Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TI606kpTFzbkxbk46Dp-sNnzRbk.roa
File: TI606kpTFzbkxbk46Dp-sNnzRbk.roa (raw, json)
Hash identifier: BmdsFqQX298S8st17K4EXZjidj3gVs83325S/2stYiM=
Subject key identifier: 4C:8E:B4:EA:4A:53:17:36:E4:C5:B9:38:E8:3A:7E:B0:D9:F3:45:B9
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018C6EE75F4AD1BF36050E5E47E5D3B09C5D
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TI606kpTFzbkxbk46Dp-sNnzRbk.roa
Signing time: Fri 15 Dec 2023 19:15:06 +0000
ROA not before: Fri 15 Dec 2023 19:15:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 397563
IP address blocks: 213.142.136.0/24 maxlen: 24
213.142.137.0/24 maxlen: 24
213.142.144.0/24 maxlen: 32
213.142.145.0/24 maxlen: 32
213.142.142.0/24 maxlen: 32
213.142.152.0/23 maxlen: 24
213.142.128.0/24 maxlen: 24
213.142.129.0/24 maxlen: 24
213.142.131.0/24 maxlen: 24
213.142.130.0/24 maxlen: 24
91.151.92.0/24 maxlen: 24
91.151.95.0/24 maxlen: 24
80.253.252.0/22 maxlen: 24
91.151.80.0/24 maxlen: 24
91.151.82.0/24 maxlen: 24
91.151.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:6e:e7:5f:4a:d1:bf:36:05:0e:5e:47:e5:d3:b0:9c:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: Dec 15 19:15:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4c8eb4ea4a531736e4c5b938e83a7eb0d9f345b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:be:89:85:8c:97:ca:e1:04:62:e2:bd:31:c6:
dc:bb:d7:20:9c:32:37:75:00:67:8b:5f:ce:6c:fd:
be:51:0d:24:c5:ae:81:5e:a6:09:5f:b7:c1:24:0d:
07:1b:01:7c:92:11:74:67:ad:32:eb:e2:b6:74:db:
f3:bb:df:7f:0f:8f:1f:94:f0:c8:5c:0e:7d:0b:d5:
50:f6:b8:b5:e8:96:8d:c8:d9:69:40:e6:d2:81:eb:
34:6d:35:97:f4:03:a3:41:2a:db:98:92:8a:1e:50:
0c:e3:60:6d:15:f3:ff:92:b3:20:ff:b0:bb:5f:a2:
a6:d8:ad:c2:ff:de:93:97:03:17:87:98:ad:d8:6e:
ce:d1:67:a1:bc:c8:3e:3d:a8:9e:68:64:c0:05:81:
c6:05:29:c8:9b:42:34:23:ee:65:53:ce:75:c4:80:
f1:e8:f7:13:44:f8:a2:5e:0f:b8:be:42:2c:5e:be:
ae:6c:06:94:b8:43:d2:ab:39:6e:7b:cf:d8:cd:d0:
d2:af:80:52:e4:c0:ae:6e:4d:1f:ee:3e:67:4e:46:
e1:42:6f:99:88:75:7a:3a:08:02:56:4c:30:26:6b:
25:d1:43:c4:2d:74:fa:65:87:99:bc:2b:23:3c:b1:
57:f3:79:db:c8:dd:63:84:19:d6:25:f7:12:83:16:
a4:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:8E:B4:EA:4A:53:17:36:E4:C5:B9:38:E8:3A:7E:B0:D9:F3:45:B9
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/TI606kpTFzbkxbk46Dp-sNnzRbk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.252.0/22
91.151.80.0/24
91.151.82.0/24
91.151.91.0-91.151.92.255
91.151.95.0/24
213.142.128.0/22
213.142.136.0/23
213.142.142.0/24
213.142.144.0/23
213.142.152.0/23
Signature Algorithm: sha256WithRSAEncryption
24:b2:96:f5:0c:dc:a2:4f:ea:1c:56:ae:e3:86:f3:1c:55:e0:
08:b3:8f:f4:03:2c:53:e7:1f:27:03:a6:3c:ff:f5:69:cc:07:
81:fb:2b:69:a2:1e:7b:7b:fc:b2:0b:30:da:a9:68:90:37:97:
e3:0f:cc:e7:85:72:bd:a7:03:1f:d8:8e:1b:43:85:68:1f:0c:
ed:58:06:e6:53:96:71:0f:80:fe:9b:b9:43:60:fb:f7:0d:f6:
db:c5:77:1a:33:a4:ae:2f:3b:bc:0c:78:de:f1:fe:3f:ee:0d:
94:00:69:1f:e8:97:c0:44:3a:2c:a3:92:21:bc:26:27:0f:f1:
e6:35:6b:63:7e:0f:39:92:4d:e6:46:71:2b:f9:8d:cd:0d:3e:
73:9f:fe:c3:fc:11:b8:26:68:0a:d7:c8:c9:f4:26:4e:ad:d3:
80:55:d1:3e:a6:bf:97:e5:eb:f7:00:b6:eb:c0:92:44:7e:44:
02:2c:56:e1:01:44:50:4a:df:8d:03:91:00:a9:d4:29:b3:81:
8a:91:23:c2:85:aa:3c:1e:a6:22:bf:23:b1:08:e5:3d:7e:6d:
98:d0:ce:c1:b3:de:9f:05:37:06:22:ae:10:4e:33:7b:0f:e7:
a8:fe:c7:f3:f3:06:e2:4e:82:cf:1e:49:5b:58:d1:33:6c:10:
15:0b:19:9c
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYxu519K0b82BQ5eR+XTsJxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjMxMjE1MTkxNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzhlYjRlYTRhNTMxNzM2ZTRjNWI5MzhlODNhN2ViMGQ5ZjM0NWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlr6JhYyXyuEEYuK9Mcbcu9cgnDI3
dQBni1/ObP2+UQ0kxa6BXqYJX7fBJA0HGwF8khF0Z60y6+K2dNvzu99/D48flPDI
XA59C9VQ9ri16JaNyNlpQObSges0bTWX9AOjQSrbmJKKHlAM42BtFfP/krMg/7C7
X6Km2K3C/96TlwMXh5it2G7O0WehvMg+PaieaGTABYHGBSnIm0I0I+5lU851xIDx
6PcTRPiiXg+4vkIsXr6ubAaUuEPSqzlue8/YzdDSr4BS5MCubk0f7j5nTkbhQm+Z
iHV6OggCVkwwJmsl0UPELXT6ZYeZvCsjPLFX83nbyN1jhBnWJfcSgxakNwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFEyOtOpKUxc25MW5OOg6frDZ80W5MB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvVEk2MDZrcFRGemJreGJrNDZEcC1zTm56UmJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCUP38AwQA
W5dQAwQAW5dSMAwDBABbl1sDBABbl1wDBABbl18DBALVjoADBAHVjogDBADVjo4D
BAHVjpADBAHVjpgwDQYJKoZIhvcNAQELBQADggEBACSylvUM3KJP6hxWruOG8xxV
4Aizj/QDLFPnHycDpjz/9WnMB4H7K2miHnt7/LILMNqpaJA3l+MPzOeFcr2nAx/Y
jhtDhWgfDO1YBuZTlnEPgP6buUNg+/cN9tvFdxozpK4vO7wMeN7x/j/uDZQAaR/o
l8BEOiyjkiG8JicP8eY1a2N+DzmSTeZGcSv5jc0NPnOf/sP8EbgmaArXyMn0Jk6t
04BV0T6mv5fl6/cAtuvAkkR+RAIsVuEBRFBK340DkQCp1CmzgYqRI8KFqjwepiK/
I7EI5T1+bZjQzsGz3p8FNwYirhBOM3sP56j+x/PzBuJOgs8eSVtY0TNsEBULGZw=
-----END CERTIFICATE-----
Generated at Sun Jun 15 03:16:49 2025 by rpki-client