Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/dSpfeapexZk0yB_oYPhbO4F7_Zs.roa
File: dSpfeapexZk0yB_oYPhbO4F7_Zs.roa (raw, json)
Hash identifier: jRymuhxbuHiHZAfONTp0X0gyIyknRvFmPqb/Pa09Keo=
Subject key identifier: 75:2A:5F:79:AA:5E:C5:99:34:C8:1F:E8:60:F8:5B:3B:81:7B:FD:9B
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018F73C1BC7DA5ABA5A0CE549348FD9A6C0E
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/dSpfeapexZk0yB_oYPhbO4F7_Zs.roa
Signing time: Mon 13 May 2024 21:00:27 +0000
ROA not before: Mon 13 May 2024 21:00:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207429
IP address blocks: 80.253.244.0/24 maxlen: 24
80.253.245.0/24 maxlen: 24
80.253.247.0/24 maxlen: 24
91.151.81.0/24 maxlen: 24
213.142.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:73:c1:bc:7d:a5:ab:a5:a0:ce:54:93:48:fd:9a:6c:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: May 13 21:00:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=752a5f79aa5ec59934c81fe860f85b3b817bfd9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:10:e6:b9:9a:a0:4e:24:91:9f:21:34:e1:c1:
e1:19:15:89:48:e6:99:d8:c6:5b:e9:5d:b3:48:96:
23:7f:6c:f8:a3:ac:ba:18:e6:32:95:3f:7e:f5:06:
92:8a:57:50:28:20:fd:9e:43:c6:92:39:b9:ee:48:
65:45:61:80:b7:a3:32:7a:cc:a9:bc:e7:3a:78:04:
26:45:fb:d1:8d:1a:1f:43:0c:0b:ff:3c:aa:17:b2:
eb:be:84:46:d8:d6:74:d7:d1:a6:22:a6:ed:ea:84:
8d:fe:70:f3:77:9f:a4:fc:b0:82:38:f5:e0:f8:61:
1c:bb:00:90:75:b5:3a:dc:d2:6b:26:50:0d:c4:9e:
04:1e:35:89:2d:7a:30:a7:3a:b4:6a:9b:e8:9c:3a:
9a:f2:ff:ac:49:e8:ef:3c:0b:de:d5:e5:67:a2:fa:
b7:1c:f1:19:d5:7a:b5:b1:fc:0c:be:01:8a:a2:31:
12:51:52:36:ad:5f:b7:bb:c5:79:61:65:6f:4b:4c:
3f:38:48:d6:de:63:7f:cd:8e:1c:97:4a:07:3f:42:
77:af:aa:9b:f4:37:10:56:9a:c3:b0:b6:f4:b4:20:
ce:ac:c5:09:42:f8:08:74:d2:97:6c:ba:1d:c7:e8:
0b:ac:09:5b:d1:99:34:c4:7d:dc:be:b0:69:58:32:
80:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:2A:5F:79:AA:5E:C5:99:34:C8:1F:E8:60:F8:5B:3B:81:7B:FD:9B
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/dSpfeapexZk0yB_oYPhbO4F7_Zs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.244.0/23
80.253.247.0/24
91.151.81.0/24
213.142.143.0/24
Signature Algorithm: sha256WithRSAEncryption
51:68:a9:f3:23:8b:2a:15:6c:97:d1:dd:99:1c:5d:96:1e:74:
a2:70:60:41:69:09:7a:83:75:ba:c3:3e:46:11:05:50:c0:c6:
b9:95:2f:5c:4b:02:56:a3:ff:dc:f6:5d:51:63:3c:d6:dd:cb:
dd:ff:2c:f6:5c:3a:a7:3c:22:e8:0d:d5:bf:89:7a:9c:fb:57:
48:bb:e6:6f:c0:c7:82:f0:56:9e:8e:11:11:1e:ce:e2:dd:b6:
fd:95:05:fb:c9:ab:b3:8a:c0:1e:f9:39:43:97:d0:3c:56:f3:
6e:b9:79:c9:e5:02:d8:75:a4:ad:13:ee:34:43:19:79:d6:c4:
8d:94:02:0d:51:38:05:c7:86:29:8f:5c:76:8c:a2:73:52:02:
e1:d1:7c:a1:f6:d9:c5:a8:c8:28:f0:23:58:fc:03:e7:2c:9b:
83:28:f6:44:b9:6f:44:66:f1:59:ac:64:99:e5:b4:66:8b:98:
be:fa:5c:12:b0:a5:b3:c3:d5:b9:69:47:06:36:62:67:2f:5f:
8c:18:73:17:fa:d6:5d:47:f1:9a:15:c0:b3:62:cf:57:3a:44:
ae:c8:25:72:0f:cc:85:0e:86:4d:45:3d:75:3a:d0:2c:a6:dc:
40:ff:ab:59:df:df:59:cb:2f:46:04:3b:ff:cd:6b:4d:5b:cc:
f9:13:28:83
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY9zwbx9pauloM5Uk0j9mmwOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwNTEzMjEwMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTJhNWY3OWFhNWVjNTk5MzRjODFmZTg2MGY4NWIzYjgxN2JmZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBDmuZqgTiSRnyE04cHhGRWJSOaZ
2MZb6V2zSJYjf2z4o6y6GOYylT9+9QaSildQKCD9nkPGkjm57khlRWGAt6Myesyp
vOc6eAQmRfvRjRofQwwL/zyqF7LrvoRG2NZ019GmIqbt6oSN/nDzd5+k/LCCOPXg
+GEcuwCQdbU63NJrJlANxJ4EHjWJLXowpzq0apvonDqa8v+sSejvPAve1eVnovq3
HPEZ1Xq1sfwMvgGKojESUVI2rV+3u8V5YWVvS0w/OEjW3mN/zY4cl0oHP0J3r6qb
9DcQVprDsLb0tCDOrMUJQvgIdNKXbLodx+gLrAlb0Zk0xH3cvrBpWDKASQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHUqX3mqXsWZNMgf6GD4WzuBe/2bMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvZFNwZmVhcGV4WmsweUJfb1lQaGJPNEY3X1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBUP30AwQA
UP33AwQAW5dRAwQA1Y6PMA0GCSqGSIb3DQEBCwUAA4IBAQBRaKnzI4sqFWyX0d2Z
HF2WHnSicGBBaQl6g3W6wz5GEQVQwMa5lS9cSwJWo//c9l1RYzzW3cvd/yz2XDqn
PCLoDdW/iXqc+1dIu+ZvwMeC8FaejhERHs7i3bb9lQX7yauzisAe+TlDl9A8VvNu
uXnJ5QLYdaStE+40Qxl51sSNlAINUTgFx4Ypj1x2jKJzUgLh0Xyh9tnFqMgo8CNY
/APnLJuDKPZEuW9EZvFZrGSZ5bRmi5i++lwSsKWzw9W5aUcGNmJnL1+MGHMX+tZd
R/GaFcCzYs9XOkSuyCVyD8yFDoZNRT11OtAsptxA/6tZ399Zyy9GBDv/zWtNW8z5
EyiD
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:22:26 2025 by rpki-client