Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/yxSNcTu5eVVt-wrdtjW9Tx8fabI.roa
File: yxSNcTu5eVVt-wrdtjW9Tx8fabI.roa (raw, json)
Hash identifier: rQElfC5rm48XSH3+IsFS3emxQbqmImmsOij8A9fYu1M=
Subject key identifier: CB:14:8D:71:3B:B9:79:55:6D:FB:0A:DD:B6:35:BD:4F:1F:1F:69:B2
Certificate issuer: /CN=13b89b80186332d441bb0515c47261c5ffa0616b
Certificate serial: 0189BA44F7EBA0B5FE302896888CAE00EE7C
Authority key identifier: 13:B8:9B:80:18:63:32:D4:41:BB:05:15:C4:72:61:C5:FF:A0:61:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/yxSNcTu5eVVt-wrdtjW9Tx8fabI.roa
Signing time: Thu 03 Aug 2023 07:20:29 +0000
ROA not before: Thu 03 Aug 2023 07:20:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39018
IP address blocks: 193.143.224.0/24 maxlen: 24
193.143.227.0/24 maxlen: 24
2a10:8f00::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ba:44:f7:eb:a0:b5:fe:30:28:96:88:8c:ae:00:ee:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=13b89b80186332d441bb0515c47261c5ffa0616b
Validity
Not Before: Aug 3 07:20:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cb148d713bb979556dfb0addb635bd4f1f1f69b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:a3:74:33:d6:4f:50:3e:67:5e:50:72:19:20:
b3:0a:fa:a8:9d:8a:d9:89:e7:db:53:3d:f1:20:ad:
4a:b5:e4:f8:5a:96:2b:b0:03:05:4c:77:fe:e1:d1:
b3:63:e9:57:c7:74:ee:61:69:11:e9:4c:e4:2b:bb:
7c:f5:40:79:42:40:53:68:51:c9:f6:88:72:83:11:
3f:60:57:22:e7:14:19:a7:e1:4d:6d:47:37:68:8b:
3b:58:60:25:90:9a:3a:9b:bf:af:29:8d:3e:a0:52:
3a:ec:8b:19:42:03:c0:be:ad:fe:10:e9:d5:62:58:
1c:e7:63:77:01:f1:f2:59:be:f1:53:93:8e:91:d1:
71:33:4a:58:79:6e:ed:10:b7:7e:76:19:89:2a:f2:
ff:22:2d:29:e0:95:0e:f2:70:0a:fb:d3:51:1e:ac:
64:2f:14:c8:64:49:9b:25:20:b8:e5:97:32:de:71:
d7:b6:6a:09:df:cc:60:26:b0:b0:ad:d9:5b:7e:ea:
89:64:3c:84:8d:2c:a8:bf:e6:1f:75:27:d2:10:f6:
bb:9d:f6:67:88:72:56:63:de:50:62:65:b3:f2:4f:
56:75:17:f2:9d:9e:ac:72:06:9d:5e:34:ec:09:8c:
44:06:a9:7b:cb:62:7c:63:dd:c5:d7:1d:00:b0:61:
3c:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:14:8D:71:3B:B9:79:55:6D:FB:0A:DD:B6:35:BD:4F:1F:1F:69:B2
X509v3 Authority Key Identifier:
keyid:13:B8:9B:80:18:63:32:D4:41:BB:05:15:C4:72:61:C5:FF:A0:61:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/yxSNcTu5eVVt-wrdtjW9Tx8fabI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/E7ibgBhjMtRBuwUVxHJhxf-gYWs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.143.224.0/24
193.143.227.0/24
IPv6:
2a10:8f00::/29
Signature Algorithm: sha256WithRSAEncryption
b4:12:ff:c3:71:d9:81:45:c6:3f:83:77:40:0d:f9:f4:d6:c6:
e3:7e:03:67:8d:2a:71:56:38:bd:d5:b1:e8:60:04:57:51:04:
ba:2b:14:2b:0f:8a:44:6e:41:36:e6:18:4a:d0:08:64:ba:2a:
7a:67:48:ad:45:53:29:74:c1:01:19:d0:e3:e6:1a:b1:0a:e7:
e1:e2:bb:7d:96:b1:68:0f:64:d3:7c:f6:ec:b3:c2:2d:9b:d4:
8a:c0:97:28:15:45:11:4a:27:fa:75:57:02:38:b0:3d:4b:e3:
3c:86:b3:b7:ce:e4:de:c6:26:22:3d:08:a5:9b:18:cb:dd:e7:
19:ef:98:2d:5b:9c:6d:36:8e:00:52:89:48:fb:65:8e:a8:8a:
b0:79:2f:4c:4a:3f:3f:57:f1:d1:f8:3d:56:c7:d9:a1:79:52:
71:54:13:97:2a:34:a7:96:61:9d:aa:d7:2b:78:d1:1d:3f:64:
a8:7d:f1:59:af:24:ce:94:10:35:af:0d:ed:c1:5b:0c:fe:ca:
33:89:de:47:b6:9a:17:75:c7:10:31:da:28:e2:9e:8c:53:92:
f6:d1:7e:a4:8a:e6:9c:ba:cf:70:78:c6:2f:92:d6:11:a9:ce:
5e:a5:aa:da:42:37:61:3d:73:42:a5:11:02:45:04:fd:ef:14:
a3:75:0b:b5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYm6RPfroLX+MCiWiIyuAO58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYjg5YjgwMTg2MzMyZDQ0MWJiMDUxNWM0NzI2MWM1ZmZh
MDYxNmIwHhcNMjMwODAzMDcyMDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjE0OGQ3MTNiYjk3OTU1NmRmYjBhZGRiNjM1YmQ0ZjFmMWY2OWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaN0M9ZPUD5nXlByGSCzCvqonYrZ
iefbUz3xIK1KteT4WpYrsAMFTHf+4dGzY+lXx3TuYWkR6UzkK7t89UB5QkBTaFHJ
9ohygxE/YFci5xQZp+FNbUc3aIs7WGAlkJo6m7+vKY0+oFI67IsZQgPAvq3+EOnV
Ylgc52N3AfHyWb7xU5OOkdFxM0pYeW7tELd+dhmJKvL/Ii0p4JUO8nAK+9NRHqxk
LxTIZEmbJSC45Zcy3nHXtmoJ38xgJrCwrdlbfuqJZDyEjSyov+YfdSfSEPa7nfZn
iHJWY95QYmWz8k9WdRfynZ6scgadXjTsCYxEBql7y2J8Y93F1x0AsGE8HQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMsUjXE7uXlVbfsK3bY1vU8fH2myMB8GA1UdIwQY
MBaAFBO4m4AYYzLUQbsFFcRyYcX/oGFrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTdpYmdCaGpNdFJCdXdVVnhISmh4Zi1nWVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82ZTVkYzMtYzdmYS00ZDM2LTkwOTUt
YzE5MjMyYmRhNDMwLzEveXhTTmNUdTVlVlZ0LXdyZHRqVzlUeDhmYWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82ZTVkYzMtYzdmYS00ZDM2LTkwOTUtYzE5MjMyYmRhNDMw
LzEvRTdpYmdCaGpNdFJCdXdVVnhISmh4Zi1nWVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwY/gAwQA
wY/jMA0EAgACMAcDBQMqEI8AMA0GCSqGSIb3DQEBCwUAA4IBAQC0Ev/DcdmBRcY/
g3dADfn01sbjfgNnjSpxVji91bHoYARXUQS6KxQrD4pEbkE25hhK0Ahkuip6Z0it
RVMpdMEBGdDj5hqxCufh4rt9lrFoD2TTfPbss8Itm9SKwJcoFUURSif6dVcCOLA9
S+M8hrO3zuTexiYiPQilmxjL3ecZ75gtW5xtNo4AUolI+2WOqIqweS9MSj8/V/HR
+D1Wx9mheVJxVBOXKjSnlmGdqtcreNEdP2SoffFZryTOlBA1rw3twVsM/sozid5H
tpoXdccQMdoo4p6MU5L20X6kiuacus9weMYvktYRqc5eparaQjdhPXNCpRECRQT9
7xSjdQu1
-----END CERTIFICATE-----
Generated at Tue Oct 24 12:42:42 2023 by rpki-client on console-fra.rpki-client.org