Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e203432333636.roa
File: 3138352e3232332e3235342e302f32332d3234203d3e203432333636.roa (raw, json)
Hash identifier: EXAKDafdRoOUlrwSHE1aEQrmtWqyERGjMIJ49CRiMWs=
Subject key identifier: D6:C8:82:98:03:2C:24:1F:9D:AD:21:20:D8:C1:EA:44:8B:0A:02:C2
Certificate issuer: /CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Certificate serial: 2DD7583329390CABD039660F0752AA4C08D1F3B2
Authority key identifier: B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e203432333636.roa
Signing time: Sun 07 Apr 2024 16:03:28 +0000
ROA not before: Sun 07 Apr 2024 15:58:28 +0000
ROA not after: Sun 06 Apr 2025 16:03:28 +0000
asID: 42366
IP address blocks: 185.223.254.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:d7:58:33:29:39:0c:ab:d0:39:66:0f:07:52:aa:4c:08:d1:f3:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b97bcfac27bbaf19de1d31e53629726c1e4caaa2
Validity
Not Before: Apr 7 15:58:28 2024 GMT
Not After : Apr 6 16:03:28 2025 GMT
Subject: CN=D6C88298032C241F9DAD2120D8C1EA448B0A02C2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:b3:47:c1:60:0f:25:20:69:8e:97:27:8a:5a:
fb:ff:f4:41:b9:9c:72:64:7e:63:45:e7:72:45:4f:
c9:08:d8:1a:25:59:9c:e2:6b:fe:ab:25:08:d3:3d:
8d:fc:38:3c:54:40:90:a1:0a:2d:9b:eb:08:a1:21:
99:48:eb:69:50:de:82:64:69:e5:ba:fa:2d:61:12:
54:bf:16:43:2c:be:ef:05:0c:d8:ae:87:2f:aa:f7:
16:e7:6a:6d:5d:15:9f:bf:80:16:52:73:07:e2:1a:
ba:5b:2a:a0:6d:cc:5e:42:40:fc:40:31:0e:c5:f6:
01:2a:2c:2c:ee:cc:f2:d2:c7:d0:b9:73:3a:0c:63:
07:af:b4:f5:c8:38:1a:6c:a8:30:7a:7c:c9:14:97:
ae:a4:dd:c3:95:ea:5c:6a:32:2e:c6:9a:8c:55:69:
2d:e2:10:6c:2f:95:35:16:54:be:c7:4d:27:c8:af:
b5:53:61:db:0f:c7:c0:f3:55:ac:3a:76:a3:86:ce:
d2:b4:a7:4e:45:80:cb:c2:86:00:4d:1e:fd:40:f5:
d2:7f:b8:ad:82:6e:f5:a6:6c:74:41:d2:5b:77:ed:
04:2a:69:02:ca:58:05:e4:e0:77:c9:69:5b:4d:9a:
9a:70:ce:53:71:57:81:83:cd:4b:f0:48:d2:b4:ca:
75:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:C8:82:98:03:2C:24:1F:9D:AD:21:20:D8:C1:EA:44:8B:0A:02:C2
X509v3 Authority Key Identifier:
keyid:B9:7B:CF:AC:27:BB:AF:19:DE:1D:31:E5:36:29:72:6C:1E:4C:AA:A2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/B97BCFAC27BBAF19DE1D31E53629726C1E4CAAA2.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXvPrCe7rxneHTHlNilybB5MqqI.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/3/3138352e3232332e3235342e302f32332d3234203d3e203432333636.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.223.254.0/23
Signature Algorithm: sha256WithRSAEncryption
6e:4f:00:0d:55:03:a8:94:fc:16:64:3e:ed:a1:58:a8:d1:89:
ef:12:69:80:8c:66:df:9e:b7:89:60:c8:65:b4:5a:b0:15:d4:
af:ab:af:95:54:cb:a5:7e:23:98:2c:73:af:c9:89:e0:fb:0e:
63:ab:42:b1:c5:96:c0:2b:6e:5a:fe:a0:c6:d4:64:31:e3:d7:
ca:26:e9:a1:c4:d1:53:49:8a:96:e3:14:47:21:8f:e5:2e:84:
4f:16:d6:63:db:fe:11:ee:0d:2e:94:1e:30:cf:fc:e8:09:98:
e9:30:62:d1:8c:58:ef:ef:af:e8:79:35:ce:3a:54:bb:f2:ef:
f0:74:ed:f0:be:41:0e:2b:79:c5:67:51:eb:2a:ea:d1:13:f3:
5d:05:73:e1:75:33:2e:4e:c6:8f:3d:04:be:e2:93:7f:7b:5f:
b0:5f:b3:c2:d1:f8:43:2e:f5:46:1c:e6:32:7a:e7:2b:5a:96:
d8:6d:24:38:c3:3f:b9:c4:51:9f:8c:f6:1e:fb:33:ab:ec:24:
ee:7d:20:11:0a:f3:59:66:62:d2:0d:22:b8:fc:c9:45:64:02:
32:38:49:ae:fb:10:e7:c7:7c:09:3a:47:93:91:4e:01:09:1b:
d9:1c:29:0d:44:29:eb:12:11:6e:f5:7f:f0:9c:0e:72:c1:fa:
84:1d:bb:b8
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIULddYMyk5DKvQOWYPB1KqTAjR87IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjk3YmNmYWMyN2JiYWYxOWRlMWQzMWU1MzYyOTcyNmMx
ZTRjYWFhMjAeFw0yNDA0MDcxNTU4MjhaFw0yNTA0MDYxNjAzMjhaMDMxMTAvBgNV
BAMTKEQ2Qzg4Mjk4MDMyQzI0MUY5REFEMjEyMEQ4QzFFQTQ0OEIwQTAyQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOs0fBYA8lIGmOlyeKWvv/9EG5
nHJkfmNF53JFT8kI2BolWZzia/6rJQjTPY38ODxUQJChCi2b6wihIZlI62lQ3oJk
aeW6+i1hElS/FkMsvu8FDNiuhy+q9xbnam1dFZ+/gBZScwfiGrpbKqBtzF5CQPxA
MQ7F9gEqLCzuzPLSx9C5czoMYwevtPXIOBpsqDB6fMkUl66k3cOV6lxqMi7GmoxV
aS3iEGwvlTUWVL7HTSfIr7VTYdsPx8DzVaw6dqOGztK0p05FgMvChgBNHv1A9dJ/
uK2CbvWmbHRB0lt37QQqaQLKWAXk4HfJaVtNmppwzlNxV4GDzUvwSNK0ynVjAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQU1siCmAMsJB+drSEg2MHqRIsKAsIwHwYDVR0j
BBgwFoAUuXvPrCe7rxneHTHlNilybB5MqqIwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzMvQjk3QkNGQUMyN0JCQUYxOURFMUQzMUU1MzYyOTcyNkMxRTRDQUFBMi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3VYdlByQ2U3cnhuZUhUSGxOaWx5YkI1
TXFxSS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzMvMzEzODM1MmUzMjMyMzMyZTMy
MzUzNDJlMzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzIzMzM2MzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAG53/4wDQYJKoZIhvcNAQELBQADggEBAG5PAA1VA6iU/BZkPu2hWKjRie8SaYCM
Zt+et4lgyGW0WrAV1K+rr5VUy6V+I5gsc6/JieD7DmOrQrHFlsArblr+oMbUZDHj
18om6aHE0VNJipbjFEchj+UuhE8W1mPb/hHuDS6UHjDP/OgJmOkwYtGMWO/vr+h5
Nc46VLvy7/B07fC+QQ4recVnUesq6tET810Fc+F1My5Oxo89BL7ik397X7Bfs8LR
+EMu9UYc5jJ65ytalthtJDjDP7nEUZ+M9h77M6vsJO59IBEK81lmYtINIrj8yUVk
AjI4Sa77EOfHfAk6R5ORTgEJG9kcKQ1EKesSEW71f/CcDnLB+oQdu7g=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:23 2024 by rpki-client on console-fra.rpki-client.org