Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3231312e33352e302f32342d3234203d3e2030.roa
File: 3138352e3231312e33352e302f32342d3234203d3e2030.roa (raw, json)
Hash identifier: TmylRj/DUuk62FtoOWY0kIsNE0pu0wVakKihdnHRTSk=
Subject key identifier: 85:A4:A2:15:2E:AC:28:75:08:DF:AF:C0:B9:8C:97:2E:DD:50:A6:1C
Certificate issuer: /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial: 27416C26D3708EF1C583491FC27D3DB016C95A18
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3231312e33352e302f32342d3234203d3e2030.roa
Signing time: Mon 27 Mar 2023 08:27:40 +0000
ROA not before: Mon 27 Mar 2023 08:22:40 +0000
ROA not after: Mon 25 Mar 2024 08:27:40 +0000
asID: 0
IP address blocks: 185.211.35.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:41:6c:26:d3:70:8e:f1:c5:83:49:1f:c2:7d:3d:b0:16:c9:5a:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Validity
Not Before: Mar 27 08:22:40 2023 GMT
Not After : Mar 25 08:27:40 2024 GMT
Subject: CN=85A4A2152EAC287508DFAFC0B98C972EDD50A61C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:83:9b:78:b6:7f:18:4b:72:76:66:3c:69:4c:
b7:aa:0b:1e:98:a2:fa:1d:65:07:36:dd:10:0f:6b:
4f:cd:a0:0e:64:6a:ab:6a:de:4f:2f:bb:4b:80:bf:
a9:ad:38:99:b0:a3:16:9b:bd:67:fc:bd:e4:72:44:
c2:0b:ef:93:8e:29:f1:52:58:ef:ce:0e:c4:a3:48:
bd:6f:ac:d7:71:8e:4c:50:8e:53:a0:41:87:10:29:
eb:54:33:22:39:d5:9e:2b:f3:91:7e:ce:38:26:a3:
9a:de:61:ae:58:da:2f:ca:10:1f:5b:e3:a6:12:73:
ec:12:10:a3:49:06:87:3e:16:80:6d:12:7e:8a:53:
ad:2b:d2:88:41:cf:ff:a8:cc:cb:10:15:4d:c1:b7:
39:ca:cb:07:97:a6:91:3b:f9:8a:23:4d:fa:11:83:
1d:3d:77:72:59:48:fa:bc:2a:28:f6:72:84:4c:a9:
cc:78:cc:83:49:b2:0f:8c:ef:61:c9:62:79:06:bf:
18:67:d7:6f:99:ec:3d:e9:27:b8:c0:eb:f0:80:7e:
05:bd:6e:9e:3a:16:0a:9c:81:f8:44:24:2b:0e:81:
56:e1:05:ff:56:f5:8d:42:e7:5c:e6:91:7c:f2:7d:
ba:a7:f7:fd:93:4a:af:3f:6c:1d:be:ab:1c:f6:48:
fc:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A4:A2:15:2E:AC:28:75:08:DF:AF:C0:B9:8C:97:2E:DD:50:A6:1C
X509v3 Authority Key Identifier:
keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3231312e33352e302f32342d3234203d3e2030.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.211.35.0/24
Signature Algorithm: sha256WithRSAEncryption
25:01:20:f8:86:a2:89:9e:36:2b:eb:ef:f4:3b:ce:37:84:a4:
b1:0d:5e:d6:0f:7e:c8:72:32:fa:81:40:c1:15:b9:99:23:be:
aa:4b:bc:b2:48:da:db:00:21:ac:cc:45:9e:7e:1f:22:45:51:
40:eb:fe:e0:ac:88:e6:3d:4c:56:61:89:af:45:34:5f:6a:8d:
8f:c7:f7:71:8c:70:88:8d:78:40:4b:58:36:65:8f:da:e9:95:
cf:47:bf:8f:71:24:15:73:36:e6:af:ee:9b:ae:33:aa:36:f2:
a0:86:6f:49:b6:a3:34:6e:3e:a2:c8:da:b5:2d:bf:71:bd:df:
02:a1:45:d8:ae:84:ec:88:53:10:ae:87:46:17:72:0a:6c:3f:
25:c6:f4:8e:fb:7c:7c:fe:1a:76:32:ec:8f:cd:9b:7f:87:2a:
c3:8a:f2:c2:07:32:bf:fe:d0:0a:bf:04:d5:c7:ec:5e:2b:a4:
23:4c:42:55:32:b7:9b:42:4b:95:14:9b:05:cb:7d:31:76:a5:
fd:9c:80:a9:53:47:fc:e4:43:72:0b:ad:0a:3f:28:76:4d:b0:
02:a5:49:b9:25:f9:d6:59:2c:17:18:3e:60:b2:36:71:e6:56:
cb:b9:6b:d6:4d:db:86:ac:9a:ac:1c:85:b7:8a:f4:3d:75:1d:
5d:1a:fe:8d
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUJ0FsJtNwjvHFg0kfwn09sBbJWhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yMzAzMjcwODIyNDBaFw0yNDAzMjUwODI3NDBaMDMxMTAvBgNV
BAMTKDg1QTRBMjE1MkVBQzI4NzUwOERGQUZDMEI5OEM5NzJFREQ1MEE2MUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7g5t4tn8YS3J2ZjxpTLeqCx6Y
ovodZQc23RAPa0/NoA5kaqtq3k8vu0uAv6mtOJmwoxabvWf8veRyRMIL75OOKfFS
WO/ODsSjSL1vrNdxjkxQjlOgQYcQKetUMyI51Z4r85F+zjgmo5reYa5Y2i/KEB9b
46YSc+wSEKNJBoc+FoBtEn6KU60r0ohBz/+ozMsQFU3BtznKyweXppE7+YojTfoR
gx09d3JZSPq8Kij2coRMqcx4zINJsg+M72HJYnkGvxhn12+Z7D3pJ7jA6/CAfgW9
bp46FgqcgfhEJCsOgVbhBf9W9Y1C51zmkXzyfbqn9/2TSq8/bB2+qxz2SPxzAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUhaSiFS6sKHUI36/AuYyXLt1QphwwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMjMxMzEyZTMz
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnTIzANBgkq
hkiG9w0BAQsFAAOCAQEAJQEg+IaiiZ42K+vv9DvON4SksQ1e1g9+yHIy+oFAwRW5
mSO+qku8skja2wAhrMxFnn4fIkVRQOv+4KyI5j1MVmGJr0U0X2qNj8f3cYxwiI14
QEtYNmWP2umVz0e/j3EkFXM25q/um64zqjbyoIZvSbajNG4+osjatS2/cb3fAqFF
2K6E7IhTEK6HRhdyCmw/Jcb0jvt8fP4adjLsj82bf4cqw4rywgcyv/7QCr8E1cfs
XiukI0xCVTK3m0JLlRSbBct9MXal/ZyAqVNH/ORDcgutCj8odk2wAqVJuSX51lks
Fxg+YLI2ceZWy7lr1k3bhqyarByFt4r0PXUdXRr+jQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:23 2024 by rpki-client on console-fra.rpki-client.org