Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/bQYk5mQKlwSkPC7G2-a77ct4Y2E.roa
File: bQYk5mQKlwSkPC7G2-a77ct4Y2E.roa (raw, json)
Hash identifier: FwMpRMTjtDdVYILFobv1i/+dp3CEVQaKXBxyJwt2p1o=
Subject key identifier: 6D:06:24:E6:64:0A:97:04:A4:3C:2E:C6:DB:E6:BB:ED:CB:78:63:61
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018CC64B3773412E9BF7858743101706E33B
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/bQYk5mQKlwSkPC7G2-a77ct4Y2E.roa
Signing time: Mon 01 Jan 2024 18:31:07 +0000
ROA not before: Mon 01 Jan 2024 18:31:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34369
IP address blocks: 151.240.0.0/13 maxlen: 24
94.182.151.0/24 maxlen: 24
94.182.109.0/24 maxlen: 24
31.56.0.0/14 maxlen: 24
94.182.0.0/15 maxlen: 24
84.241.0.0/18 maxlen: 24
151.238.0.0/15 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:37:73:41:2e:9b:f7:85:87:43:10:17:06:e3:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Jan 1 18:31:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6d0624e6640a9704a43c2ec6dbe6bbedcb786361
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:1f:a0:d1:c4:1c:56:5a:74:6b:d0:f2:0b:18:
19:35:e8:17:d4:1a:3d:5a:75:ff:8f:5d:92:cd:ca:
bb:c7:b5:e8:0b:1e:89:21:8f:6b:3c:75:b0:3d:03:
6f:fa:9d:44:68:81:ea:a3:e2:71:37:ab:8a:7b:4a:
60:8f:7e:2a:5e:96:9f:8c:92:a1:1f:cd:74:c1:dc:
a9:78:c8:c6:d8:30:80:6d:12:d3:0e:21:75:33:05:
d5:69:e6:d0:e0:f8:40:8b:eb:1e:cb:f6:d6:1c:13:
da:d2:a4:ee:df:26:89:3c:d2:66:50:8f:d8:03:c2:
df:e0:66:30:f8:ca:2c:0f:6a:31:75:dd:68:44:b7:
bf:1e:dc:e3:20:cc:7a:b4:c5:61:e5:9e:03:b3:4e:
7e:d8:9e:ae:d1:91:3d:f5:87:31:69:96:fd:f5:4f:
fb:cc:26:31:ec:4a:98:d8:b1:21:33:9a:c8:99:eb:
00:87:44:0a:c3:be:37:30:df:f3:07:62:b3:f2:47:
5b:98:46:22:2c:c9:70:29:14:b7:d6:37:df:87:11:
2e:9e:70:7b:80:74:6a:7f:18:9a:60:12:fe:10:af:
1c:1e:fe:8d:43:2a:27:44:20:28:a7:98:84:4f:af:
a7:2d:0f:9b:95:9e:9e:e6:99:2b:29:e6:b1:dd:92:
23:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:06:24:E6:64:0A:97:04:A4:3C:2E:C6:DB:E6:BB:ED:CB:78:63:61
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/bQYk5mQKlwSkPC7G2-a77ct4Y2E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.0.0/14
84.241.0.0/18
94.182.0.0/15
151.238.0.0-151.247.255.255
Signature Algorithm: sha256WithRSAEncryption
86:93:1a:37:ec:fb:6e:91:43:c0:fa:13:c4:99:2a:27:ce:4b:
cf:28:f3:22:94:a5:c8:4a:a8:6b:13:41:20:a1:d6:17:0f:c0:
db:a0:ec:15:d5:27:b1:0b:3f:3e:24:46:8e:43:c8:b6:6c:b8:
d1:7f:0d:90:2a:fb:c4:ce:b4:b2:11:2b:33:26:e7:6b:d8:e2:
2b:65:9c:94:4d:02:30:2d:33:9d:7d:87:1c:a2:9b:4b:6c:d1:
c7:d3:91:4d:68:ed:f3:d5:b9:d0:e2:9c:03:47:42:6b:43:fd:
29:0b:d4:7e:d0:e5:bd:a2:e0:73:96:32:0e:28:3e:61:99:ef:
3e:4c:86:38:2c:59:97:ad:a1:df:bb:e1:21:7a:72:9a:7f:aa:
c3:0d:4d:10:19:3b:09:dd:8f:25:62:a7:87:37:85:a3:d1:22:
81:65:ef:36:27:43:b9:44:c0:e6:05:2b:77:23:b1:03:e5:5d:
ab:92:3e:f1:1a:fc:bf:aa:3f:a7:18:3d:2b:34:e4:c5:21:11:
ba:a1:c1:63:d9:70:eb:21:0b:e2:35:9e:aa:8d:f0:79:d0:48:
42:d8:80:32:c1:46:ae:04:2c:15:d4:be:71:2f:f0:2a:d3:eb:
e6:89:d3:c9:3c:92:a2:54:92:02:7d:fc:39:7d:09:ec:49:24:
df:c8:11:e0
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzGSzdzQS6b94WHQxAXBuM7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA2MjRlNjY0MGE5NzA0YTQzYzJlYzZkYmU2YmJlZGNiNzg2MzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxh+g0cQcVlp0a9DyCxgZNegX1Bo9
WnX/j12Szcq7x7XoCx6JIY9rPHWwPQNv+p1EaIHqo+JxN6uKe0pgj34qXpafjJKh
H810wdypeMjG2DCAbRLTDiF1MwXVaebQ4PhAi+sey/bWHBPa0qTu3yaJPNJmUI/Y
A8Lf4GYw+MosD2oxdd1oRLe/HtzjIMx6tMVh5Z4Ds05+2J6u0ZE99YcxaZb99U/7
zCYx7EqY2LEhM5rImesAh0QKw743MN/zB2Kz8kdbmEYiLMlwKRS31jffhxEunnB7
gHRqfxiaYBL+EK8cHv6NQyonRCAop5iET6+nLQ+blZ6e5pkrKeax3ZIj1QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFG0GJOZkCpcEpDwuxtvmu+3LeGNhMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvYlFZazVtUUtsd1NrUEM3RzItYTc3Y3Q0WTJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcAwMCHzgDBAZU
8QADAwFetjAKAwMBl+4DAwOX8DANBgkqhkiG9w0BAQsFAAOCAQEAhpMaN+z7bpFD
wPoTxJkqJ85LzyjzIpSlyEqoaxNBIKHWFw/A26DsFdUnsQs/PiRGjkPItmy40X8N
kCr7xM60shErMybna9jiK2WclE0CMC0znX2HHKKbS2zRx9ORTWjt89W50OKcA0dC
a0P9KQvUftDlvaLgc5YyDig+YZnvPkyGOCxZl62h37vhIXpymn+qww1NEBk7Cd2P
JWKnhzeFo9EigWXvNidDuUTA5gUrdyOxA+Vdq5I+8Rr8v6o/pxg9KzTkxSERuqHB
Y9lw6yEL4jWeqo3wedBIQtiAMsFGrgQsFdS+cS/wKtPr5onTyTySolSSAn38OX0J
7Ekk38gR4A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:45 2024 by rpki-client on console-ams.rpki-client.org