:40:e8:55:d4:0e:24:a0:
32:71:18:4f:35:9f:e4:59:bf:4d:d9:58:2c:eb:19:41:43:6b:
bb:da:99:6e:02:f3:5a:25:28:2a:5d:36:c5:5b:14:f8:43:a5:
ff:23:6f:6e:00:2a:b2:1b:a1:8f:23:d0:3b:61:e7:e1:33:4a:
5d:17:fb:11
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYg3DC0KLSUajgicsaDHHGUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwNTIwMDI0NTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjExYjlkZDZhN2Q0Y2JhODRmM2ExMjlhNjRiMDk4OTI0NzY5ZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggbjQeTYjz/cVM+SN+Q7/mYZAG0P
3S6GCUsV10pvJuy/0WQOYslJ3Nw2Eg4V8YyrjWNJssfRMkOD2FgCY6Ol5qOAVLni
xVkKDGo88aIEXyNiN4NmLI5/YrbAbeVKOZcvFoZEfbT7eo61NqF/l7KHr6rc9lVK
lu+7e9QDAnkfXuGxZcUlMDe1bRzJ35mxWk38b2rrB2bh2hTHc0OOH3a0UpEbeSNt
qzY9R3V5Uspfq0RuMCOI4nwQoSM80MKDG+SThMVf8f5K6ySGUztyEq/iAhq6OZc4
Y6YqHnrby+il+NUxz4TTLCO5tc3+mHvfmYZGxmGFTGW21Ztkqn8E01t6yQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD8Rud1qfUy6hPOhKaZLCYkkdp0UMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvUHhHNTNXcDlUTHFFODZFcHBrc0ppU1IyblJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVcwaAwQA
VmpsAwQAWSaGAwQAWSdbMA0GCSqGSIb3DQEBCwUAA4IBAQC83RGpgxGwDmW+J/Ze
QqfKgBPWpP/9/rLI4os1hljZCkmGE+8kL7Es/Np1+Ekusi+bK1QjtWBtMcGtpc+f
gl2sWt4xOa8U3Fn9yo5KG5NlVEV2IINAAduZyaPlwvaAO4uMlMIQmIa00WcxEPI9
kDeBIpjLYNkMwejAmqWAa/QRpp7ramndVRqKlR7vCmPbzwzQgjbI65TwS8BAW/qX
f3s6rQMXgHn2fdN9M/uuGfCQ8DxjBsWa6Lm1NjxDU7SGVEDoVdQOJKAycRhPNZ/k
Wb9N2Vgs6xlBQ2u72pluAvNaJSgqXTbFWxT4Q6X/I29uACqyG6GPI9A7YefhM0pd
F/sR
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:34 2024 by rpki-client on console-fra.rpki-client.org