Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TnWsrIDM44YGpeOqPln-AwWptSg.roa
File: TnWsrIDM44YGpeOqPln-AwWptSg.roa (raw, json)
Hash identifier: bdTfUNBSmZHiQcLx7muFb+7RFb9At5zYUd9ForM6h5I=
Subject key identifier: 4E:75:AC:AC:80:CC:E3:86:06:A5:E3:AA:3E:59:FE:03:05:A9:B5:28
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 0A7E0A5A
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TnWsrIDM44YGpeOqPln-AwWptSg.roa
Signing time: Sat 01 Jan 2022 08:57:11 +0000
ROA not before: Sat 01 Jan 2022 08:57:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 397563
IP address blocks: 213.142.133.0/24 maxlen: 24
213.142.136.0/22 maxlen: 32
213.142.140.0/24 maxlen: 32
213.142.141.0/24 maxlen: 32
213.142.142.0/24 maxlen: 32
213.142.144.0/22 maxlen: 24
213.142.152.0/24 maxlen: 24
213.142.153.0/24 maxlen: 24
213.142.154.0/24 maxlen: 32
213.142.155.0/24 maxlen: 32
213.142.128.0/24 maxlen: 24
213.142.129.0/24 maxlen: 24
213.142.131.0/24 maxlen: 24
213.142.132.0/24 maxlen: 24
213.142.130.0/24 maxlen: 24
91.151.92.0/24 maxlen: 24
80.253.252.0/24 maxlen: 24
80.253.253.0/24 maxlen: 24
91.151.80.0/21 maxlen: 24
91.151.80.0/24 maxlen: 24
91.151.84.0/24 maxlen: 24
91.151.85.0/24 maxlen: 24
91.151.82.0/24 maxlen: 24
91.151.91.0/24 maxlen: 24
91.151.86.0/24 maxlen: 24
91.151.87.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 176032346 (0xa7e0a5a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jan 1 08:57:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4e75acac80cce38606a5e3aa3e59fe0305a9b528
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:e8:ad:c7:27:d6:e4:7b:1f:9a:10:ae:d2:2f:
1b:f4:52:73:be:54:c9:ee:3b:f8:37:70:84:b7:cb:
27:80:10:85:ce:21:ca:c3:94:c9:e2:70:d7:1a:92:
a1:b3:7c:c4:2a:4a:be:35:90:29:ec:4d:43:a9:3f:
a5:94:38:86:3e:d6:91:85:f6:f1:20:be:2a:73:d2:
94:ac:4f:1a:b6:4e:26:89:3c:a4:c6:04:65:3c:cd:
a8:82:0a:84:ad:a5:cf:a2:48:fc:6e:ec:28:9d:0f:
8e:52:4e:dd:6c:12:7f:47:52:23:34:12:ee:20:a0:
f2:c0:52:5e:f5:76:14:b4:b9:60:4c:d2:8b:7d:fe:
80:0b:df:23:c1:a6:e0:a8:c1:00:95:d9:9b:53:82:
30:8c:00:17:d9:0f:a8:8d:88:e3:4d:1e:2c:a8:18:
5a:74:66:21:dd:86:2d:f9:e2:b5:19:69:46:d5:fd:
c3:48:93:53:52:87:b3:21:66:67:10:a8:97:8e:81:
38:a4:e4:d4:1c:aa:a0:bf:0e:11:ee:6e:82:5b:82:
cc:fb:0d:a3:ad:60:7c:33:58:50:75:c1:3c:79:54:
62:5a:74:ea:dc:1e:b3:bf:62:39:39:1f:ca:7a:fa:
24:2b:dd:8c:8e:53:fd:3e:c2:9b:67:4a:67:78:61:
57:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:75:AC:AC:80:CC:E3:86:06:A5:E3:AA:3E:59:FE:03:05:A9:B5:28
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TnWsrIDM44YGpeOqPln-AwWptSg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.252.0/23
91.151.80.0/21
91.151.91.0-91.151.92.255
213.142.128.0-213.142.133.255
213.142.136.0-213.142.142.255
213.142.144.0/22
213.142.152.0/22
Signature Algorithm: sha256WithRSAEncryption
44:9a:e2:94:3f:14:d0:3c:27:23:2b:ad:72:c7:09:55:f8:86:
c7:54:de:63:4d:b3:f4:3c:d1:dc:ab:57:4f:bc:07:fd:bc:be:
28:3a:23:5d:03:d0:56:cc:f9:fa:0a:5c:97:43:3d:c6:6f:29:
64:99:f1:10:1b:06:e0:ef:c3:bd:7d:d5:34:db:2e:65:17:c3:
e6:bf:d9:55:72:67:ed:79:80:95:b7:5d:d2:f5:13:21:85:a4:
0d:9a:16:c6:a6:c3:5d:e4:73:5c:dc:dd:78:17:dd:0d:6e:d6:
f2:e6:dc:d9:aa:4a:23:17:78:a9:21:4e:a2:13:7d:57:eb:c0:
4b:f2:67:10:ad:f8:fa:39:eb:07:3a:0e:29:bc:6a:09:fa:41:
0c:c5:a3:eb:0f:20:f9:66:08:e1:44:6a:20:c8:8b:72:1e:14:
bf:ce:5a:0c:61:67:71:2f:6e:1d:f8:d4:c7:ff:9e:75:c4:80:
a4:07:28:f4:93:9a:f3:ad:85:0e:90:08:96:84:b8:65:a6:79:
b3:52:6c:aa:38:c1:be:57:c2:28:12:14:b0:3a:93:0a:0e:15:
b2:1a:89:ad:e4:78:34:24:2e:f9:1e:3e:2a:2d:91:44:d0:2a:
3b:07:ee:b2:c2:53:7c:3d:62:c3:9b:e1:e5:11:58:92:74:6b:
37:81:c2:e7
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIECn4KWjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YjcxZTliMTNmNWMzMzlhNTg2OTJlZWFiZTcyZWFhNDA2YmJiZDdkMB4XDTIyMDEw
MTA4NTcxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGU3NWFjYWM4MGNj
ZTM4NjA2YTVlM2FhM2U1OWZlMDMwNWE5YjUyODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALTorccn1uR7H5oQrtIvG/RSc75Uye47+DdwhLfLJ4AQhc4h
ysOUyeJw1xqSobN8xCpKvjWQKexNQ6k/pZQ4hj7WkYX28SC+KnPSlKxPGrZOJok8
pMYEZTzNqIIKhK2lz6JI/G7sKJ0PjlJO3WwSf0dSIzQS7iCg8sBSXvV2FLS5YEzS
i33+gAvfI8Gm4KjBAJXZm1OCMIwAF9kPqI2I400eLKgYWnRmId2GLfnitRlpRtX9
w0iTU1KHsyFmZxCol46BOKTk1ByqoL8OEe5ugluCzPsNo61gfDNYUHXBPHlUYlp0
6twes79iOTkfynr6JCvdjI5T/T7Cm2dKZ3hhV0UCAwEAAaOCAkUwggJBMB0GA1Ud
DgQWBBROdaysgMzjhgal46o+Wf4DBam1KDAfBgNVHSMEGDAWgBSrcemxP1wzmlhp
Luq+cuqkBru9fTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3EzSHBzVDljTTVwWWFTN3F2bkxxcEFhN3ZYMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvNmJhMzljLWVmMWQtNGQ0OC05ODJiLWNmNGI5MDA5OTdhMC8x
L1RuV3NySURNNDRZR3BlT3FQbG4tQXdXcHRTZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
NmJhMzljLWVmMWQtNGQ0OC05ODJiLWNmNGI5MDA5OTdhMC8xL3EzSHBzVDljTTVw
WWFTN3F2bkxxcEFhN3ZYMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBb
BggrBgEFBQcBBwEB/wRMMEowSAQCAAEwQgMEAVD9/AMEA1uXUDAMAwQAW5dbAwQA
W5dcMAwDBAfVjoADBAHVjoQwDAMEA9WOiAMEANWOjgMEAtWOkAMEAtWOmDANBgkq
hkiG9w0BAQsFAAOCAQEARJrilD8U0DwnIyutcscJVfiGx1TeY02z9DzR3KtXT7wH
/by+KDojXQPQVsz5+gpcl0M9xm8pZJnxEBsG4O/DvX3VNNsuZRfD5r/ZVXJn7XmA
lbdd0vUTIYWkDZoWxqbDXeRzXNzdeBfdDW7W8ubc2apKIxd4qSFOohN9V+vAS/Jn
EK34+jnrBzoOKbxqCfpBDMWj6w8g+WYI4URqIMiLch4Uv85aDGFncS9uHfjUx/+e
dcSApAco9JOa862FDpAIloS4ZaZ5s1JsqjjBvlfCKBIUsDqTCg4VshqJreR4NCQu
+R4+Ki2RRNAqOwfussJTfD1iw5vh5RFYknRrN4HC5w==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:16:55 2025 by rpki-client