Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/3139332e3139342e32302e302f32342d3234203d3e20343031303339.roa
File: 3139332e3139342e32302e302f32342d3234203d3e20343031303339.roa (raw, json)
Hash identifier: nM7DgVjz8OZHYtrKaL/yZusKWB1r90usZ1kGuYbMfh4=
Subject key identifier: 77:60:3D:5C:CD:02:FA:D5:02:C8:C4:A4:20:AA:CD:30:2E:E8:C3:3B
Certificate issuer: /CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Certificate serial: 385E780A836FE330E8ECE1547DED81CDA0B83662
Authority key identifier: D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/3139332e3139342e32302e302f32342d3234203d3e20343031303339.roa
Signing time: Tue 21 May 2024 11:26:09 +0000
ROA not before: Tue 21 May 2024 11:21:09 +0000
ROA not after: Tue 20 May 2025 11:26:09 +0000
asID: 401039
IP address blocks: 193.194.20.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:5e:78:0a:83:6f:e3:30:e8:ec:e1:54:7d:ed:81:cd:a0:b8:36:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5c3d5e70fc9ad10ba90d45dc66454e9e3a146a8
Validity
Not Before: May 21 11:21:09 2024 GMT
Not After : May 20 11:26:09 2025 GMT
Subject: CN=77603D5CCD02FAD502C8C4A420AACD302EE8C33B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:d9:16:4f:37:c2:b9:e4:4e:9f:bf:5c:a4:3b:
68:ef:2a:3d:06:2b:12:3f:46:9e:0f:9b:22:16:f0:
55:d7:e3:40:12:2c:15:f5:eb:42:35:c7:58:71:69:
53:f2:3a:ca:48:bf:42:d8:63:8d:fc:9e:47:f5:7e:
f1:ba:17:54:ae:c0:ad:0e:b5:d2:70:3b:84:4a:5c:
33:82:84:dd:aa:6d:fd:84:62:ef:cc:7e:bb:a3:4a:
07:7e:c1:a4:b9:a9:a4:c6:9b:e7:2c:97:24:ec:2f:
10:6d:7e:21:e0:d7:42:3b:78:46:ad:0c:72:6a:a6:
62:d9:22:60:a4:bf:c2:0f:ae:ea:08:a4:be:cf:38:
56:5f:73:d0:56:76:63:47:ee:75:3a:6b:89:6a:88:
50:af:c5:80:25:8e:db:cf:1f:9b:dc:26:20:b8:26:
3c:5c:ef:e8:e4:ed:d7:9f:ac:cd:f6:c7:b2:56:20:
cf:86:1f:4d:8c:2b:20:bf:71:4e:3f:e4:bd:df:f1:
e9:a0:c2:2d:80:5c:18:9f:f9:52:fe:43:23:e8:18:
04:00:f9:e7:4a:b1:1c:58:de:be:de:01:1b:b0:15:
b4:00:ce:0e:b5:dc:4a:ec:b1:84:b7:b4:2e:25:1a:
76:25:9d:1a:ca:88:c8:75:7d:ba:38:92:99:0c:6c:
8d:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:60:3D:5C:CD:02:FA:D5:02:C8:C4:A4:20:AA:CD:30:2E:E8:C3:3B
X509v3 Authority Key Identifier:
keyid:D5:C3:D5:E7:0F:C9:AD:10:BA:90:D4:5D:C6:64:54:E9:E3:A1:46:A8
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/D5C3D5E70FC9AD10BA90D45DC66454E9E3A146A8.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1cPV5w_JrRC6kNRdxmRU6eOhRqg.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/0/3139332e3139342e32302e302f32342d3234203d3e20343031303339.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.194.20.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:ff:e7:73:50:ec:38:e8:a5:c5:4d:13:a5:66:c4:a6:19:bb:
b6:b5:ad:bc:a1:4f:4e:44:da:30:41:75:75:25:3c:88:c7:bf:
f4:0c:f7:1b:83:35:20:e1:ec:68:01:62:07:96:21:fc:66:03:
2a:8b:de:ff:7d:39:c9:70:c6:e6:df:a0:8a:93:b9:f1:f2:6d:
76:11:c7:5a:3a:3b:03:74:10:13:43:f6:9d:36:d2:44:b8:9a:
ef:2f:58:f2:77:98:f0:46:53:64:1f:b0:75:da:16:26:17:83:
6b:3c:11:61:70:e2:b7:f0:73:43:02:b9:01:53:dc:59:6a:97:
01:5b:d0:be:b1:d4:83:93:62:44:9f:6b:26:95:aa:99:82:2f:
e3:49:38:bb:c0:9a:84:a2:d5:7e:e7:df:0f:d3:78:ca:c7:f3:
ef:a0:e0:e3:c5:00:03:72:da:f6:6e:d4:52:2d:54:b2:4d:b5:
96:5c:17:b9:4d:e2:d2:ee:f4:9e:c6:66:40:2e:63:d3:39:b5:
b4:ed:00:7f:f7:05:8d:02:a1:79:c9:1b:85:7e:7b:64:91:56:
48:2f:dc:1b:18:41:94:a7:1c:41:2b:52:63:3b:78:15:9c:14:
80:6d:5a:dc:f3:93:f7:e3:46:70:3f:8b:15:c1:41:01:27:87:
c7:fa:f1:d4
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUOF54CoNv4zDo7OFUfe2BzaC4NmIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDVjM2Q1ZTcwZmM5YWQxMGJhOTBkNDVkYzY2NDU0ZTll
M2ExNDZhODAeFw0yNDA1MjExMTIxMDlaFw0yNTA1MjAxMTI2MDlaMDMxMTAvBgNV
BAMTKDc3NjAzRDVDQ0QwMkZBRDUwMkM4QzRBNDIwQUFDRDMwMkVFOEMzM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCG2RZPN8K55E6fv1ykO2jvKj0G
KxI/Rp4PmyIW8FXX40ASLBX160I1x1hxaVPyOspIv0LYY438nkf1fvG6F1SuwK0O
tdJwO4RKXDOChN2qbf2EYu/MfrujSgd+waS5qaTGm+cslyTsLxBtfiHg10I7eEat
DHJqpmLZImCkv8IPruoIpL7POFZfc9BWdmNH7nU6a4lqiFCvxYAljtvPH5vcJiC4
Jjxc7+jk7defrM32x7JWIM+GH02MKyC/cU4/5L3f8emgwi2AXBif+VL+QyPoGAQA
+edKsRxY3r7eARuwFbQAzg613ErssYS3tC4lGnYlnRrKiMh1fbo4kpkMbI2/AgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUd2A9XM0C+tUCyMSkIKrNMC7owzswHwYDVR0j
BBgwFoAU1cPV5w/JrRC6kNRdxmRU6eOhRqgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYx
NjdkLzAvRDVDM0Q1RTcwRkM5QUQxMEJBOTBENDVEQzY2NDU0RTlFM0ExNDZBOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjUFY1d19KclJDNmtOUmR4bVJVNmVP
aFJxZy5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDQwMzJjOGYt
MWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYxNjdkLzAvMzEzOTMzMmUzMTM5MzQyZTMy
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDMwMzEzMDMzMzkucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADBwhQwDQYJKoZIhvcNAQELBQADggEBAJ7/53NQ7DjopcVNE6VmxKYZu7a1rbyh
T05E2jBBdXUlPIjHv/QM9xuDNSDh7GgBYgeWIfxmAyqL3v99OclwxubfoIqTufHy
bXYRx1o6OwN0EBND9p020kS4mu8vWPJ3mPBGU2QfsHXaFiYXg2s8EWFw4rfwc0MC
uQFT3FlqlwFb0L6x1IOTYkSfayaVqpmCL+NJOLvAmoSi1X7n3w/TeMrH8++g4OPF
AANy2vZu1FItVLJNtZZcF7lN4tLu9J7GZkAuY9M5tbTtAH/3BY0CoXnJG4V+e2SR
Vkgv3BsYQZSnHEErUmM7eBWcFIBtWtzzk/fjRnA/ixXBQQEnh8f68dQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:53 2024 by rpki-client on console-ams.rpki-client.org