Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kLoOAyXXjzNyjz4T6jlnFbJr6Ys.roa
File: kLoOAyXXjzNyjz4T6jlnFbJr6Ys.roa (raw, json)
Hash identifier: IFhgRlyaKRAxQyUacQYtvq0s8RHYFeicXSZNKyGpDJE=
Subject key identifier: 90:BA:0E:03:25:D7:8F:33:72:8F:3E:13:EA:39:67:15:B2:6B:E9:8B
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 018932EEFC95601C5181567F9A8F2F368145
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kLoOAyXXjzNyjz4T6jlnFbJr6Ys.roa
Signing time: Sat 08 Jul 2023 00:37:50 +0000
ROA not before: Sat 08 Jul 2023 00:37:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.38.134.0/24 maxlen: 24
89.47.94.0/24 maxlen: 24
85.204.26.0/24 maxlen: 24
85.204.247.0/24 maxlen: 24
89.36.199.0/24 maxlen: 24
89.39.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:32:ee:fc:95:60:1c:51:81:56:7f:9a:8f:2f:36:81:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Jul 8 00:37:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=90ba0e0325d78f33728f3e13ea396715b26be98b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:7f:6c:ab:c3:d5:23:ce:e8:25:e6:fe:a5:82:
bc:e2:2d:ef:12:31:5b:9a:d7:d4:2a:01:40:a8:81:
b8:79:71:aa:f3:f2:1a:f7:5c:6a:9b:3c:c9:92:fd:
84:b2:30:fa:f5:5f:ab:7e:08:e7:8a:4e:be:51:aa:
96:dc:c4:a3:fa:2d:dd:e3:12:e6:86:31:65:ff:3d:
8c:f1:c4:05:3d:45:5a:43:22:f2:3d:e2:0f:a4:a4:
3d:95:41:e6:95:a1:d4:1a:bf:56:1a:57:59:2d:d2:
fb:b5:94:71:ab:7b:2a:3b:39:9e:dd:34:2d:1f:03:
b1:41:39:91:fd:2d:dd:61:f9:45:a3:ab:ef:cf:92:
03:5d:e3:66:e2:cb:62:ca:4c:23:99:fc:d3:58:e5:
f6:69:ce:a2:7e:37:b8:df:4c:0a:46:f2:d5:58:ec:
24:d5:ac:a5:46:9d:43:65:75:39:f7:8a:3c:fd:b3:
5c:c1:3e:c5:4c:ce:0d:4b:1f:86:7c:ce:d5:94:42:
b7:b0:0b:5c:f2:71:9c:95:2b:25:c8:1d:2c:db:ec:
84:11:18:87:09:1f:63:44:3d:e1:f9:64:48:94:0f:
75:44:be:b8:a4:d9:9b:91:8d:ec:b2:7a:4e:f6:ad:
e1:94:f0:d8:b7:1e:a7:a5:03:f9:fc:ba:cc:b3:f6:
dc:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:BA:0E:03:25:D7:8F:33:72:8F:3E:13:EA:39:67:15:B2:6B:E9:8B
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kLoOAyXXjzNyjz4T6jlnFbJr6Ys.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.26.0/24
85.204.247.0/24
89.36.199.0/24
89.38.134.0/24
89.39.91.0/24
89.47.94.0/24
Signature Algorithm: sha256WithRSAEncryption
b3:86:76:b1:68:03:37:45:42:67:26:13:a6:72:0a:1f:a5:ad:
15:4d:8c:d8:2d:85:64:e0:de:69:9e:2d:cd:21:7d:00:4e:eb:
fb:2a:ff:f9:14:f3:7f:1c:26:fc:19:39:26:0c:7a:95:e9:d5:
48:ab:b2:2a:2c:38:25:49:bd:de:b7:ff:35:23:18:81:89:96:
ba:15:46:3b:b2:b8:eb:e9:71:38:53:a3:5f:ba:87:6d:ef:3d:
d3:db:c9:d9:6c:fc:9f:22:fa:0f:15:18:53:d6:0f:0f:fa:42:
2b:ae:fb:7d:9e:22:c4:83:f4:41:f1:59:f9:3b:d7:2d:b5:3d:
ef:3b:06:5a:38:e3:d5:96:12:a7:48:ca:e3:9b:24:34:bf:74:
82:32:05:26:32:b4:52:50:29:03:7d:28:e1:34:75:0f:7b:68:
9e:78:69:12:da:74:42:bb:65:c4:b0:c7:fc:27:16:5c:51:f3:
95:d6:bd:b7:49:b4:66:55:03:96:4d:e7:0c:31:a3:68:c4:ce:
d7:12:8a:7c:9e:f6:2e:58:cf:36:e0:fe:4d:59:27:b8:0b:02:
4a:b0:3d:b8:97:9b:a7:51:32:d1:07:a7:57:94:c1:07:a1:55:
ba:61:80:1e:e1:bc:26:e8:ad:70:e8:b8:93:20:05:79:36:6c:
6f:c5:56:35
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYky7vyVYBxRgVZ/mo8vNoFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwNzA4MDAzNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGJhMGUwMzI1ZDc4ZjMzNzI4ZjNlMTNlYTM5NjcxNWIyNmJlOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2n9sq8PVI87oJeb+pYK84i3vEjFb
mtfUKgFAqIG4eXGq8/Ia91xqmzzJkv2EsjD69V+rfgjnik6+UaqW3MSj+i3d4xLm
hjFl/z2M8cQFPUVaQyLyPeIPpKQ9lUHmlaHUGr9WGldZLdL7tZRxq3sqOzme3TQt
HwOxQTmR/S3dYflFo6vvz5IDXeNm4stiykwjmfzTWOX2ac6ifje430wKRvLVWOwk
1aylRp1DZXU594o8/bNcwT7FTM4NSx+GfM7VlEK3sAtc8nGclSslyB0s2+yEERiH
CR9jRD3h+WRIlA91RL64pNmbkY3ssnpO9q3hlPDYtx6npQP5/LrMs/bchwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJC6DgMl148zco8+E+o5ZxWya+mLMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEva0xvT0F5WFhqek55ano0VDZqbG5GYkpyNllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVcwaAwQA
Vcz3AwQAWSTHAwQAWSaGAwQAWSdbAwQAWS9eMA0GCSqGSIb3DQEBCwUAA4IBAQCz
hnaxaAM3RUJnJhOmcgofpa0VTYzYLYVk4N5pni3NIX0ATuv7Kv/5FPN/HCb8GTkm
DHqV6dVIq7IqLDglSb3et/81IxiBiZa6FUY7srjr6XE4U6Nfuodt7z3T28nZbPyf
IvoPFRhT1g8P+kIrrvt9niLEg/RB8Vn5O9cttT3vOwZaOOPVlhKnSMrjmyQ0v3SC
MgUmMrRSUCkDfSjhNHUPe2ieeGkS2nRCu2XEsMf8JxZcUfOV1r23SbRmVQOWTecM
MaNoxM7XEop8nvYuWM824P5NWSe4CwJKsD24l5unUTLRB6dXlMEHoVW6YYAe4bwm
6K1w6LiTIAV5NmxvxVY1
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:05 2024 by rpki-client on console-ams.rpki-client.org