Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TUtWkrSvvycw1lcTyxs7vS9xMfE.roa
File: TUtWkrSvvycw1lcTyxs7vS9xMfE.roa (raw, json)
Hash identifier: JpBxqS/9QlEzUJg7rNeLv+hsFQyLYoqxCwm0rGmK+jo=
Subject key identifier: 4D:4B:56:92:B4:AF:BF:27:30:D6:57:13:CB:1B:3B:BD:2F:71:31:F1
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018CB01623863C0DC9FCC4FEDA462DACD863
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TUtWkrSvvycw1lcTyxs7vS9xMfE.roa
Signing time: Thu 28 Dec 2023 11:01:29 +0000
ROA not before: Thu 28 Dec 2023 11:01:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212219
IP address blocks: 91.151.95.0/24 maxlen: 24
213.142.148.0/24 maxlen: 32
213.142.151.0/24 maxlen: 24
213.142.159.0/24 maxlen: 24
80.253.246.0/24 maxlen: 24
91.151.88.0/24 maxlen: 24
91.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b0:16:23:86:3c:0d:c9:fc:c4:fe:da:46:2d:ac:d8:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Dec 28 11:01:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4d4b5692b4afbf2730d65713cb1b3bbd2f7131f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:b8:bc:e6:ce:bd:ca:31:f9:46:1d:a7:94:95:
b1:0e:c4:88:8a:05:73:55:a4:e1:db:4e:71:2c:12:
54:98:59:55:3f:62:90:18:22:11:15:bf:3a:2e:ff:
84:0d:a8:04:2a:04:9d:63:cd:f9:7c:0b:87:f4:d1:
89:19:2e:df:d6:be:c0:ee:4d:6a:7c:7c:8f:d1:dd:
34:ec:56:7e:51:7c:c8:c4:fa:1b:fc:86:46:1a:ca:
5f:2e:ff:b8:d7:75:31:27:72:07:e4:05:ea:6d:df:
c5:0c:5e:3d:aa:f1:b1:cc:7d:c4:37:5f:53:5a:c0:
8e:10:c0:58:dc:ec:33:6d:d9:43:97:c5:60:94:2e:
13:7c:47:8d:ea:62:48:57:e0:c2:23:ba:fb:43:2c:
07:20:45:09:d4:a0:1b:a9:0f:8a:bd:5e:8a:47:98:
10:85:d4:01:16:bd:2c:1e:98:a2:3f:9b:45:77:ec:
b5:53:48:58:b4:cc:4c:bc:9d:20:ef:a1:f3:02:c4:
7a:d2:24:44:fd:a1:d6:73:47:43:a8:d0:5c:f3:6b:
47:ac:f5:b6:04:d3:dc:87:56:78:5f:fd:a0:99:d2:
8f:9b:ee:6c:2b:df:09:4e:54:6d:e9:08:27:75:f3:
9d:9b:39:f5:48:c7:b9:27:d8:a3:f7:22:d4:c2:fc:
e7:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:4B:56:92:B4:AF:BF:27:30:D6:57:13:CB:1B:3B:BD:2F:71:31:F1
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TUtWkrSvvycw1lcTyxs7vS9xMfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.246.0/24
91.151.88.0/23
91.151.95.0/24
213.142.148.0/24
213.142.151.0/24
213.142.159.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:07:39:79:f8:ca:6a:ab:32:97:d4:26:bc:80:af:87:76:0d:
e7:95:6d:99:b1:0b:9a:5e:71:99:a2:7e:ac:6a:7c:6f:d0:25:
5d:de:92:13:8a:52:9c:c6:89:4e:c2:a2:ac:10:0a:da:ec:61:
a1:be:f9:90:6f:28:cb:9c:76:69:51:48:a6:a1:1e:3b:a6:69:
b8:db:ff:a3:d5:9e:e4:d3:28:b9:5c:65:aa:cc:3f:ac:19:0c:
e5:94:d1:8c:a6:e2:ec:07:46:a9:f3:96:e2:fc:cd:06:a1:3d:
c0:76:fb:87:bb:18:12:fc:7d:12:79:89:f2:0d:31:7a:76:d6:
bc:4b:3b:65:4c:ff:98:ba:7c:af:07:c2:8c:a5:cf:06:aa:2e:
9d:9e:5b:a9:0e:62:51:21:e3:96:a0:6f:90:07:62:24:82:ab:
9f:ff:6d:bc:5b:93:4b:d4:2a:f6:c3:4a:0f:35:c0:8e:96:3a:
6d:9b:fe:72:a5:63:c5:41:88:ec:bd:d8:99:20:77:47:c3:8c:
93:93:ad:dd:ec:a7:8e:76:23:bb:fa:03:f1:03:0c:b4:57:bd:
dd:88:40:ac:c8:56:66:23:09:e1:d7:5d:7a:21:ed:c6:78:a5:
31:20:17:c3:08:02:a9:fe:83:9a:99:95:9d:3f:7b:c8:bc:9a:
fe:c4:8b:5e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYywFiOGPA3J/MT+2kYtrNhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMxMjI4MTEwMTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDRiNTY5MmI0YWZiZjI3MzBkNjU3MTNjYjFiM2JiZDJmNzEzMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbi85s69yjH5Rh2nlJWxDsSIigVz
VaTh205xLBJUmFlVP2KQGCIRFb86Lv+EDagEKgSdY835fAuH9NGJGS7f1r7A7k1q
fHyP0d007FZ+UXzIxPob/IZGGspfLv+413UxJ3IH5AXqbd/FDF49qvGxzH3EN19T
WsCOEMBY3OwzbdlDl8VglC4TfEeN6mJIV+DCI7r7QywHIEUJ1KAbqQ+KvV6KR5gQ
hdQBFr0sHpiiP5tFd+y1U0hYtMxMvJ0g76HzAsR60iRE/aHWc0dDqNBc82tHrPW2
BNPch1Z4X/2gmdKPm+5sK98JTlRt6QgndfOdmzn1SMe5J9ij9yLUwvzn9wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFE1LVpK0r78nMNZXE8sbO70vcTHxMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvVFV0V2tyU3Z2eWN3MWxjVHl4czd2Uzl4TWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAUP32AwQB
W5dYAwQAW5dfAwQA1Y6UAwQA1Y6XAwQA1Y6fMA0GCSqGSIb3DQEBCwUAA4IBAQAM
Bzl5+MpqqzKX1Ca8gK+Hdg3nlW2ZsQuaXnGZon6sanxv0CVd3pITilKcxolOwqKs
EAra7GGhvvmQbyjLnHZpUUimoR47pmm42/+j1Z7k0yi5XGWqzD+sGQzllNGMpuLs
B0ap85bi/M0GoT3AdvuHuxgS/H0SeYnyDTF6dta8SztlTP+YunyvB8KMpc8Gqi6d
nlupDmJRIeOWoG+QB2Ikgquf/228W5NL1Cr2w0oPNcCOljptm/5ypWPFQYjsvdiZ
IHdHw4yTk63d7KeOdiO7+gPxAwy0V73diECsyFZmIwnh1116Ie3GeKUxIBfDCAKp
/oOamZWdP3vIvJr+xIte
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:20:55 2025 by rpki-client