Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/c6Phyy_iT5H822iJ-1fnFhBb2ZA.roa
File: c6Phyy_iT5H822iJ-1fnFhBb2ZA.roa (raw, json)
Hash identifier: BPRmg4k2PY7ludtPqQCNwVALD5OlNNTeZUF35tHAYiM=
Subject key identifier: 73:A3:E1:CB:2F:E2:4F:91:FC:DB:68:89:FB:57:E7:16:10:5B:D9:90
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018CC7958EB4A9D2C22F3156B74E8AF0B26E
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/c6Phyy_iT5H822iJ-1fnFhBb2ZA.roa
Signing time: Tue 02 Jan 2024 00:31:56 +0000
ROA not before: Tue 02 Jan 2024 00:31:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60707
IP address blocks: 213.142.143.0/24 maxlen: 24
91.151.83.0/24 maxlen: 24
91.151.84.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:95:8e:b4:a9:d2:c2:2f:31:56:b7:4e:8a:f0:b2:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jan 2 00:31:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=73a3e1cb2fe24f91fcdb6889fb57e716105bd990
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:cf:44:0f:01:b3:91:d1:4a:4a:0f:79:57:dd:
25:2b:c1:ba:85:12:6a:1a:93:ec:96:bb:ff:7b:e7:
37:17:65:ff:63:87:d2:47:59:9a:a3:c0:56:81:3a:
8d:dd:d6:b2:14:79:d2:b2:8e:55:33:20:cf:95:68:
5b:cd:a0:fb:8e:d7:76:8f:21:f8:59:0a:1e:8b:1f:
cb:df:e6:ff:f7:74:ad:16:ed:94:57:3a:c2:7f:ad:
48:da:77:a6:38:f2:0d:1f:01:4f:2f:34:03:19:75:
96:7f:8e:df:35:e4:b6:47:48:aa:a6:0f:cd:d1:c8:
f2:0b:82:66:66:6c:9a:c9:7e:6c:c1:8f:3a:3f:90:
3a:43:36:5f:ea:36:be:02:5c:21:76:c2:8d:52:4e:
6a:a1:b2:bb:3b:aa:df:0b:e3:12:e0:ad:7a:cb:46:
d7:4c:22:26:94:30:cc:a8:b1:fb:21:d9:d6:2e:04:
2b:c3:5f:5f:79:19:b9:eb:39:6e:e4:c9:86:70:43:
22:49:3c:4c:a3:13:18:e9:04:9d:42:b8:91:62:b5:
99:3e:34:ef:b5:9d:53:5d:01:9b:67:f8:a2:46:7b:
2c:c8:17:75:3c:3d:0d:f8:68:53:02:5b:50:52:38:
26:73:db:4c:65:24:8f:77:9b:c2:8d:68:23:c1:88:
0f:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:A3:E1:CB:2F:E2:4F:91:FC:DB:68:89:FB:57:E7:16:10:5B:D9:90
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/c6Phyy_iT5H822iJ-1fnFhBb2ZA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.83.0-91.151.84.255
213.142.143.0/24
Signature Algorithm: sha256WithRSAEncryption
bd:bd:c2:c3:49:05:41:07:42:c8:c4:99:04:5f:f1:5d:30:14:
11:a0:3d:aa:c1:bb:31:05:1d:61:ab:ca:6d:ee:fb:3e:91:d3:
0f:31:1c:0d:9d:57:78:01:db:27:3b:bc:38:82:f4:27:16:db:
90:01:da:af:4e:bd:2f:f4:75:3c:6e:f4:a7:21:44:ad:87:de:
24:38:96:ae:c3:87:17:ee:fd:db:0f:62:fb:e8:ed:10:4e:0b:
8d:a1:b2:d6:e2:60:83:a7:92:2c:9b:69:ee:42:90:b1:b0:96:
f8:70:7a:e2:b4:24:e8:f8:88:1b:97:0f:12:30:aa:63:a9:cc:
12:3a:eb:8b:19:ba:34:cc:4b:0c:0e:a1:e4:49:ae:39:ad:b5:
2f:61:27:97:d6:31:e9:63:ba:40:38:ee:fa:05:2a:32:d0:8f:
36:ea:d8:f3:58:0e:8b:52:f5:19:40:81:1c:8a:81:34:ba:79:
3a:f0:0c:63:7b:9a:22:4a:4a:3b:5f:26:b5:65:ec:b9:64:9f:
3a:b2:29:ae:ca:52:4b:c3:18:90:60:47:97:40:ed:02:22:48:
96:fe:7d:f2:57:78:db:61:91:25:bf:05:a3:65:b2:6c:fc:46:
0e:62:a3:66:fe:94:0a:c7:e8:a7:82:b2:f3:7b:14:c0:44:76:
d7:e8:f7:b2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHlY60qdLCLzFWt06K8LJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2EzZTFjYjJmZTI0ZjkxZmNkYjY4ODlmYjU3ZTcxNjEwNWJkOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjc9EDwGzkdFKSg95V90lK8G6hRJq
GpPslrv/e+c3F2X/Y4fSR1mao8BWgTqN3dayFHnSso5VMyDPlWhbzaD7jtd2jyH4
WQoeix/L3+b/93StFu2UVzrCf61I2nemOPINHwFPLzQDGXWWf47fNeS2R0iqpg/N
0cjyC4JmZmyayX5swY86P5A6QzZf6ja+AlwhdsKNUk5qobK7O6rfC+MS4K16y0bX
TCImlDDMqLH7IdnWLgQrw19feRm56zlu5MmGcEMiSTxMoxMY6QSdQriRYrWZPjTv
tZ1TXQGbZ/iiRnssyBd1PD0N+GhTAltQUjgmc9tMZSSPd5vCjWgjwYgP6QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHOj4csv4k+R/NtoiftX5xYQW9mQMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvYzZQaHl5X2lUNUg4MjJpSi0xZm5GaEJiMlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABbl1MD
BABbl1QDBADVjo8wDQYJKoZIhvcNAQELBQADggEBAL29wsNJBUEHQsjEmQRf8V0w
FBGgParBuzEFHWGrym3u+z6R0w8xHA2dV3gB2yc7vDiC9CcW25AB2q9OvS/0dTxu
9KchRK2H3iQ4lq7Dhxfu/dsPYvvo7RBOC42hstbiYIOnkiybae5CkLGwlvhweuK0
JOj4iBuXDxIwqmOpzBI664sZujTMSwwOoeRJrjmttS9hJ5fWMeljukA47voFKjLQ
jzbq2PNYDotS9RlAgRyKgTS6eTrwDGN7miJKSjtfJrVl7LlknzqyKa7KUkvDGJBg
R5dA7QIiSJb+ffJXeNthkSW/BaNlsmz8Rg5io2b+lArH6KeCsvN7FMBEdtfo97I=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:22:03 2025 by rpki-client