Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sgpw14VwosLuDU9Dt5jJ3uWPKUY.roa
File: sgpw14VwosLuDU9Dt5jJ3uWPKUY.roa (raw, json)
Hash identifier: +ZoEvACM0pMMhIJ+C2LgI6kUpg3Eoz6G6x5wR4jze+w=
Subject key identifier: B2:0A:70:D7:85:70:A2:C2:EE:0D:4F:43:B7:98:C9:DE:E5:8F:29:46
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018CAD2343351A1DC429CEC15C536290547D
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sgpw14VwosLuDU9Dt5jJ3uWPKUY.roa
Signing time: Wed 27 Dec 2023 21:16:58 +0000
ROA not before: Wed 27 Dec 2023 21:16:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212219
IP address blocks: 91.151.95.0/24 maxlen: 24
213.142.148.0/24 maxlen: 32
213.142.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ad:23:43:35:1a:1d:c4:29:ce:c1:5c:53:62:90:54:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Dec 27 21:16:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b20a70d78570a2c2ee0d4f43b798c9dee58f2946
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:09:31:93:86:2c:db:04:f4:c1:65:2d:26:f5:
02:22:00:89:71:82:8c:46:44:ca:79:61:cd:59:48:
a8:a1:48:c1:06:a2:6a:f0:ad:99:e3:75:f5:60:e6:
1b:7e:81:a2:3d:86:d7:61:ae:ab:e2:42:22:31:90:
7f:4c:69:0b:d1:ef:78:fd:c4:5c:3a:9f:d6:f3:ef:
42:14:28:56:24:d3:1f:31:7e:de:68:aa:e0:1f:ae:
11:3e:b4:75:23:b4:34:9b:b0:99:80:0e:9e:30:01:
60:7c:df:27:57:55:b6:e6:4f:19:93:06:80:65:d6:
33:50:4f:07:20:2e:a9:f1:39:bf:e4:01:b0:8c:da:
b7:bc:db:67:02:d6:27:1a:3f:69:b2:bc:ef:2a:a3:
fa:48:00:ed:de:0a:3c:2a:83:54:0e:65:fa:4c:97:
4a:3a:71:8e:d6:97:39:b2:a0:96:4a:bf:d7:e4:f6:
cd:52:c2:a9:f5:e6:fc:49:d2:21:b0:13:5c:8a:bb:
c5:ac:87:8a:39:c8:05:3a:4c:d1:3e:4a:67:34:b6:
c6:12:c1:50:48:ad:b8:bd:0a:ed:96:77:52:38:31:
51:82:91:6c:d1:71:42:8e:55:f2:40:b0:8b:14:ac:
1e:69:db:fd:a2:57:c0:bd:b9:73:9c:69:a3:3b:a6:
a5:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:0A:70:D7:85:70:A2:C2:EE:0D:4F:43:B7:98:C9:DE:E5:8F:29:46
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/sgpw14VwosLuDU9Dt5jJ3uWPKUY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.95.0/24
213.142.148.0/24
213.142.151.0/24
Signature Algorithm: sha256WithRSAEncryption
64:be:f6:99:8f:e6:c4:99:82:33:b7:ea:e5:dd:3d:75:03:35:
3d:f7:49:23:99:46:4e:9c:1e:81:3d:30:c0:06:81:ab:c8:a0:
f8:d3:48:00:b7:d1:b1:b5:9d:dd:e9:30:c6:0a:0e:52:aa:da:
05:2e:37:90:da:35:36:67:cf:22:11:1f:54:d5:f8:87:58:68:
cb:13:77:6f:48:bd:78:4c:30:b7:c5:55:f4:62:99:6b:39:48:
16:2c:05:28:e1:0a:48:15:90:b8:76:0a:2c:68:da:01:2a:9e:
86:8b:da:f6:90:73:81:db:9c:93:7c:4c:f9:07:f6:f5:f9:a3:
e6:fa:41:97:f2:4f:0c:67:a0:cc:69:33:67:08:a9:e3:89:c8:
4b:56:40:da:9a:3b:c0:96:95:6f:63:c8:34:21:93:e4:6c:0e:
e4:7a:9c:42:ab:66:7b:88:82:91:c6:f4:a5:79:4e:d8:e9:b4:
21:81:9e:0e:b6:c9:d2:40:01:bd:39:5a:f8:df:2e:57:79:44:
ed:47:bb:c6:f7:6b:9b:f5:79:66:05:19:57:3b:c7:cc:32:f7:
5c:6b:ce:4f:54:90:3f:ea:d6:f3:dc:f8:ff:92:f0:45:12:f0:
95:9a:a9:7f:c0:77:74:30:04:6e:e9:dd:3f:61:58:65:92:9c:
93:3b:62:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYytI0M1Gh3EKc7BXFNikFR9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMxMjI3MjExNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBhNzBkNzg1NzBhMmMyZWUwZDRmNDNiNzk4YzlkZWU1OGYyOTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwkxk4Ys2wT0wWUtJvUCIgCJcYKM
RkTKeWHNWUiooUjBBqJq8K2Z43X1YOYbfoGiPYbXYa6r4kIiMZB/TGkL0e94/cRc
Op/W8+9CFChWJNMfMX7eaKrgH64RPrR1I7Q0m7CZgA6eMAFgfN8nV1W25k8ZkwaA
ZdYzUE8HIC6p8Tm/5AGwjNq3vNtnAtYnGj9psrzvKqP6SADt3go8KoNUDmX6TJdK
OnGO1pc5sqCWSr/X5PbNUsKp9eb8SdIhsBNcirvFrIeKOcgFOkzRPkpnNLbGEsFQ
SK24vQrtlndSODFRgpFs0XFCjlXyQLCLFKweadv9olfAvblznGmjO6alxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLIKcNeFcKLC7g1PQ7eYyd7ljylGMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvc2dwdzE0Vndvc0x1RFU5RHQ1akozdVdQS1VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW5dfAwQA
1Y6UAwQA1Y6XMA0GCSqGSIb3DQEBCwUAA4IBAQBkvvaZj+bEmYIzt+rl3T11AzU9
90kjmUZOnB6BPTDABoGryKD400gAt9GxtZ3d6TDGCg5SqtoFLjeQ2jU2Z88iER9U
1fiHWGjLE3dvSL14TDC3xVX0YplrOUgWLAUo4QpIFZC4dgosaNoBKp6Gi9r2kHOB
25yTfEz5B/b1+aPm+kGX8k8MZ6DMaTNnCKnjichLVkDamjvAlpVvY8g0IZPkbA7k
epxCq2Z7iIKRxvSleU7Y6bQhgZ4OtsnSQAG9OVr43y5XeUTtR7vG92ub9XlmBRlX
O8fMMvdca85PVJA/6tbz3Pj/kvBFEvCVmql/wHd0MARu6d0/YVhlkpyTO2Ii
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:04 2024 by rpki-client on console-fra.rpki-client.org