Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/6kRnAkqT3NsMUEvGRbz_ykrn26s.roa
File: 6kRnAkqT3NsMUEvGRbz_ykrn26s.roa (raw, json)
Hash identifier: pdPI/8N2P0riAjNuGPbUYBM/c4k3UtA8ckShxXB/6so=
Subject key identifier: EA:44:67:02:4A:93:DC:DB:0C:50:4B:C6:45:BC:FF:CA:4A:E7:DB:AB
Certificate issuer: /CN=93a229e266b2558899f3547ee63d84ed6594768b
Certificate serial: 018EEB35F65AC28346FA9335AC0D3BA62AE9
Authority key identifier: 93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/6kRnAkqT3NsMUEvGRbz_ykrn26s.roa
Signing time: Wed 17 Apr 2024 08:39:25 +0000
ROA not before: Wed 17 Apr 2024 08:39:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200508
IP address blocks: 2a03:94e0:2101::/48 maxlen: 48
2a0a:cd80:1001::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:eb:35:f6:5a:c2:83:46:fa:93:35:ac:0d:3b:a6:2a:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=93a229e266b2558899f3547ee63d84ed6594768b
Validity
Not Before: Apr 17 08:39:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ea4467024a93dcdb0c504bc645bcffca4ae7dbab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:c2:a1:03:2e:e2:5a:70:39:32:52:f1:20:16:
4c:4d:7d:02:fc:49:5e:5f:6a:bc:2b:90:21:d0:3b:
f5:f5:0b:08:a1:f5:ea:5b:4d:44:21:bb:08:c1:b5:
85:8e:e4:f1:60:7c:71:fc:25:48:da:2f:da:6e:ff:
ce:e1:5a:47:0a:5b:0b:23:ea:25:a6:d2:68:34:da:
20:49:90:74:3a:37:16:aa:9b:bd:95:5f:44:a7:85:
02:24:b4:06:9f:4e:cf:18:4a:1c:c8:68:f4:63:5f:
d1:41:3e:a4:4b:c0:24:46:06:24:a4:d3:54:41:e0:
5f:50:6f:bb:de:39:84:fe:a5:b8:32:5e:44:55:57:
a6:9a:3c:6f:32:8e:1d:ee:bd:fe:f2:5d:cb:50:04:
c9:5f:1c:1e:a4:3a:fb:63:e6:4c:ef:22:95:a5:de:
4f:52:e1:47:a3:a2:3a:f5:70:6f:4b:80:32:4e:e1:
97:35:fb:b5:ae:ad:77:86:39:97:6e:85:83:fc:ed:
67:d6:e5:e9:ff:a2:f2:b8:69:7d:5d:04:a3:1c:e8:
48:25:37:a9:4f:3a:4a:0d:ad:57:ab:ad:df:45:c5:
d2:27:c8:69:34:f9:ea:72:4d:46:20:d3:1d:fe:c7:
04:67:53:cb:45:cd:93:df:f4:36:3a:e0:30:35:49:
87:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:44:67:02:4A:93:DC:DB:0C:50:4B:C6:45:BC:FF:CA:4A:E7:DB:AB
X509v3 Authority Key Identifier:
keyid:93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/6kRnAkqT3NsMUEvGRbz_ykrn26s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a03:94e0:2101::/48
2a0a:cd80:1001::/48
Signature Algorithm: sha256WithRSAEncryption
04:34:9c:1a:08:82:1c:75:47:17:8c:db:00:cb:67:eb:a3:ea:
d7:69:3f:76:60:4b:fa:43:3e:29:63:f9:95:89:2b:58:51:a9:
21:b9:59:d8:5d:64:b6:64:e7:b6:df:07:b2:02:44:f1:ab:6c:
99:2c:33:95:92:48:0c:a5:5c:b4:96:d5:ca:6e:dd:aa:b9:12:
5c:82:6e:f8:a3:09:21:e6:b6:90:c0:d9:94:5a:0b:29:42:0d:
79:8f:ea:b5:7f:ce:aa:06:74:94:51:a8:af:9a:f1:80:2f:f7:
eb:30:74:ee:89:ce:f2:1d:83:3c:8b:03:f6:76:b1:33:7b:14:
04:23:84:0d:0f:4c:14:21:cb:89:3e:71:66:5a:74:7c:08:c9:
d3:14:77:9b:51:43:08:ce:55:63:62:05:0f:30:c2:46:bb:de:
84:37:0a:ab:17:10:ca:aa:c0:b0:f8:2a:e5:42:83:85:f8:82:
7e:4f:70:80:53:3d:44:8a:43:07:14:32:9f:1e:f6:29:e1:e0:
ef:61:ff:a1:b5:ec:15:6f:1d:8b:7f:41:ee:75:d8:79:54:fb:
c6:d3:d8:fe:1f:fd:01:1a:78:75:9c:ef:4c:e4:66:df:86:af:
b8:1d:77:45:59:47:9d:e9:a3:91:71:4c:d4:d0:82:a4:64:56:
97:2b:d2:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7rNfZawoNG+pM1rA07pirpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTIyOWUyNjZiMjU1ODg5OWYzNTQ3ZWU2M2Q4NGVkNjU5
NDc2OGIwHhcNMjQwNDE3MDgzOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQ0NjcwMjRhOTNkY2RiMGM1MDRiYzY0NWJjZmZjYTRhZTdkYmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMKhAy7iWnA5MlLxIBZMTX0C/Ele
X2q8K5Ah0Dv19QsIofXqW01EIbsIwbWFjuTxYHxx/CVI2i/abv/O4VpHClsLI+ol
ptJoNNogSZB0OjcWqpu9lV9Ep4UCJLQGn07PGEocyGj0Y1/RQT6kS8AkRgYkpNNU
QeBfUG+73jmE/qW4Ml5EVVemmjxvMo4d7r3+8l3LUATJXxwepDr7Y+ZM7yKVpd5P
UuFHo6I69XBvS4AyTuGXNfu1rq13hjmXboWD/O1n1uXp/6LyuGl9XQSjHOhIJTep
TzpKDa1Xq63fRcXSJ8hpNPnqck1GINMd/scEZ1PLRc2T3/Q2OuAwNUmHZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOpEZwJKk9zbDFBLxkW8/8pK59urMB8GA1UdIwQY
MBaAFJOiKeJmslWImfNUfuY9hO1llHaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYt
NGQ3NzdjYWNkOWE0LzEvNmtSbkFrcVQzTnNNVUV2R1Jiel95a3JuMjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYtNGQ3NzdjYWNkOWE0
LzEvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgOU4CEB
AwcAKgrNgBABMA0GCSqGSIb3DQEBCwUAA4IBAQAENJwaCIIcdUcXjNsAy2fro+rX
aT92YEv6Qz4pY/mViStYUakhuVnYXWS2ZOe23weyAkTxq2yZLDOVkkgMpVy0ltXK
bt2quRJcgm74owkh5raQwNmUWgspQg15j+q1f86qBnSUUaivmvGAL/frMHTuic7y
HYM8iwP2drEzexQEI4QND0wUIcuJPnFmWnR8CMnTFHebUUMIzlVjYgUPMMJGu96E
NwqrFxDKqsCw+CrlQoOF+IJ+T3CAUz1EikMHFDKfHvYp4eDvYf+htewVbx2Lf0Hu
ddh5VPvG09j+H/0BGnh1nO9M5Gbfhq+4HXdFWUed6aORcUzU0IKkZFaXK9Jw
-----END CERTIFICATE-----
Generated at Mon Jul 8 12:53:41 2024 by rpki-client on console-fra.rpki-client.org