Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/tsryD7qUxiaHBKKNskiul-gxPM4.roa
File: tsryD7qUxiaHBKKNskiul-gxPM4.roa (raw, json)
Hash identifier: VYI8vdmgenVjNup9+ZcZRgzqW8KZQHyL+LwW0XRHBeE=
Subject key identifier: B6:CA:F2:0F:BA:94:C6:26:87:04:A2:8D:B2:48:AE:97:E8:31:3C:CE
Certificate issuer: /CN=13b89b80186332d441bb0515c47261c5ffa0616b
Certificate serial: 0187328903C07C8525A5CCBCC02CEE88FB33
Authority key identifier: 13:B8:9B:80:18:63:32:D4:41:BB:05:15:C4:72:61:C5:FF:A0:61:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/tsryD7qUxiaHBKKNskiul-gxPM4.roa
Signing time: Thu 30 Mar 2023 12:40:52 +0000
ROA not before: Thu 30 Mar 2023 12:40:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39018
IP address blocks: 193.143.224.0/24 maxlen: 24
193.143.227.0/24 maxlen: 24
193.143.248.0/24 maxlen: 24
2a10:8f00::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:32:89:03:c0:7c:85:25:a5:cc:bc:c0:2c:ee:88:fb:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=13b89b80186332d441bb0515c47261c5ffa0616b
Validity
Not Before: Mar 30 12:40:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b6caf20fba94c6268704a28db248ae97e8313cce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:a8:64:60:0d:76:ec:e6:d4:fb:ca:56:48:73:
a1:ac:5b:a4:e4:8d:4a:33:22:aa:9d:41:1e:fe:a8:
c6:d9:8a:1f:c4:d0:c8:9e:1f:a4:ea:96:5f:c3:e9:
cc:05:0e:27:c1:ef:82:31:46:8a:a8:ae:49:dd:cd:
ac:0e:d7:3e:ac:59:53:ab:7a:46:6f:df:26:0b:79:
ec:b9:7e:4e:66:36:0d:ef:71:5e:fd:d7:72:30:20:
21:5e:8f:e3:38:70:53:8b:f1:bd:9b:98:b3:0d:ac:
97:2a:ee:bc:c5:ba:7a:7b:9b:68:62:c8:64:93:66:
c8:d8:58:86:76:d5:4f:5e:56:de:f0:88:92:df:ca:
b8:4e:44:ab:10:d0:23:b7:57:ed:d9:97:47:ca:b6:
0f:c9:ee:d4:ad:f4:87:b7:36:b9:fc:22:97:8c:51:
9c:22:64:58:0c:1b:bb:bc:88:9c:64:95:77:fa:4d:
e4:a2:fa:88:07:fc:d2:30:5e:10:53:79:f3:e1:c8:
74:f8:af:10:32:94:35:51:2a:ef:3b:dd:e1:2c:82:
95:9f:6c:73:8b:00:67:21:dc:e0:29:ae:c4:80:47:
74:c4:cc:50:f2:72:39:f7:43:31:59:52:22:26:86:
ed:64:c9:5b:32:cc:74:53:aa:0a:29:30:18:fa:9f:
c4:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:CA:F2:0F:BA:94:C6:26:87:04:A2:8D:B2:48:AE:97:E8:31:3C:CE
X509v3 Authority Key Identifier:
keyid:13:B8:9B:80:18:63:32:D4:41:BB:05:15:C4:72:61:C5:FF:A0:61:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/tsryD7qUxiaHBKKNskiul-gxPM4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/E7ibgBhjMtRBuwUVxHJhxf-gYWs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.143.224.0/24
193.143.227.0/24
193.143.248.0/24
IPv6:
2a10:8f00::/29
Signature Algorithm: sha256WithRSAEncryption
a6:11:82:28:b9:de:a2:b0:f8:d6:9d:4f:65:4f:28:11:52:04:
1e:58:ed:19:8d:1f:ab:b5:0b:65:d8:c8:a5:33:76:44:a7:eb:
97:24:39:3d:d6:f0:a6:b3:95:e1:c1:08:90:43:00:5c:66:d5:
62:34:ab:6e:69:18:5e:af:c1:71:33:96:74:85:65:fd:d5:e9:
59:96:27:41:06:7d:ed:a8:5f:bd:4f:8e:93:03:7a:df:6c:5b:
3b:4e:36:4b:db:9a:9d:ff:bc:47:e0:f9:f4:37:6d:3f:1a:3d:
0b:8c:a1:90:1e:85:33:f1:8d:31:b9:5c:0e:7b:49:33:68:98:
f9:ae:2b:85:ce:6d:d0:1a:18:01:f8:8a:5a:08:df:0e:12:e7:
45:ae:7c:4a:92:e5:c9:96:e3:26:1e:a6:a9:51:b7:d3:6a:ae:
60:2b:42:17:fb:ad:9d:cb:db:d7:fa:f2:07:7c:f8:3e:4b:91:
fd:92:71:db:9e:af:32:f1:98:d8:f7:31:e7:2d:02:bd:05:4b:
97:29:f3:d7:f7:b3:77:de:58:c0:29:a1:68:14:60:db:09:1b:
a3:2e:f3:3e:ef:46:c2:3b:f0:13:39:7f:5e:bf:14:41:6c:dd:
95:62:a9:a3:3a:51:fe:74:be:ef:c6:bc:32:da:e0:10:1b:94:
79:da:48:88
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYcyiQPAfIUlpcy8wCzuiPszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYjg5YjgwMTg2MzMyZDQ0MWJiMDUxNWM0NzI2MWM1ZmZh
MDYxNmIwHhcNMjMwMzMwMTI0MDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmNhZjIwZmJhOTRjNjI2ODcwNGEyOGRiMjQ4YWU5N2U4MzEzY2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkahkYA127ObU+8pWSHOhrFuk5I1K
MyKqnUEe/qjG2YofxNDInh+k6pZfw+nMBQ4nwe+CMUaKqK5J3c2sDtc+rFlTq3pG
b98mC3nsuX5OZjYN73Fe/ddyMCAhXo/jOHBTi/G9m5izDayXKu68xbp6e5toYshk
k2bI2FiGdtVPXlbe8IiS38q4TkSrENAjt1ft2ZdHyrYPye7UrfSHtza5/CKXjFGc
ImRYDBu7vIicZJV3+k3kovqIB/zSMF4QU3nz4ch0+K8QMpQ1USrvO93hLIKVn2xz
iwBnIdzgKa7EgEd0xMxQ8nI590MxWVIiJobtZMlbMsx0U6oKKTAY+p/ErwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLbK8g+6lMYmhwSijbJIrpfoMTzOMB8GA1UdIwQY
MBaAFBO4m4AYYzLUQbsFFcRyYcX/oGFrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTdpYmdCaGpNdFJCdXdVVnhISmh4Zi1nWVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82ZTVkYzMtYzdmYS00ZDM2LTkwOTUt
YzE5MjMyYmRhNDMwLzEvdHNyeUQ3cVV4aWFIQktLTnNraXVsLWd4UE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82ZTVkYzMtYzdmYS00ZDM2LTkwOTUtYzE5MjMyYmRhNDMw
LzEvRTdpYmdCaGpNdFJCdXdVVnhISmh4Zi1nWVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAwY/gAwQA
wY/jAwQAwY/4MA0EAgACMAcDBQMqEI8AMA0GCSqGSIb3DQEBCwUAA4IBAQCmEYIo
ud6isPjWnU9lTygRUgQeWO0ZjR+rtQtl2MilM3ZEp+uXJDk91vCms5XhwQiQQwBc
ZtViNKtuaRher8FxM5Z0hWX91elZlidBBn3tqF+9T46TA3rfbFs7TjZL25qd/7xH
4Pn0N20/Gj0LjKGQHoUz8Y0xuVwOe0kzaJj5riuFzm3QGhgB+IpaCN8OEudFrnxK
kuXJluMmHqapUbfTaq5gK0IX+62dy9vX+vIHfPg+S5H9knHbnq8y8ZjY9zHnLQK9
BUuXKfPX97N33ljAKaFoFGDbCRujLvM+70bCO/ATOX9evxRBbN2VYqmjOlH+dL7v
xrwy2uAQG5R52kiI
-----END CERTIFICATE-----
Generated at Thu Aug 3 07:42:12 2023 by rpki-client on console-fra.rpki-client.org