Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/917vKz46f89Ia8fcFBJI8cTCEQk.roa
File: 917vKz46f89Ia8fcFBJI8cTCEQk.roa (raw, json)
Hash identifier: yjs4X5Z/naVt05uxCLzk4lmbLgqAPEUUMPBHtR4UTRQ=
Subject key identifier: F7:5E:EF:2B:3E:3A:7F:CF:48:6B:C7:DC:14:12:48:F1:C4:C2:11:09
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 019193E9F9628481938E186606E60F03FB50
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/917vKz46f89Ia8fcFBJI8cTCEQk.roa
Signing time: Tue 27 Aug 2024 12:57:49 +0000
ROA not before: Tue 27 Aug 2024 12:57:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 397563
IP address blocks: 80.253.252.0/23 maxlen: 24
91.151.80.0/24 maxlen: 24
91.151.81.0/24 maxlen: 24
91.151.82.0/24 maxlen: 24
91.151.91.0/24 maxlen: 24
213.142.128.0/24 maxlen: 24
213.142.129.0/24 maxlen: 24
213.142.130.0/24 maxlen: 24
213.142.131.0/24 maxlen: 24
213.142.136.0/24 maxlen: 24
213.142.137.0/24 maxlen: 24
213.142.142.0/24 maxlen: 32
213.142.144.0/24 maxlen: 32
213.142.145.0/24 maxlen: 32
213.142.152.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:93:e9:f9:62:84:81:93:8e:18:66:06:e6:0f:03:fb:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Aug 27 12:57:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f75eef2b3e3a7fcf486bc7dc141248f1c4c21109
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:4e:95:aa:24:12:6e:4b:11:37:a5:a7:2c:41:
c2:9b:be:16:36:d9:6f:12:b8:71:70:c1:55:f1:24:
c4:4f:b2:a0:1f:74:b5:5a:82:31:e0:40:03:60:dc:
44:43:c9:6f:4e:ac:e5:a2:48:8a:18:e8:17:d6:16:
d3:6a:2a:84:3f:5b:76:1b:b0:06:f8:6f:32:09:c6:
6b:ba:e7:df:63:7a:2e:07:1c:d2:41:61:f0:30:b7:
e2:d0:3f:12:42:c3:40:76:17:14:c8:45:b2:1d:b0:
ad:ca:01:96:c8:7c:76:bd:83:f3:cd:33:b9:da:85:
d1:0a:d1:bb:9e:b8:28:71:6d:3b:95:6f:76:0e:ad:
8b:7c:fb:fc:c9:1c:b2:1b:29:4d:67:1e:c2:7d:0d:
d8:13:de:17:d2:1d:49:36:9b:7b:99:87:de:4c:e5:
33:4b:5f:5f:41:42:af:fe:d9:8b:5b:32:d5:c6:01:
76:65:79:8e:d9:77:ae:e6:a0:2a:82:a8:35:83:bd:
c2:1f:25:a6:84:66:02:f7:6d:11:f4:4c:53:d9:14:
5b:8a:79:47:18:73:35:a7:21:be:0e:4b:49:1a:33:
6c:85:4e:6a:80:9c:49:86:c8:08:a7:94:ed:ce:97:
64:84:dc:fe:85:5c:74:bd:b6:32:9c:cc:30:0f:85:
b0:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:5E:EF:2B:3E:3A:7F:CF:48:6B:C7:DC:14:12:48:F1:C4:C2:11:09
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/917vKz46f89Ia8fcFBJI8cTCEQk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.252.0/23
91.151.80.0-91.151.82.255
91.151.91.0/24
213.142.128.0/22
213.142.136.0/23
213.142.142.0/24
213.142.144.0/23
213.142.152.0/23
Signature Algorithm: sha256WithRSAEncryption
5b:16:01:d1:9d:31:c2:f9:61:ca:79:09:fd:3b:05:f5:8d:7d:
8a:17:e1:08:3f:5f:c0:d7:d1:58:fd:a8:88:59:9b:d2:b3:2b:
68:e2:c8:8e:9e:37:17:99:05:8a:70:bc:f7:11:5e:a4:3c:1f:
ce:2b:5c:bf:af:ca:84:74:01:b1:e6:00:c2:b5:93:66:56:4c:
a1:07:26:96:73:3c:9a:14:2e:40:78:c7:d4:a7:da:56:74:17:
79:72:71:56:00:bc:23:0b:45:f1:be:05:40:73:ef:e4:a8:52:
24:8e:94:69:6a:4d:e2:0a:c0:6b:bf:1d:a0:82:98:6a:5a:bc:
ab:59:0e:47:0d:32:86:f1:91:0f:8f:06:d5:d5:bb:07:7a:23:
b2:ba:b0:d6:39:ee:71:bc:d1:57:4b:6b:b5:00:d4:d7:f4:62:
8a:4b:a7:d9:68:db:94:58:d7:a8:eb:e8:20:30:76:b6:0d:92:
76:18:8d:62:05:1d:80:89:f2:b4:e8:ed:b0:87:85:dc:9b:92:
a1:73:d0:3e:72:67:8d:55:92:f6:27:a6:45:d7:8b:ac:df:dd:
c5:db:62:de:ed:64:cc:d4:4a:5f:01:59:c2:94:5d:0f:74:a4:
0f:be:7d:5e:dc:04:5d:29:ef:50:ee:11:fb:b2:92:c0:dd:1a:
19:f1:fc:42
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZGT6flihIGTjhhmBuYPA/tQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwODI3MTI1NzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzVlZWYyYjNlM2E3ZmNmNDg2YmM3ZGMxNDEyNDhmMWM0YzIxMTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE6VqiQSbksRN6WnLEHCm74WNtlv
ErhxcMFV8STET7KgH3S1WoIx4EADYNxEQ8lvTqzlokiKGOgX1hbTaiqEP1t2G7AG
+G8yCcZruuffY3ouBxzSQWHwMLfi0D8SQsNAdhcUyEWyHbCtygGWyHx2vYPzzTO5
2oXRCtG7nrgocW07lW92Dq2LfPv8yRyyGylNZx7CfQ3YE94X0h1JNpt7mYfeTOUz
S19fQUKv/tmLWzLVxgF2ZXmO2Xeu5qAqgqg1g73CHyWmhGYC920R9ExT2RRbinlH
GHM1pyG+DktJGjNshU5qgJxJhsgIp5TtzpdkhNz+hVx0vbYynMwwD4Ww5wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFPde7ys+On/PSGvH3BQSSPHEwhEJMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvOTE3dkt6NDZmODlJYThmY0ZCSkk4Y1RDRVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBUP38MAwD
BARbl1ADBABbl1IDBABbl1sDBALVjoADBAHVjogDBADVjo4DBAHVjpADBAHVjpgw
DQYJKoZIhvcNAQELBQADggEBAFsWAdGdMcL5Ycp5Cf07BfWNfYoX4Qg/X8DX0Vj9
qIhZm9KzK2jiyI6eNxeZBYpwvPcRXqQ8H84rXL+vyoR0AbHmAMK1k2ZWTKEHJpZz
PJoULkB4x9Sn2lZ0F3lycVYAvCMLRfG+BUBz7+SoUiSOlGlqTeIKwGu/HaCCmGpa
vKtZDkcNMobxkQ+PBtXVuwd6I7K6sNY57nG80VdLa7UA1Nf0YopLp9lo25RY16jr
6CAwdrYNknYYjWIFHYCJ8rTo7bCHhdybkqFz0D5yZ41VkvYnpkXXi6zf3cXbYt7t
ZMzUSl8BWcKUXQ90pA++fV7cBF0p71DuEfuyksDdGhnx/EI=
-----END CERTIFICATE-----
Generated at Wed Sep 18 19:07:30 2024 by rpki-client on console-ams.rpki-client.org