Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/L6ea7QovNHFxV2iZ8FoZAqojY_k.roa
File: L6ea7QovNHFxV2iZ8FoZAqojY_k.roa (raw, json)
Hash identifier: drgivdF0SppVhvV55HA3x6JEhkLtNPvJR50zD9MRNBA=
Subject key identifier: 2F:A7:9A:ED:0A:2F:34:71:71:57:68:99:F0:5A:19:02:AA:23:63:F9
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 018746213641FDD98954818111FC2476F5FE
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/L6ea7QovNHFxV2iZ8FoZAqojY_k.roa
Signing time: Mon 03 Apr 2023 07:59:54 +0000
ROA not before: Mon 03 Apr 2023 07:59:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61272
IP address blocks: 213.252.232.0/23 maxlen: 23
213.252.228.0/22 maxlen: 22
213.252.238.0/23 maxlen: 23
213.252.244.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:46:21:36:41:fd:d9:89:54:81:81:11:fc:24:76:f5:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Apr 3 07:59:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2fa79aed0a2f347171576899f05a1902aa2363f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:d3:6d:ae:ce:c7:c0:80:93:59:4c:e9:7a:64:
9b:a2:4b:b4:c3:5d:dd:08:f9:e4:4e:c3:09:f6:b0:
93:2a:91:55:01:e1:ba:dc:f4:1b:17:ce:6e:fe:ef:
75:00:e3:42:15:39:e2:25:c2:26:df:61:64:e0:18:
59:ae:19:95:2e:0f:0e:21:d5:39:eb:73:60:3e:7b:
28:87:b7:02:2f:68:45:a2:61:80:07:1b:92:79:c3:
20:56:e4:d7:f6:f3:de:93:98:72:5a:80:92:60:08:
98:d5:6d:d6:33:ec:07:42:2f:52:d3:6a:cd:12:7f:
38:85:aa:13:de:31:3d:66:57:96:50:8f:a1:dc:80:
e7:c3:d1:b5:01:95:38:db:4d:53:4a:c9:b8:b2:9f:
8b:e3:08:39:d5:f1:b7:a3:4d:64:ff:d4:9a:1a:df:
a6:a3:f2:ea:72:f6:ae:67:ff:96:e2:df:e9:bb:2d:
d9:4a:97:8f:6b:f9:40:2a:ad:ca:d4:4a:f3:a5:a4:
fe:2e:c0:e1:69:3b:0f:69:c1:98:bc:f9:95:b7:54:
3f:eb:28:c1:7e:03:b1:53:17:aa:ff:d0:d6:ce:18:
14:73:83:14:76:af:98:2e:56:de:b7:cc:01:fc:b5:
51:42:5b:07:8c:9d:b2:75:9c:9a:ad:e6:75:98:db:
12:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:A7:9A:ED:0A:2F:34:71:71:57:68:99:F0:5A:19:02:AA:23:63:F9
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/L6ea7QovNHFxV2iZ8FoZAqojY_k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.252.228.0-213.252.233.255
213.252.238.0/23
213.252.244.0/22
Signature Algorithm: sha256WithRSAEncryption
4c:6a:61:2f:fc:02:77:a4:2b:55:30:b2:72:65:96:f0:4b:3e:
27:b5:c8:a4:06:d0:3f:da:02:b0:9e:cc:f3:0c:c8:81:a4:d1:
82:6a:8d:09:e0:cd:98:5f:6e:b6:68:3c:54:c8:04:80:07:cc:
70:66:6c:1a:28:64:33:29:af:38:af:7d:cd:73:df:de:d2:76:
0b:ff:ec:e8:9b:07:0f:04:18:85:37:a5:a5:41:75:59:e3:ee:
b0:ef:e0:39:6f:8f:e4:2a:7b:da:3a:66:44:22:83:70:97:65:
b9:39:f6:d2:32:04:e0:25:84:21:b1:57:c9:14:67:47:51:f7:
a7:8e:6e:0f:0a:26:00:5f:b5:41:a5:2e:5e:3c:36:6e:86:f4:
1e:a4:d5:ad:9c:8c:e0:2c:99:25:a0:65:12:b5:32:51:82:35:
61:0b:6b:4f:ec:51:09:94:dd:93:bc:ce:18:b0:61:b6:dc:ad:
c2:65:23:f2:4c:37:3b:b4:8c:36:2f:17:b6:f5:2b:58:66:bc:
cf:4d:6d:cf:57:99:f1:c8:ca:89:c9:46:aa:eb:e4:47:a2:f6:
51:53:62:c2:40:90:97:ca:15:4d:bb:a9:27:2a:af:13:a3:b4:
5c:70:60:5e:86:34:12:62:2a:be:84:dd:63:ac:d0:cd:82:19:
58:5c:d6:1f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYdGITZB/dmJVIGBEfwkdvX+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjMwNDAzMDc1OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmE3OWFlZDBhMmYzNDcxNzE1NzY4OTlmMDVhMTkwMmFhMjM2M2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtNtrs7HwICTWUzpemSboku0w13d
CPnkTsMJ9rCTKpFVAeG63PQbF85u/u91AONCFTniJcIm32Fk4BhZrhmVLg8OIdU5
63NgPnsoh7cCL2hFomGABxuSecMgVuTX9vPek5hyWoCSYAiY1W3WM+wHQi9S02rN
En84haoT3jE9ZleWUI+h3IDnw9G1AZU4201TSsm4sp+L4wg51fG3o01k/9SaGt+m
o/LqcvauZ/+W4t/puy3ZSpePa/lAKq3K1ErzpaT+LsDhaTsPacGYvPmVt1Q/6yjB
fgOxUxeq/9DWzhgUc4MUdq+YLlbet8wB/LVRQlsHjJ2ydZyareZ1mNsSZQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFC+nmu0KLzRxcVdomfBaGQKqI2P5MB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvTDZlYTdRb3ZOSEZ4VjJpWjhGb1pBcW9qWV9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBALV/OQD
BAHV/OgDBAHV/O4DBALV/PQwDQYJKoZIhvcNAQELBQADggEBAExqYS/8AnekK1Uw
snJllvBLPie1yKQG0D/aArCezPMMyIGk0YJqjQngzZhfbrZoPFTIBIAHzHBmbBoo
ZDMprzivfc1z397Sdgv/7OibBw8EGIU3paVBdVnj7rDv4Dlvj+Qqe9o6ZkQig3CX
Zbk59tIyBOAlhCGxV8kUZ0dR96eObg8KJgBftUGlLl48Nm6G9B6k1a2cjOAsmSWg
ZRK1MlGCNWELa0/sUQmU3ZO8zhiwYbbcrcJlI/JMNzu0jDYvF7b1K1hmvM9Nbc9X
mfHIyonJRqrr5Eei9lFTYsJAkJfKFU27qScqrxOjtFxwYF6GNBJiKr6E3WOs0M2C
GVhc1h8=
-----END CERTIFICATE-----
Generated at Thu Jul 20 14:34:26 2023 by rpki-client on console-ams.rpki-client.org