Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/u6PxhpwDGJtuYCJGj3TJ5AxQCek.roa
File: u6PxhpwDGJtuYCJGj3TJ5AxQCek.roa (raw, json)
Hash identifier: u6DVxHrw1sXAAV6dhCR7JJs/nmVFHZTxkxI94LQVHm4=
Subject key identifier: BB:A3:F1:86:9C:03:18:9B:6E:60:22:46:8F:74:C9:E4:0C:50:09:E9
Certificate issuer: /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial: 018F1EC60CE788701CA2750DC7934BB1D457
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/u6PxhpwDGJtuYCJGj3TJ5AxQCek.roa
Signing time: Sat 27 Apr 2024 08:57:26 +0000
ROA not before: Sat 27 Apr 2024 08:57:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 88.151.115.0/24 maxlen: 24
185.128.42.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:1e:c6:0c:e7:88:70:1c:a2:75:0d:c7:93:4b:b1:d4:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Validity
Not Before: Apr 27 08:57:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bba3f1869c03189b6e6022468f74c9e40c5009e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:4d:69:69:c9:c6:56:4e:84:2b:9d:b3:30:37:
23:d4:e7:e3:c3:7d:e3:03:1d:2e:14:cc:d4:7c:d9:
a3:d6:1e:cb:07:b9:94:a3:0e:58:e6:b9:02:46:fd:
b3:d3:86:d3:a7:07:c4:d9:1e:90:01:d7:22:82:b3:
fe:5e:35:68:3d:bb:e6:83:c9:95:59:76:0c:8f:71:
9f:f8:72:25:6f:dc:e9:3e:26:0f:35:b6:1b:7e:87:
b5:bd:60:09:15:05:f4:69:76:71:36:d0:14:5d:11:
ed:53:45:98:82:55:05:ba:d4:7a:aa:5c:cb:63:9c:
90:ae:33:22:38:e0:d7:4d:4a:9d:e7:ee:3e:67:bd:
c4:5e:d8:6b:0c:f5:e7:e5:1a:6c:00:36:f9:6f:b9:
4f:47:98:30:79:d2:af:09:92:0a:84:3d:58:4f:53:
45:d7:77:e0:39:f9:a2:0d:c6:3c:93:37:6b:c8:f6:
75:dd:48:3d:a7:0d:0b:ef:84:aa:7d:e1:9a:98:c9:
ce:15:9b:4d:0e:4d:a5:0e:9b:c4:66:89:43:f7:25:
e4:fb:5f:86:a2:42:11:4e:c3:d6:8d:28:8b:1b:63:
7c:e1:36:e4:44:7e:2d:2a:fa:e6:1d:03:35:2a:bf:
ce:e8:9c:bf:e4:80:ae:9d:6c:f0:62:c2:5f:e8:37:
6c:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:A3:F1:86:9C:03:18:9B:6E:60:22:46:8F:74:C9:E4:0C:50:09:E9
X509v3 Authority Key Identifier:
keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/u6PxhpwDGJtuYCJGj3TJ5AxQCek.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.115.0/24
185.128.42.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:bf:3c:71:71:e5:21:82:70:6c:85:b3:40:49:80:48:f0:5b:
a6:ad:9d:c7:44:d1:c8:ab:21:a0:11:6c:44:de:d0:5c:15:de:
59:27:52:ed:ea:a1:ad:7b:0f:ff:ab:b8:ec:4d:bc:e2:93:6b:
e4:bc:51:46:fc:e7:59:db:95:c6:0b:19:a7:67:67:0f:e4:12:
0b:10:83:e5:45:60:4d:4e:8c:9a:24:b7:5b:3b:87:fe:8a:b0:
7d:24:7f:5f:f7:9a:16:ea:c5:a0:c7:f2:84:d7:56:fd:34:59:
5d:68:e1:e2:8a:2c:5a:fc:c4:1b:69:81:4c:e8:34:fa:ec:92:
be:de:e0:d2:ed:3e:54:70:4d:02:27:c6:e3:e7:c8:3e:bb:fe:
d4:7e:df:5f:dc:8a:80:57:65:f8:49:a4:83:cd:79:b3:9b:2b:
89:97:82:28:89:a2:0e:7e:db:c9:ef:57:61:32:b7:ea:e0:5c:
5d:68:99:83:d1:9f:65:94:73:3f:71:61:44:3a:4f:bc:6c:df:
19:d0:df:be:51:50:e5:1d:65:a2:58:a4:30:29:f6:7c:fc:1a:
4b:3c:6a:ea:9d:6c:a3:60:c4:84:88:38:d1:32:11:54:dc:63:
81:0f:00:c4:f0:98:35:3c:b5:37:f4:b9:d4:e2:00:21:03:70:
72:89:60:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8exgzniHAconUNx5NLsdRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNDI3MDg1NzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmEzZjE4NjljMDMxODliNmU2MDIyNDY4Zjc0YzllNDBjNTAwOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk1pacnGVk6EK52zMDcj1Ofjw33j
Ax0uFMzUfNmj1h7LB7mUow5Y5rkCRv2z04bTpwfE2R6QAdcigrP+XjVoPbvmg8mV
WXYMj3Gf+HIlb9zpPiYPNbYbfoe1vWAJFQX0aXZxNtAUXRHtU0WYglUFutR6qlzL
Y5yQrjMiOODXTUqd5+4+Z73EXthrDPXn5RpsADb5b7lPR5gwedKvCZIKhD1YT1NF
13fgOfmiDcY8kzdryPZ13Ug9pw0L74SqfeGamMnOFZtNDk2lDpvEZolD9yXk+1+G
okIRTsPWjSiLG2N84TbkRH4tKvrmHQM1Kr/O6Jy/5ICunWzwYsJf6DdsZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLuj8YacAxibbmAiRo90yeQMUAnpMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvdTZQeGhwd0RHSnR1WUNKR2ozVEo1QXhRQ2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWJdzAwQA
uYAqMA0GCSqGSIb3DQEBCwUAA4IBAQCavzxxceUhgnBshbNASYBI8FumrZ3HRNHI
qyGgEWxE3tBcFd5ZJ1Lt6qGtew//q7jsTbzik2vkvFFG/OdZ25XGCxmnZ2cP5BIL
EIPlRWBNToyaJLdbO4f+irB9JH9f95oW6sWgx/KE11b9NFldaOHiiixa/MQbaYFM
6DT67JK+3uDS7T5UcE0CJ8bj58g+u/7Uft9f3IqAV2X4SaSDzXmzmyuJl4IoiaIO
ftvJ71dhMrfq4FxdaJmD0Z9llHM/cWFEOk+8bN8Z0N++UVDlHWWiWKQwKfZ8/BpL
PGrqnWyjYMSEiDjRMhFU3GOBDwDE8Jg1PLU39LnU4gAhA3ByiWBi
-----END CERTIFICATE-----
Generated at Wed Aug 14 10:43:37 2024 by rpki-client on console-fra.rpki-client.org