Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/L_sy5UzxXk9Ljr6C7gltJlI00IE.roa
File: L_sy5UzxXk9Ljr6C7gltJlI00IE.roa (raw, json)
Hash identifier: zIk6LXg4U2L5Qr32RG4MwYE3aHRjJKpNdyirgf9qD+o=
Subject key identifier: 2F:FB:32:E5:4C:F1:5E:4F:4B:8E:BE:82:EE:09:6D:26:52:34:D0:81
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018C7F0FBAA0AFEF5E7776A7F32C5C80C43E
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/L_sy5UzxXk9Ljr6C7gltJlI00IE.roa
Signing time: Mon 18 Dec 2023 22:33:06 +0000
ROA not before: Mon 18 Dec 2023 22:33:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212219
IP address blocks: 91.151.95.0/24 maxlen: 24
213.142.148.0/24 maxlen: 32
213.142.151.0/24 maxlen: 24
213.142.159.0/24 maxlen: 24
80.253.246.0/24 maxlen: 32
91.151.88.0/24 maxlen: 32
91.151.89.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:7f:0f:ba:a0:af:ef:5e:77:76:a7:f3:2c:5c:80:c4:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Dec 18 22:33:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2ffb32e54cf15e4f4b8ebe82ee096d265234d081
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:ee:72:7d:f1:c1:1f:e1:6b:de:71:99:ba:d0:
21:f2:37:5b:9e:1b:c4:d2:77:41:48:0c:b1:35:28:
9d:e7:8c:b8:eb:54:2a:27:f9:99:1c:50:50:7d:3c:
cb:0f:27:a3:33:4a:19:67:3a:5e:0f:cd:ec:1c:f5:
c9:21:dd:8c:24:4f:bd:f0:b3:bd:70:16:b8:bc:33:
54:e4:b6:3e:f9:e9:a8:4d:05:ac:76:d0:9f:20:f9:
30:e8:86:e0:9a:96:44:23:03:d9:8f:73:0b:1c:b9:
41:ed:9f:b4:7a:d7:94:d5:7d:c9:3b:ab:21:b2:48:
c2:49:ab:35:92:53:01:e5:cb:2f:27:90:57:d2:e3:
bf:89:b5:36:bb:c7:0b:27:b1:0d:6e:df:ca:9b:0a:
12:c7:93:c4:45:ec:70:8c:f4:24:fe:78:a2:5e:4f:
c4:11:72:6f:4b:58:c5:64:e5:55:c8:02:72:7a:01:
65:2f:4f:70:ac:c4:97:aa:03:a4:5a:02:da:98:89:
97:fb:a0:01:44:f9:b5:08:1d:b6:58:d6:66:5a:40:
b2:a4:e6:75:68:b2:24:a0:a8:6f:a8:81:69:22:10:
2f:3b:90:01:14:52:3c:c1:be:1e:20:1a:60:f5:f4:
56:0f:f9:8f:57:7e:58:b9:f8:2b:0d:d4:5e:43:2d:
d1:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:FB:32:E5:4C:F1:5E:4F:4B:8E:BE:82:EE:09:6D:26:52:34:D0:81
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/L_sy5UzxXk9Ljr6C7gltJlI00IE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.246.0/24
91.151.88.0/23
91.151.95.0/24
213.142.148.0/24
213.142.151.0/24
213.142.159.0/24
Signature Algorithm: sha256WithRSAEncryption
03:04:65:04:f4:f6:dc:48:1c:47:23:e8:be:be:e9:25:64:68:
e9:26:c3:03:71:fa:2b:9e:66:bf:20:b7:0b:00:12:91:6d:f2:
1e:f1:45:dd:a8:01:46:fa:e0:94:34:92:a6:1c:b2:4b:1b:bb:
ba:8a:10:70:6c:da:26:e7:d9:51:c5:e6:a8:1c:7a:c3:8e:e3:
c1:c0:6a:a5:d7:69:29:e0:a0:48:8f:5f:bf:d2:4b:99:b0:60:
cf:16:8c:82:79:d2:7c:8b:dd:10:6b:66:cc:97:c0:8c:70:74:
57:28:ff:28:2f:07:bf:92:62:97:38:5d:ff:84:b5:a9:e6:32:
96:de:93:75:8b:cf:8e:2c:05:df:80:5b:bd:5a:f9:49:69:df:
64:ae:2d:f7:ff:6d:e9:99:b6:f3:15:7c:dd:8b:35:c4:14:19:
57:aa:e6:82:28:20:b9:6a:be:14:4e:46:d2:ef:e3:ec:b8:be:
2b:a2:3f:ac:c2:6d:76:69:ec:35:c1:da:54:2d:94:f9:b2:51:
cb:67:71:88:29:f0:41:08:fb:63:8a:34:13:f6:5e:94:83:6d:
e4:c1:c8:ab:11:9d:84:fc:ba:43:c9:6a:96:09:39:48:99:ef:
d2:5a:c7:a4:be:00:7a:d4:46:2a:95:fb:34:23:31:91:ca:5f:
73:a7:26:1a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYx/D7qgr+9ed3an8yxcgMQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMxMjE4MjIzMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmZiMzJlNTRjZjE1ZTRmNGI4ZWJlODJlZTA5NmQyNjUyMzRkMDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+5yffHBH+Fr3nGZutAh8jdbnhvE
0ndBSAyxNSid54y461QqJ/mZHFBQfTzLDyejM0oZZzpeD83sHPXJId2MJE+98LO9
cBa4vDNU5LY++emoTQWsdtCfIPkw6IbgmpZEIwPZj3MLHLlB7Z+0eteU1X3JO6sh
skjCSas1klMB5csvJ5BX0uO/ibU2u8cLJ7ENbt/KmwoSx5PERexwjPQk/niiXk/E
EXJvS1jFZOVVyAJyegFlL09wrMSXqgOkWgLamImX+6ABRPm1CB22WNZmWkCypOZ1
aLIkoKhvqIFpIhAvO5ABFFI8wb4eIBpg9fRWD/mPV35YufgrDdReQy3RPQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFC/7MuVM8V5PS46+gu4JbSZSNNCBMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvTF9zeTVVenhYazlManI2QzdnbHRKbEkwMElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAUP32AwQB
W5dYAwQAW5dfAwQA1Y6UAwQA1Y6XAwQA1Y6fMA0GCSqGSIb3DQEBCwUAA4IBAQAD
BGUE9PbcSBxHI+i+vuklZGjpJsMDcfornma/ILcLABKRbfIe8UXdqAFG+uCUNJKm
HLJLG7u6ihBwbNom59lRxeaoHHrDjuPBwGql12kp4KBIj1+/0kuZsGDPFoyCedJ8
i90Qa2bMl8CMcHRXKP8oLwe/kmKXOF3/hLWp5jKW3pN1i8+OLAXfgFu9WvlJad9k
ri33/23pmbbzFXzdizXEFBlXquaCKCC5ar4UTkbS7+PsuL4roj+swm12aew1wdpU
LZT5slHLZ3GIKfBBCPtjijQT9l6Ug23kwcirEZ2E/LpDyWqWCTlIme/SWsekvgB6
1EYqlfs0IzGRyl9zpyYa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:04 2024 by rpki-client on console-fra.rpki-client.org