Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/L6vP8b3q2wizvx6OTTkNzxnobUQ.roa
File: L6vP8b3q2wizvx6OTTkNzxnobUQ.roa (raw, json)
Hash identifier: itk6y6YIUeHQXHsVzjLJPs5lKcmV4bZ9c9C0fUePVf8=
Subject key identifier: 2F:AB:CF:F1:BD:EA:DB:08:B3:BF:1E:8E:4D:39:0D:CF:19:E8:6D:44
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 0189D5736E21CEF5C936734CDA4B4AD276D2
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/L6vP8b3q2wizvx6OTTkNzxnobUQ.roa
Signing time: Tue 08 Aug 2023 14:00:58 +0000
ROA not before: Tue 08 Aug 2023 14:00:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197248
IP address blocks: 77.111.96.0/20 maxlen: 24
93.88.192.0/21 maxlen: 21
62.112.192.0/19 maxlen: 19
109.61.96.0/21 maxlen: 21
93.88.194.0/24 maxlen: 24
109.61.0.0/18 maxlen: 19
109.61.112.0/20 maxlen: 20
109.61.22.0/24 maxlen: 24
77.111.64.0/19 maxlen: 21
109.61.64.0/20 maxlen: 20
77.111.88.0/21 maxlen: 24
2a01:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d5:73:6e:21:ce:f5:c9:36:73:4c:da:4b:4a:d2:76:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: Aug 8 14:00:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2fabcff1bdeadb08b3bf1e8e4d390dcf19e86d44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:d3:ef:26:a8:cd:9e:b0:3e:d1:c8:bf:3b:bb:
19:20:17:a5:03:a8:9c:86:36:1b:3d:35:31:74:9d:
2f:e2:45:c8:ca:28:ed:c0:c2:91:38:f6:b7:73:78:
e9:8f:1f:01:95:3f:ad:f4:d4:2b:30:c1:26:a0:36:
8c:16:89:4d:10:dd:46:f4:65:1b:57:59:62:56:73:
59:49:b6:b0:08:93:6a:f7:f3:76:a0:c7:80:93:33:
2a:f1:04:83:0a:44:5d:21:ef:8a:42:80:55:ab:0e:
6f:30:dd:ea:f8:53:ec:ac:07:81:f5:7b:4e:a7:b1:
0b:f5:a5:53:9f:8c:af:27:40:c5:df:f1:eb:5c:b9:
b9:de:62:ec:73:39:81:ef:fe:fe:88:4a:2d:92:8f:
f9:a6:cc:80:ce:ab:55:b3:bc:7d:64:e5:b3:49:9b:
cf:25:c9:72:5a:e2:66:76:78:52:2b:3c:d9:05:b4:
1d:52:60:f9:c4:55:35:75:a9:45:5b:2f:ae:a4:cb:
46:fc:86:57:cc:24:19:fb:bf:bb:f6:41:f2:a1:e2:
79:6e:23:e7:fc:46:cb:b0:d8:61:3b:6d:b6:e3:1f:
4a:98:aa:0c:b6:1f:a1:0c:30:06:83:c9:10:33:6b:
e2:00:de:d6:bd:81:c0:d6:8c:51:64:ce:67:4a:a2:
be:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:AB:CF:F1:BD:EA:DB:08:B3:BF:1E:8E:4D:39:0D:CF:19:E8:6D:44
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/L6vP8b3q2wizvx6OTTkNzxnobUQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/19
77.111.64.0-77.111.111.255
93.88.192.0/21
109.61.0.0-109.61.79.255
109.61.96.0/21
109.61.112.0/20
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
3d:c4:55:7c:78:88:17:5c:ea:1b:28:40:67:c1:45:40:dc:d6:
16:a7:d0:66:81:9d:b7:25:7d:bf:48:f6:85:07:19:7b:00:ce:
62:34:9d:95:03:c1:56:52:b8:b0:73:1b:4b:d8:00:b7:2c:3d:
06:0b:58:9a:67:9c:46:6f:aa:16:a3:28:cc:cc:2a:c0:b3:3b:
a0:31:e9:c1:81:62:eb:8f:b5:41:47:95:22:14:4e:23:05:c9:
46:80:da:2c:7a:ea:49:81:80:0a:3f:b9:2e:56:b6:43:d9:80:
18:92:6a:95:ae:89:5e:18:73:5c:fc:49:91:44:3f:5c:96:e6:
c8:24:12:c7:c9:7a:47:a7:59:28:bb:01:10:89:78:19:c8:2b:
d4:24:34:61:96:17:0c:15:71:51:be:38:e0:b3:6a:d5:01:a2:
bb:ae:59:4b:3f:4d:0d:ca:9f:e4:17:86:22:bc:a1:93:82:38:
92:45:58:fd:77:e9:1b:50:1d:d4:16:f3:34:14:66:1c:17:7d:
c8:f4:c3:e3:05:97:bf:54:cb:71:6b:fe:4a:c8:56:34:dc:dd:
e5:9d:27:93:f6:44:e4:91:22:ea:7c:a2:ea:76:0b:f1:28:80:
ad:a0:2f:33:32:f6:22:68:20:78:b0:39:1e:92:1f:c1:ca:7f:
00:3f:1f:de
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYnVc24hzvXJNnNM2ktK0nbSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMwODA4MTQwMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmFiY2ZmMWJkZWFkYjA4YjNiZjFlOGU0ZDM5MGRjZjE5ZTg2ZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdPvJqjNnrA+0ci/O7sZIBelA6ic
hjYbPTUxdJ0v4kXIyijtwMKROPa3c3jpjx8BlT+t9NQrMMEmoDaMFolNEN1G9GUb
V1liVnNZSbawCJNq9/N2oMeAkzMq8QSDCkRdIe+KQoBVqw5vMN3q+FPsrAeB9XtO
p7EL9aVTn4yvJ0DF3/HrXLm53mLsczmB7/7+iEotko/5psyAzqtVs7x9ZOWzSZvP
JclyWuJmdnhSKzzZBbQdUmD5xFU1dalFWy+upMtG/IZXzCQZ+7+79kHyoeJ5biPn
/EbLsNhhO2224x9KmKoMth+hDDAGg8kQM2viAN7WvYHA1oxRZM5nSqK+wQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFC+rz/G96tsIs78ejk05Dc8Z6G1EMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvTDZ2UDhiM3Eyd2l6dng2T1RUa056eG5vYlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjA5BAIAATAzAwQFPnDAMAwD
BAZNb0ADBARNb2ADBANdWMAwCwMDAG09AwQEbT1AAwQDbT1gAwQEbT1wMA0EAgAC
MAcDBQAqAb4AMA0GCSqGSIb3DQEBCwUAA4IBAQA9xFV8eIgXXOobKEBnwUVA3NYW
p9BmgZ23JX2/SPaFBxl7AM5iNJ2VA8FWUriwcxtL2AC3LD0GC1iaZ5xGb6oWoyjM
zCrAszugMenBgWLrj7VBR5UiFE4jBclGgNoseupJgYAKP7kuVrZD2YAYkmqVrole
GHNc/EmRRD9clubIJBLHyXpHp1kouwEQiXgZyCvUJDRhlhcMFXFRvjjgs2rVAaK7
rllLP00Nyp/kF4YivKGTgjiSRVj9d+kbUB3UFvM0FGYcF33I9MPjBZe/VMtxa/5K
yFY03N3lnSeT9kTkkSLqfKLqdgvxKICtoC8zMvYiaCB4sDkekh/Byn8APx/e
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:13 2024 by rpki-client on console-ams.rpki-client.org