Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/MSN_pPY-mFUpIsb_s9p1RBsK1Fg.roa
File: MSN_pPY-mFUpIsb_s9p1RBsK1Fg.roa (raw, json)
Hash identifier: sIKjF1oNKWWVBZNnQGnjIhHgDKqBN8ZknmGleS6uQbM=
Subject key identifier: 31:23:7F:A4:F6:3E:98:55:29:22:C6:FF:B3:DA:75:44:1B:0A:D4:58
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 01909D6BEDB5890A68C2924D62067DA30089
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/MSN_pPY-mFUpIsb_s9p1RBsK1Fg.roa
Signing time: Wed 10 Jul 2024 16:13:34 +0000
ROA not before: Wed 10 Jul 2024 16:13:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207429
IP address blocks: 80.253.244.0/24 maxlen: 24
91.151.81.0/24 maxlen: 24
213.142.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:9d:6b:ed:b5:89:0a:68:c2:92:4d:62:06:7d:a3:00:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jul 10 16:13:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=31237fa4f63e98552922c6ffb3da75441b0ad458
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:44:17:fb:1f:79:8e:fa:cf:5f:1e:69:1c:fc:
e7:b5:97:31:2b:e2:ec:30:34:47:e0:9c:9f:93:30:
14:9b:c0:d9:c0:cc:72:fd:2f:e5:f9:5f:23:03:dd:
ba:d5:26:10:cf:c8:b1:03:a9:47:dc:a9:08:f8:47:
66:10:a6:50:54:74:41:58:8b:7a:7a:0c:6f:94:b4:
0f:48:7c:65:0f:86:2b:6b:cf:ef:8b:65:6a:a8:72:
80:3c:b3:52:39:5a:ac:d7:12:30:9d:fc:c3:3e:e3:
52:79:ba:0d:ec:eb:f9:0c:be:92:9e:a5:3f:ee:db:
b9:d1:9d:65:e7:7a:b2:03:18:cc:ac:b8:a9:3c:c3:
2b:41:91:8e:a8:fd:de:66:d6:07:23:1c:bf:07:a0:
f8:f9:8b:86:ec:f4:be:2f:5e:a1:13:06:cb:81:96:
d1:12:a5:dc:64:36:73:b5:48:20:6b:5b:92:0a:ac:
45:bd:82:70:52:a4:59:e5:b0:50:a2:20:0b:0f:0a:
7c:f6:fb:36:a1:41:4a:bb:7e:cb:af:b7:53:ee:9a:
0d:3b:b6:c3:e7:01:d4:99:53:18:6a:b6:6f:35:12:
03:9c:23:eb:23:9c:89:44:44:08:a7:14:b8:5a:11:
d3:77:a5:bf:93:83:9f:38:ca:cb:a1:ce:30:eb:0b:
4b:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:23:7F:A4:F6:3E:98:55:29:22:C6:FF:B3:DA:75:44:1B:0A:D4:58
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/MSN_pPY-mFUpIsb_s9p1RBsK1Fg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.244.0/24
91.151.81.0/24
213.142.143.0/24
Signature Algorithm: sha256WithRSAEncryption
23:e3:cc:85:15:20:ac:19:6b:43:31:fa:d0:c8:cc:65:ca:3b:
ad:b4:fe:da:74:6c:9c:1b:b7:f9:c8:3d:7f:ed:a3:d7:ad:48:
34:71:0e:b5:47:29:03:55:cc:54:2e:7d:e2:7b:25:f3:44:fb:
7f:41:80:28:77:36:ca:f2:41:f4:39:ab:82:93:c3:e3:5e:5e:
c6:6d:7f:e5:54:77:1f:93:52:bf:d0:83:a7:4c:d9:0d:df:04:
b6:de:89:fc:ff:3f:69:e2:84:9f:2c:02:41:90:9d:39:80:a7:
92:a0:f0:a1:33:04:30:4a:b7:86:23:77:bb:d9:e8:04:3e:80:
41:4e:4f:51:85:cd:31:80:b8:5a:3e:30:4a:10:72:ae:a8:7c:
05:bf:c4:08:89:8d:37:81:93:5e:ad:d7:e6:f6:73:d4:33:bc:
f4:d7:7f:ec:75:fe:7f:58:66:5c:98:38:96:71:41:ab:a8:b3:
8c:84:d2:23:74:cc:1d:14:74:0a:d2:aa:be:93:f2:13:d2:cd:
f0:d6:c0:2e:79:ff:de:02:b5:98:1f:13:33:a7:d6:82:c0:98:
97:7a:2c:3b:d9:ce:c7:c0:e8:2e:c9:a6:e4:4c:84:45:f7:65:
66:4e:3d:b1:dc:16:54:3e:21:6d:3d:0c:9b:d4:90:93:ef:8a:
f1:14:cc:46
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZCda+21iQpowpJNYgZ9owCJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwNzEwMTYxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTIzN2ZhNGY2M2U5ODU1MjkyMmM2ZmZiM2RhNzU0NDFiMGFkNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEQX+x95jvrPXx5pHPzntZcxK+Ls
MDRH4JyfkzAUm8DZwMxy/S/l+V8jA9261SYQz8ixA6lH3KkI+EdmEKZQVHRBWIt6
egxvlLQPSHxlD4Yra8/vi2VqqHKAPLNSOVqs1xIwnfzDPuNSeboN7Ov5DL6SnqU/
7tu50Z1l53qyAxjMrLipPMMrQZGOqP3eZtYHIxy/B6D4+YuG7PS+L16hEwbLgZbR
EqXcZDZztUgga1uSCqxFvYJwUqRZ5bBQoiALDwp89vs2oUFKu37Lr7dT7poNO7bD
5wHUmVMYarZvNRIDnCPrI5yJREQIpxS4WhHTd6W/k4OfOMrLoc4w6wtLXQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDEjf6T2PphVKSLG/7PadUQbCtRYMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvTVNOX3BQWS1tRlVwSXNiX3M5cDFSQnNLMUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUP30AwQA
W5dRAwQA1Y6PMA0GCSqGSIb3DQEBCwUAA4IBAQAj48yFFSCsGWtDMfrQyMxlyjut
tP7adGycG7f5yD1/7aPXrUg0cQ61RykDVcxULn3ieyXzRPt/QYAodzbK8kH0OauC
k8PjXl7GbX/lVHcfk1K/0IOnTNkN3wS23on8/z9p4oSfLAJBkJ05gKeSoPChMwQw
SreGI3e72egEPoBBTk9Rhc0xgLhaPjBKEHKuqHwFv8QIiY03gZNerdfm9nPUM7z0
13/sdf5/WGZcmDiWcUGrqLOMhNIjdMwdFHQK0qq+k/IT0s3w1sAuef/eArWYHxMz
p9aCwJiXeiw72c7HwOguyabkTIRF92VmTj2x3BZUPiFtPQyb1JCT74rxFMxG
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:24:46 2025 by rpki-client