Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6BXfPdOHPWfQGFMPBGWJbZL-URY.roa
File: 6BXfPdOHPWfQGFMPBGWJbZL-URY.roa (raw, json)
Hash identifier: 28/+4oxlDYCmNR2X81I2accenSeu7t7WX2tZlJPEiFY=
Subject key identifier: E8:15:DF:3D:D3:87:3D:67:D0:18:53:0F:04:65:89:6D:92:FE:51:16
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189B0C80D88BB830079FD790A8D9C29D2CF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6BXfPdOHPWfQGFMPBGWJbZL-URY.roa
Signing time: Tue 01 Aug 2023 11:07:27 +0000
ROA not before: Tue 01 Aug 2023 11:07:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 397423
IP address blocks: 94.103.127.0/24 maxlen: 24
109.206.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:b0:c8:0d:88:bb:83:00:79:fd:79:0a:8d:9c:29:d2:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 1 11:07:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e815df3dd3873d67d018530f0465896d92fe5116
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:f0:96:49:42:6d:1e:1d:77:20:8c:30:38:ae:
1a:bc:03:2d:91:2a:fb:c5:33:c0:c0:9b:32:6f:11:
10:85:80:fc:0d:1a:97:36:2a:ee:f5:da:bf:08:5f:
52:71:e0:fc:63:24:c8:ea:86:54:d0:94:92:c9:d2:
1c:ec:41:36:e8:8f:42:b4:5c:52:e2:2e:c7:57:39:
ae:53:ae:e9:55:3f:48:fd:d6:70:18:18:c3:58:43:
31:c0:20:97:57:6d:4d:2d:7c:dd:3c:5c:95:27:e2:
0b:92:aa:65:db:74:ff:44:b7:7c:44:ec:7d:66:e2:
1e:68:69:fe:78:ce:fe:e6:66:d4:ea:cb:d3:cd:c0:
e7:be:bc:5a:67:8e:91:f0:25:2e:3f:38:b3:81:00:
df:22:cf:3b:e8:aa:3a:3b:4c:8e:6b:d6:1e:8e:b1:
dc:89:a4:63:49:78:77:81:0b:c4:61:76:75:90:d2:
16:14:2a:7b:4f:3a:2e:4a:fa:e1:a7:d8:5f:85:2e:
94:0d:0d:37:27:15:f3:af:81:84:0b:60:87:b5:25:
bc:37:59:b8:16:4b:a1:10:4a:cb:ff:ff:bd:e7:32:
e9:1d:d5:4a:16:9a:e3:35:1c:f3:3c:4b:3d:ef:5e:
2c:98:76:55:47:d0:3a:ba:95:c5:84:37:1e:88:97:
40:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:15:DF:3D:D3:87:3D:67:D0:18:53:0F:04:65:89:6D:92:FE:51:16
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6BXfPdOHPWfQGFMPBGWJbZL-URY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.103.127.0/24
109.206.238.0/24
Signature Algorithm: sha256WithRSAEncryption
29:6f:4b:1b:ae:79:a3:e2:97:4e:5a:be:77:1c:63:ea:fa:9b:
b9:02:c0:40:9d:0b:4f:55:99:8c:c9:ae:87:c2:3d:29:11:2d:
e6:f7:34:52:15:f4:74:d0:eb:08:5e:80:5e:56:7d:7e:52:91:
a3:c4:07:20:c3:3d:90:9b:5d:b9:12:ce:85:30:cd:2a:26:a1:
50:53:44:8a:ac:cd:79:ac:3e:c9:99:fa:d6:d2:47:47:72:91:
b4:a8:92:4b:26:8b:cb:93:0b:15:17:30:e7:a0:a2:19:db:ae:
d6:2f:19:43:03:49:b0:ca:67:fa:0b:a0:12:cb:ed:9c:10:4d:
48:10:89:a0:f2:45:01:c7:4c:d9:9d:f1:80:39:af:d5:ce:c6:
81:c0:55:c3:36:a9:d0:bd:82:ac:8c:83:5d:a1:6c:50:a1:79:
7f:ee:67:36:e5:b0:68:26:82:e4:70:59:a3:68:81:dd:e0:d8:
30:f5:85:b6:79:65:8f:eb:38:a9:b5:21:a7:aa:e4:a8:0b:e5:
e9:6f:b4:d1:f2:b2:c1:52:f6:b7:42:8d:9c:72:70:03:7d:66:
32:87:5a:4c:d0:f8:2f:13:f4:60:1b:41:b2:58:63:b1:9b:d9:
24:82:38:dc:54:dd:76:e8:d4:8a:02:99:d2:75:f4:4c:6c:c2:
33:3c:84:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYmwyA2Iu4MAef15Co2cKdLPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODAxMTEwNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODE1ZGYzZGQzODczZDY3ZDAxODUzMGYwNDY1ODk2ZDkyZmU1MTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/CWSUJtHh13IIwwOK4avAMtkSr7
xTPAwJsybxEQhYD8DRqXNiru9dq/CF9SceD8YyTI6oZU0JSSydIc7EE26I9CtFxS
4i7HVzmuU67pVT9I/dZwGBjDWEMxwCCXV21NLXzdPFyVJ+ILkqpl23T/RLd8ROx9
ZuIeaGn+eM7+5mbU6svTzcDnvrxaZ46R8CUuPzizgQDfIs876Ko6O0yOa9YejrHc
iaRjSXh3gQvEYXZ1kNIWFCp7TzouSvrhp9hfhS6UDQ03JxXzr4GEC2CHtSW8N1m4
FkuhEErL//+95zLpHdVKFprjNRzzPEs9714smHZVR9A6upXFhDceiJdA2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOgV3z3Thz1n0BhTDwRliW2S/lEWMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNkJYZlBkT0hQV2ZRR0ZNUEJHV0piWkwtVVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXmd/AwQA
bc7uMA0GCSqGSIb3DQEBCwUAA4IBAQApb0sbrnmj4pdOWr53HGPq+pu5AsBAnQtP
VZmMya6Hwj0pES3m9zRSFfR00OsIXoBeVn1+UpGjxAcgwz2Qm125Es6FMM0qJqFQ
U0SKrM15rD7JmfrW0kdHcpG0qJJLJovLkwsVFzDnoKIZ267WLxlDA0mwymf6C6AS
y+2cEE1IEImg8kUBx0zZnfGAOa/VzsaBwFXDNqnQvYKsjINdoWxQoXl/7mc25bBo
JoLkcFmjaIHd4Ngw9YW2eWWP6ziptSGnquSoC+Xpb7TR8rLBUva3Qo2ccnADfWYy
h1pM0PgvE/RgG0GyWGOxm9kkgjjcVN126NSKApnSdfRMbMIzPIQJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:24 2024 by rpki-client on console-ams.rpki-client.org