Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/OuUjCvNLnAIxxZuXSPvu_sxi520.roa
File: OuUjCvNLnAIxxZuXSPvu_sxi520.roa (raw, json)
Hash identifier: JHwA4NB4IqdQ4JBXdFg9g9wlgT74YiJmAmuHEYmOv5A=
Subject key identifier: 3A:E5:23:0A:F3:4B:9C:02:31:C5:9B:97:48:FB:EE:FE:CC:62:E7:6D
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 019113CF1852E3E52004C72D64DAD2E89420
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/OuUjCvNLnAIxxZuXSPvu_sxi520.roa
Signing time: Fri 02 Aug 2024 15:57:04 +0000
ROA not before: Fri 02 Aug 2024 15:57:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210574
IP address blocks: 213.142.133.0/24 maxlen: 24
213.142.134.0/24 maxlen: 24
213.142.157.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:13:cf:18:52:e3:e5:20:04:c7:2d:64:da:d2:e8:94:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Aug 2 15:57:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3ae5230af34b9c0231c59b9748fbeefecc62e76d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:e9:bb:a5:98:02:97:59:c2:b6:cd:bb:0c:92:
58:0d:95:fa:2e:2a:8d:19:6c:d3:be:a8:0b:99:97:
42:cc:b0:10:75:bc:f8:12:3e:42:96:6e:ac:5b:34:
d7:16:e5:d8:65:4c:cc:4b:36:65:74:52:31:a5:c2:
4b:04:8a:ac:1d:6e:8f:e1:d7:50:b9:d7:1c:39:1c:
f4:63:98:69:c1:01:03:17:3d:43:62:4d:33:6d:78:
bb:0a:a2:09:b8:69:46:d4:4c:68:5d:8a:17:10:3f:
c3:a1:a3:33:33:04:8e:81:0f:7b:ef:e5:5e:14:03:
71:d9:15:52:cb:96:f2:92:cd:06:0f:43:50:52:7c:
b0:22:99:8a:19:53:24:f2:cb:21:ae:54:6e:7c:9b:
99:74:75:b7:f5:9b:54:8e:35:68:0b:6a:4e:8c:26:
b8:c9:fe:46:cf:19:b5:7d:fd:31:c3:43:b0:ac:2d:
e7:97:8c:04:09:5a:d5:d3:9e:18:ab:c1:53:15:5c:
05:7b:4e:1b:78:37:0c:0c:d6:6e:cf:f5:dc:23:26:
c9:2b:02:3f:bc:1f:73:16:ad:51:ab:6b:06:d6:9c:
3d:ee:a0:3b:03:a8:70:a2:44:cd:3e:40:2b:34:c6:
57:a2:a3:29:96:d3:ac:0e:f1:be:06:0f:ac:7e:b3:
8a:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:E5:23:0A:F3:4B:9C:02:31:C5:9B:97:48:FB:EE:FE:CC:62:E7:6D
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/OuUjCvNLnAIxxZuXSPvu_sxi520.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.142.133.0-213.142.134.255
213.142.157.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:24:b4:ff:a6:55:c0:82:5c:e0:0d:59:b6:3a:d7:15:9c:bf:
50:42:46:3f:ac:29:19:f3:b5:9d:96:1c:65:b5:f7:cd:f0:0d:
a0:0d:43:72:1e:cd:74:f5:e4:0a:4b:bc:5d:6c:8a:49:a4:db:
d5:92:16:d1:ec:3f:72:5b:a3:4c:fa:29:69:41:2e:91:31:08:
43:7e:0c:5d:8f:8a:01:d6:28:20:fb:82:6c:f1:82:bc:da:2d:
73:37:a4:c1:2d:e7:d9:57:b2:a4:0a:ac:b7:97:4f:59:61:ba:
e4:55:f4:ac:2b:e4:cc:cf:78:e5:2c:dc:36:55:84:39:f5:41:
d4:e9:32:ed:55:9b:1c:8b:44:8e:65:84:90:d1:44:3a:88:85:
21:84:89:07:6c:59:b2:cb:02:9b:2a:87:34:82:02:12:b3:53:
30:a2:71:7a:6f:02:bf:36:86:1a:e2:bf:61:ef:74:e2:ef:e1:
49:ab:27:3b:30:42:2b:b3:82:fe:90:fa:eb:be:4c:ef:30:d4:
b7:24:b4:20:f1:c1:01:25:29:46:17:8c:cc:25:49:57:52:6a:
94:14:84:c1:7b:d1:46:e5:91:23:00:fc:8a:30:27:d9:81:ba:
56:d0:f2:f9:b6:14:a2:f6:05:d0:98:99:ae:e5:e1:ad:f3:0f:
d6:c3:fb:7f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZETzxhS4+UgBMctZNrS6JQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwODAyMTU1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWU1MjMwYWYzNGI5YzAyMzFjNTliOTc0OGZiZWVmZWNjNjJlNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjum7pZgCl1nCts27DJJYDZX6LiqN
GWzTvqgLmZdCzLAQdbz4Ej5Clm6sWzTXFuXYZUzMSzZldFIxpcJLBIqsHW6P4ddQ
udccORz0Y5hpwQEDFz1DYk0zbXi7CqIJuGlG1ExoXYoXED/DoaMzMwSOgQ977+Ve
FANx2RVSy5byks0GD0NQUnywIpmKGVMk8sshrlRufJuZdHW39ZtUjjVoC2pOjCa4
yf5Gzxm1ff0xw0OwrC3nl4wECVrV054Yq8FTFVwFe04beDcMDNZuz/XcIybJKwI/
vB9zFq1Rq2sG1pw97qA7A6hwokTNPkArNMZXoqMpltOsDvG+Bg+sfrOKGwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDrlIwrzS5wCMcWbl0j77v7MYudtMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvT3VVakN2TkxuQUl4eFp1WFNQdnVfc3hpNTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADVjoUD
BADVjoYDBADVjp0wDQYJKoZIhvcNAQELBQADggEBAC0ktP+mVcCCXOANWbY61xWc
v1BCRj+sKRnztZ2WHGW1983wDaANQ3IezXT15ApLvF1sikmk29WSFtHsP3Jbo0z6
KWlBLpExCEN+DF2PigHWKCD7gmzxgrzaLXM3pMEt59lXsqQKrLeXT1lhuuRV9Kwr
5MzPeOUs3DZVhDn1QdTpMu1VmxyLRI5lhJDRRDqIhSGEiQdsWbLLApsqhzSCAhKz
UzCicXpvAr82hhriv2HvdOLv4UmrJzswQiuzgv6Q+uu+TO8w1LcktCDxwQElKUYX
jMwlSVdSapQUhMF70UblkSMA/IowJ9mBulbQ8vm2FKL2BdCYma7l4a3zD9bD+38=
-----END CERTIFICATE-----
Generated at Fri Sep 27 11:45:33 2024 by rpki-client on console-fra.rpki-client.org