Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/FtSBrJZbySByVOcDqRTbf5bBJmw.roa
File: FtSBrJZbySByVOcDqRTbf5bBJmw.roa (raw, json)
Hash identifier: 3HmIebIRSWbpgipY5bncKB49SNFvMOc3+k/Py6IIBi8=
Subject key identifier: 16:D4:81:AC:96:5B:C9:20:72:54:E7:03:A9:14:DB:7F:96:C1:26:6C
Certificate issuer: /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial: 01912129ABD3FB3C9E38A09170229EBE890E
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/FtSBrJZbySByVOcDqRTbf5bBJmw.roa
Signing time: Mon 05 Aug 2024 06:11:04 +0000
ROA not before: Mon 05 Aug 2024 06:11:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35384
IP address blocks: 31.41.34.0/24 maxlen: 24
176.119.223.0/24 maxlen: 24
194.156.188.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:21:29:ab:d3:fb:3c:9e:38:a0:91:70:22:9e:be:89:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Validity
Not Before: Aug 5 06:11:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=16d481ac965bc9207254e703a914db7f96c1266c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:68:61:47:09:20:67:70:02:fb:57:00:13:69:
09:df:a0:4b:63:02:86:00:37:b3:57:6c:ef:97:fa:
45:e6:ec:46:28:be:b7:e6:e6:00:36:c7:43:06:cf:
d1:5d:f5:ed:9b:12:36:43:5a:35:31:0e:b2:51:15:
f3:db:93:30:08:00:4d:35:a1:a5:a6:b7:c2:01:66:
68:58:cc:5c:7a:56:63:48:2b:ed:51:4b:a4:4f:f2:
e6:ff:fa:b5:da:27:1d:d7:96:14:f8:d3:49:48:d4:
5f:91:95:f8:7a:3a:95:e8:03:73:ad:cb:35:2a:35:
43:d2:8b:a3:38:2d:a3:60:af:17:7a:41:1a:bd:10:
f7:e5:1c:ae:66:bc:ee:d4:6f:ca:7d:f9:bc:61:5b:
20:34:2f:e1:a1:b3:38:95:c8:e4:10:ed:74:33:b6:
dc:fb:e8:38:5b:2a:cc:78:7c:1d:59:a0:74:60:6c:
45:dd:8d:7c:1c:5e:8c:c1:76:6c:80:d9:c3:7d:c6:
99:17:a5:73:16:54:27:53:57:3a:3b:1d:ea:fa:8b:
48:82:26:8b:b8:d1:d4:38:bf:22:bb:cc:fd:1a:8d:
9f:3b:1e:b9:ca:6c:12:54:8a:1e:27:a4:1e:5b:58:
2b:49:7a:f6:19:54:e8:7a:27:24:ca:98:8e:45:99:
6b:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:D4:81:AC:96:5B:C9:20:72:54:E7:03:A9:14:DB:7F:96:C1:26:6C
X509v3 Authority Key Identifier:
keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/FtSBrJZbySByVOcDqRTbf5bBJmw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.34.0/24
176.119.223.0/24
194.156.188.0/24
Signature Algorithm: sha256WithRSAEncryption
66:c2:55:31:d1:02:8e:9a:be:f3:a0:90:74:95:1b:4c:1e:d3:
c6:92:28:ff:f4:15:4f:0a:40:7d:03:e7:23:de:e9:f4:83:e7:
c1:bb:3f:1f:c5:67:ef:00:92:0f:37:c1:72:ab:e0:b1:c4:af:
df:26:1f:74:6b:46:3a:fe:a9:c1:17:97:56:57:bc:80:2a:be:
d8:50:f5:ad:bf:7b:fb:72:bd:22:e4:a3:2e:d3:e7:80:34:c0:
0b:dc:f2:71:b5:a1:89:20:04:5f:30:a8:b7:1b:20:ca:c0:ed:
19:04:9a:97:38:f6:8e:91:63:bb:32:3d:e8:9d:0b:62:08:39:
e0:33:af:ee:e5:93:d5:85:ae:e8:ac:01:9b:e8:de:32:d6:38:
71:9b:bc:45:56:03:e9:94:cb:d7:e4:a5:9c:7a:e1:3b:bd:e5:
dc:58:f7:15:b2:c8:25:64:09:79:06:af:35:63:80:59:c5:29:
6d:62:a8:20:0c:fa:f0:f9:2b:a2:1d:b5:9d:4b:8e:5e:69:71:
7a:42:df:4d:5b:07:43:db:a1:f3:b9:c6:6b:fb:91:5e:29:4a:
8b:66:1c:6c:e4:68:03:dc:66:12:b8:f7:b0:5f:26:26:07:44:
98:c4:08:24:59:f3:07:b3:2a:ba:7b:c6:50:3e:d9:ec:0b:02:
f3:1c:ea:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZEhKavT+zyeOKCRcCKevokOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjQwODA1MDYxMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ0ODFhYzk2NWJjOTIwNzI1NGU3MDNhOTE0ZGI3Zjk2YzEyNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymhhRwkgZ3AC+1cAE2kJ36BLYwKG
ADezV2zvl/pF5uxGKL635uYANsdDBs/RXfXtmxI2Q1o1MQ6yURXz25MwCABNNaGl
prfCAWZoWMxcelZjSCvtUUukT/Lm//q12icd15YU+NNJSNRfkZX4ejqV6ANzrcs1
KjVD0oujOC2jYK8XekEavRD35RyuZrzu1G/Kffm8YVsgNC/hobM4lcjkEO10M7bc
++g4WyrMeHwdWaB0YGxF3Y18HF6MwXZsgNnDfcaZF6VzFlQnU1c6Ox3q+otIgiaL
uNHUOL8iu8z9Go2fOx65ymwSVIoeJ6QeW1grSXr2GVToeickypiORZlr3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBbUgayWW8kgclTnA6kU23+WwSZsMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvRnRTQnJKWmJ5U0J5Vk9jRHFSVGJmNWJCSm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAHykiAwQA
sHffAwQAwpy8MA0GCSqGSIb3DQEBCwUAA4IBAQBmwlUx0QKOmr7zoJB0lRtMHtPG
kij/9BVPCkB9A+cj3un0g+fBuz8fxWfvAJIPN8Fyq+CxxK/fJh90a0Y6/qnBF5dW
V7yAKr7YUPWtv3v7cr0i5KMu0+eANMAL3PJxtaGJIARfMKi3GyDKwO0ZBJqXOPaO
kWO7Mj3onQtiCDngM6/u5ZPVha7orAGb6N4y1jhxm7xFVgPplMvX5KWceuE7veXc
WPcVssglZAl5Bq81Y4BZxSltYqggDPrw+SuiHbWdS45eaXF6Qt9NWwdD26HzucZr
+5FeKUqLZhxs5GgD3GYSuPewXyYmB0SYxAgkWfMHsyq6e8ZQPtnsCwLzHOqP
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:03:34 2025 by rpki-client