Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/sy-scgrK7uIDpzyBDE3hJQWtrGA.roa
File: sy-scgrK7uIDpzyBDE3hJQWtrGA.roa (raw, json)
Hash identifier: +crlmRk5T3xy+aG2NJEHKiZcxPw6qH7rji4UWUvzGkU=
Subject key identifier: B3:2F:AC:72:0A:CA:EE:E2:03:A7:3C:81:0C:4D:E1:25:05:AD:AC:60
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 068BEBF5
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/sy-scgrK7uIDpzyBDE3hJQWtrGA.roa
Signing time: Fri 01 Apr 2022 10:13:32 +0000
ROA not before: Fri 01 Apr 2022 10:13:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35830
IP address blocks: 193.56.67.0/24 maxlen: 24
193.56.75.0/24 maxlen: 24
91.243.190.0/24 maxlen: 24
31.40.210.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 109833205 (0x68bebf5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Apr 1 10:13:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b32fac720acaeee203a73c810c4de12505adac60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:7d:15:f4:54:dc:84:12:86:a7:9b:aa:4c:0a:
61:8a:52:59:37:55:8a:f2:e3:99:78:da:a7:8c:47:
47:ee:8e:95:03:b5:a4:74:d2:0d:1e:82:43:db:65:
c1:30:bc:8b:6e:fb:a2:21:4a:45:2e:e1:9d:d3:68:
61:f1:5b:05:91:b3:ef:5e:e0:b5:90:57:f1:ce:ca:
7e:01:2d:9c:62:44:93:73:b4:63:c1:07:95:a8:3d:
8c:b1:5f:5b:77:0b:db:01:7b:9b:8c:df:ea:7c:43:
51:8d:89:7c:69:fa:08:97:b7:75:48:ef:c3:c1:24:
df:82:ee:00:91:fa:77:52:7f:c7:c0:8c:8c:d5:1f:
30:40:6f:09:cc:ac:8b:51:a5:d5:e6:88:92:7a:4d:
32:08:14:2f:22:37:52:73:35:20:48:eb:e7:9f:c7:
b7:19:00:b5:ae:5b:c4:8b:08:42:7c:49:d3:ee:5c:
a7:e3:a3:8c:3c:03:26:0b:ad:bf:d9:0a:a7:c0:18:
fd:b1:59:23:9f:02:2a:e3:08:8b:af:ab:55:37:fb:
4d:87:bf:76:a5:31:ce:ce:99:e3:d1:95:19:d9:31:
1c:6a:bb:16:34:9b:79:36:35:88:cb:bf:3f:d8:56:
38:1b:52:1d:a6:15:7c:e9:54:b1:ac:75:51:89:3e:
f6:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:2F:AC:72:0A:CA:EE:E2:03:A7:3C:81:0C:4D:E1:25:05:AD:AC:60
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/sy-scgrK7uIDpzyBDE3hJQWtrGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.40.210.0/23
91.243.190.0/24
193.56.67.0/24
193.56.75.0/24
Signature Algorithm: sha256WithRSAEncryption
09:13:b0:71:d0:bb:f3:f1:97:b9:47:24:a6:fd:e2:26:a5:3e:
2b:be:ce:1c:30:1d:e2:d6:07:80:91:85:98:b0:6f:a5:61:de:
93:c7:fa:77:62:5e:a6:46:e4:cd:e7:1f:71:c3:54:a2:26:3a:
cd:de:f1:31:ba:47:f8:24:7b:c7:d6:ad:92:98:b0:a8:af:ec:
5e:13:9a:8f:32:16:48:cf:e9:2c:57:aa:4d:35:ae:6e:c5:e0:
32:c7:93:ca:9f:7a:3b:ba:f9:4b:7b:55:4d:ec:3f:27:dc:6f:
39:41:02:8f:53:96:d4:fe:01:dc:3b:c6:42:2a:55:96:3c:8b:
ec:de:91:1e:0c:2b:02:93:da:5f:25:1e:b3:80:a4:3f:92:39:
de:b1:9e:db:e8:e3:66:b0:11:cf:08:ef:88:74:80:6f:ef:e3:
17:0b:5d:b7:29:42:81:4a:e8:98:55:58:ff:53:b1:61:0d:90:
af:ae:6c:68:ff:5f:99:be:01:c1:86:d6:6d:22:26:86:d2:62:
cc:28:11:75:c3:58:04:6d:ba:54:37:93:97:92:30:00:1b:1d:
53:ed:21:96:a9:7b:b1:e5:54:4b:42:e3:40:c1:00:08:4b:8d:
11:41:11:55:c6:3e:18:37:4b:04:90:07:3a:39:16:91:85:f6:
fe:b8:37:0f
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEBovr9TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
Y2Q3NjE1OWJmZDllMzM3NTIzZWU5MzBmM2RmMTExZDZiYWU3MzA2MB4XDTIyMDQw
MTEwMTMzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjMyZmFjNzIwYWNh
ZWVlMjAzYTczYzgxMGM0ZGUxMjUwNWFkYWM2MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJt9FfRU3IQShqebqkwKYYpSWTdVivLjmXjap4xHR+6OlQO1
pHTSDR6CQ9tlwTC8i277oiFKRS7hndNoYfFbBZGz717gtZBX8c7KfgEtnGJEk3O0
Y8EHlag9jLFfW3cL2wF7m4zf6nxDUY2JfGn6CJe3dUjvw8Ek34LuAJH6d1J/x8CM
jNUfMEBvCcysi1Gl1eaIknpNMggULyI3UnM1IEjr55/HtxkAta5bxIsIQnxJ0+5c
p+OjjDwDJgutv9kKp8AY/bFZI58CKuMIi6+rVTf7TYe/dqUxzs6Z49GVGdkxHGq7
FjSbeTY1iMu/P9hWOBtSHaYVfOlUsax1UYk+9gcCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSzL6xyCsru4gOnPIEMTeElBa2sYDAfBgNVHSMEGDAWgBTM12FZv9njN1I+
6TDz3xEda65zBjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pOZGhXYl9aNHpkU1B1a3c4OThSSFd1dWN3WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTAvZjZhZGExLTdlOGEtNGIzZS1iN2U4LWY4NTg5ZjY4MjY5MS8x
L3N5LXNjZ3JLN3VJRHB6eUJERTNoSlFXdHJHQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTAv
ZjZhZGExLTdlOGEtNGIzZS1iN2U4LWY4NTg5ZjY4MjY5MS8xL3pOZGhXYl9aNHpk
U1B1a3c4OThSSFd1dWN3WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAR8o0gMEAFvzvgMEAME4QwMEAME4
SzANBgkqhkiG9w0BAQsFAAOCAQEACROwcdC78/GXuUckpv3iJqU+K77OHDAd4tYH
gJGFmLBvpWHek8f6d2JepkbkzecfccNUoiY6zd7xMbpH+CR7x9atkpiwqK/sXhOa
jzIWSM/pLFeqTTWubsXgMseTyp96O7r5S3tVTew/J9xvOUECj1OW1P4B3DvGQipV
ljyL7N6RHgwrApPaXyUes4CkP5I53rGe2+jjZrARzwjviHSAb+/jFwtdtylCgUro
mFVY/1OxYQ2Qr65saP9fmb4BwYbWbSImhtJizCgRdcNYBG26VDeTl5IwABsdU+0h
lql7seVUS0LjQMEACEuNEUERVcY+GDdLBJAHOjkWkYX2/rg3Dw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org