Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/6X154pvJAZjTvcOF2RR4dNcFodA.roa
File: 6X154pvJAZjTvcOF2RR4dNcFodA.roa (raw, json)
Hash identifier: os5olW7g1d7Ho9gzxnx0QEI/vLwS+tt0UmA4r5NnZAE=
Subject key identifier: E9:7D:79:E2:9B:C9:01:98:D3:BD:C3:85:D9:14:78:74:D7:05:A1:D0
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018C1C0558D84250EF61D834653F201C21BD
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/6X154pvJAZjTvcOF2RR4dNcFodA.roa
Signing time: Wed 29 Nov 2023 16:59:21 +0000
ROA not before: Wed 29 Nov 2023 16:59:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.81.181.0/24 maxlen: 24
185.81.180.0/23 maxlen: 23
93.114.61.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1c:05:58:d8:42:50:ef:61:d8:34:65:3f:20:1c:21:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Nov 29 16:59:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e97d79e29bc90198d3bdc385d9147874d705a1d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:21:8e:77:d0:ba:b3:c0:08:33:14:1c:5d:6d:
d6:2d:bb:42:5f:f5:b4:b2:82:26:a1:c5:52:d4:d8:
64:e6:aa:d4:c2:8c:1d:19:be:19:bb:9e:b6:5f:ea:
aa:cc:6c:11:b5:3c:f4:80:7b:8e:fd:af:ee:44:e8:
61:55:60:06:b0:ee:3b:66:31:06:6c:e4:1a:26:cb:
4c:00:d5:7f:a8:df:7e:ad:1a:50:5e:98:79:bb:af:
87:76:a6:3c:7e:0d:d3:79:5b:fd:eb:69:fe:28:fa:
a3:a5:f6:dd:bc:95:7a:fe:33:69:06:fa:f7:a5:05:
6d:5d:24:87:11:3f:fa:47:4e:08:f7:1a:63:21:37:
46:f2:74:d1:04:50:3e:59:62:dc:df:b7:27:ac:c8:
06:3d:fe:14:b9:e4:b4:0b:7d:87:4c:45:f0:ae:f4:
c1:ad:12:ef:a3:7f:65:c3:85:a7:f6:89:9e:74:48:
5b:d6:fd:e8:0b:5b:98:9a:75:72:44:22:b9:99:f5:
4c:b8:eb:6a:86:d9:f5:a6:fa:8b:d4:b2:ec:d5:b7:
62:cc:52:21:7f:fd:2d:a5:ae:b4:0b:74:0f:17:be:
61:e9:50:cb:7b:09:1f:16:ba:b0:fb:22:db:09:59:
d6:0a:3e:2c:12:72:1f:5d:88:49:26:8a:ce:3a:ed:
45:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:7D:79:E2:9B:C9:01:98:D3:BD:C3:85:D9:14:78:74:D7:05:A1:D0
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/6X154pvJAZjTvcOF2RR4dNcFodA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.114.61.0/24
185.81.180.0/23
Signature Algorithm: sha256WithRSAEncryption
5f:b8:06:0c:85:58:df:25:bc:8b:ea:49:33:a6:cc:c9:5e:66:
67:2b:d1:f3:f3:63:5c:13:1d:73:4b:0c:ea:4a:4a:7e:b5:a8:
66:06:0e:78:f7:85:f5:46:c4:6b:06:f7:12:96:00:c5:21:fd:
04:7a:5e:7a:0c:c9:18:66:dc:ab:c6:56:cb:6e:e8:13:c1:88:
d5:84:91:67:e3:1c:cc:71:9a:29:56:7b:53:3a:fa:7f:8f:ff:
f2:2f:3d:7f:5c:b2:7f:86:fc:ee:52:cd:2b:20:e0:af:39:91:
2a:9d:a9:fd:09:61:55:a4:d2:b0:cc:36:ba:8a:65:1d:01:c7:
5e:3e:28:e8:d0:dd:62:20:ca:b7:ef:e0:b6:6f:6f:32:70:74:
32:a4:b0:43:8c:34:ba:c3:2a:60:10:cf:44:49:94:0f:26:60:
91:35:13:e6:e9:4b:69:db:da:df:31:4b:c2:6b:3f:2f:f8:df:
cb:da:e3:87:a5:b0:fe:34:df:c6:a0:b8:f0:9c:a5:47:5d:2b:
dc:1f:d8:6c:99:c4:0d:c0:7d:6d:69:52:85:78:a9:a8:27:da:
cb:41:59:98:b2:45:4b:79:92:7e:a9:ac:df:9a:79:7f:81:45:
4b:d4:c1:0a:48:46:c7:66:00:d7:14:2b:d8:3e:4c:59:b6:11:
36:d0:95:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYwcBVjYQlDvYdg0ZT8gHCG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMxMTI5MTY1OTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTdkNzllMjliYzkwMTk4ZDNiZGMzODVkOTE0Nzg3NGQ3MDVhMWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyGOd9C6s8AIMxQcXW3WLbtCX/W0
soImocVS1Nhk5qrUwowdGb4Zu562X+qqzGwRtTz0gHuO/a/uROhhVWAGsO47ZjEG
bOQaJstMANV/qN9+rRpQXph5u6+HdqY8fg3TeVv962n+KPqjpfbdvJV6/jNpBvr3
pQVtXSSHET/6R04I9xpjITdG8nTRBFA+WWLc37cnrMgGPf4UueS0C32HTEXwrvTB
rRLvo39lw4Wn9omedEhb1v3oC1uYmnVyRCK5mfVMuOtqhtn1pvqL1LLs1bdizFIh
f/0tpa60C3QPF75h6VDLewkfFrqw+yLbCVnWCj4sEnIfXYhJJorOOu1FAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOl9eeKbyQGY073DhdkUeHTXBaHQMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvNlgxNTRwdkpBWmpUdmNPRjJSUjRkTmNGb2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXI9AwQB
uVG0MA0GCSqGSIb3DQEBCwUAA4IBAQBfuAYMhVjfJbyL6kkzpszJXmZnK9Hz82Nc
Ex1zSwzqSkp+tahmBg5494X1RsRrBvcSlgDFIf0Eel56DMkYZtyrxlbLbugTwYjV
hJFn4xzMcZopVntTOvp/j//yLz1/XLJ/hvzuUs0rIOCvOZEqnan9CWFVpNKwzDa6
imUdAcdePijo0N1iIMq37+C2b28ycHQypLBDjDS6wypgEM9ESZQPJmCRNRPm6Utp
29rfMUvCaz8v+N/L2uOHpbD+NN/GoLjwnKVHXSvcH9hsmcQNwH1taVKFeKmoJ9rL
QVmYskVLeZJ+qazfmnl/gUVL1MEKSEbHZgDXFCvYPkxZthE20JUd
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:32:58 2025 by rpki-client