Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/KWosJAghuFUMuWcDPP2EZoPyFOM.roa
File: KWosJAghuFUMuWcDPP2EZoPyFOM.roa (raw, json)
Hash identifier: ioPHZx2Orq0w17J8g6J58/HHBewceBEhXvr7MeozLYs=
Subject key identifier: 29:6A:2C:24:08:21:B8:55:0C:B9:67:03:3C:FD:84:66:83:F2:14:E3
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 01856DAF68E5FCB582010BE1E4D150EF669D
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/KWosJAghuFUMuWcDPP2EZoPyFOM.roa
Signing time: Sun 01 Jan 2023 14:14:50 +0000
ROA not before: Sun 01 Jan 2023 14:14:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212219
IP address blocks: 213.142.148.0/24 maxlen: 32
213.142.151.0/24 maxlen: 24
213.142.159.0/24 maxlen: 24
80.253.246.0/24 maxlen: 32
91.151.88.0/24 maxlen: 32
91.151.89.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:af:68:e5:fc:b5:82:01:0b:e1:e4:d1:50:ef:66:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jan 1 14:14:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=296a2c240821b8550cb967033cfd846683f214e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:2a:1e:ac:ec:de:4e:27:9b:32:b8:db:2e:e6:
61:bd:bf:5d:6d:58:7f:86:b5:33:42:bf:c2:65:8d:
e3:72:72:1b:ce:ef:f2:f8:dc:c6:84:fd:ae:e8:00:
56:e6:d2:bb:a3:7b:f0:07:e3:c6:b0:e4:17:99:1c:
97:a5:d4:af:e3:66:e7:f4:7a:7d:bd:e2:da:54:6a:
bf:e4:64:5d:cd:91:2c:21:48:58:a6:7c:30:3e:a3:
9c:27:72:e2:0a:ef:d5:be:76:d8:46:63:32:a2:f2:
4a:13:1b:a1:ad:97:d7:8d:ca:f6:5c:0f:15:0f:a7:
6a:bd:b2:10:28:33:e4:6f:e8:47:e7:98:77:fb:5e:
89:a4:75:73:a1:33:4f:8a:01:a8:60:0a:6d:3f:a3:
c8:ec:c5:0a:11:b6:a4:af:48:ae:d7:c5:35:f6:5c:
7e:25:fc:59:21:df:4c:34:d4:4d:9f:69:1b:81:56:
ae:8d:07:ab:61:6c:dc:bb:3a:08:cd:ab:d2:31:69:
8f:cf:d3:a5:d5:9a:4a:c3:4a:b4:31:ad:57:01:b8:
8c:b0:ae:c5:03:bc:30:b4:2d:6b:f1:a4:38:dc:d5:
2f:cf:0b:d9:a3:32:70:50:0c:2f:1a:85:b2:6f:33:
54:c6:ae:ae:ce:c3:98:1a:c8:82:46:19:91:bd:8d:
05:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:6A:2C:24:08:21:B8:55:0C:B9:67:03:3C:FD:84:66:83:F2:14:E3
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/KWosJAghuFUMuWcDPP2EZoPyFOM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.246.0/24
91.151.88.0/23
213.142.148.0/24
213.142.151.0/24
213.142.159.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:94:06:67:15:d6:31:cf:d4:92:ae:44:91:f0:e7:18:cb:cb:
09:73:b3:01:3f:26:96:1d:23:8b:59:80:fb:ea:3a:ee:54:7f:
0e:8d:d1:9f:7d:ca:0e:2f:9c:3c:b7:07:ea:9b:f8:9c:0e:c5:
b0:69:81:8d:a5:88:cd:a2:25:80:62:52:db:8a:41:51:33:a0:
1e:b4:c8:b1:48:ac:f3:52:d9:bb:7b:78:d6:e6:ad:e2:24:03:
df:d1:2b:e5:0a:6f:ca:5d:0e:f1:35:29:f8:b9:0d:90:49:0d:
34:35:75:b2:b7:02:22:0a:ed:74:02:fd:f3:8f:58:f8:26:48:
1e:d3:a8:3a:30:fe:55:62:ae:14:44:89:c0:e7:f9:22:4c:1a:
34:6b:db:70:0e:12:6f:1a:8d:0f:a1:59:da:5c:bc:1a:6e:64:
e4:28:5f:6e:77:f3:28:4f:50:a8:a7:af:aa:99:2d:f4:92:a1:
af:62:63:dd:d2:13:e7:70:ae:4b:fa:5c:18:72:ac:06:3c:c6:
42:70:65:d2:81:1a:98:6d:de:75:98:12:23:b6:41:a5:27:5b:
23:bd:7b:49:2a:ef:29:fe:12:72:08:83:71:87:94:f0:ef:e2:
01:d2:18:25:a9:81:9f:c5:12:75:d8:8d:bd:98:52:8d:3b:f4:
75:64:8e:aa
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVtr2jl/LWCAQvh5NFQ72adMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMwMTAxMTQxNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZhMmMyNDA4MjFiODU1MGNiOTY3MDMzY2ZkODQ2NjgzZjIxNGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCoerOzeTiebMrjbLuZhvb9dbVh/
hrUzQr/CZY3jcnIbzu/y+NzGhP2u6ABW5tK7o3vwB+PGsOQXmRyXpdSv42bn9Hp9
veLaVGq/5GRdzZEsIUhYpnwwPqOcJ3LiCu/VvnbYRmMyovJKExuhrZfXjcr2XA8V
D6dqvbIQKDPkb+hH55h3+16JpHVzoTNPigGoYAptP6PI7MUKEbakr0iu18U19lx+
JfxZId9MNNRNn2kbgVaujQerYWzcuzoIzavSMWmPz9Ol1ZpKw0q0Ma1XAbiMsK7F
A7wwtC1r8aQ43NUvzwvZozJwUAwvGoWybzNUxq6uzsOYGsiCRhmRvY0FhwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFClqLCQIIbhVDLlnAzz9hGaD8hTjMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvS1dvc0pBZ2h1RlVNdVdjRFBQMkVab1B5Rk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUP32AwQB
W5dYAwQA1Y6UAwQA1Y6XAwQA1Y6fMA0GCSqGSIb3DQEBCwUAA4IBAQCslAZnFdYx
z9SSrkSR8OcYy8sJc7MBPyaWHSOLWYD76jruVH8OjdGffcoOL5w8twfqm/icDsWw
aYGNpYjNoiWAYlLbikFRM6AetMixSKzzUtm7e3jW5q3iJAPf0SvlCm/KXQ7xNSn4
uQ2QSQ00NXWytwIiCu10Av3zj1j4Jkge06g6MP5VYq4URInA5/kiTBo0a9twDhJv
Go0PoVnaXLwabmTkKF9ud/MoT1Cop6+qmS30kqGvYmPd0hPncK5L+lwYcqwGPMZC
cGXSgRqYbd51mBIjtkGlJ1sjvXtJKu8p/hJyCINxh5Tw7+IB0hglqYGfxRJ12I29
mFKNO/R1ZI6q
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:38 2024 by rpki-client on console-ams.rpki-client.org