Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/akorH3hSasCoZTQc06v_UUUXBpY.roa
File: akorH3hSasCoZTQc06v_UUUXBpY.roa (raw, json)
Hash identifier: mYKA/LcYiLxAZnKCjcRpknCGWQKrHYtatDRmO1HxcLs=
Subject key identifier: 6A:4A:2B:1F:78:52:6A:C0:A8:65:34:1C:D3:AB:FF:51:45:17:06:96
Certificate issuer: /CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Certificate serial: 01857142DC28B38A5D70D6034F540B9FD815
Authority key identifier: 85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/akorH3hSasCoZTQc06v_UUUXBpY.roa
Signing time: Mon 02 Jan 2023 06:54:45 +0000
ROA not before: Mon 02 Jan 2023 06:54:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204119
IP address blocks: 84.38.64.0/20 maxlen: 20
195.42.114.0/23 maxlen: 23
2a00:5080::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:42:dc:28:b3:8a:5d:70:d6:03:4f:54:0b:9f:d8:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Validity
Not Before: Jan 2 06:54:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6a4a2b1f78526ac0a865341cd3abff5145170696
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:f5:6a:b5:ee:4b:00:e6:a7:fb:84:4c:87:70:
9e:3b:34:41:91:43:86:b6:d3:de:be:e7:c3:7f:02:
11:26:ea:45:08:ac:42:69:ed:80:e9:5f:f5:76:03:
2a:92:c9:05:28:38:42:d6:dd:63:ff:ea:2c:64:cf:
62:92:26:08:03:28:c8:ec:21:86:10:b4:04:e1:39:
6d:65:b3:08:3d:61:2b:29:9d:74:96:29:39:4f:94:
bf:df:23:fa:4b:8d:95:fe:f4:e9:58:2a:66:a9:57:
6e:5e:05:ae:ae:2d:9c:18:44:88:53:f3:14:82:1a:
61:7c:cd:42:fc:c8:db:1d:fc:27:b5:cc:c0:e2:9c:
f1:5a:36:e4:11:0f:56:9c:e1:41:2d:78:07:82:ec:
65:0f:77:54:a7:38:31:95:78:ba:0a:3a:c0:81:cf:
75:df:c9:ff:71:8f:e3:74:ef:36:1d:8b:ad:6f:25:
b2:8d:32:ca:d5:fc:53:61:63:2a:e1:20:eb:cb:5d:
19:3b:cc:56:4b:ec:bb:72:01:1a:26:ab:9f:b0:7d:
ff:19:a2:8d:bd:5c:2e:22:d7:47:67:2d:84:60:7c:
d3:c6:05:50:e6:a2:2d:46:36:c7:ad:85:60:2e:0c:
2e:d9:15:b8:76:76:cc:b0:51:1b:13:99:cd:ec:ad:
67:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:4A:2B:1F:78:52:6A:C0:A8:65:34:1C:D3:AB:FF:51:45:17:06:96
X509v3 Authority Key Identifier:
keyid:85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/akorH3hSasCoZTQc06v_UUUXBpY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hcNSXWi2ERZWThbh3U5WywNcnIU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.38.64.0/20
195.42.114.0/23
IPv6:
2a00:5080::/32
Signature Algorithm: sha256WithRSAEncryption
63:78:23:52:09:12:0d:e2:99:db:13:71:13:b3:bf:90:c4:e5:
0a:a6:8f:a5:e2:c0:b6:b2:d7:2f:b4:2f:08:71:6f:1f:6f:a3:
7c:33:10:20:8d:63:24:96:84:6e:b7:c1:b8:e4:5b:06:23:ea:
16:e8:6d:02:e5:33:9c:69:01:b7:00:ae:ca:ba:86:de:c5:24:
2b:a8:d8:e5:97:7f:9b:64:36:fb:d0:30:66:ee:83:b2:6c:58:
64:4f:ec:6a:ea:16:5c:5b:4d:06:52:3a:97:e7:64:4a:13:63:
ea:05:33:49:17:89:31:cb:d8:e4:89:0d:2a:bb:d2:f8:59:f7:
b2:41:9e:a7:dc:9a:b3:b0:9e:55:8e:3d:3c:a7:80:5e:46:97:
f7:a0:ee:f4:2d:3f:53:75:ea:01:02:de:58:55:e7:89:b1:06:
e7:e0:b8:8c:fd:9b:a0:0f:dc:99:de:cd:fc:d6:9a:23:19:a1:
42:bc:25:1f:74:e2:ef:3d:c0:7d:d7:70:3e:32:74:73:f5:52:
3a:4c:90:7d:ca:26:33:72:88:4f:0e:b2:76:e3:1b:0d:98:cf:
f5:21:6e:9b:bb:b9:df:c2:43:71:7a:e8:60:5a:90:3e:ad:f2:
bc:e1:8d:24:e7:9b:cf:db:83:b9:51:11:b2:b4:26:e8:c4:dc:
ea:43:d4:12
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVxQtwos4pdcNYDT1QLn9gVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YzM1MjVkNjhiNjExMTY1NjRlMTZlMWRkNGU1NmNiMDM1
YzljODUwHhcNMjMwMTAyMDY1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTRhMmIxZjc4NTI2YWMwYTg2NTM0MWNkM2FiZmY1MTQ1MTcwNjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvVqte5LAOan+4RMh3CeOzRBkUOG
ttPevufDfwIRJupFCKxCae2A6V/1dgMqkskFKDhC1t1j/+osZM9ikiYIAyjI7CGG
ELQE4TltZbMIPWErKZ10lik5T5S/3yP6S42V/vTpWCpmqVduXgWuri2cGESIU/MU
ghphfM1C/MjbHfwntczA4pzxWjbkEQ9WnOFBLXgHguxlD3dUpzgxlXi6CjrAgc91
38n/cY/jdO82HYutbyWyjTLK1fxTYWMq4SDry10ZO8xWS+y7cgEaJqufsH3/GaKN
vVwuItdHZy2EYHzTxgVQ5qItRjbHrYVgLgwu2RW4dnbMsFEbE5nN7K1nWQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGpKKx94UmrAqGU0HNOr/1FFFwaWMB8GA1UdIwQY
MBaAFIXDUl1othEWVk4W4d1OVssDXJyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDkt
Njk0ZGJmYWRkYjhmLzEvYWtvckgzaFNhc0NvWlRRYzA2dl9VVVVYQnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDktNjk0ZGJmYWRkYjhm
LzEvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEVCZAAwQB
wypyMA0EAgACMAcDBQAqAFCAMA0GCSqGSIb3DQEBCwUAA4IBAQBjeCNSCRIN4pnb
E3ETs7+QxOUKpo+l4sC2stcvtC8IcW8fb6N8MxAgjWMkloRut8G45FsGI+oW6G0C
5TOcaQG3AK7KuobexSQrqNjll3+bZDb70DBm7oOybFhkT+xq6hZcW00GUjqX52RK
E2PqBTNJF4kxy9jkiQ0qu9L4WfeyQZ6n3JqzsJ5Vjj08p4BeRpf3oO70LT9TdeoB
At5YVeeJsQbn4LiM/ZugD9yZ3s381pojGaFCvCUfdOLvPcB913A+MnRz9VI6TJB9
yiYzcohPDrJ24xsNmM/1IW6bu7nfwkNxeuhgWpA+rfK84Y0k55vP24O5URGytCbo
xNzqQ9QS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:22 2024 by rpki-client on console-fra.rpki-client.org