Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/bAxyKSXj3oRsHilfRgc80RbSHeU.roa
File: bAxyKSXj3oRsHilfRgc80RbSHeU.roa (raw, json)
Hash identifier: C4wo431KDAafipG231ZsdwGc6HUndopJkUHj/yfLqeo=
Subject key identifier: 6C:0C:72:29:25:E3:DE:84:6C:1E:29:5F:46:07:3C:D1:16:D2:1D:E5
Certificate issuer: /CN=c6d18653fbfb6fd5732dc940c1d65d77ab0bbfa3
Certificate serial: 018CC8011E663EE709F8122B94182226B28F
Authority key identifier: C6:D1:86:53:FB:FB:6F:D5:73:2D:C9:40:C1:D6:5D:77:AB:0B:BF:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xtGGU_v7b9VzLclAwdZdd6sLv6M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/bAxyKSXj3oRsHilfRgc80RbSHeU.roa
Signing time: Tue 02 Jan 2024 02:29:25 +0000
ROA not before: Tue 02 Jan 2024 02:29:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61254
IP address blocks: 94.230.186.0/24 maxlen: 24
94.230.186.0/23 maxlen: 23
94.230.187.0/24 maxlen: 24
80.93.251.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:1e:66:3e:e7:09:f8:12:2b:94:18:22:26:b2:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6d18653fbfb6fd5732dc940c1d65d77ab0bbfa3
Validity
Not Before: Jan 2 02:29:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6c0c722925e3de846c1e295f46073cd116d21de5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:a0:c4:73:ca:64:2a:fb:8f:5b:1f:54:70:d8:
d3:dd:ca:9f:34:b4:16:44:4e:5f:2a:a4:4e:24:f2:
1d:20:18:e0:39:f1:7d:38:2c:73:9b:41:75:37:c9:
44:45:ef:2c:a2:00:a1:92:a8:65:03:56:35:e1:6f:
5b:b2:77:77:be:f3:be:57:67:55:53:8f:75:a0:8b:
67:12:d0:ee:fc:d3:4c:af:32:75:57:79:1c:3b:55:
cf:aa:d3:6b:61:aa:bc:78:46:f6:30:0b:28:30:d9:
16:8b:e4:3a:3e:dc:83:f2:7b:2e:8b:e2:88:e6:e0:
9b:05:d1:84:4f:99:e4:4e:f7:a2:5f:42:fe:93:d4:
d9:b3:04:12:07:7a:70:20:37:e6:5d:5d:09:02:46:
43:1a:30:6a:80:79:94:4c:86:65:fc:9a:cf:00:3a:
70:78:cd:c0:d4:f1:bd:0c:89:2c:5d:20:a5:ad:63:
c6:20:8d:33:92:50:68:18:51:e4:09:f8:98:26:a8:
5b:d5:b5:a1:4b:a4:1a:6a:06:af:24:aa:34:9c:7d:
42:f6:65:11:7f:a6:44:8f:b7:13:4a:8c:28:c1:8e:
19:57:3b:16:fa:bd:f9:c4:17:b0:f5:08:6e:c8:35:
b3:fd:22:e8:41:ca:47:e6:84:a8:78:57:31:d5:aa:
0b:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:0C:72:29:25:E3:DE:84:6C:1E:29:5F:46:07:3C:D1:16:D2:1D:E5
X509v3 Authority Key Identifier:
keyid:C6:D1:86:53:FB:FB:6F:D5:73:2D:C9:40:C1:D6:5D:77:AB:0B:BF:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xtGGU_v7b9VzLclAwdZdd6sLv6M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/bAxyKSXj3oRsHilfRgc80RbSHeU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/xtGGU_v7b9VzLclAwdZdd6sLv6M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.93.251.0/24
94.230.186.0/23
Signature Algorithm: sha256WithRSAEncryption
62:58:78:a7:59:0f:2b:d4:64:3d:c4:2b:d6:7a:a5:c6:43:cd:
25:5d:44:9f:8e:a7:5f:8c:e4:92:93:7c:73:09:54:34:94:8b:
87:63:52:d6:a1:70:2e:ee:15:35:4c:0d:b0:ad:c6:6d:85:91:
f6:df:f3:3c:4b:ee:d9:dc:da:01:b6:5c:86:2e:af:5b:10:31:
04:f4:6b:ee:3e:cb:ce:29:da:37:c0:cc:62:39:18:13:3a:c4:
d3:40:5f:27:a5:3b:08:f9:aa:9f:cc:42:09:7d:b5:05:fc:48:
5e:22:57:98:4e:39:9e:09:50:5f:19:1b:05:94:a7:e8:56:c6:
15:82:fb:7a:9f:fc:c7:98:51:78:c7:ba:1a:24:19:4e:d9:12:
00:29:ff:d0:f7:1b:c4:7a:a2:38:47:61:66:6c:7d:f2:91:6d:
53:bf:2f:df:f4:ca:4f:75:aa:f6:4e:fa:b6:50:e3:de:a0:84:
47:4e:f6:28:dc:80:3f:33:4f:17:e8:49:14:a1:5a:98:2e:af:
55:4f:d9:fb:20:e0:5e:00:e4:10:3a:74:15:90:0c:d4:04:52:
83:33:b3:d0:68:3b:b2:c3:8f:d7:d8:ef:22:ca:5a:5e:9e:7e:
e2:68:21:07:df:14:8a:67:30:41:97:f2:05:2e:38:a7:91:51:
e9:d9:81:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAR5mPucJ+BIrlBgiJrKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZDE4NjUzZmJmYjZmZDU3MzJkYzk0MGMxZDY1ZDc3YWIw
YmJmYTMwHhcNMjQwMTAyMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzBjNzIyOTI1ZTNkZTg0NmMxZTI5NWY0NjA3M2NkMTE2ZDIxZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6DEc8pkKvuPWx9UcNjT3cqfNLQW
RE5fKqROJPIdIBjgOfF9OCxzm0F1N8lERe8sogChkqhlA1Y14W9bsnd3vvO+V2dV
U491oItnEtDu/NNMrzJ1V3kcO1XPqtNrYaq8eEb2MAsoMNkWi+Q6PtyD8nsui+KI
5uCbBdGET5nkTveiX0L+k9TZswQSB3pwIDfmXV0JAkZDGjBqgHmUTIZl/JrPADpw
eM3A1PG9DIksXSClrWPGII0zklBoGFHkCfiYJqhb1bWhS6QaagavJKo0nH1C9mUR
f6ZEj7cTSowowY4ZVzsW+r35xBew9QhuyDWz/SLoQcpH5oSoeFcx1aoLXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGwMcikl496EbB4pX0YHPNEW0h3lMB8GA1UdIwQY
MBaAFMbRhlP7+2/Vcy3JQMHWXXerC7+jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHRHR1VfdjdiOVZ6TGNsQXdkWmRkNnNMdjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZDY5NDMtY2E3NS00MzcyLWI3N2Yt
NWM2NTAyYmZmYTFmLzEvYkF4eUtTWGozb1JzSGlsZlJnYzgwUmJTSGVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZDY5NDMtY2E3NS00MzcyLWI3N2YtNWM2NTAyYmZmYTFm
LzEveHRHR1VfdjdiOVZ6TGNsQXdkWmRkNnNMdjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUF37AwQB
Xua6MA0GCSqGSIb3DQEBCwUAA4IBAQBiWHinWQ8r1GQ9xCvWeqXGQ80lXUSfjqdf
jOSSk3xzCVQ0lIuHY1LWoXAu7hU1TA2wrcZthZH23/M8S+7Z3NoBtlyGLq9bEDEE
9GvuPsvOKdo3wMxiORgTOsTTQF8npTsI+aqfzEIJfbUF/EheIleYTjmeCVBfGRsF
lKfoVsYVgvt6n/zHmFF4x7oaJBlO2RIAKf/Q9xvEeqI4R2FmbH3ykW1Tvy/f9MpP
dar2Tvq2UOPeoIRHTvYo3IA/M08X6EkUoVqYLq9VT9n7IOBeAOQQOnQVkAzUBFKD
M7PQaDuyw4/X2O8iylpenn7iaCEH3xSKZzBBl/IFLjinkVHp2YHL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:42 2024 by rpki-client on console-ams.rpki-client.org