Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/gBu6e78fi3CD6S6CnV-zoxPjYJo.roa
File: gBu6e78fi3CD6S6CnV-zoxPjYJo.roa (raw, json)
Hash identifier: 2mZzDOK749rYuYu1BZU2MeWkazfhDLPUwwwxWpd4Sxw=
Subject key identifier: 80:1B:BA:7B:BF:1F:8B:70:83:E9:2E:82:9D:5F:B3:A3:13:E3:60:9A
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018FC4C9FD376DC3D80116C12E7F3EABFE45
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/gBu6e78fi3CD6S6CnV-zoxPjYJo.roa
Signing time: Wed 29 May 2024 14:38:42 +0000
ROA not before: Wed 29 May 2024 14:38:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207429
IP address blocks: 80.253.244.0/24 maxlen: 24
80.253.245.0/24 maxlen: 24
91.151.81.0/24 maxlen: 24
213.142.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:c4:c9:fd:37:6d:c3:d8:01:16:c1:2e:7f:3e:ab:fe:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: May 29 14:38:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=801bba7bbf1f8b7083e92e829d5fb3a313e3609a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:63:e4:3b:bc:7e:d9:61:b7:45:ca:99:dd:58:
55:e6:d3:09:8c:05:e5:24:0a:26:a7:b7:15:d6:b7:
41:80:7c:84:c1:b2:63:cf:94:31:6c:71:da:ec:93:
c6:34:b5:d8:c0:93:95:40:06:2a:6f:6b:df:e3:fd:
9c:af:3d:07:4e:8c:85:0b:b3:cf:f6:4e:b8:ef:10:
35:de:81:76:28:d4:99:23:d8:fb:fa:f6:9d:14:ed:
30:28:e1:47:a1:ac:11:68:12:df:b7:2e:6b:a0:24:
85:88:d3:e9:50:ab:01:66:2a:64:72:4d:23:b7:4e:
27:92:9a:44:e8:5f:f0:24:7f:27:cb:08:22:d5:21:
e9:74:4f:7d:6a:e3:21:82:54:42:58:ee:c2:76:46:
6c:fb:f5:6c:da:69:7a:92:68:a8:b5:e1:35:54:8e:
3e:dc:0a:c2:9c:8c:ab:f2:03:c6:b6:8e:4c:2a:5a:
d3:23:13:7c:0e:6d:9e:0f:c4:07:49:35:0e:ea:f4:
0b:d4:1c:6c:56:07:e9:70:45:71:9e:03:e5:3f:e7:
f4:53:7f:72:6d:e8:f8:60:8a:31:cf:55:99:38:1a:
d0:bb:e7:b8:33:ca:1f:2a:4b:60:80:3d:6d:f8:42:
18:93:00:1a:ae:e8:bc:cd:04:0a:5a:75:24:d9:d4:
23:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:1B:BA:7B:BF:1F:8B:70:83:E9:2E:82:9D:5F:B3:A3:13:E3:60:9A
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/gBu6e78fi3CD6S6CnV-zoxPjYJo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.244.0/23
91.151.81.0/24
213.142.143.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:50:8b:09:56:17:24:99:ca:5c:54:53:f1:b5:dd:a1:68:71:
6a:64:29:5c:22:61:b7:3f:15:58:94:f1:91:ee:ce:54:e8:9c:
51:84:da:fd:58:a7:30:92:3d:2b:f6:e0:9b:09:05:cb:cb:d9:
35:42:38:02:7d:eb:14:a5:74:24:2a:2e:6e:11:b1:69:50:be:
74:b9:93:02:e4:b5:28:89:84:dc:c9:09:34:c8:f6:26:ec:61:
42:6c:c8:bc:bc:b3:a4:ac:02:88:18:9a:0d:4e:90:fd:5c:c9:
ca:c1:cc:f8:a4:bd:e2:b5:42:34:27:94:7e:a0:eb:3c:0f:1c:
ef:29:b0:cc:59:a1:c4:02:e6:3c:15:b7:04:8d:af:57:9e:37:
2e:de:74:f3:74:e2:5f:84:68:52:f3:c3:c5:e5:43:12:bd:a0:
7a:08:ad:39:ac:73:69:c0:96:03:a4:83:21:d6:9d:8c:54:d2:
ba:2e:b0:a3:1c:06:a6:9d:3b:9b:70:da:a2:f3:45:a7:f5:8b:
fe:b0:51:37:3c:81:5b:b8:b8:f4:1f:0d:39:bc:e7:1d:70:84:
d1:ea:0d:76:f2:59:eb:d5:f2:41:19:00:ee:d5:ef:02:67:b5:
2d:c2:7a:25:43:c7:05:c5:db:ae:d1:08:9c:61:7a:23:e9:e2:
82:81:de:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/Eyf03bcPYARbBLn8+q/5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwNTI5MTQzODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDFiYmE3YmJmMWY4YjcwODNlOTJlODI5ZDVmYjNhMzEzZTM2MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2PkO7x+2WG3RcqZ3VhV5tMJjAXl
JAomp7cV1rdBgHyEwbJjz5QxbHHa7JPGNLXYwJOVQAYqb2vf4/2crz0HToyFC7PP
9k647xA13oF2KNSZI9j7+vadFO0wKOFHoawRaBLfty5roCSFiNPpUKsBZipkck0j
t04nkppE6F/wJH8nywgi1SHpdE99auMhglRCWO7CdkZs+/Vs2ml6kmioteE1VI4+
3ArCnIyr8gPGto5MKlrTIxN8Dm2eD8QHSTUO6vQL1BxsVgfpcEVxngPlP+f0U39y
bej4YIoxz1WZOBrQu+e4M8ofKktggD1t+EIYkwAarui8zQQKWnUk2dQjvwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIAbunu/H4twg+kugp1fs6MT42CaMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvZ0J1NmU3OGZpM0NENlM2Q25WLXpveFBqWUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUP30AwQA
W5dRAwQA1Y6PMA0GCSqGSIb3DQEBCwUAA4IBAQAbUIsJVhckmcpcVFPxtd2haHFq
ZClcImG3PxVYlPGR7s5U6JxRhNr9WKcwkj0r9uCbCQXLy9k1QjgCfesUpXQkKi5u
EbFpUL50uZMC5LUoiYTcyQk0yPYm7GFCbMi8vLOkrAKIGJoNTpD9XMnKwcz4pL3i
tUI0J5R+oOs8DxzvKbDMWaHEAuY8FbcEja9Xnjcu3nTzdOJfhGhS88PF5UMSvaB6
CK05rHNpwJYDpIMh1p2MVNK6LrCjHAamnTubcNqi80Wn9Yv+sFE3PIFbuLj0Hw05
vOcdcITR6g128lnr1fJBGQDu1e8CZ7UtwnolQ8cFxduu0QicYXoj6eKCgd6A
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:02 2025 by rpki-client