Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sPKL_yV3mYdqcZctQWFWhCGeWjc.roa
File: sPKL_yV3mYdqcZctQWFWhCGeWjc.roa (raw, json)
Hash identifier: g1sqtEhiukwLE873O9TTcP5bzpcn7sRNrh7ORDpu7/Q=
Subject key identifier: B0:F2:8B:FF:25:77:99:87:6A:71:97:2D:41:61:56:84:21:9E:5A:37
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 01856DAF62681725621C7C827BE03FFD389D
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sPKL_yV3mYdqcZctQWFWhCGeWjc.roa
Signing time: Sun 01 Jan 2023 14:14:48 +0000
ROA not before: Sun 01 Jan 2023 14:14:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 213.142.134.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:af:62:68:17:25:62:1c:7c:82:7b:e0:3f:fd:38:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Jan 1 14:14:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b0f28bff257799876a71972d41615684219e5a37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:06:5c:fe:a1:c4:0d:0f:c7:27:70:01:b4:1e:
9c:8e:3c:2d:4c:1a:37:bd:63:36:03:e8:01:01:4e:
91:88:3c:75:c9:57:51:9e:5c:5b:e1:c0:d5:bb:6d:
8a:3b:07:88:f5:3c:f3:7d:b8:fc:f8:58:01:66:77:
fb:35:0d:ea:48:a0:51:59:86:4d:8d:e1:cb:73:6c:
57:44:19:eb:b9:bf:66:53:1d:9c:37:90:30:2d:1e:
dd:49:80:ee:d1:bc:f9:19:67:33:0a:ba:85:9d:85:
bd:7a:50:ee:6d:dc:40:33:b0:80:22:19:a3:6c:d9:
10:26:2d:03:e4:91:dd:35:6c:62:4d:f8:31:a0:96:
6b:86:10:95:58:94:c7:b2:bd:aa:04:42:84:be:e0:
98:fc:ba:66:fc:fc:da:a0:51:d3:5f:d1:fd:09:cf:
48:46:25:82:83:7d:d3:24:22:b0:e1:78:70:d3:d0:
96:c1:57:e4:21:67:2a:55:23:07:4c:9c:77:c3:5b:
4e:39:8a:e9:82:54:2e:5b:62:f7:00:46:ad:45:1b:
e5:f9:b5:7b:c7:b9:19:ba:d6:2c:f3:66:6c:5f:11:
30:5b:5c:b9:2f:e7:dd:1e:e2:59:72:66:c1:df:f2:
42:bb:ec:04:77:98:00:e8:a9:c6:0d:17:8e:2c:31:
72:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:F2:8B:FF:25:77:99:87:6A:71:97:2D:41:61:56:84:21:9E:5A:37
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sPKL_yV3mYdqcZctQWFWhCGeWjc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.142.134.0/24
Signature Algorithm: sha256WithRSAEncryption
cc:34:63:9c:96:bd:1f:2e:95:c3:f8:e5:d8:e9:a2:5f:a9:47:
f7:29:98:8d:f7:e6:7d:57:13:a2:61:26:b9:25:25:ce:cf:83:
ec:1b:eb:6a:e9:a2:cd:02:2b:f7:68:87:79:37:4f:9c:3e:88:
e4:cf:b2:03:bd:29:00:68:fa:83:3a:51:c1:7b:80:80:4e:d2:
ca:92:82:7f:d3:57:9a:a5:4d:a2:03:84:4b:44:aa:89:2a:e3:
c3:5c:03:f6:77:ea:e8:e5:b6:bd:83:9f:e3:95:95:6d:f4:bb:
6a:03:fc:3f:c4:7e:82:cf:b1:a9:2d:8d:c1:49:05:44:29:f4:
54:36:d0:36:4b:ba:2a:8a:3d:64:18:03:80:b0:db:ac:3b:98:
ac:8d:6e:2e:da:f1:65:f1:f6:c5:9a:5e:0f:33:4d:81:02:f9:
7d:2a:26:f7:f0:1f:44:59:32:e2:54:71:7b:02:dd:76:26:03:
9c:6e:26:ae:22:12:69:43:8c:9e:1b:35:a0:32:2c:2a:24:a1:
ad:c0:73:6b:45:3a:4e:d6:d8:9f:34:a5:8c:a5:0c:a7:de:db:
f9:1f:76:f7:5c:80:f0:48:fc:14:a8:1e:cd:de:b7:d2:8c:11:
81:1c:36:d9:2a:d2:ad:b3:a7:d2:40:4c:c0:0c:ee:4d:df:fb:
5f:34:22:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtr2JoFyViHHyCe+A//TidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMwMTAxMTQxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGYyOGJmZjI1Nzc5OTg3NmE3MTk3MmQ0MTYxNTY4NDIxOWU1YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwZc/qHEDQ/HJ3ABtB6cjjwtTBo3
vWM2A+gBAU6RiDx1yVdRnlxb4cDVu22KOweI9Tzzfbj8+FgBZnf7NQ3qSKBRWYZN
jeHLc2xXRBnrub9mUx2cN5AwLR7dSYDu0bz5GWczCrqFnYW9elDubdxAM7CAIhmj
bNkQJi0D5JHdNWxiTfgxoJZrhhCVWJTHsr2qBEKEvuCY/Lpm/PzaoFHTX9H9Cc9I
RiWCg33TJCKw4Xhw09CWwVfkIWcqVSMHTJx3w1tOOYrpglQuW2L3AEatRRvl+bV7
x7kZutYs82ZsXxEwW1y5L+fdHuJZcmbB3/JCu+wEd5gA6KnGDReOLDFyyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDyi/8ld5mHanGXLUFhVoQhnlo3MB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvc1BLTF95VjNtWWRxY1pjdFFXRldoQ0dlV2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y6GMA0G
CSqGSIb3DQEBCwUAA4IBAQDMNGOclr0fLpXD+OXY6aJfqUf3KZiN9+Z9VxOiYSa5
JSXOz4PsG+tq6aLNAiv3aId5N0+cPojkz7IDvSkAaPqDOlHBe4CATtLKkoJ/01ea
pU2iA4RLRKqJKuPDXAP2d+ro5ba9g5/jlZVt9LtqA/w/xH6Cz7GpLY3BSQVEKfRU
NtA2S7oqij1kGAOAsNusO5isjW4u2vFl8fbFml4PM02BAvl9Kib38B9EWTLiVHF7
At12JgOcbiauIhJpQ4yeGzWgMiwqJKGtwHNrRTpO1tifNKWMpQyn3tv5H3b3XIDw
SPwUqB7N3rfSjBGBHDbZKtKts6fSQEzADO5N3/tfNCLb
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:03:45 2025 by rpki-client