Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/aUSq-9K3ujFNcRXkWnCi3W4gXW8.roa
File: aUSq-9K3ujFNcRXkWnCi3W4gXW8.roa (raw, json)
Hash identifier: BNzJhKbmfLeOAF3MagJXg5zn41TpVnVJhq41HBQaNO4=
Subject key identifier: 69:44:AA:FB:D2:B7:BA:31:4D:71:15:E4:5A:70:A2:DD:6E:20:5D:6F
Certificate issuer: /CN=04d9bc828a566b06af4d765dfb5da5bc1d76c725
Certificate serial: 018FEE9B04685F74C9DE7321A27273713BD3
Authority key identifier: 04:D9:BC:82:8A:56:6B:06:AF:4D:76:5D:FB:5D:A5:BC:1D:76:C7:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BNm8gopWawavTXZd-12lvB12xyU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/aUSq-9K3ujFNcRXkWnCi3W4gXW8.roa
Signing time: Thu 06 Jun 2024 17:31:27 +0000
ROA not before: Thu 06 Jun 2024 17:31:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20712
IP address blocks: 193.219.118.0/24 maxlen: 24
2001:67c:788::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:ee:9b:04:68:5f:74:c9:de:73:21:a2:72:73:71:3b:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=04d9bc828a566b06af4d765dfb5da5bc1d76c725
Validity
Not Before: Jun 6 17:31:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6944aafbd2b7ba314d7115e45a70a2dd6e205d6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:a4:8f:6b:ed:dd:be:f4:6b:37:81:6d:0e:75:
d2:cc:ef:cd:9a:df:14:bd:f9:00:84:fd:cc:d2:76:
97:55:4f:f4:f1:ce:63:fb:b9:98:d1:8a:f5:9e:b8:
4b:92:94:1b:40:5c:e1:ee:61:fb:5c:91:88:89:56:
5b:f7:e4:e7:6b:27:c7:bc:38:46:18:a2:81:61:32:
97:64:49:12:ad:ff:7a:31:47:bd:64:60:76:58:f1:
6e:11:dc:e2:62:40:9c:0a:2b:5c:b1:b3:ed:fe:4d:
f1:c2:07:51:0d:04:41:66:30:92:89:dd:6d:c5:e5:
af:b5:b9:8e:a4:a0:56:39:2f:39:37:70:2c:26:98:
e7:2c:e5:4d:29:4a:08:11:2e:fe:da:e6:e3:9c:6f:
24:ca:2a:58:79:dd:1e:10:61:f6:1e:65:e2:38:5e:
44:3c:59:ce:e0:3b:b2:74:a3:0e:a7:e9:d3:67:32:
89:2c:57:41:f7:74:6c:3b:33:0a:c5:6c:d7:75:c9:
84:25:3f:2d:e5:1a:06:d7:90:52:03:34:38:8f:ab:
39:eb:af:62:5b:a5:fa:b1:7c:a2:c4:66:9f:fc:42:
23:7e:c1:97:5b:33:0b:3a:6c:11:36:21:e9:2e:9a:
6c:15:84:e2:14:a8:ba:b3:23:e7:2a:b1:e6:4a:df:
54:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:44:AA:FB:D2:B7:BA:31:4D:71:15:E4:5A:70:A2:DD:6E:20:5D:6F
X509v3 Authority Key Identifier:
keyid:04:D9:BC:82:8A:56:6B:06:AF:4D:76:5D:FB:5D:A5:BC:1D:76:C7:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BNm8gopWawavTXZd-12lvB12xyU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/aUSq-9K3ujFNcRXkWnCi3W4gXW8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/72435b-7e7e-447b-ac24-982c429d4156/1/BNm8gopWawavTXZd-12lvB12xyU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.219.118.0/24
IPv6:
2001:67c:788::/48
Signature Algorithm: sha256WithRSAEncryption
81:96:bc:75:44:ea:38:69:09:4d:ec:be:79:f9:94:ec:21:c2:
ac:ee:f2:00:4c:1d:be:f8:48:8f:4d:bf:9e:cd:b7:55:0a:e8:
86:46:a8:24:da:22:51:69:49:a3:b9:bc:ab:f4:84:4a:2d:49:
07:62:00:98:b9:07:be:d8:54:76:e4:3f:ba:7b:0e:cd:04:02:
48:7e:43:69:17:55:3e:26:d5:f0:eb:b0:95:f7:ff:c7:ca:d3:
e6:35:fe:72:54:04:93:9a:31:a9:7a:19:8b:3f:58:a6:c3:88:
45:fd:58:54:78:e1:1c:0b:bb:1c:22:60:18:d9:ba:33:78:59:
46:9e:a7:b2:bd:5c:a0:cf:4f:78:ce:b3:d7:2e:2f:95:41:ac:
f3:2b:2c:73:ac:6f:1d:4e:76:a9:44:77:cc:1c:90:41:d5:72:
19:be:c9:d5:27:79:6b:1e:89:72:c0:e8:79:53:7f:d9:d1:6b:
69:9b:20:53:40:8e:8b:25:9a:9a:2c:ea:e0:48:1e:f3:0c:1d:
b1:62:ff:05:e2:3a:22:c7:13:4e:f4:98:35:fd:ae:31:8c:0a:
a8:d6:63:45:fe:61:da:50:8a:9d:86:fd:14:87:87:9a:6b:6d:
3f:22:fb:e3:2b:2b:95:18:f3:46:09:e4:83:f5:09:8c:c0:1a:
64:00:2c:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY/umwRoX3TJ3nMhonJzcTvTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZDliYzgyOGE1NjZiMDZhZjRkNzY1ZGZiNWRhNWJjMWQ3
NmM3MjUwHhcNMjQwNjA2MTczMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTQ0YWFmYmQyYjdiYTMxNGQ3MTE1ZTQ1YTcwYTJkZDZlMjA1ZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaSPa+3dvvRrN4FtDnXSzO/Nmt8U
vfkAhP3M0naXVU/08c5j+7mY0Yr1nrhLkpQbQFzh7mH7XJGIiVZb9+TnayfHvDhG
GKKBYTKXZEkSrf96MUe9ZGB2WPFuEdziYkCcCitcsbPt/k3xwgdRDQRBZjCSid1t
xeWvtbmOpKBWOS85N3AsJpjnLOVNKUoIES7+2ubjnG8kyipYed0eEGH2HmXiOF5E
PFnO4DuydKMOp+nTZzKJLFdB93RsOzMKxWzXdcmEJT8t5RoG15BSAzQ4j6s5669i
W6X6sXyixGaf/EIjfsGXWzMLOmwRNiHpLppsFYTiFKi6syPnKrHmSt9UbwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGlEqvvSt7oxTXEV5Fpwot1uIF1vMB8GA1UdIwQY
MBaAFATZvIKKVmsGr012XftdpbwddsclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk5tOGdvcFdhd2F2VFhaZC0xMmx2QjEyeHlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi83MjQzNWItN2U3ZS00NDdiLWFjMjQt
OTgyYzQyOWQ0MTU2LzEvYVVTcS05SzN1akZOY1JYa1duQ2kzVzRnWFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi83MjQzNWItN2U3ZS00NDdiLWFjMjQtOTgyYzQyOWQ0MTU2
LzEvQk5tOGdvcFdhd2F2VFhaZC0xMmx2QjEyeHlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwdt2MA8E
AgACMAkDBwAgAQZ8B4gwDQYJKoZIhvcNAQELBQADggEBAIGWvHVE6jhpCU3svnn5
lOwhwqzu8gBMHb74SI9Nv57Nt1UK6IZGqCTaIlFpSaO5vKv0hEotSQdiAJi5B77Y
VHbkP7p7Ds0EAkh+Q2kXVT4m1fDrsJX3/8fK0+Y1/nJUBJOaMal6GYs/WKbDiEX9
WFR44RwLuxwiYBjZujN4WUaep7K9XKDPT3jOs9cuL5VBrPMrLHOsbx1OdqlEd8wc
kEHVchm+ydUneWseiXLA6HlTf9nRa2mbIFNAjoslmpos6uBIHvMMHbFi/wXiOiLH
E070mDX9rjGMCqjWY0X+YdpQip2G/RSHh5prbT8i++MrK5UY80YJ5IP1CYzAGmQA
LBs=
-----END CERTIFICATE-----
Generated at Wed Jun 26 14:22:48 2024 by rpki-client on console-ams.rpki-client.org