Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/3BWXgJt37Ve27Q-YlFpZkYR3bv4.roa
File: 3BWXgJt37Ve27Q-YlFpZkYR3bv4.roa (raw, json)
Hash identifier: 0IWtsYhxmwJQafhjnaNQvaHudaNfKql8klX8/Mj3aeI=
Subject key identifier: DC:15:97:80:9B:77:ED:57:B6:ED:0F:98:94:5A:59:91:84:77:6E:FE
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 01917549E5178F62A99790F631B07102E98F
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/3BWXgJt37Ve27Q-YlFpZkYR3bv4.roa
Signing time: Wed 21 Aug 2024 14:14:22 +0000
ROA not before: Wed 21 Aug 2024 14:14:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207633
IP address blocks: 213.142.132.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:75:49:e5:17:8f:62:a9:97:90:f6:31:b0:71:02:e9:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Aug 21 14:14:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dc1597809b77ed57b6ed0f98945a599184776efe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:29:d1:44:0d:a2:1b:ff:a8:cc:42:03:93:b8:
06:04:9a:44:2b:7b:f8:f6:08:7a:fc:9f:bb:ca:d2:
7f:d6:87:2b:f8:ef:9f:74:5d:db:6f:a6:6b:58:41:
40:60:3f:4f:68:e8:cf:77:8b:5f:38:7c:cd:df:ce:
87:16:68:60:39:6c:b2:37:26:31:95:fa:9a:28:88:
b9:24:5c:45:57:50:8c:b4:cf:79:b4:de:b2:cb:98:
0f:9d:6c:0a:a5:7d:fb:6f:f7:87:38:43:bc:62:ff:
2f:e2:30:ab:49:ea:44:1d:30:79:1f:2b:9b:77:bf:
06:48:11:38:9d:f9:d3:81:04:23:d5:f2:09:50:de:
c0:a8:df:eb:64:4e:b6:61:71:57:19:27:de:c9:2a:
da:64:ff:35:dd:ea:0b:7c:cf:fb:ee:87:25:b7:c5:
87:0b:85:1c:de:17:6a:8b:20:74:10:aa:cd:35:0a:
04:e7:d4:73:1c:53:40:04:1c:d3:4c:ba:7f:ea:a9:
d0:2a:a9:77:f5:18:a6:91:77:82:31:e4:c8:08:2c:
cb:59:d1:2a:a4:2f:19:0f:a5:24:30:6b:d3:63:3d:
e0:a6:36:e0:a3:a5:84:fd:02:ac:f4:e5:0c:c2:af:
72:a4:0a:0b:1c:14:cd:8f:6b:f2:7c:08:f1:2d:ce:
23:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:15:97:80:9B:77:ED:57:B6:ED:0F:98:94:5A:59:91:84:77:6E:FE
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/3BWXgJt37Ve27Q-YlFpZkYR3bv4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.142.132.0/24
Signature Algorithm: sha256WithRSAEncryption
33:6d:6c:08:c9:c9:b7:53:41:8c:f0:b5:45:65:78:93:d7:2b:
81:e2:ef:71:e5:ee:8f:9d:23:0f:5a:80:17:65:45:aa:eb:a7:
db:7d:ee:76:76:28:d4:ba:c5:71:49:27:f4:cb:ba:4c:59:93:
d6:fb:a7:45:97:a2:aa:6c:7f:63:f6:ac:fa:54:a1:19:a3:8a:
7e:f7:2c:3e:4c:b9:60:5c:b7:66:d6:02:e6:68:63:bb:19:69:
83:6d:68:f9:34:6d:8e:ff:08:52:dd:6c:ed:83:e6:1d:61:b8:
8f:b8:30:76:30:c0:dd:c4:c9:77:b8:a2:55:3e:7e:9b:39:ab:
a7:b4:3a:be:0e:c0:a0:fb:39:9b:95:1f:a6:5d:86:25:77:89:
7a:03:63:24:6d:e9:61:10:f6:da:7e:74:aa:50:e3:cc:28:88:
0d:0f:29:9c:92:97:4d:c8:8d:c3:5d:85:ea:75:3f:24:3a:e4:
e5:a2:f5:69:1a:be:87:d1:7b:f9:b7:bb:3c:78:a4:93:ea:69:
9e:ee:37:11:a6:50:15:83:1a:71:5e:1e:13:7d:f3:85:d8:73:
fe:9c:5f:c0:41:07:ae:6f:23:a7:6f:9e:29:9c:24:c4:82:42:
92:f3:c9:9a:e2:71:69:88:75:63:7a:67:93:e7:67:1f:9f:42:
5a:06:6d:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF1SeUXj2Kpl5D2MbBxAumPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwODIxMTQxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzE1OTc4MDliNzdlZDU3YjZlZDBmOTg5NDVhNTk5MTg0Nzc2ZWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApynRRA2iG/+ozEIDk7gGBJpEK3v4
9gh6/J+7ytJ/1ocr+O+fdF3bb6ZrWEFAYD9PaOjPd4tfOHzN386HFmhgOWyyNyYx
lfqaKIi5JFxFV1CMtM95tN6yy5gPnWwKpX37b/eHOEO8Yv8v4jCrSepEHTB5Hyub
d78GSBE4nfnTgQQj1fIJUN7AqN/rZE62YXFXGSfeySraZP813eoLfM/77oclt8WH
C4Uc3hdqiyB0EKrNNQoE59RzHFNABBzTTLp/6qnQKql39RimkXeCMeTICCzLWdEq
pC8ZD6UkMGvTYz3gpjbgo6WE/QKs9OUMwq9ypAoLHBTNj2vyfAjxLc4j2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwVl4Cbd+1Xtu0PmJRaWZGEd27+MB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvM0JXWGdKdDM3VmUyN1EtWWxGcFprWVIzYnY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y6EMA0G
CSqGSIb3DQEBCwUAA4IBAQAzbWwIycm3U0GM8LVFZXiT1yuB4u9x5e6PnSMPWoAX
ZUWq66fbfe52dijUusVxSSf0y7pMWZPW+6dFl6KqbH9j9qz6VKEZo4p+9yw+TLlg
XLdm1gLmaGO7GWmDbWj5NG2O/whS3Wztg+YdYbiPuDB2MMDdxMl3uKJVPn6bOaun
tDq+DsCg+zmblR+mXYYld4l6A2MkbelhEPbafnSqUOPMKIgNDymckpdNyI3DXYXq
dT8kOuTlovVpGr6H0Xv5t7s8eKST6mme7jcRplAVgxpxXh4TffOF2HP+nF/AQQeu
byOnb54pnCTEgkKS88ma4nFpiHVjemeT52cfn0JaBm1l
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:21:19 2025 by rpki-client