Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/zUr6vRyNpEQx-eRZF2pKc8_TF0g.roa
File: zUr6vRyNpEQx-eRZF2pKc8_TF0g.roa (raw, json)
Hash identifier: BdVB/X1fj0AG3hU4krNYSEsSfjyUPVvM8jKlAnjNS7M=
Subject key identifier: CD:4A:FA:BD:1C:8D:A4:44:31:F9:E4:59:17:6A:4A:73:CF:D3:17:48
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018A85F524D144975D1F5022C1940F7C2297
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/zUr6vRyNpEQx-eRZF2pKc8_TF0g.roa
Signing time: Mon 11 Sep 2023 20:35:50 +0000
ROA not before: Mon 11 Sep 2023 20:35:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 397563
IP address blocks: 213.142.136.0/24 maxlen: 24
213.142.133.0/24 maxlen: 24
213.142.137.0/24 maxlen: 24
213.142.144.0/24 maxlen: 32
213.142.145.0/24 maxlen: 32
213.142.142.0/24 maxlen: 32
213.142.152.0/23 maxlen: 24
213.142.128.0/24 maxlen: 24
213.142.129.0/24 maxlen: 24
213.142.131.0/24 maxlen: 24
213.142.132.0/24 maxlen: 24
213.142.130.0/24 maxlen: 24
91.151.92.0/24 maxlen: 24
80.253.252.0/23 maxlen: 24
91.151.80.0/24 maxlen: 24
91.151.82.0/24 maxlen: 24
91.151.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:85:f5:24:d1:44:97:5d:1f:50:22:c1:94:0f:7c:22:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Sep 11 20:35:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cd4afabd1c8da44431f9e459176a4a73cfd31748
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:5f:8b:6a:6e:0d:f2:f6:17:f5:85:e6:06:f9:
40:43:7d:98:52:76:64:5b:63:6c:d9:ff:69:f8:48:
8c:22:f7:e7:44:fc:24:40:cb:f6:10:e4:f7:67:c5:
86:96:7d:1d:d5:f1:84:a2:92:da:33:de:83:72:e8:
98:69:12:f4:b4:d4:85:2e:8d:0f:04:9c:a7:1b:07:
b8:d7:0d:4e:5e:f3:51:b0:d3:c5:15:61:0e:71:c8:
29:33:ac:93:d4:f4:2e:8e:03:a3:97:90:3b:05:7c:
18:b3:34:97:82:a6:74:81:b1:9c:d1:24:e8:e4:79:
34:d6:47:82:2d:c5:b4:ea:41:d6:4c:83:a9:7e:c0:
8b:b7:6a:cc:02:98:46:52:72:a3:8d:a0:58:b3:74:
a5:00:89:49:7a:9a:a9:fa:9f:76:3b:e7:fe:9a:49:
5b:2f:28:eb:9b:bf:45:81:6a:8e:d0:0d:6c:6a:eb:
08:86:17:0a:96:9d:d1:e7:a8:35:bb:66:51:1f:98:
dd:49:ca:cc:06:88:99:8a:8d:fe:f6:b7:3d:f3:8f:
11:4e:39:1c:56:49:e6:28:11:cc:c4:6d:14:d4:a9:
30:77:26:c4:15:49:dc:ec:e2:04:99:a9:eb:21:12:
d8:b8:44:01:f3:65:fd:8d:57:84:6d:f4:8a:70:4f:
4e:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:4A:FA:BD:1C:8D:A4:44:31:F9:E4:59:17:6A:4A:73:CF:D3:17:48
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/zUr6vRyNpEQx-eRZF2pKc8_TF0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.252.0/23
91.151.80.0/24
91.151.82.0/24
91.151.91.0-91.151.92.255
213.142.128.0-213.142.133.255
213.142.136.0/23
213.142.142.0/24
213.142.144.0/23
213.142.152.0/23
Signature Algorithm: sha256WithRSAEncryption
27:b6:0f:71:16:80:74:ad:ca:9d:a1:f6:d6:36:c8:78:30:a2:
5c:b3:87:4f:a5:85:df:91:c2:af:e1:d0:e2:1a:c7:54:d1:db:
47:25:15:ba:f9:1f:8f:62:3c:b2:3c:be:a6:cc:6d:45:9b:a5:
52:42:21:7a:3f:ab:04:eb:ee:fc:fc:43:7e:53:11:e8:20:d1:
1d:30:85:26:04:a3:eb:fe:9a:55:fc:43:4b:cd:6e:ec:cf:11:
33:54:ff:ca:ee:55:b5:65:f1:8b:69:2b:18:d1:b8:f4:6b:52:
3a:6a:b5:a4:c6:06:04:f4:7a:3a:98:37:a9:3c:26:0e:cf:22:
eb:c6:d7:68:8d:20:a7:7a:4b:76:b3:de:a2:8e:e7:92:f4:20:
da:c1:16:eb:b8:e5:d6:1b:66:35:9c:58:a4:73:a5:3b:63:db:
48:09:97:6f:f3:8f:86:88:06:dd:30:77:6d:2b:f7:c6:61:f3:
cc:a5:91:24:55:cb:6a:3c:0a:cb:b1:c3:0a:b7:1b:51:78:aa:
83:9a:5f:39:45:9b:0c:71:f3:76:55:7d:05:36:6e:76:fa:37:
cb:c5:b8:3b:a8:2b:64:25:e9:c5:1e:53:5d:ba:35:e9:c0:f3:
b6:f3:3d:d8:a8:49:12:4e:42:27:85:1d:1e:90:a0:5c:0a:89:
9e:33:42:70
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYqF9STRRJddH1AiwZQPfCKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMwOTExMjAzNTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDRhZmFiZDFjOGRhNDQ0MzFmOWU0NTkxNzZhNGE3M2NmZDMxNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF+Lam4N8vYX9YXmBvlAQ32YUnZk
W2Ns2f9p+EiMIvfnRPwkQMv2EOT3Z8WGln0d1fGEopLaM96DcuiYaRL0tNSFLo0P
BJynGwe41w1OXvNRsNPFFWEOccgpM6yT1PQujgOjl5A7BXwYszSXgqZ0gbGc0STo
5Hk01keCLcW06kHWTIOpfsCLt2rMAphGUnKjjaBYs3SlAIlJepqp+p92O+f+mklb
Lyjrm79FgWqO0A1sausIhhcKlp3R56g1u2ZRH5jdScrMBoiZio3+9rc9848RTjkc
VknmKBHMxG0U1KkwdybEFUnc7OIEmanrIRLYuEQB82X9jVeEbfSKcE9O1wIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFM1K+r0cjaREMfnkWRdqSnPP0xdIMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvelVyNnZSeU5wRVF4LWVSWkYycEtjOF9URjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQBUP38AwQA
W5dQAwQAW5dSMAwDBABbl1sDBABbl1wwDAMEB9WOgAMEAdWOhAMEAdWOiAMEANWO
jgMEAdWOkAMEAdWOmDANBgkqhkiG9w0BAQsFAAOCAQEAJ7YPcRaAdK3KnaH21jbI
eDCiXLOHT6WF35HCr+HQ4hrHVNHbRyUVuvkfj2I8sjy+psxtRZulUkIhej+rBOvu
/PxDflMR6CDRHTCFJgSj6/6aVfxDS81u7M8RM1T/yu5VtWXxi2krGNG49GtSOmq1
pMYGBPR6Opg3qTwmDs8i68bXaI0gp3pLdrPeoo7nkvQg2sEW67jl1htmNZxYpHOl
O2PbSAmXb/OPhogG3TB3bSv3xmHzzKWRJFXLajwKy7HDCrcbUXiqg5pfOUWbDHHz
dlV9BTZudvo3y8W4O6grZCXpxR5TXbo16cDztvM92KhJEk5CJ4UdHpCgXAqJnjNC
cA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:38 2024 by rpki-client on console-ams.rpki-client.org