Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kai5q9hXWLuHxePNOSVJ61Mo_Tc.roa
File: kai5q9hXWLuHxePNOSVJ61Mo_Tc.roa (raw, json)
Hash identifier: TIO4YaYMA0EFYhatkYb/VP4l1q0CUIe1uLN0s4gHap0=
Subject key identifier: 91:A8:B9:AB:D8:57:58:BB:87:C5:E3:CD:39:25:49:EB:53:28:FD:37
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 018825498CFB19CA22AE42092CD8774468E6
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kai5q9hXWLuHxePNOSVJ61Mo_Tc.roa
Signing time: Tue 16 May 2023 15:59:17 +0000
ROA not before: Tue 16 May 2023 15:59:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.38.134.0/24 maxlen: 24
85.204.26.0/24 maxlen: 24
89.39.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:25:49:8c:fb:19:ca:22:ae:42:09:2c:d8:77:44:68:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: May 16 15:59:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91a8b9abd85758bb87c5e3cd392549eb5328fd37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:37:ac:36:d6:56:df:07:62:b7:e0:72:fe:c3:
d6:4e:04:ff:bf:22:d6:e2:2f:ce:d7:7f:5f:bd:95:
88:87:14:0c:0e:92:7f:22:2d:7e:f3:39:2f:8b:a1:
37:52:ed:4d:1e:a8:8a:b2:82:6e:2d:bf:f5:cd:b0:
6d:44:11:73:e9:77:42:de:d9:d1:19:e6:e7:f5:4e:
b7:11:da:4a:d5:41:27:f0:8b:a2:a1:8b:50:e0:71:
6d:44:77:b0:1b:11:2c:1f:a0:0a:1d:c6:eb:72:57:
ba:9e:ee:87:02:1d:b3:38:48:1d:be:18:01:8e:35:
ea:fe:97:eb:df:3a:04:a8:9a:8f:f3:20:08:10:4c:
5d:1e:73:49:56:6e:da:81:da:f0:9d:a4:ba:a5:73:
be:d5:8d:fc:05:a3:b3:be:70:60:d3:29:b3:fe:42:
44:fd:06:94:bb:ca:67:d9:1d:d0:6f:cd:8a:eb:6a:
97:9a:0e:b1:88:ec:70:ce:8b:27:4e:ae:04:e6:8a:
5a:49:a3:0f:1c:cb:e7:94:cf:e8:48:c3:70:9f:2a:
9b:80:a1:9d:61:26:fd:84:6b:3f:49:6c:86:ea:57:
4b:ea:30:3f:bc:f2:b8:ea:31:c5:dc:3a:72:05:4c:
de:19:3a:48:b4:f5:64:9c:32:50:5f:35:ad:f0:77:
13:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:A8:B9:AB:D8:57:58:BB:87:C5:E3:CD:39:25:49:EB:53:28:FD:37
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kai5q9hXWLuHxePNOSVJ61Mo_Tc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.26.0/24
89.38.134.0/24
89.39.91.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:cd:64:4b:a0:44:1b:10:56:d5:9e:44:b2:b8:55:89:54:6d:
a4:7f:ae:9f:2c:e2:a5:22:d3:5c:01:ec:fb:f9:98:04:9a:1c:
8e:38:04:d8:21:cf:8b:29:52:0e:a1:85:89:48:a1:4e:60:e6:
f3:7c:18:29:ce:08:cd:93:e1:ef:4f:36:f5:80:48:ab:43:b2:
13:f2:15:60:df:3b:8a:e0:dd:f4:af:83:09:92:13:85:26:27:
36:6f:6b:df:f6:27:73:64:be:f4:80:1b:1e:66:08:5a:76:88:
dc:59:b7:1f:1d:13:f7:57:cc:84:6f:c8:5c:3b:9e:94:48:5f:
63:3b:74:b0:07:b9:fb:3e:c2:69:55:9d:1e:3e:44:54:0d:68:
bf:69:7c:dc:e0:b8:2f:0b:9b:ea:ae:40:b4:3c:cf:9f:46:d8:
18:85:ed:e6:a8:76:65:42:89:ac:c3:3a:fd:44:a2:eb:f6:d9:
34:64:ba:41:0c:08:1f:50:2d:2f:e3:21:33:15:46:a6:3e:e3:
c5:3f:57:75:a4:2e:9a:af:74:55:dd:44:44:28:e6:15:dc:6d:
39:d7:3a:fe:db:a5:6c:40:9a:b7:92:41:0c:62:d5:97:72:58:
95:83:e2:84:6f:c6:7d:a4:e9:7d:82:15:f3:5a:b9:9c:4a:1a:
23:74:e3:00
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYglSYz7GcoirkIJLNh3RGjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjMwNTE2MTU1OTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWE4YjlhYmQ4NTc1OGJiODdjNWUzY2QzOTI1NDllYjUzMjhmZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDesNtZW3wdit+By/sPWTgT/vyLW
4i/O139fvZWIhxQMDpJ/Ii1+8zkvi6E3Uu1NHqiKsoJuLb/1zbBtRBFz6XdC3tnR
Gebn9U63EdpK1UEn8IuioYtQ4HFtRHewGxEsH6AKHcbrcle6nu6HAh2zOEgdvhgB
jjXq/pfr3zoEqJqP8yAIEExdHnNJVm7agdrwnaS6pXO+1Y38BaOzvnBg0ymz/kJE
/QaUu8pn2R3Qb82K62qXmg6xiOxwzosnTq4E5opaSaMPHMvnlM/oSMNwnyqbgKGd
YSb9hGs/SWyG6ldL6jA/vPK46jHF3DpyBUzeGTpItPVknDJQXzWt8HcTfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJGouavYV1i7h8XjzTklSetTKP03MB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEva2FpNXE5aFhXTHVIeGVQTk9TVko2MU1vX1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVcwaAwQA
WSaGAwQAWSdbMA0GCSqGSIb3DQEBCwUAA4IBAQAczWRLoEQbEFbVnkSyuFWJVG2k
f66fLOKlItNcAez7+ZgEmhyOOATYIc+LKVIOoYWJSKFOYObzfBgpzgjNk+HvTzb1
gEirQ7IT8hVg3zuK4N30r4MJkhOFJic2b2vf9idzZL70gBseZghadojcWbcfHRP3
V8yEb8hcO56USF9jO3SwB7n7PsJpVZ0ePkRUDWi/aXzc4LgvC5vqrkC0PM+fRtgY
he3mqHZlQomswzr9RKLr9tk0ZLpBDAgfUC0v4yEzFUamPuPFP1d1pC6ar3RV3URE
KOYV3G051zr+26VsQJq3kkEMYtWXcliVg+KEb8Z9pOl9ghXzWrmcShojdOMA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:34 2024 by rpki-client on console-fra.rpki-client.org