Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/bYlGc27bUVut9P-5V8NH7mAGQVg.roa
File: bYlGc27bUVut9P-5V8NH7mAGQVg.roa (raw, json)
Hash identifier: /lO5OZnLT/Y+k1xa5dSNn/nVT9Nsu4YaNDVVNdlqkFA=
Subject key identifier: 6D:89:46:73:6E:DB:51:5B:AD:F4:FF:B9:57:C3:47:EE:60:06:41:58
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 019010ACE617A214A0567528D6D0B9C1EF72
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/bYlGc27bUVut9P-5V8NH7mAGQVg.roa
Signing time: Thu 13 Jun 2024 08:18:04 +0000
ROA not before: Thu 13 Jun 2024 08:18:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 397563
IP address blocks: 80.253.252.0/23 maxlen: 24
91.151.80.0/24 maxlen: 24
91.151.81.0/24 maxlen: 24
91.151.82.0/24 maxlen: 24
91.151.91.0/24 maxlen: 24
213.142.128.0/24 maxlen: 24
213.142.129.0/24 maxlen: 24
213.142.130.0/24 maxlen: 24
213.142.131.0/24 maxlen: 24
213.142.135.0/24 maxlen: 24
213.142.136.0/24 maxlen: 24
213.142.137.0/24 maxlen: 24
213.142.142.0/24 maxlen: 32
213.142.144.0/24 maxlen: 32
213.142.145.0/24 maxlen: 32
213.142.152.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:10:ac:e6:17:a2:14:a0:56:75:28:d6:d0:b9:c1:ef:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jun 13 08:18:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6d8946736edb515badf4ffb957c347ee60064158
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:b9:b3:06:0c:f0:46:b9:e0:25:51:68:bb:34:
d3:ff:80:77:23:2d:48:ab:d6:b6:38:4e:4b:1b:bb:
45:51:c4:7c:d8:32:65:96:f8:d5:85:af:b2:8c:94:
b0:a9:c7:fb:9c:ef:3c:03:2c:51:55:ce:11:87:2f:
9b:7d:6c:af:66:fd:a8:73:68:2f:49:e0:cc:6b:6e:
2b:92:2d:40:66:9a:de:00:f8:d2:63:87:5b:17:80:
1a:51:45:a5:63:09:50:28:45:f3:e2:d5:91:41:42:
5d:47:a7:99:b4:8d:20:f1:19:a1:4d:00:99:57:d2:
bc:4b:8e:eb:3a:2e:50:f3:f4:e6:eb:80:13:f6:fc:
94:9f:6e:b5:67:27:0e:dc:15:e2:68:f9:5c:8a:27:
a0:0a:8c:98:4d:6f:a5:82:b1:4d:99:c5:f7:d6:f9:
25:06:ac:cb:41:7f:02:4b:e2:a4:eb:dd:cc:95:f4:
b9:cc:23:a3:10:00:9a:dc:15:d7:5e:56:96:e7:84:
55:99:10:16:89:40:67:96:6a:41:29:34:a4:a1:49:
40:bd:e2:92:65:65:c9:e3:ef:1e:9b:8a:e7:67:b6:
57:72:b4:dc:a3:5c:21:92:c7:1c:97:41:02:03:67:
da:0e:e4:19:ff:0b:7e:ec:2a:25:1c:61:68:d4:84:
62:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:89:46:73:6E:DB:51:5B:AD:F4:FF:B9:57:C3:47:EE:60:06:41:58
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/bYlGc27bUVut9P-5V8NH7mAGQVg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.252.0/23
91.151.80.0-91.151.82.255
91.151.91.0/24
213.142.128.0/22
213.142.135.0-213.142.137.255
213.142.142.0/24
213.142.144.0/23
213.142.152.0/23
Signature Algorithm: sha256WithRSAEncryption
51:bf:a6:9e:e3:fa:b8:dd:2b:71:20:a1:f4:5b:8c:f5:89:62:
e3:1b:0b:36:ed:97:89:50:64:f6:c0:98:89:8b:e3:df:0c:6b:
4e:ee:db:01:41:3c:84:a2:b5:24:2b:59:10:fb:fd:06:84:51:
f9:12:b3:7c:f6:74:4e:5e:d0:c8:39:47:0c:37:3f:4c:29:9b:
1e:76:3e:3c:f8:58:4c:9b:49:83:31:bb:88:10:bf:f2:c3:93:
b0:41:9b:98:d4:57:93:0d:1b:ee:b1:1d:f9:4f:18:61:64:4a:
cd:45:09:d0:83:1b:46:56:3e:a0:c4:c5:58:75:f2:c0:88:1d:
43:2f:46:8a:11:18:72:9b:d3:63:33:29:4c:91:3f:2c:96:bc:
d6:c0:4c:36:f4:4c:7f:07:62:95:79:79:9f:88:16:78:7c:ce:
81:71:4b:ce:75:09:ba:c9:da:80:93:0e:c8:ae:cf:c8:cf:65:
0c:61:85:61:9e:1e:fb:c1:4f:b6:a5:9e:86:66:0c:42:1d:ec:
02:bf:6e:ae:3b:04:f2:7c:97:63:b9:53:6b:a9:0a:6a:33:dd:
9c:33:fd:0f:06:28:44:59:bd:f8:71:69:08:c6:98:fa:7b:59:
96:07:75:7b:f8:24:b1:b4:22:f2:1e:87:4b:f5:93:60:ab:d8:
de:a2:61:81
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAZAQrOYXohSgVnUo1tC5we9yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwNjEzMDgxODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDg5NDY3MzZlZGI1MTViYWRmNGZmYjk1N2MzNDdlZTYwMDY0MTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7mzBgzwRrngJVFouzTT/4B3Iy1I
q9a2OE5LG7tFUcR82DJllvjVha+yjJSwqcf7nO88AyxRVc4Rhy+bfWyvZv2oc2gv
SeDMa24rki1AZpreAPjSY4dbF4AaUUWlYwlQKEXz4tWRQUJdR6eZtI0g8RmhTQCZ
V9K8S47rOi5Q8/Tm64AT9vyUn261ZycO3BXiaPlciiegCoyYTW+lgrFNmcX31vkl
BqzLQX8CS+Kk693MlfS5zCOjEACa3BXXXlaW54RVmRAWiUBnlmpBKTSkoUlAveKS
ZWXJ4+8em4rnZ7ZXcrTco1whksccl0ECA2faDuQZ/wt+7ColHGFo1IRiowIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFG2JRnNu21FbrfT/uVfDR+5gBkFYMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvYllsR2MyN2JVVnV0OVAtNVY4Tkg3bUFHUVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQBUP38MAwD
BARbl1ADBABbl1IDBABbl1sDBALVjoAwDAMEANWOhwMEAdWOiAMEANWOjgMEAdWO
kAMEAdWOmDANBgkqhkiG9w0BAQsFAAOCAQEAUb+mnuP6uN0rcSCh9FuM9Yli4xsL
Nu2XiVBk9sCYiYvj3wxrTu7bAUE8hKK1JCtZEPv9BoRR+RKzfPZ0Tl7QyDlHDDc/
TCmbHnY+PPhYTJtJgzG7iBC/8sOTsEGbmNRXkw0b7rEd+U8YYWRKzUUJ0IMbRlY+
oMTFWHXywIgdQy9GihEYcpvTYzMpTJE/LJa81sBMNvRMfwdilXl5n4gWeHzOgXFL
znUJusnagJMOyK7PyM9lDGGFYZ4e+8FPtqWehmYMQh3sAr9urjsE8nyXY7lTa6kK
ajPdnDP9DwYoRFm9+HFpCMaY+ntZlgd1e/gksbQi8h6HS/WTYKvY3qJhgQ==
-----END CERTIFICATE-----
Generated at Tue Aug 27 16:34:31 2024 by rpki-client on console-ams.rpki-client.org