Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/upc4Yb2hqsaqMeRpCx0IPNt2PE8.roa
File: upc4Yb2hqsaqMeRpCx0IPNt2PE8.roa (raw, json)
Hash identifier: pOaxNAxyBOYtvW4I2+J5oTY+YVW5IBS/Y6HYMeqSeVs=
Subject key identifier: BA:97:38:61:BD:A1:AA:C6:AA:31:E4:69:0B:1D:08:3C:DB:76:3C:4F
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018FC4C9FC5CD3A138B861E50CB04D8C2388
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/upc4Yb2hqsaqMeRpCx0IPNt2PE8.roa
Signing time: Wed 29 May 2024 14:38:42 +0000
ROA not before: Wed 29 May 2024 14:38:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60707
IP address blocks: 80.253.247.0/24 maxlen: 24
91.151.83.0/24 maxlen: 24
91.151.84.0/24 maxlen: 24
213.142.135.0/24 maxlen: 24
213.142.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:c4:c9:fc:5c:d3:a1:38:b8:61:e5:0c:b0:4d:8c:23:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: May 29 14:38:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ba973861bda1aac6aa31e4690b1d083cdb763c4f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:1c:56:f5:82:37:83:87:54:18:52:da:7a:fc:
c8:cd:43:7a:7d:1a:cc:f8:0b:18:16:e9:80:3f:47:
c6:99:ef:82:4f:a8:09:2b:a5:c2:ce:1d:81:ad:45:
87:18:0f:64:8a:28:26:e1:86:81:21:97:83:0b:45:
78:3e:99:aa:5a:59:6e:1b:be:46:81:e3:12:a5:2d:
56:f2:a2:74:ca:4b:0f:7c:81:3d:0a:60:3c:b9:3f:
9d:98:49:39:38:83:c6:cc:83:f8:ac:a6:7b:42:7b:
1c:ee:ab:f4:5a:ea:a3:e7:24:46:89:e0:b8:43:0f:
90:68:8e:c0:26:0c:ac:5e:06:c8:fd:5a:22:83:7a:
0e:e2:9a:55:f2:fc:24:95:03:1a:72:c1:84:a7:e1:
28:68:33:fc:a5:ff:e1:f0:03:7c:dc:ac:4e:02:06:
1c:5d:7e:94:c2:7c:87:dc:95:c7:94:0c:1f:5d:0a:
31:2d:6f:57:3a:6e:16:75:af:31:6d:7d:c3:70:fb:
50:af:ea:46:40:1c:74:d9:ae:9e:cd:8c:aa:7c:cc:
ab:d0:ce:88:26:62:39:07:15:14:c5:0a:fa:60:c9:
38:02:73:65:56:63:e2:98:da:37:4b:5b:f7:62:87:
b9:7d:a7:8d:ee:2d:ff:8f:d9:40:f2:98:fa:f2:6f:
f8:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:97:38:61:BD:A1:AA:C6:AA:31:E4:69:0B:1D:08:3C:DB:76:3C:4F
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/upc4Yb2hqsaqMeRpCx0IPNt2PE8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.247.0/24
91.151.83.0-91.151.84.255
213.142.135.0/24
213.142.143.0/24
Signature Algorithm: sha256WithRSAEncryption
93:65:14:c2:1a:50:e7:ca:02:5b:ea:be:7e:d9:e9:dd:60:8b:
b8:54:da:ad:31:f4:99:0d:78:1c:85:ed:97:a7:52:e2:22:a8:
4a:76:a8:48:b0:71:bf:c0:8a:60:d9:75:99:09:22:ab:02:bb:
ec:57:db:5e:5a:7b:9f:9e:a8:78:95:8c:9b:ce:40:72:8e:b6:
36:da:e8:06:cd:60:ed:d0:5e:d9:d0:0e:f3:a9:97:92:8d:50:
3f:70:d1:7c:1d:d3:c7:d7:d0:87:83:c9:a5:b0:00:c5:1e:2a:
1f:4d:72:f1:9d:8e:c4:fc:de:40:e6:5f:a0:8b:25:a8:a2:08:
59:2e:10:ca:47:ea:dd:8d:14:b1:8c:d0:f9:99:f5:70:33:23:
8e:31:b4:cc:ab:b7:4a:4e:03:f3:b0:1c:ad:56:d2:bf:24:1e:
78:05:25:50:1d:ee:5a:f5:be:89:ce:36:95:75:7c:e3:3b:c0:
c8:3c:36:0d:65:e1:2a:a5:50:42:64:2d:c5:d1:b5:05:19:b6:
c1:fb:ce:03:d3:0c:c8:45:1c:1f:7e:dc:77:7b:e4:a1:cd:1f:
ec:64:dd:ba:64:8b:54:5d:2a:b8:9e:45:03:ae:17:89:51:50:
45:8a:31:71:3f:37:fb:b4:cc:8f:d8:53:89:ee:c1:d0:35:47:
a5:7b:89:be
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY/Eyfxc06E4uGHlDLBNjCOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwNTI5MTQzODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTk3Mzg2MWJkYTFhYWM2YWEzMWU0NjkwYjFkMDgzY2RiNzYzYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7xxW9YI3g4dUGFLaevzIzUN6fRrM
+AsYFumAP0fGme+CT6gJK6XCzh2BrUWHGA9kiigm4YaBIZeDC0V4PpmqWlluG75G
geMSpS1W8qJ0yksPfIE9CmA8uT+dmEk5OIPGzIP4rKZ7Qnsc7qv0Wuqj5yRGieC4
Qw+QaI7AJgysXgbI/Voig3oO4ppV8vwklQMacsGEp+EoaDP8pf/h8AN83KxOAgYc
XX6UwnyH3JXHlAwfXQoxLW9XOm4Wda8xbX3DcPtQr+pGQBx02a6ezYyqfMyr0M6I
JmI5BxUUxQr6YMk4AnNlVmPimNo3S1v3Yoe5faeN7i3/j9lA8pj68m/4YQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLqXOGG9oarGqjHkaQsdCDzbdjxPMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvdXBjNFliMmhxc2FxTWVScEN4MElQTnQyUEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAUP33MAwD
BABbl1MDBABbl1QDBADVjocDBADVjo8wDQYJKoZIhvcNAQELBQADggEBAJNlFMIa
UOfKAlvqvn7Z6d1gi7hU2q0x9JkNeByF7ZenUuIiqEp2qEiwcb/AimDZdZkJIqsC
u+xX215ae5+eqHiVjJvOQHKOtjba6AbNYO3QXtnQDvOpl5KNUD9w0Xwd08fX0IeD
yaWwAMUeKh9NcvGdjsT83kDmX6CLJaiiCFkuEMpH6t2NFLGM0PmZ9XAzI44xtMyr
t0pOA/OwHK1W0r8kHngFJVAd7lr1vonONpV1fOM7wMg8Ng1l4SqlUEJkLcXRtQUZ
tsH7zgPTDMhFHB9+3Hd75KHNH+xk3bpki1RdKrieRQOuF4lRUEWKMXE/N/u0zI/Y
U4nuwdA1R6V7ib4=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:12:39 2025 by rpki-client