Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e2030.roa
File: 3138352e3232332e3235342e302f32332d3234203d3e2030.roa (raw, json)
Hash identifier: 9v+AeOvvFsZ7AaAZp+DgnMxbBBti5O8lCsTg6Qc8I9g=
Subject key identifier: B3:B5:DE:A9:AE:B7:26:36:C7:88:59:5C:35:C0:88:B4:60:11:E4:FD
Certificate issuer: /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial: 307F79D1B9C731D98D660978A20FC2610EB42C6C
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e2030.roa
Signing time: Mon 27 Mar 2023 08:27:40 +0000
ROA not before: Mon 27 Mar 2023 08:22:40 +0000
ROA not after: Mon 25 Mar 2024 08:27:40 +0000
asID: 0
IP address blocks: 185.223.254.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:7f:79:d1:b9:c7:31:d9:8d:66:09:78:a2:0f:c2:61:0e:b4:2c:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Validity
Not Before: Mar 27 08:22:40 2023 GMT
Not After : Mar 25 08:27:40 2024 GMT
Subject: CN=B3B5DEA9AEB72636C788595C35C088B46011E4FD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:22:d9:1c:33:18:0f:15:d8:e0:7f:29:8e:a9:
f0:19:9b:aa:48:77:0e:c3:f7:a2:b7:18:95:22:06:
23:e2:47:2c:3b:5c:90:da:57:fd:ce:08:55:1f:6b:
e0:c7:e3:43:9e:f7:77:b3:33:05:fc:93:54:f2:f6:
1b:ab:82:4b:13:fd:ef:8e:31:35:7c:34:f1:7d:c3:
29:38:72:1c:f6:37:ab:0a:2f:ec:fb:8d:8e:1e:5a:
ef:77:23:e4:ac:09:77:84:10:53:c9:9a:2e:7d:e3:
22:65:a8:28:ca:1f:44:19:7f:d2:86:fc:61:9b:10:
3d:b2:17:83:d1:c5:3e:82:8a:07:66:e5:d1:f6:2d:
fe:9e:5a:7b:19:b3:51:f9:6b:02:f1:30:c5:cc:a4:
31:ad:47:d9:51:5e:d3:ff:ca:59:68:93:c2:e3:40:
83:49:4b:e9:31:48:87:5e:ba:b9:3a:70:c6:ae:c5:
a2:b0:83:28:28:9f:59:5a:2f:22:da:6e:df:df:33:
4b:d5:80:50:5f:32:f1:84:c5:ba:27:e8:3e:13:44:
df:e1:c4:2c:cf:d5:c7:dd:5d:db:1a:aa:d1:4d:ef:
94:3f:96:01:91:17:9c:57:72:49:b7:31:a6:8d:b1:
29:16:11:60:30:2c:9b:f0:5f:cd:eb:98:3a:cc:94:
e9:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:B5:DE:A9:AE:B7:26:36:C7:88:59:5C:35:C0:88:B4:60:11:E4:FD
X509v3 Authority Key Identifier:
keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e2030.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.223.254.0/23
Signature Algorithm: sha256WithRSAEncryption
0d:d8:09:b9:aa:76:2b:f5:c1:1f:db:78:a7:c6:73:84:bc:21:
e6:4c:31:4c:b2:86:83:dd:4e:d9:7b:7a:ae:83:72:50:9f:61:
9c:13:0a:38:32:28:53:2e:9f:18:b7:44:49:e8:d0:e2:9b:6e:
5c:82:13:19:18:e9:de:df:6d:db:78:a9:b9:c9:34:b1:14:69:
a9:2b:02:79:c3:ef:ad:96:b3:24:44:fd:87:1c:28:d8:3b:96:
96:d5:3a:1d:62:8c:96:9d:6f:58:d7:45:68:8c:25:fc:65:71:
bd:46:8d:c1:5c:90:2d:57:5a:70:5f:52:65:50:98:b6:ca:87:
05:33:79:a6:6d:8c:c8:00:3b:89:9b:57:5e:25:d6:f0:38:bd:
b6:a7:39:eb:08:aa:a8:27:cd:65:9d:84:bd:69:c8:85:5a:51:
c2:91:ec:b6:d6:fe:a5:75:8f:3d:24:2b:71:cc:50:88:ad:2c:
94:7f:8f:5c:14:f0:7d:f5:68:e7:10:e8:14:01:e7:19:1f:b0:
2d:09:75:c2:07:02:0a:1f:36:60:98:f3:b7:93:16:b8:ac:50:
5b:f3:44:56:5d:9d:40:d8:93:cd:02:c3:3f:af:de:b5:91:a1:
a7:00:8b:ec:09:e1:95:6b:6e:6c:39:ed:69:dc:be:24:f2:78:
99:9a:58:d3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUMH950bnHMdmNZgl4og/CYQ60LGwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yMzAzMjcwODIyNDBaFw0yNDAzMjUwODI3NDBaMDMxMTAvBgNV
BAMTKEIzQjVERUE5QUVCNzI2MzZDNzg4NTk1QzM1QzA4OEI0NjAxMUU0RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxItkcMxgPFdjgfymOqfAZm6pI
dw7D96K3GJUiBiPiRyw7XJDaV/3OCFUfa+DH40Oe93ezMwX8k1Ty9hurgksT/e+O
MTV8NPF9wyk4chz2N6sKL+z7jY4eWu93I+SsCXeEEFPJmi594yJlqCjKH0QZf9KG
/GGbED2yF4PRxT6Cigdm5dH2Lf6eWnsZs1H5awLxMMXMpDGtR9lRXtP/yllok8Lj
QINJS+kxSIdeurk6cMauxaKwgygon1laLyLabt/fM0vVgFBfMvGExbon6D4TRN/h
xCzP1cfdXdsaqtFN75Q/lgGRF5xXckm3MaaNsSkWEWAwLJvwX83rmDrMlOkXAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUs7Xeqa63JjbHiFlcNcCItGAR5P0wHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMjMyMzMyZTMy
MzUzNDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBud/+MA0G
CSqGSIb3DQEBCwUAA4IBAQAN2Am5qnYr9cEf23inxnOEvCHmTDFMsoaD3U7Ze3qu
g3JQn2GcEwo4MihTLp8Yt0RJ6NDim25cghMZGOne323beKm5yTSxFGmpKwJ5w++t
lrMkRP2HHCjYO5aW1TodYoyWnW9Y10VojCX8ZXG9Ro3BXJAtV1pwX1JlUJi2yocF
M3mmbYzIADuJm1deJdbwOL22pznrCKqoJ81lnYS9aciFWlHCkey21v6ldY89JCtx
zFCIrSyUf49cFPB99WjnEOgUAecZH7AtCXXCBwIKHzZgmPO3kxa4rFBb80RWXZ1A
2JPNAsM/r961kaGnAIvsCeGVa25sOe1p3L4k8niZmljT
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:23 2024 by rpki-client on console-fra.rpki-client.org