Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/MI6W4Fq17SH5WVBrw9ZLASkZ898.roa
File: MI6W4Fq17SH5WVBrw9ZLASkZ898.roa (raw, json)
Hash identifier: c/FZQH6aTAA8fBP7EycvQdx8vl7TpI/7L+84MMZO3Uo=
Subject key identifier: 30:8E:96:E0:5A:B5:ED:21:F9:59:50:6B:C3:D6:4B:01:29:19:F3:DF
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018A4BBD94E91E87F8C7D3CBAE33F86798BB
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/MI6W4Fq17SH5WVBrw9ZLASkZ898.roa
Signing time: Thu 31 Aug 2023 13:17:10 +0000
ROA not before: Thu 31 Aug 2023 13:17:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 195.242.240.0/24 maxlen: 24
89.46.8.0/24 maxlen: 24
93.114.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:4b:bd:94:e9:1e:87:f8:c7:d3:cb:ae:33:f8:67:98:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Aug 31 13:17:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=308e96e05ab5ed21f959506bc3d64b012919f3df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:5d:45:e4:26:e9:a1:ae:8a:ae:7f:1f:9c:09:
70:63:ec:90:b9:23:c9:18:5e:e0:13:f0:e6:5b:94:
da:59:93:8a:c4:4d:a7:07:b0:aa:1c:e7:fc:7b:4a:
76:59:85:d2:df:21:84:45:f7:44:ce:97:20:8a:ef:
e6:08:67:54:5c:a0:1d:f2:86:c5:38:10:1f:bf:c3:
62:84:8d:18:1e:1c:00:42:7c:79:89:0e:25:4d:68:
f5:e2:74:b7:2e:7f:14:e8:9e:4f:6a:d8:27:fc:7f:
ab:86:86:62:71:45:66:69:ee:b5:3f:05:2c:53:34:
3e:ff:65:08:65:4c:f6:0e:cd:e2:a3:1f:29:17:fb:
7d:4e:a5:06:74:33:ef:77:30:c0:87:07:93:e8:e7:
4f:9c:ed:22:99:dd:25:bd:1b:b6:d6:dc:e3:e6:d6:
5b:1d:4c:fa:df:3a:f1:59:8f:8a:4b:5d:12:5e:05:
e7:4a:b6:59:92:58:b8:2d:92:60:54:47:d4:38:e1:
9a:a4:e8:e7:0e:06:b6:88:20:ed:4e:1c:07:c6:99:
a0:63:a2:54:28:41:a2:1b:76:ea:7c:88:f1:2f:20:
d6:b4:2a:0a:64:b4:17:dc:e4:ce:41:13:d3:a1:3a:
de:dd:a7:15:9c:cc:65:f1:46:85:54:31:95:56:5f:
58:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:8E:96:E0:5A:B5:ED:21:F9:59:50:6B:C3:D6:4B:01:29:19:F3:DF
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/MI6W4Fq17SH5WVBrw9ZLASkZ898.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.8.0/24
93.114.60.0/24
195.242.240.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:50:b5:0b:cb:ce:0e:7c:97:b3:5c:bf:7a:ef:9d:e8:23:11:
35:18:d6:7a:e2:a9:6b:d2:92:47:64:46:00:66:44:04:89:86:
b9:f6:7d:52:6d:7a:b9:ea:92:5d:5a:b3:21:9f:09:3e:fa:57:
30:e3:6f:e0:b2:32:fc:f6:33:dd:b3:d1:f8:78:af:1d:f8:80:
dc:52:f6:ee:07:5b:70:ff:5f:4d:52:3f:f2:a7:3f:c2:ae:0d:
a6:40:84:f8:31:ea:ef:5f:97:7d:11:b5:d1:7d:42:e6:71:3e:
9b:9c:9b:8f:bc:2b:45:4c:a4:a7:15:9a:11:e6:53:ba:1a:60:
49:ea:b1:82:10:da:49:5a:69:4d:8a:bf:53:93:01:6d:30:82:
66:9b:35:7d:61:3e:c9:a8:bf:39:e7:cf:cd:cc:49:1f:8e:34:
a7:db:31:5e:fa:60:a5:0e:78:6e:35:51:85:ae:8a:5c:c8:ca:
de:37:ec:c0:df:2b:6b:4f:25:c1:95:1e:77:e4:80:4e:38:6b:
0a:f6:93:3e:65:65:9a:70:3a:a2:a0:05:15:58:22:e1:67:a6:
be:4b:01:81:f8:78:34:61:2a:15:b0:17:d2:00:ca:ba:0d:08:
61:84:72:ed:96:5d:fd:a7:ac:66:02:e8:0a:e4:a4:5f:7f:52:
76:4c:9e:3d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYpLvZTpHof4x9PLrjP4Z5i7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwODMxMTMxNzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDhlOTZlMDVhYjVlZDIxZjk1OTUwNmJjM2Q2NGIwMTI5MTlmM2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul1F5Cbpoa6Krn8fnAlwY+yQuSPJ
GF7gE/DmW5TaWZOKxE2nB7CqHOf8e0p2WYXS3yGERfdEzpcgiu/mCGdUXKAd8obF
OBAfv8NihI0YHhwAQnx5iQ4lTWj14nS3Ln8U6J5Patgn/H+rhoZicUVmae61PwUs
UzQ+/2UIZUz2Ds3iox8pF/t9TqUGdDPvdzDAhweT6OdPnO0imd0lvRu21tzj5tZb
HUz63zrxWY+KS10SXgXnSrZZkli4LZJgVEfUOOGapOjnDga2iCDtThwHxpmgY6JU
KEGiG3bqfIjxLyDWtCoKZLQX3OTOQRPToTre3acVnMxl8UaFVDGVVl9YlwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDCOluBate0h+VlQa8PWSwEpGfPfMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvTUk2VzRGcTE3U0g1V1ZCcnc5WkxBU2taODk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWS4IAwQA
XXI8AwQAw/LwMA0GCSqGSIb3DQEBCwUAA4IBAQCLULULy84OfJezXL96753oIxE1
GNZ64qlr0pJHZEYAZkQEiYa59n1SbXq56pJdWrMhnwk++lcw42/gsjL89jPds9H4
eK8d+IDcUvbuB1tw/19NUj/ypz/Crg2mQIT4MervX5d9EbXRfULmcT6bnJuPvCtF
TKSnFZoR5lO6GmBJ6rGCENpJWmlNir9TkwFtMIJmmzV9YT7JqL8558/NzEkfjjSn
2zFe+mClDnhuNVGFropcyMreN+zA3ytrTyXBlR535IBOOGsK9pM+ZWWacDqioAUV
WCLhZ6a+SwGB+Hg0YSoVsBfSAMq6DQhhhHLtll39p6xmAugK5KRff1J2TJ49
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:21:27 2025 by rpki-client