Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/k6E-TDrWr-XSX3MvjB1a7O5g224.roa
File: k6E-TDrWr-XSX3MvjB1a7O5g224.roa (raw, json)
Hash identifier: ns8n6VFZbTMgxpwYU2tJU+QxmRjx8Y8wnMKsIjDoItI=
Subject key identifier: 93:A1:3E:4C:3A:D6:AF:E5:D2:5F:73:2F:8C:1D:5A:EC:EE:60:DB:6E
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 0189893B390A02840970C42C12368D10DDDF
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/k6E-TDrWr-XSX3MvjB1a7O5g224.roa
Signing time: Mon 24 Jul 2023 18:48:27 +0000
ROA not before: Mon 24 Jul 2023 18:48:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 13259
IP address blocks: 138.124.232.0/21 maxlen: 21
138.124.228.0/22 maxlen: 22
138.124.240.0/20 maxlen: 20
138.124.176.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:89:3b:39:0a:02:84:09:70:c4:2c:12:36:8d:10:dd:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Jul 24 18:48:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=93a13e4c3ad6afe5d25f732f8c1d5aecee60db6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:ec:b8:4d:ea:28:71:0a:e5:84:57:58:aa:44:
2b:6e:dd:0f:3e:26:46:d5:d6:e3:6b:10:21:20:b9:
b4:28:f3:db:56:38:af:81:9a:26:71:bf:b9:ae:f9:
3e:e2:4f:11:54:cb:ca:77:98:34:c8:d7:c6:5c:53:
00:47:7c:5b:58:60:4d:1f:2b:07:35:26:65:d5:b3:
7e:45:5a:7b:df:17:12:4c:26:76:57:b9:9c:5d:c2:
e1:9b:26:2d:f3:1b:73:42:2e:71:e1:7c:6c:1a:b3:
89:93:fe:a0:72:c8:2a:3d:a3:96:92:2b:e4:3e:af:
0a:c6:50:f0:52:b6:83:26:6c:19:96:01:44:2b:3f:
25:db:30:2a:0c:32:2d:17:b0:8d:fe:e5:7c:cf:07:
89:6c:11:38:ff:da:42:c9:75:cb:95:cf:96:27:8c:
06:6b:75:bc:53:79:8f:38:a8:2a:3f:b4:0f:10:78:
99:c8:91:86:c6:f5:12:62:2f:21:90:84:60:a0:b6:
29:ea:5e:f0:8e:94:6e:6c:27:09:d2:92:f6:b0:69:
33:bf:fb:59:5b:41:7e:40:53:3f:6f:46:94:6d:22:
00:4e:a5:ea:e3:fd:7d:9c:11:1d:76:da:3e:97:f1:
2a:bd:9b:18:ac:34:9e:97:27:f4:5e:f0:2a:db:c4:
73:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:A1:3E:4C:3A:D6:AF:E5:D2:5F:73:2F:8C:1D:5A:EC:EE:60:DB:6E
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/k6E-TDrWr-XSX3MvjB1a7O5g224.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.176.0/24
138.124.228.0-138.124.255.255
Signature Algorithm: sha256WithRSAEncryption
86:5d:da:b0:4b:ca:b2:af:39:6c:ff:e9:c7:bd:9f:70:08:aa:
94:c7:3f:37:71:4f:ee:92:9a:6d:e2:13:99:fb:26:54:4f:ad:
3f:42:e5:9f:15:67:92:2e:46:e5:b6:57:24:63:29:1a:33:94:
17:50:ff:07:51:2d:25:13:81:d7:81:14:75:6f:82:d4:36:fc:
05:3d:4f:1c:c3:5e:05:5d:7f:aa:e4:39:3f:9d:c2:9d:5c:d3:
72:31:17:07:95:e9:0f:2e:19:89:47:1a:67:de:b3:b6:17:82:
67:d4:ae:37:3d:d1:45:20:a5:22:92:c6:86:37:8f:e0:73:88:
56:e1:2c:69:26:fe:b5:ea:83:bd:01:6c:cf:97:9c:a4:cf:4a:
aa:76:a0:50:54:14:8d:a2:a2:36:57:c9:9f:4b:05:28:5d:28:
1b:00:4e:b9:8c:d6:ee:58:19:d0:1f:8a:91:19:72:38:64:4e:
a3:70:ea:a9:47:10:f9:f0:0e:fe:9b:07:05:4a:2a:04:78:8a:
7a:76:5f:5c:a4:e7:a1:bd:43:75:24:61:8f:31:ec:a1:13:ed:
a1:b1:38:68:10:36:c1:a5:08:92:1b:bb:81:17:8a:a3:10:85:
4d:c0:1c:47:a3:61:24:f4:b0:08:47:53:3b:05:74:0a:39:25:
db:35:8e:00
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYmJOzkKAoQJcMQsEjaNEN3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjMwNzI0MTg0ODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2ExM2U0YzNhZDZhZmU1ZDI1ZjczMmY4YzFkNWFlY2VlNjBkYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuy4TeoocQrlhFdYqkQrbt0PPiZG
1dbjaxAhILm0KPPbVjivgZomcb+5rvk+4k8RVMvKd5g0yNfGXFMAR3xbWGBNHysH
NSZl1bN+RVp73xcSTCZ2V7mcXcLhmyYt8xtzQi5x4XxsGrOJk/6gcsgqPaOWkivk
Pq8KxlDwUraDJmwZlgFEKz8l2zAqDDItF7CN/uV8zweJbBE4/9pCyXXLlc+WJ4wG
a3W8U3mPOKgqP7QPEHiZyJGGxvUSYi8hkIRgoLYp6l7wjpRubCcJ0pL2sGkzv/tZ
W0F+QFM/b0aUbSIATqXq4/19nBEddto+l/EqvZsYrDSelyf0XvAq28RzZQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFJOhPkw61q/l0l9zL4wdWuzuYNtuMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvazZFLVREcldyLVhTWDNNdmpCMWE3TzVnMjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwQAinywMAsD
BAKKfOQDAwCKfDANBgkqhkiG9w0BAQsFAAOCAQEAhl3asEvKsq85bP/px72fcAiq
lMc/N3FP7pKabeITmfsmVE+tP0LlnxVnki5G5bZXJGMpGjOUF1D/B1EtJROB14EU
dW+C1Db8BT1PHMNeBV1/quQ5P53CnVzTcjEXB5XpDy4ZiUcaZ96ztheCZ9SuNz3R
RSClIpLGhjeP4HOIVuEsaSb+teqDvQFsz5ecpM9KqnagUFQUjaKiNlfJn0sFKF0o
GwBOuYzW7lgZ0B+KkRlyOGROo3DqqUcQ+fAO/psHBUoqBHiKenZfXKTnob1DdSRh
jzHsoRPtobE4aBA2waUIkhu7gReKoxCFTcAcR6NhJPSwCEdTOwV0Cjkl2zWOAA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:13:40 2024 by rpki-client on console-ams.rpki-client.org