Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2FnrVYSUpYnjRLr2gJlH0pdm3iA.roa
File: 2FnrVYSUpYnjRLr2gJlH0pdm3iA.roa (raw, json)
Hash identifier: e62qSR+cfH3S6zhzrck8HA6h+wEyJggLDdYs9aX4NCE=
Subject key identifier: D8:59:EB:55:84:94:A5:89:E3:44:BA:F6:80:99:47:D2:97:66:DE:20
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018FB9B957C21B92522AA6A5EE2AD30B3466
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2FnrVYSUpYnjRLr2gJlH0pdm3iA.roa
Signing time: Mon 27 May 2024 11:04:42 +0000
ROA not before: Mon 27 May 2024 11:04:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 400866
IP address blocks: 89.34.171.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:b9:b9:57:c2:1b:92:52:2a:a6:a5:ee:2a:d3:0b:34:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: May 27 11:04:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d859eb558494a589e344baf6809947d29766de20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:11:fe:6f:01:b5:d5:a4:c5:fa:ea:cd:0e:05:
e7:9b:5a:3c:c1:a2:1c:31:c0:c5:00:44:b3:56:7f:
38:a8:93:f8:ad:be:3a:73:11:c5:0c:db:1f:6e:62:
07:03:64:81:24:e5:eb:30:2b:2b:90:ca:d4:e6:6f:
a9:bb:54:b0:4f:a8:a0:51:be:db:1a:a2:78:df:e2:
9a:d6:41:d6:2d:c0:56:c9:e3:ef:b2:c1:76:a1:82:
3d:5b:dc:a3:8a:d3:3d:53:53:bc:64:0e:1a:c5:e0:
25:ac:25:86:5a:92:1b:32:2b:bb:eb:35:54:53:c7:
8b:f0:60:36:6a:c9:c0:9b:b8:1e:b6:1d:18:16:ae:
fa:02:00:c6:46:b6:75:24:25:66:0f:e2:be:b6:98:
5a:54:01:d2:df:ab:52:0b:0b:5f:90:70:02:52:b9:
e9:39:d2:92:c6:0b:49:d6:10:dd:8e:48:1d:01:09:
53:4f:88:52:f5:b5:3d:00:b1:55:8a:8b:f9:94:4e:
dc:3d:68:bd:51:ba:45:0d:b9:c0:6b:3f:eb:d9:1c:
58:40:d3:75:e5:27:16:1a:28:00:be:08:4e:a8:a2:
74:7a:08:91:4f:f1:f0:b0:c8:82:2c:2f:b3:9c:68:
32:1f:3b:be:f1:4f:0e:15:78:b1:a8:bd:6b:35:28:
73:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:59:EB:55:84:94:A5:89:E3:44:BA:F6:80:99:47:D2:97:66:DE:20
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2FnrVYSUpYnjRLr2gJlH0pdm3iA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.171.0/24
Signature Algorithm: sha256WithRSAEncryption
48:25:07:dd:d3:c0:eb:64:59:0c:6f:1b:c0:52:5a:2f:0e:db:
2f:82:b0:a7:b2:cf:0d:a3:c1:71:32:8a:b7:49:06:ab:9f:22:
10:97:fc:86:fe:35:20:f0:54:34:c9:36:b7:51:09:1f:9c:24:
7f:ed:cb:27:9e:f9:5b:4e:6a:b2:10:0a:a1:33:d8:e2:01:10:
fd:c7:41:8a:a3:c0:e0:40:62:4c:14:89:24:7c:75:f1:80:dd:
33:f7:6f:3e:19:5b:9a:ef:f1:0d:b8:45:c9:83:6e:b1:f4:8c:
4d:f4:fa:bd:e6:21:7d:a9:04:81:66:c0:66:91:f1:df:e9:42:
c4:fd:1a:b3:bb:32:24:dc:08:2e:87:fd:63:4a:c5:6f:44:f6:
b8:32:88:b6:9a:be:a7:bd:f5:20:e2:3c:13:ca:95:84:34:3e:
46:a6:71:45:7c:56:7b:ec:81:64:fb:d1:5c:42:50:ec:08:25:
cf:e6:12:af:99:1e:30:69:89:51:d7:50:0b:d6:14:8c:93:eb:
f8:ad:e9:82:84:96:19:45:40:f6:2a:88:ce:02:be:78:0c:17:
54:da:96:b5:81:38:28:6a:24:95:74:e5:23:0d:83:6e:56:00:
73:46:20:54:3e:be:c7:90:80:c2:02:6a:87:c2:82:b3:79:85:
c3:5e:59:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+5uVfCG5JSKqal7irTCzRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwNTI3MTEwNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODU5ZWI1NTg0OTRhNTg5ZTM0NGJhZjY4MDk5NDdkMjk3NjZkZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphH+bwG11aTF+urNDgXnm1o8waIc
McDFAESzVn84qJP4rb46cxHFDNsfbmIHA2SBJOXrMCsrkMrU5m+pu1SwT6igUb7b
GqJ43+Ka1kHWLcBWyePvssF2oYI9W9yjitM9U1O8ZA4axeAlrCWGWpIbMiu76zVU
U8eL8GA2asnAm7geth0YFq76AgDGRrZ1JCVmD+K+tphaVAHS36tSCwtfkHACUrnp
OdKSxgtJ1hDdjkgdAQlTT4hS9bU9ALFViov5lE7cPWi9UbpFDbnAaz/r2RxYQNN1
5ScWGigAvghOqKJ0egiRT/HwsMiCLC+znGgyHzu+8U8OFXixqL1rNShzNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhZ61WElKWJ40S69oCZR9KXZt4gMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvMkZuclZZU1VwWW5qUkxyMmdKbEgwcGRtM2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSKrMA0G
CSqGSIb3DQEBCwUAA4IBAQBIJQfd08DrZFkMbxvAUlovDtsvgrCnss8No8FxMoq3
SQarnyIQl/yG/jUg8FQ0yTa3UQkfnCR/7csnnvlbTmqyEAqhM9jiARD9x0GKo8Dg
QGJMFIkkfHXxgN0z928+GVua7/ENuEXJg26x9IxN9Pq95iF9qQSBZsBmkfHf6ULE
/RqzuzIk3Aguh/1jSsVvRPa4Moi2mr6nvfUg4jwTypWEND5GpnFFfFZ77IFk+9Fc
QlDsCCXP5hKvmR4waYlR11AL1hSMk+v4remChJYZRUD2KojOAr54DBdU2pa1gTgo
aiSVdOUjDYNuVgBzRiBUPr7HkIDCAmqHwoKzeYXDXlmO
-----END CERTIFICATE-----
Generated at Fri Aug 2 12:06:49 2024 by rpki-client on console-fra.rpki-client.org