Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/G6Ff4DEAtX5S5AVfb5yKr2ks65Q.roa
File: G6Ff4DEAtX5S5AVfb5yKr2ks65Q.roa (raw, json)
Hash identifier: fWysrt4P3+WEbMG4FqpjAfA6RnhaLKCEPe2TaoVc/ek=
Subject key identifier: 1B:A1:5F:E0:31:00:B5:7E:52:E4:05:5F:6F:9C:8A:AF:69:2C:EB:94
Certificate issuer: /CN=2dd596c1ea7ecbb1be1777fc0d38ed06ca40eabe
Certificate serial: 018FDF4E65618BEBD987FB7312EF52A46176
Authority key identifier: 2D:D5:96:C1:EA:7E:CB:B1:BE:17:77:FC:0D:38:ED:06:CA:40:EA:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LdWWwep-y7G-F3f8DTjtBspA6r4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/G6Ff4DEAtX5S5AVfb5yKr2ks65Q.roa
Signing time: Mon 03 Jun 2024 18:13:27 +0000
ROA not before: Mon 03 Jun 2024 18:13:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50873
IP address blocks: 37.228.130.0/24 maxlen: 24
94.247.143.0/24 maxlen: 24
151.216.96.0/20 maxlen: 20
185.97.4.0/22 maxlen: 22
185.97.6.0/24 maxlen: 24
194.104.114.0/23 maxlen: 23
194.104.149.0/24 maxlen: 24
2a06:1c0::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:df:4e:65:61:8b:eb:d9:87:fb:73:12:ef:52:a4:61:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2dd596c1ea7ecbb1be1777fc0d38ed06ca40eabe
Validity
Not Before: Jun 3 18:13:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1ba15fe03100b57e52e4055f6f9c8aaf692ceb94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:16:ea:a3:0b:c4:b4:7e:e0:dc:0c:3c:7f:3a:
90:24:77:81:0e:03:52:d1:66:d3:87:74:11:8c:d9:
6c:a4:15:64:37:17:81:89:c4:d5:1e:00:cd:78:2a:
0b:17:0e:1e:dd:d4:99:16:e3:59:cc:f3:6f:40:ca:
dd:ae:c1:90:b4:db:9b:78:6b:e1:51:8e:d8:f3:cd:
ea:37:ec:53:69:76:fe:5c:1d:2c:4f:a7:ed:83:82:
8f:e8:71:59:da:90:26:4b:14:c2:95:8b:f7:bf:3b:
76:fa:33:cd:6e:fd:4f:4e:d8:1a:4d:1d:69:0b:d2:
db:41:09:cc:23:83:f8:66:a9:11:8b:72:8d:79:22:
d7:40:46:5a:b2:e8:c4:df:a4:22:28:30:09:ae:dc:
c7:15:d4:d7:16:3b:e4:0b:d1:f0:8d:d3:e4:44:3c:
12:b6:d0:a5:71:06:ba:28:a9:a2:2d:10:93:98:d1:
18:9d:8c:4b:e1:d6:cf:90:0f:00:bc:7a:25:45:13:
56:c0:52:05:97:2f:e1:b9:fc:e5:a2:62:fb:b1:bc:
84:13:3d:8b:d8:b2:a6:f2:97:73:88:39:71:63:87:
f4:f9:44:61:37:0b:5b:6a:9b:a3:a1:99:cc:a8:1a:
c9:83:63:cf:0f:cf:51:38:b9:0a:63:bd:ea:58:79:
37:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:A1:5F:E0:31:00:B5:7E:52:E4:05:5F:6F:9C:8A:AF:69:2C:EB:94
X509v3 Authority Key Identifier:
keyid:2D:D5:96:C1:EA:7E:CB:B1:BE:17:77:FC:0D:38:ED:06:CA:40:EA:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LdWWwep-y7G-F3f8DTjtBspA6r4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/G6Ff4DEAtX5S5AVfb5yKr2ks65Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/LdWWwep-y7G-F3f8DTjtBspA6r4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.228.130.0/24
94.247.143.0/24
151.216.96.0/20
185.97.4.0/22
194.104.114.0/23
194.104.149.0/24
IPv6:
2a06:1c0::/30
Signature Algorithm: sha256WithRSAEncryption
3f:e1:23:65:bc:e8:37:22:28:0d:a3:88:86:ac:ef:79:7a:40:
fc:41:ea:f6:01:f2:f9:8d:15:f9:a6:06:1b:75:b1:e1:14:02:
dc:da:8b:50:26:72:ac:51:0d:a8:25:f0:ff:d2:e6:b7:fe:01:
38:c2:74:c7:1e:66:af:12:7b:e2:8c:86:ff:d2:a9:61:ed:f8:
3f:7b:ee:76:a7:95:db:06:bd:48:e5:ae:1c:e6:dc:5f:6b:28:
46:ef:71:b6:08:69:8f:78:cb:9c:d4:d4:3f:1c:cd:f8:1a:8a:
4a:15:ad:78:f6:95:5b:c1:04:8c:e3:ff:0e:e4:c0:f9:58:62:
1e:3c:68:0d:14:8a:16:20:ae:1a:58:70:4e:cb:bd:7a:77:36:
02:be:ce:27:75:c7:a1:ea:86:fd:23:b6:c0:dd:78:98:c7:b2:
d1:44:49:82:ff:a8:0e:bf:0f:cb:c3:a3:f0:19:2f:0b:61:1a:
a0:26:c3:b3:cc:be:31:33:41:aa:15:48:37:d0:95:f7:33:4a:
f7:e1:5f:0e:2a:16:01:87:84:f9:37:8d:e1:57:de:ed:9c:05:
7b:27:c6:dc:b5:a4:1e:60:24:a4:06:f4:27:cf:48:c6:2e:18:
4c:5b:c7:32:ff:46:7b:d6:61:81:41:41:85:96:0b:ea:bb:cd:
0d:2c:9b:5f
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAY/fTmVhi+vZh/tzEu9SpGF2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZDU5NmMxZWE3ZWNiYjFiZTE3NzdmYzBkMzhlZDA2Y2E0
MGVhYmUwHhcNMjQwNjAzMTgxMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmExNWZlMDMxMDBiNTdlNTJlNDA1NWY2ZjljOGFhZjY5MmNlYjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxbqowvEtH7g3Aw8fzqQJHeBDgNS
0WbTh3QRjNlspBVkNxeBicTVHgDNeCoLFw4e3dSZFuNZzPNvQMrdrsGQtNubeGvh
UY7Y883qN+xTaXb+XB0sT6ftg4KP6HFZ2pAmSxTClYv3vzt2+jPNbv1PTtgaTR1p
C9LbQQnMI4P4ZqkRi3KNeSLXQEZasujE36QiKDAJrtzHFdTXFjvkC9HwjdPkRDwS
ttClcQa6KKmiLRCTmNEYnYxL4dbPkA8AvHolRRNWwFIFly/hufzlomL7sbyEEz2L
2LKm8pdziDlxY4f0+URhNwtbapujoZnMqBrJg2PPD89ROLkKY73qWHk3mQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFBuhX+AxALV+UuQFX2+ciq9pLOuUMB8GA1UdIwQY
MBaAFC3VlsHqfsuxvhd3/A047QbKQOq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGRXV3dlcC15N0ctRjNmOERUanRCc3BBNnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNjNlY2MtMmFhMS00MjgxLTk1YjEt
OGIwZmMwNzg1OGQ2LzEvRzZGZjRERUF0WDVTNUFWZmI1eUtyMmtzNjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNjNlY2MtMmFhMS00MjgxLTk1YjEtOGIwZmMwNzg1OGQ2
LzEvTGRXV3dlcC15N0ctRjNmOERUanRCc3BBNnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAJeSCAwQA
XvePAwQEl9hgAwQCuWEEAwQBwmhyAwQAwmiVMA0EAgACMAcDBQIqBgHAMA0GCSqG
SIb3DQEBCwUAA4IBAQA/4SNlvOg3IigNo4iGrO95ekD8Qer2AfL5jRX5pgYbdbHh
FALc2otQJnKsUQ2oJfD/0ua3/gE4wnTHHmavEnvijIb/0qlh7fg/e+52p5XbBr1I
5a4c5txfayhG73G2CGmPeMuc1NQ/HM34GopKFa149pVbwQSM4/8O5MD5WGIePGgN
FIoWIK4aWHBOy716dzYCvs4ndceh6ob9I7bA3XiYx7LRREmC/6gOvw/Lw6PwGS8L
YRqgJsOzzL4xM0GqFUg30JX3M0r34V8OKhYBh4T5N43hV97tnAV7J8bctaQeYCSk
BvQnz0jGLhhMW8cy/0Z71mGBQUGFlgvqu80NLJtf
-----END CERTIFICATE-----
Generated at Mon Jul 1 14:21:12 2024 by rpki-client on console-ams.rpki-client.org