Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/2qtgVw4CUSQBEk0Kp-l8OsoRgew.roa
File: 2qtgVw4CUSQBEk0Kp-l8OsoRgew.roa (raw, json)
Hash identifier: CtCrO7slfM04Hie3Obr+0eU8xfvIZ0E483TH3lSaKts=
Subject key identifier: DA:AB:60:57:0E:02:51:24:01:12:4D:0A:A7:E9:7C:3A:CA:11:81:EC
Certificate issuer: /CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
Certificate serial: 018F1EC522E07B421A48FF4845A14A8825C8
Authority key identifier: B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/2qtgVw4CUSQBEk0Kp-l8OsoRgew.roa
Signing time: Sat 27 Apr 2024 08:56:26 +0000
ROA not before: Sat 27 Apr 2024 08:56:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 31.222.244.0/24 maxlen: 24
88.151.11.0/24 maxlen: 24
91.210.71.0/24 maxlen: 24
109.205.62.0/24 maxlen: 24
193.200.61.0/24 maxlen: 24
193.228.131.0/24 maxlen: 24
195.69.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:1e:c5:22:e0:7b:42:1a:48:ff:48:45:a1:4a:88:25:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
Validity
Not Before: Apr 27 08:56:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=daab60570e02512401124d0aa7e97c3aca1181ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:2f:a0:c8:52:93:ea:1d:e4:3e:d1:1f:e8:93:
c6:be:12:6d:9a:ed:0d:33:96:c5:d0:bb:bd:63:01:
1c:91:f7:3e:1a:29:c8:c2:9c:69:26:ac:24:26:8c:
7b:78:7c:51:da:b4:d6:0c:40:43:98:04:37:f4:12:
4d:aa:38:86:e2:40:4f:38:c4:e4:80:ac:97:6a:ce:
42:ba:c9:ef:ce:79:92:14:48:bc:13:40:76:42:af:
00:f1:23:bf:07:c3:a6:8c:a7:5f:70:09:49:b1:54:
e9:91:3d:0e:1b:2d:5a:f8:72:93:17:1e:c5:dd:64:
a7:3c:30:b8:21:7f:60:1f:b6:df:b7:30:b6:e1:b9:
89:e7:b6:9c:b9:72:f8:04:e5:46:33:f9:92:d4:a7:
be:ba:a8:14:33:00:f5:fd:06:d5:d6:f2:f8:a5:8c:
d7:6d:57:57:c5:de:2a:18:fd:e2:28:07:73:66:d3:
0f:cb:5a:39:22:32:ba:2d:03:ca:5c:17:c4:f8:e4:
18:6c:fe:a0:93:0b:44:2a:8d:57:7d:13:37:b0:1b:
8d:80:64:65:be:c6:7a:c4:a5:70:c1:88:d7:ea:99:
35:73:ae:75:82:5e:ee:5a:de:b1:16:f3:da:13:da:
75:d9:ef:db:19:39:9c:50:82:b1:02:03:7b:d5:b0:
e6:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:AB:60:57:0E:02:51:24:01:12:4D:0A:A7:E9:7C:3A:CA:11:81:EC
X509v3 Authority Key Identifier:
keyid:B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/2qtgVw4CUSQBEk0Kp-l8OsoRgew.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.222.244.0/24
88.151.11.0/24
91.210.71.0/24
109.205.62.0/24
193.200.61.0/24
193.228.131.0/24
195.69.162.0/24
Signature Algorithm: sha256WithRSAEncryption
c0:42:76:31:a9:e1:1f:f7:3d:14:6a:e2:eb:88:ea:cb:b9:e4:
8e:9f:dd:ef:f7:e5:9d:9f:97:8c:69:51:68:ca:d9:ed:d9:4a:
ff:fa:66:e5:83:07:91:e8:8e:00:41:da:a7:9d:30:9d:25:c3:
7d:e3:9c:82:b7:35:5f:48:d3:6d:81:89:90:71:73:17:55:c9:
10:7b:43:cb:38:7a:62:89:13:9e:32:cd:16:28:64:f2:2d:90:
1e:d5:d5:b9:13:89:32:a0:e1:19:bd:63:21:7c:d0:a3:b1:5d:
f8:a9:8a:22:10:d3:c7:99:72:1d:6f:c1:81:0a:4e:e3:0e:7d:
e2:9c:1a:cc:89:78:ff:af:2d:3b:4b:e6:64:4c:7a:18:81:58:
01:6e:7b:df:b1:05:40:8b:97:5c:9f:80:32:83:33:d4:41:bd:
c6:ff:61:40:f4:e5:0c:89:09:ad:de:dc:1c:95:b7:85:90:43:
d8:7f:49:68:07:c5:3d:c5:97:8b:8e:92:87:03:c0:2f:76:19:
61:7d:eb:cf:89:4c:16:27:d0:32:45:3c:f7:d2:48:ec:8e:66:
b8:5a:88:f0:0b:ad:5a:9f:88:cf:e6:5b:27:d7:35:1b:da:89:
20:8b:84:b4:f4:e9:e9:02:40:01:c4:f1:de:d0:e2:76:fb:20:
d7:74:d6:a5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY8exSLge0IaSP9IRaFKiCXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZjYxOWVmMjAwODQwZGZhOGZkNDM1NjdjN2E5NzhjMTUz
MTJkN2YwHhcNMjQwNDI3MDg1NjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWFiNjA1NzBlMDI1MTI0MDExMjRkMGFhN2U5N2MzYWNhMTE4MWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2i+gyFKT6h3kPtEf6JPGvhJtmu0N
M5bF0Lu9YwEckfc+GinIwpxpJqwkJox7eHxR2rTWDEBDmAQ39BJNqjiG4kBPOMTk
gKyXas5CusnvznmSFEi8E0B2Qq8A8SO/B8OmjKdfcAlJsVTpkT0OGy1a+HKTFx7F
3WSnPDC4IX9gH7bftzC24bmJ57acuXL4BOVGM/mS1Ke+uqgUMwD1/QbV1vL4pYzX
bVdXxd4qGP3iKAdzZtMPy1o5IjK6LQPKXBfE+OQYbP6gkwtEKo1XfRM3sBuNgGRl
vsZ6xKVwwYjX6pk1c651gl7uWt6xFvPaE9p12e/bGTmcUIKxAgN71bDmhQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNqrYFcOAlEkARJNCqfpfDrKEYHsMB8GA1UdIwQY
MBaAFLD2Ge8gCEDfqP1DVnx6l4wVMS1/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYt
MDY5NjYxNjc1MTA2LzEvMnF0Z1Z3NENVU1FCRWswS3AtbDhPc29SZ2V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYtMDY5NjYxNjc1MTA2
LzEvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAH970AwQA
WJcLAwQAW9JHAwQAbc0+AwQAwcg9AwQAweSDAwQAw0WiMA0GCSqGSIb3DQEBCwUA
A4IBAQDAQnYxqeEf9z0UauLriOrLueSOn93v9+Wdn5eMaVFoytnt2Ur/+mblgweR
6I4AQdqnnTCdJcN945yCtzVfSNNtgYmQcXMXVckQe0PLOHpiiROeMs0WKGTyLZAe
1dW5E4kyoOEZvWMhfNCjsV34qYoiENPHmXIdb8GBCk7jDn3inBrMiXj/ry07S+Zk
THoYgVgBbnvfsQVAi5dcn4AygzPUQb3G/2FA9OUMiQmt3twclbeFkEPYf0loB8U9
xZeLjpKHA8AvdhlhfevPiUwWJ9AyRTz30kjsjma4WojwC61an4jP5lsn1zUb2okg
i4S09OnpAkABxPHe0OJ2+yDXdNal
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:50 2024 by rpki-client on console-fra.rpki-client.org