Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/6vCX5Qo9qyAeEEQyiX4jOizTe2o.roa
File: 6vCX5Qo9qyAeEEQyiX4jOizTe2o.roa (raw, json)
Hash identifier: zw3dKlC9+cRGR418ULytYHbZunL2vzbfdYFI5fHyBw4=
Subject key identifier: EA:F0:97:E5:0A:3D:AB:20:1E:10:44:32:89:7E:23:3A:2C:D3:7B:6A
Certificate issuer: /CN=f05c6af3d022620f72c53b770e82e5c73ae5506d
Certificate serial: 018AFF0E4E9BDA631E49C06E6D14D7A38FC3
Authority key identifier: F0:5C:6A:F3:D0:22:62:0F:72:C5:3B:77:0E:82:E5:C7:3A:E5:50:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Fxq89AiYg9yxTt3DoLlxzrlUG0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/6vCX5Qo9qyAeEEQyiX4jOizTe2o.roa
Signing time: Thu 05 Oct 2023 08:57:22 +0000
ROA not before: Thu 05 Oct 2023 08:57:22 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207355
IP address blocks: 193.187.160.0/22 maxlen: 22
85.202.16.0/20 maxlen: 20
91.196.172.0/22 maxlen: 22
193.239.48.0/22 maxlen: 22
66.97.192.0/19 maxlen: 19
193.239.168.0/23 maxlen: 23
2a06:f240::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ff:0e:4e:9b:da:63:1e:49:c0:6e:6d:14:d7:a3:8f:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f05c6af3d022620f72c53b770e82e5c73ae5506d
Validity
Not Before: Oct 5 08:57:22 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=eaf097e50a3dab201e104432897e233a2cd37b6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:15:41:c7:b5:46:60:ae:3e:c2:03:55:dc:95:
35:fe:8b:8a:99:05:55:f6:e9:69:74:88:71:e0:e5:
32:5d:60:23:74:04:fe:a8:31:16:75:c8:63:8c:9d:
2a:c8:cd:cd:e3:b4:85:bc:c5:20:07:0e:cc:37:59:
2b:09:0a:78:69:3e:52:90:1f:f5:dd:68:d7:d3:c7:
35:ef:2c:17:fd:d8:f7:1b:70:d0:fe:1e:c3:f2:26:
8f:b8:04:d2:18:ef:9b:0a:cf:8d:d3:d0:43:59:d3:
c2:42:88:ed:81:e4:79:34:1e:54:a3:be:c4:cc:e9:
73:da:5f:e8:31:df:98:0c:4b:db:59:52:5a:8c:58:
73:d8:d7:c3:48:d3:cc:f7:d4:1d:53:5c:6a:d2:35:
fc:84:63:b0:32:e3:57:5b:3e:76:7f:6e:5b:91:04:
fe:89:0c:da:5e:a5:52:f9:ed:1f:2e:a5:f6:a1:da:
f4:2c:69:26:f9:f7:a2:a2:66:31:63:a6:8a:99:76:
10:98:0f:0b:03:40:c0:ef:43:04:c9:58:eb:d9:2c:
d4:09:79:c7:74:b6:2e:7e:32:19:b3:64:0d:bd:ca:
50:0b:b4:05:d3:36:88:9f:fb:e9:1a:b5:ea:6a:8b:
44:46:c7:22:93:d3:84:73:0d:66:30:c6:c6:76:64:
17:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:F0:97:E5:0A:3D:AB:20:1E:10:44:32:89:7E:23:3A:2C:D3:7B:6A
X509v3 Authority Key Identifier:
keyid:F0:5C:6A:F3:D0:22:62:0F:72:C5:3B:77:0E:82:E5:C7:3A:E5:50:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Fxq89AiYg9yxTt3DoLlxzrlUG0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/6vCX5Qo9qyAeEEQyiX4jOizTe2o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/f7b7c2-5d8d-4e88-8454-0a532156b2a6/1/8Fxq89AiYg9yxTt3DoLlxzrlUG0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
66.97.192.0/19
85.202.16.0/20
91.196.172.0/22
193.187.160.0/22
193.239.48.0/22
193.239.168.0/23
IPv6:
2a06:f240::/29
Signature Algorithm: sha256WithRSAEncryption
61:40:68:de:10:d3:20:0e:d6:07:f8:70:0c:b8:fb:aa:f4:d1:
ac:9c:68:30:6f:33:d6:0a:40:f6:f7:b1:af:2c:f1:d2:7f:42:
0c:ff:55:3e:6e:08:d6:11:89:85:d4:5d:20:d9:f6:da:ad:27:
45:d3:ff:3f:b6:dc:1a:e1:f8:26:9a:6b:c3:fb:d4:3f:59:6e:
c5:10:df:74:74:be:fa:63:77:91:ec:db:b8:23:bd:45:10:03:
4f:74:00:a6:93:58:a5:c2:cf:f8:96:a1:f3:f2:c4:f8:c1:d9:
fc:ff:b7:98:4d:c9:41:87:46:11:50:99:61:96:35:ab:f9:02:
70:92:4f:36:ed:d0:6c:eb:c5:e5:33:65:a1:71:42:72:86:4a:
1d:10:5c:e4:40:ef:7e:bc:39:52:30:f5:38:b2:18:3d:2a:61:
a0:9f:c1:79:d4:85:49:e9:15:cc:cc:3b:91:5b:df:22:11:b7:
0f:fa:fa:f6:76:de:58:67:67:8b:a3:58:aa:6f:9d:58:78:ef:
1b:d6:28:6d:27:ca:d0:39:61:25:5a:d0:7f:2a:47:f2:72:18:
68:01:5a:b4:72:45:f6:e5:53:76:c2:b4:76:32:ff:ce:14:f8:
0c:5c:f7:79:18:1a:c4:f7:91:82:0a:3b:16:2d:d8:69:07:a7:
69:d9:45:51
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYr/Dk6b2mMeScBubRTXo4/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNWM2YWYzZDAyMjYyMGY3MmM1M2I3NzBlODJlNWM3M2Fl
NTUwNmQwHhcNMjMxMDA1MDg1NzIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWYwOTdlNTBhM2RhYjIwMWUxMDQ0MzI4OTdlMjMzYTJjZDM3YjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRVBx7VGYK4+wgNV3JU1/ouKmQVV
9ulpdIhx4OUyXWAjdAT+qDEWdchjjJ0qyM3N47SFvMUgBw7MN1krCQp4aT5SkB/1
3WjX08c17ywX/dj3G3DQ/h7D8iaPuATSGO+bCs+N09BDWdPCQojtgeR5NB5Uo77E
zOlz2l/oMd+YDEvbWVJajFhz2NfDSNPM99QdU1xq0jX8hGOwMuNXWz52f25bkQT+
iQzaXqVS+e0fLqX2odr0LGkm+feiomYxY6aKmXYQmA8LA0DA70MEyVjr2SzUCXnH
dLYufjIZs2QNvcpQC7QF0zaIn/vpGrXqaotERscik9OEcw1mMMbGdmQXGwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFOrwl+UKPasgHhBEMol+Izos03tqMB8GA1UdIwQY
MBaAFPBcavPQImIPcsU7dw6C5cc65VBtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZ4cTg5QWlZZzl5eFR0M0RvTGx4enJsVUcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9mN2I3YzItNWQ4ZC00ZTg4LTg0NTQt
MGE1MzIxNTZiMmE2LzEvNnZDWDVRbzlxeUFlRUVReWlYNGpPaXpUZTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9mN2I3YzItNWQ4ZC00ZTg4LTg0NTQtMGE1MzIxNTZiMmE2
LzEvOEZ4cTg5QWlZZzl5eFR0M0RvTGx4enJsVUcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFQmHAAwQE
VcoQAwQCW8SsAwQCwbugAwQCwe8wAwQBwe+oMA0EAgACMAcDBQMqBvJAMA0GCSqG
SIb3DQEBCwUAA4IBAQBhQGjeENMgDtYH+HAMuPuq9NGsnGgwbzPWCkD297GvLPHS
f0IM/1U+bgjWEYmF1F0g2fbarSdF0/8/ttwa4fgmmmvD+9Q/WW7FEN90dL76Y3eR
7Nu4I71FEANPdACmk1ilws/4lqHz8sT4wdn8/7eYTclBh0YRUJlhljWr+QJwkk82
7dBs68XlM2WhcUJyhkodEFzkQO9+vDlSMPU4shg9KmGgn8F51IVJ6RXMzDuRW98i
EbcP+vr2dt5YZ2eLo1iqb51YeO8b1ihtJ8rQOWElWtB/KkfychhoAVq0ckX25VN2
wrR2Mv/OFPgMXPd5GBrE95GCCjsWLdhpB6dp2UVR
-----END CERTIFICATE-----
Generated at Wed Nov 22 12:14:10 2023 by rpki-client on console-fra.rpki-client.org