Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/1b950f-9a3e-407f-98bf-305a6e75a389/1/zKxd9sa_QDPZ4iwEs_vpIWhq218.roa
File: zKxd9sa_QDPZ4iwEs_vpIWhq218.roa (raw, json)
Hash identifier: pgCxbi8knu76dm6yAOSz9iUvYZm7v4pVgAL/DYyc1BI=
Subject key identifier: CC:AC:5D:F6:C6:BF:40:33:D9:E2:2C:04:B3:FB:E9:21:68:6A:DB:5F
Certificate issuer: /CN=769dc32be17d9e4decd4fb7beee275e5783ea891
Certificate serial: 01856D2F41FB6406AC003DE15357A0BCD4BC
Authority key identifier: 76:9D:C3:2B:E1:7D:9E:4D:EC:D4:FB:7B:EE:E2:75:E5:78:3E:A8:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dp3DK-F9nk3s1Pt77uJ15Xg-qJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/1b950f-9a3e-407f-98bf-305a6e75a389/1/zKxd9sa_QDPZ4iwEs_vpIWhq218.roa
Signing time: Sun 01 Jan 2023 11:54:51 +0000
ROA not before: Sun 01 Jan 2023 11:54:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39838
IP address blocks: 89.39.219.0/24 maxlen: 24
89.39.217.0/24 maxlen: 24
89.39.220.0/24 maxlen: 24
89.42.121.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:2f:41:fb:64:06:ac:00:3d:e1:53:57:a0:bc:d4:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=769dc32be17d9e4decd4fb7beee275e5783ea891
Validity
Not Before: Jan 1 11:54:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ccac5df6c6bf4033d9e22c04b3fbe921686adb5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:58:f7:d2:bd:48:15:90:92:24:f9:f9:a7:c8:
fc:2a:54:57:84:ec:1e:b8:81:6d:d6:7d:54:99:1d:
56:a3:7e:b7:44:9b:97:24:b9:ae:8c:b4:42:13:a6:
d9:12:ab:0f:93:3f:00:f2:85:d1:04:73:13:f5:24:
ca:d6:66:10:9e:d0:8d:f5:0e:ba:2d:ac:b5:e3:fd:
2d:24:7f:61:ba:dc:f0:8f:ea:20:d3:87:98:1e:53:
72:53:13:70:f5:bc:3e:79:ee:19:c1:3c:16:05:25:
56:7e:21:53:24:f4:d4:4b:60:37:d5:c3:43:0f:7c:
b5:40:56:9c:1c:7a:25:e7:15:91:3b:80:98:27:fa:
56:c1:f5:52:f7:ff:20:95:be:5d:04:db:97:4d:2f:
3f:a4:36:ab:3b:24:0a:ab:8b:3c:03:06:ec:91:02:
b7:4c:a4:5a:e5:f0:94:5c:97:c5:73:d8:5c:82:ff:
93:28:a0:4a:bf:89:24:10:cf:29:32:fd:e7:fc:7a:
6d:21:51:5c:e0:c8:92:57:40:78:2b:08:49:a4:7f:
55:21:75:bb:3e:df:7d:45:0d:b1:d1:a3:3b:a7:a3:
59:5e:b4:9c:5f:29:d4:dd:0c:a7:f9:9b:06:75:28:
b6:89:b3:95:55:66:3c:e9:fc:be:9b:d1:56:dc:07:
70:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:AC:5D:F6:C6:BF:40:33:D9:E2:2C:04:B3:FB:E9:21:68:6A:DB:5F
X509v3 Authority Key Identifier:
keyid:76:9D:C3:2B:E1:7D:9E:4D:EC:D4:FB:7B:EE:E2:75:E5:78:3E:A8:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dp3DK-F9nk3s1Pt77uJ15Xg-qJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1b950f-9a3e-407f-98bf-305a6e75a389/1/zKxd9sa_QDPZ4iwEs_vpIWhq218.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1b950f-9a3e-407f-98bf-305a6e75a389/1/dp3DK-F9nk3s1Pt77uJ15Xg-qJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.39.217.0/24
89.39.219.0-89.39.220.255
89.42.121.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:fc:a2:9b:fd:d1:08:d4:4e:e8:40:ae:34:64:99:39:f4:fe:
f5:c9:02:27:6e:80:80:b1:5d:32:74:13:51:a1:6e:9b:b0:c0:
c4:6c:6c:03:69:f8:06:1d:73:2b:d5:b8:9b:3d:59:00:f7:e3:
90:d8:be:43:ba:3f:cd:ed:46:5f:93:8d:29:63:d1:b3:fc:8d:
d0:63:dc:c2:69:4c:06:6d:56:cc:41:56:e4:c1:1a:da:ad:ad:
c4:d1:39:e8:e4:5a:cd:d9:b9:17:21:f0:e6:03:1a:86:b4:26:
ee:a9:c6:60:70:7d:fc:4b:1a:ee:a5:0f:cd:31:d4:7b:7f:22:
ec:3c:df:12:dc:93:11:3a:e2:b6:a6:1d:82:17:b2:d0:cf:47:
c9:8b:ab:f5:fc:f8:58:e7:7c:c0:02:66:b9:2f:51:91:6a:90:
eb:5d:da:60:5d:00:c3:53:a1:8f:02:43:65:28:35:dc:d3:08:
5c:79:c5:fb:38:5a:1f:9d:a3:91:07:93:d3:34:aa:9d:ee:10:
0f:30:45:3b:6a:54:d3:19:07:9f:1c:b8:62:e3:75:66:54:62:
40:f4:c1:b5:d5:4f:84:76:e2:28:4f:76:a6:74:8e:15:e3:27:
27:9b:35:6b:90:2e:f0:de:04:48:97:f2:ac:2c:7b:c0:58:7c:
1d:1d:0e:2c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVtL0H7ZAasAD3hU1egvNS8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2OWRjMzJiZTE3ZDllNGRlY2Q0ZmI3YmVlZTI3NWU1Nzgz
ZWE4OTEwHhcNMjMwMTAxMTE1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2FjNWRmNmM2YmY0MDMzZDllMjJjMDRiM2ZiZTkyMTY4NmFkYjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1j30r1IFZCSJPn5p8j8KlRXhOwe
uIFt1n1UmR1Wo363RJuXJLmujLRCE6bZEqsPkz8A8oXRBHMT9STK1mYQntCN9Q66
Lay14/0tJH9hutzwj+og04eYHlNyUxNw9bw+ee4ZwTwWBSVWfiFTJPTUS2A31cND
D3y1QFacHHol5xWRO4CYJ/pWwfVS9/8glb5dBNuXTS8/pDarOyQKq4s8AwbskQK3
TKRa5fCUXJfFc9hcgv+TKKBKv4kkEM8pMv3n/HptIVFc4MiSV0B4KwhJpH9VIXW7
Pt99RQ2x0aM7p6NZXrScXynU3Qyn+ZsGdSi2ibOVVWY86fy+m9FW3AdwJwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFMysXfbGv0Az2eIsBLP76SFoattfMB8GA1UdIwQY
MBaAFHadwyvhfZ5N7NT7e+7ideV4PqiRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHAzREstRjluazNzMVB0Nzd1SjE1WGctcUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xYjk1MGYtOWEzZS00MDdmLTk4YmYt
MzA1YTZlNzVhMzg5LzEvekt4ZDlzYV9RRFBaNGl3RXNfdnBJV2hxMjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xYjk1MGYtOWEzZS00MDdmLTk4YmYtMzA1YTZlNzVhMzg5
LzEvZHAzREstRjluazNzMVB0Nzd1SjE1WGctcUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAWSfZMAwD
BABZJ9sDBABZJ9wDBABZKnkwDQYJKoZIhvcNAQELBQADggEBAA/8opv90QjUTuhA
rjRkmTn0/vXJAidugICxXTJ0E1GhbpuwwMRsbANp+AYdcyvVuJs9WQD345DYvkO6
P83tRl+TjSlj0bP8jdBj3MJpTAZtVsxBVuTBGtqtrcTROejkWs3ZuRch8OYDGoa0
Ju6pxmBwffxLGu6lD80x1Ht/Iuw83xLckxE64ramHYIXstDPR8mLq/X8+FjnfMAC
ZrkvUZFqkOtd2mBdAMNToY8CQ2UoNdzTCFx5xfs4Wh+do5EHk9M0qp3uEA8wRTtq
VNMZB58cuGLjdWZUYkD0wbXVT4R24ihPdqZ0jhXjJyebNWuQLvDeBEiX8qwse8BY
fB0dDiw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:51:51 2024 by rpki-client on console-ams.rpki-client.org