Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/aTbkEVghJmSR4I3aYVYs94x4iSw.roa
File: aTbkEVghJmSR4I3aYVYs94x4iSw.roa (raw, json)
Hash identifier: YkMin1PtjatknJVmKY17nm0yKN59D9gI12CPVo4Y//M=
Subject key identifier: 69:36:E4:11:58:21:26:64:91:E0:8D:DA:61:56:2C:F7:8C:78:89:2C
Certificate issuer: /CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
Certificate serial: 018CC56EAA9D4C48F01A0FE279ACF7B85BC3
Authority key identifier: 6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/aTbkEVghJmSR4I3aYVYs94x4iSw.roa
Signing time: Mon 01 Jan 2024 14:30:13 +0000
ROA not before: Mon 01 Jan 2024 14:30:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 399641
IP address blocks: 62.204.51.0/24 maxlen: 24
188.93.119.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:aa:9d:4c:48:f0:1a:0f:e2:79:ac:f7:b8:5b:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
Validity
Not Before: Jan 1 14:30:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6936e4115821266491e08dda61562cf78c78892c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:b8:4f:97:f1:9e:bb:5f:28:59:13:3d:c2:37:
95:89:9c:3c:1a:c8:9c:0f:dc:b2:98:db:48:fc:a8:
5e:d7:89:53:c6:d4:85:1d:8d:24:a2:49:fd:56:a9:
c1:4b:3b:cd:a5:cc:24:70:23:dc:dd:1c:61:e1:2c:
58:76:5e:c2:10:21:03:4a:9f:d7:5d:54:00:c8:d8:
13:3b:1e:7f:a9:52:b6:94:8b:07:86:af:93:85:7f:
56:b1:85:be:fe:0d:b7:ea:0a:83:b7:0f:c0:eb:4d:
9a:b9:c1:bb:aa:ce:69:02:67:9c:60:c7:02:e3:a4:
82:25:ed:ea:42:56:a3:e5:d5:7c:ce:91:25:f9:33:
1c:53:cf:b3:a6:71:48:78:a0:67:34:ab:8d:b3:e3:
06:72:3e:7d:60:91:65:29:35:c3:43:e9:f1:28:5a:
6d:e2:b9:9c:3e:f6:65:ff:22:37:bf:7c:c0:17:a4:
cc:8a:4b:d1:ed:70:82:a3:18:6b:a2:72:e7:bc:c8:
4b:71:00:1d:d2:f3:6d:d6:da:97:fa:e0:1a:81:a8:
a9:37:25:7a:31:5d:92:6d:79:68:e6:d2:64:b6:1c:
19:d3:e7:27:d6:e6:f0:a2:cc:2b:e3:74:20:a0:2a:
73:de:da:6e:3b:e1:38:19:f4:97:fd:cb:f7:dc:e6:
c6:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:36:E4:11:58:21:26:64:91:E0:8D:DA:61:56:2C:F7:8C:78:89:2C
X509v3 Authority Key Identifier:
keyid:6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/aTbkEVghJmSR4I3aYVYs94x4iSw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.204.51.0/24
188.93.119.0/24
Signature Algorithm: sha256WithRSAEncryption
16:cb:34:9f:61:8a:4a:1a:fb:ee:79:b5:92:06:2b:a9:ec:ab:
6b:88:9a:0c:65:36:48:c1:4e:e3:21:df:66:f5:6b:7e:ce:46:
76:8b:8d:40:e6:0f:86:e6:e7:88:1a:0c:04:93:44:49:d9:28:
af:23:a5:b3:2c:16:5d:9b:82:ee:3e:11:01:fe:d8:86:cc:c5:
1d:63:40:8b:fa:d9:32:ba:86:e5:43:8c:43:84:5f:4d:09:ca:
a8:bc:d8:6d:c1:f9:5c:e9:da:1d:36:0f:40:af:0d:ad:74:ee:
b4:d1:6d:1e:02:ee:23:a6:d7:8e:59:e4:53:31:35:c0:15:f7:
6d:54:ca:82:89:86:2a:9f:5f:da:a1:99:d7:4b:1c:d9:c4:66:
b1:d6:38:55:a8:54:8c:07:cd:fe:40:aa:db:5b:c5:ff:c4:3c:
0d:24:48:94:c2:e1:2c:4c:fc:c9:e3:9a:4f:f8:a2:a3:29:79:
7e:1e:4d:1e:b4:79:39:1d:62:bd:3b:46:19:d7:a9:80:cc:26:
27:d9:4a:8c:3e:3f:91:d2:4d:ac:cb:e5:77:28:b8:97:99:0c:
4a:8d:1c:12:fa:c8:53:3d:2c:4a:5f:fb:c9:6c:9f:45:20:65:
c4:57:3c:b6:04:54:89:5b:7e:f5:1a:d5:39:cc:24:cf:9e:5f:
c6:af:89:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbqqdTEjwGg/ieaz3uFvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYWEwNWM2ZjhmOWJmZDcwZTNkNDFmZTA1YmFmYzUwZDEy
NTNiZjUwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTM2ZTQxMTU4MjEyNjY0OTFlMDhkZGE2MTU2MmNmNzhjNzg4OTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirhPl/Geu18oWRM9wjeViZw8Gsic
D9yymNtI/Khe14lTxtSFHY0kokn9VqnBSzvNpcwkcCPc3Rxh4SxYdl7CECEDSp/X
XVQAyNgTOx5/qVK2lIsHhq+ThX9WsYW+/g236gqDtw/A602aucG7qs5pAmecYMcC
46SCJe3qQlaj5dV8zpEl+TMcU8+zpnFIeKBnNKuNs+MGcj59YJFlKTXDQ+nxKFpt
4rmcPvZl/yI3v3zAF6TMikvR7XCCoxhronLnvMhLcQAd0vNt1tqX+uAagaipNyV6
MV2SbXlo5tJkthwZ0+cn1ubwoswr43QgoCpz3tpuO+E4GfSX/cv33ObGnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGk25BFYISZkkeCN2mFWLPeMeIksMB8GA1UdIwQY
MBaAFGuqBcb4+b/XDj1B/gW6/FDRJTv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYt
ZjMyMTFkOTE1MjBkLzEvYVRia0VWZ2hKbVNSNEkzYVlWWXM5NHg0aVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYtZjMyMTFkOTE1MjBk
LzEvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPswzAwQA
vF13MA0GCSqGSIb3DQEBCwUAA4IBAQAWyzSfYYpKGvvuebWSBiup7KtriJoMZTZI
wU7jId9m9Wt+zkZ2i41A5g+G5ueIGgwEk0RJ2SivI6WzLBZdm4LuPhEB/tiGzMUd
Y0CL+tkyuoblQ4xDhF9NCcqovNhtwflc6dodNg9Arw2tdO600W0eAu4jpteOWeRT
MTXAFfdtVMqCiYYqn1/aoZnXSxzZxGax1jhVqFSMB83+QKrbW8X/xDwNJEiUwuEs
TPzJ45pP+KKjKXl+Hk0etHk5HWK9O0YZ16mAzCYn2UqMPj+R0k2sy+V3KLiXmQxK
jRwS+shTPSxKX/vJbJ9FIGXEVzy2BFSJW371GtU5zCTPnl/Gr4k2
-----END CERTIFICATE-----
Generated at Wed Jun 12 18:13:02 2024 by rpki-client on console-ams.rpki-client.org