Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/SFFa-7ZRs8Fb9FsaDXfMP8ei4Kc.roa
File: SFFa-7ZRs8Fb9FsaDXfMP8ei4Kc.roa (raw, json)
Hash identifier: nkbl/L4mnCXniuejvGP/9vDLYn7D7HARS762JK81PZ4=
Subject key identifier: 48:51:5A:FB:B6:51:B3:C1:5B:F4:5B:1A:0D:77:CC:3F:C7:A2:E0:A7
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 01912086B5128AF08383057B1AA6F7872818
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/SFFa-7ZRs8Fb9FsaDXfMP8ei4Kc.roa
Signing time: Mon 05 Aug 2024 03:13:04 +0000
ROA not before: Mon 05 Aug 2024 03:13:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43260
IP address blocks: 213.142.134.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:20:86:b5:12:8a:f0:83:83:05:7b:1a:a6:f7:87:28:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Aug 5 03:13:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=48515afbb651b3c15bf45b1a0d77cc3fc7a2e0a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:72:81:3b:21:40:7a:76:7b:f1:c9:b3:65:52:
6c:dd:25:2b:07:c4:0c:69:7b:c4:42:9c:94:dc:cd:
ef:77:5e:62:23:e3:5f:60:ef:83:b3:f7:65:f1:53:
cc:26:3a:a8:18:f8:56:e0:34:e4:b6:0c:77:46:a9:
ff:21:3d:07:ab:c2:2e:7d:c1:60:4c:70:50:20:da:
d7:65:46:a4:d8:98:72:00:02:ea:e9:96:c0:85:64:
fc:f4:dd:5a:ad:95:8e:30:50:19:c4:27:35:82:05:
f5:8d:5d:c8:9f:a9:71:3b:ce:1b:5b:a3:b7:0f:00:
af:11:84:87:6e:4a:80:2c:3c:dd:bf:89:11:55:df:
f1:c5:65:8b:ba:81:1c:ed:86:b4:4c:2e:09:9b:30:
c6:f3:c8:13:ca:25:0c:76:d3:5a:2d:72:98:22:37:
f1:e5:68:e4:c6:47:06:64:52:f7:7e:d1:2f:76:5e:
54:cd:a7:61:fd:a4:ed:83:65:ed:f1:cd:c1:c6:f1:
81:8e:25:95:a6:b1:bb:5c:66:fb:a5:8b:f1:67:ce:
a3:4b:36:0b:a1:44:bb:46:4d:89:71:5f:34:fd:5a:
d1:ca:36:f8:89:10:95:4e:95:5d:f1:fb:46:46:93:
31:91:1d:ca:9d:4f:60:eb:13:e3:4e:e6:bf:f9:c9:
3a:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:51:5A:FB:B6:51:B3:C1:5B:F4:5B:1A:0D:77:CC:3F:C7:A2:E0:A7
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/SFFa-7ZRs8Fb9FsaDXfMP8ei4Kc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.142.134.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:4d:96:9a:c5:ef:b5:0f:8e:5a:fb:92:63:2b:08:c4:0b:ce:
a8:9a:5d:1c:cc:4e:ed:d7:5d:2f:c8:f0:79:1e:a7:26:aa:cf:
97:1d:4d:32:4f:66:7c:4c:a7:1a:f1:d7:47:47:f8:0d:d2:19:
e5:2e:e0:db:0e:9a:d3:e6:42:8e:f2:97:f1:26:18:1e:52:d4:
68:db:b5:5e:36:39:29:87:ca:ae:da:79:fe:d4:f8:e9:39:72:
26:c6:1f:47:9e:c0:27:dd:79:8c:b5:e2:7f:f2:db:e7:91:56:
64:f1:e0:58:e5:04:87:c6:8f:b0:3d:63:8a:cb:29:62:a0:7c:
24:f7:34:57:ca:fe:d9:ff:3d:01:85:bc:c1:72:5b:88:29:03:
41:48:2f:4a:c0:87:a7:27:34:71:01:6d:0f:ac:40:31:e6:eb:
da:1c:82:bc:41:9c:97:f4:b0:85:25:56:56:b0:6e:40:a4:68:
c2:e7:bf:e5:20:03:f1:a0:fd:19:32:5d:2a:9d:27:f2:e9:5e:
fe:b1:b7:77:fa:bf:9b:46:a5:04:75:17:25:d5:72:ea:74:f9:
74:70:97:67:fd:11:d2:9e:b3:26:6f:2f:ab:0e:45:d6:01:28:
5b:2f:fc:0d:a3:22:7f:d0:12:f5:5a:44:3b:e5:5f:2c:cd:25:
2f:da:ec:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEghrUSivCDgwV7Gqb3hygYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwODA1MDMxMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODUxNWFmYmI2NTFiM2MxNWJmNDViMWEwZDc3Y2MzZmM3YTJlMGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3KBOyFAenZ78cmzZVJs3SUrB8QM
aXvEQpyU3M3vd15iI+NfYO+Ds/dl8VPMJjqoGPhW4DTktgx3Rqn/IT0Hq8IufcFg
THBQINrXZUak2JhyAALq6ZbAhWT89N1arZWOMFAZxCc1ggX1jV3In6lxO84bW6O3
DwCvEYSHbkqALDzdv4kRVd/xxWWLuoEc7Ya0TC4JmzDG88gTyiUMdtNaLXKYIjfx
5WjkxkcGZFL3ftEvdl5Uzadh/aTtg2Xt8c3BxvGBjiWVprG7XGb7pYvxZ86jSzYL
oUS7Rk2JcV80/VrRyjb4iRCVTpVd8ftGRpMxkR3KnU9g6xPjTua/+ck6ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhRWvu2UbPBW/RbGg13zD/HouCnMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvU0ZGYS03WlJzOEZiOUZzYURYZk1QOGVpNEtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y6GMA0G
CSqGSIb3DQEBCwUAA4IBAQChTZaaxe+1D45a+5JjKwjEC86oml0czE7t110vyPB5
Hqcmqs+XHU0yT2Z8TKca8ddHR/gN0hnlLuDbDprT5kKO8pfxJhgeUtRo27VeNjkp
h8qu2nn+1PjpOXImxh9HnsAn3XmMteJ/8tvnkVZk8eBY5QSHxo+wPWOKyylioHwk
9zRXyv7Z/z0BhbzBcluIKQNBSC9KwIenJzRxAW0PrEAx5uvaHIK8QZyX9LCFJVZW
sG5ApGjC57/lIAPxoP0ZMl0qnSfy6V7+sbd3+r+bRqUEdRcl1XLqdPl0cJdn/RHS
nrMmby+rDkXWAShbL/wNoyJ/0BL1WkQ75V8szSUv2uwR
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:03:22 2025 by rpki-client