Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/i_R5NFdbWeknkgZLuOms5ToxkZI.roa
File: i_R5NFdbWeknkgZLuOms5ToxkZI.roa (raw, json)
Hash identifier: X7NAFthP8vpxsvPjpduIMTMaJ1JJp7ldwbSJtILzLEs=
Subject key identifier: 8B:F4:79:34:57:5B:59:E9:27:92:06:4B:B8:E9:AC:E5:3A:31:91:92
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018CC7958E4AD44B00D8309A983137269453
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/i_R5NFdbWeknkgZLuOms5ToxkZI.roa
Signing time: Tue 02 Jan 2024 00:31:56 +0000
ROA not before: Tue 02 Jan 2024 00:31:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43260
IP address blocks: 213.142.134.0/24 maxlen: 24
213.142.133.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:95:8e:4a:d4:4b:00:d8:30:9a:98:31:37:26:94:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jan 2 00:31:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8bf47934575b59e92792064bb8e9ace53a319192
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:51:de:d6:8f:f6:28:24:86:c5:67:6b:9a:d4:
46:20:48:cb:53:a8:c6:37:8f:5d:eb:aa:39:e9:82:
ee:8a:55:4d:3f:23:9c:ad:f0:de:bc:23:06:63:83:
9d:2d:10:f7:34:dd:00:f8:a1:d3:c3:75:b3:2d:89:
56:82:b9:da:ef:ec:9c:d6:5f:a5:a6:75:f0:7f:28:
a2:c5:a3:d6:76:ea:9c:62:21:59:9b:2c:9e:a1:21:
a5:62:18:22:d0:40:e8:38:fd:7e:7a:cf:06:8d:2b:
0f:f1:07:1b:a9:b7:9f:4d:f9:67:0c:de:4e:f5:5b:
89:d9:10:fc:5c:44:00:80:1f:4a:ee:98:a9:0d:da:
28:51:0a:64:b9:d9:02:d1:ba:84:63:57:03:25:28:
ed:53:c8:10:72:fd:51:b4:66:5d:41:a5:68:7d:67:
12:98:69:b5:e4:24:5c:78:f1:31:e7:ce:a9:75:76:
b6:64:dc:53:c8:51:47:da:ec:aa:99:3d:ac:9b:7e:
17:9f:4c:45:fa:ed:01:ce:81:f1:8c:93:ba:60:30:
72:b3:43:52:b3:c6:18:11:41:0f:31:59:f5:de:68:
ea:7a:3f:8a:6c:5b:39:d4:45:89:45:0e:43:01:7b:
62:e5:1d:6a:7d:7a:1e:33:e6:89:d0:a1:dd:03:4e:
b8:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:F4:79:34:57:5B:59:E9:27:92:06:4B:B8:E9:AC:E5:3A:31:91:92
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/i_R5NFdbWeknkgZLuOms5ToxkZI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.142.133.0-213.142.134.255
Signature Algorithm: sha256WithRSAEncryption
5e:6b:bb:1c:63:6c:5d:fb:ff:d2:88:d8:34:cf:e0:77:71:7c:
ac:24:ef:6c:ba:4d:53:79:2c:db:bd:b8:03:db:15:78:24:53:
f2:d9:fe:72:57:af:0e:6d:d8:9e:0c:8b:6b:f1:84:8f:9b:a2:
bb:06:35:1f:ef:8b:5a:35:7c:99:03:ff:91:b4:21:5e:e9:38:
54:6b:fc:ca:6f:06:3a:91:a4:f2:0f:41:95:89:a3:75:b1:da:
ae:b7:2c:4d:a3:95:43:57:55:ed:d6:8e:f0:32:4c:4e:58:66:
cb:a0:c2:1b:e6:c8:c6:68:06:4d:6e:2c:b7:06:ad:95:c3:73:
83:49:53:8c:c2:9a:7f:0f:50:c8:a0:9a:ae:b4:37:87:54:c0:
68:fc:8e:fd:0c:61:6c:aa:cd:c4:9c:42:5a:45:86:91:25:9e:
df:93:22:43:8d:40:4f:66:04:8c:a6:f0:4a:89:78:2f:d6:44:
d1:b9:ae:cc:da:81:fe:5b:15:51:b1:11:2a:88:f9:1c:00:fb:
11:ff:40:53:6f:de:cd:2c:9f:f4:27:3a:68:32:42:76:a9:0d:
42:c1:9c:0f:23:9a:f7:ee:fe:97:74:41:85:fd:5b:54:1e:00:
02:bb:8b:5a:a6:90:93:e0:e9:24:15:f7:07:59:89:ce:b4:2b:
8b:31:3d:8b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlY5K1EsA2DCamDE3JpRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY0NzkzNDU3NWI1OWU5Mjc5MjA2NGJiOGU5YWNlNTNhMzE5MTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1He1o/2KCSGxWdrmtRGIEjLU6jG
N49d66o56YLuilVNPyOcrfDevCMGY4OdLRD3NN0A+KHTw3WzLYlWgrna7+yc1l+l
pnXwfyiixaPWduqcYiFZmyyeoSGlYhgi0EDoOP1+es8GjSsP8QcbqbefTflnDN5O
9VuJ2RD8XEQAgB9K7pipDdooUQpkudkC0bqEY1cDJSjtU8gQcv1RtGZdQaVofWcS
mGm15CRcePEx586pdXa2ZNxTyFFH2uyqmT2sm34Xn0xF+u0BzoHxjJO6YDBys0NS
s8YYEUEPMVn13mjqej+KbFs51EWJRQ5DAXti5R1qfXoeM+aJ0KHdA064WQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIv0eTRXW1npJ5IGS7jprOU6MZGSMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvaV9SNU5GZGJXZWtua2daTHVPbXM1VG94a1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADVjoUD
BADVjoYwDQYJKoZIhvcNAQELBQADggEBAF5ruxxjbF37/9KI2DTP4HdxfKwk72y6
TVN5LNu9uAPbFXgkU/LZ/nJXrw5t2J4Mi2vxhI+borsGNR/vi1o1fJkD/5G0IV7p
OFRr/MpvBjqRpPIPQZWJo3Wx2q63LE2jlUNXVe3WjvAyTE5YZsugwhvmyMZoBk1u
LLcGrZXDc4NJU4zCmn8PUMigmq60N4dUwGj8jv0MYWyqzcScQlpFhpElnt+TIkON
QE9mBIym8EqJeC/WRNG5rszagf5bFVGxESqI+RwA+xH/QFNv3s0sn/QnOmgyQnap
DULBnA8jmvfu/pd0QYX9W1QeAAK7i1qmkJPg6SQV9wdZic60K4sxPYs=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:10:05 2025 by rpki-client