Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/2Kas9FFgK9ma-jj2x--Y5avmY30.roa
File: 2Kas9FFgK9ma-jj2x--Y5avmY30.roa (raw, json)
Hash identifier: KWjeGBiRj8eCN5FlGll2XaDYaNUQTGeJYNV8HooQS+M=
Subject key identifier: D8:A6:AC:F4:51:60:2B:D9:9A:FA:38:F6:C7:EF:98:E5:AB:E6:63:7D
Certificate issuer: /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial: 018B0414F375CF8B7AD38C2E89C0963C461E
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/2Kas9FFgK9ma-jj2x--Y5avmY30.roa
Signing time: Fri 06 Oct 2023 08:22:43 +0000
ROA not before: Fri 06 Oct 2023 08:22:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9121
IP address blocks: 185.33.61.0/24 maxlen: 24
185.33.63.0/24 maxlen: 24
31.169.69.0/24 maxlen: 24
31.169.70.0/24 maxlen: 24
31.169.65.0/24 maxlen: 24
31.169.66.0/24 maxlen: 24
31.169.67.0/24 maxlen: 24
31.169.71.0/24 maxlen: 24
31.169.78.0/24 maxlen: 24
31.169.77.0/24 maxlen: 24
31.169.72.0/24 maxlen: 24
31.169.81.0/24 maxlen: 24
31.169.88.0/24 maxlen: 24
31.169.91.0/24 maxlen: 24
31.169.92.0/24 maxlen: 24
31.169.93.0/24 maxlen: 24
31.169.94.0/24 maxlen: 24
31.169.64.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:04:14:f3:75:cf:8b:7a:d3:8c:2e:89:c0:96:3c:46:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Validity
Not Before: Oct 6 08:22:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d8a6acf451602bd99afa38f6c7ef98e5abe6637d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:3c:32:07:d4:01:7f:17:c6:4b:80:a1:e9:bf:
e0:7f:f9:f2:c1:b8:25:b9:4b:2c:98:f0:30:80:e1:
0a:44:9a:b3:77:32:11:69:d4:bd:08:e1:fe:8d:76:
b1:25:66:2f:9c:6c:ef:df:b1:ca:fc:e7:31:14:cf:
fb:e5:91:14:25:34:b0:f2:c5:16:4a:7f:32:b9:4e:
f5:17:39:13:f4:1b:a1:38:98:ef:e8:15:77:82:e6:
ee:06:8a:9e:28:fd:07:f7:12:2b:36:f4:87:66:c4:
cb:d8:8e:34:1e:74:27:bf:07:68:4c:4f:c4:fe:90:
6b:ee:b3:f2:e8:6c:dc:5a:9b:ff:85:d5:2e:78:bf:
31:7f:28:e4:67:19:dc:1f:87:8d:ea:77:0e:92:40:
18:39:c6:17:f2:1b:3a:ac:47:d3:ef:10:e2:ed:2a:
90:c1:40:74:bd:9d:d5:3f:9f:88:f5:8d:7b:1b:e1:
8f:7b:9d:e8:74:48:56:db:82:87:6e:6a:42:b7:15:
c9:0c:c6:47:dc:36:3e:2f:d9:20:61:d0:cf:e7:6e:
d3:a7:f4:53:ed:0b:86:55:a0:c7:ad:b7:a1:bd:70:
b4:4b:2b:ac:d9:3e:17:9e:24:90:70:b3:84:e2:df:
78:65:e2:a9:18:98:ce:bf:b9:a7:74:30:4f:13:8e:
5d:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:A6:AC:F4:51:60:2B:D9:9A:FA:38:F6:C7:EF:98:E5:AB:E6:63:7D
X509v3 Authority Key Identifier:
keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/2Kas9FFgK9ma-jj2x--Y5avmY30.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.169.64.0/22
31.169.69.0-31.169.72.255
31.169.77.0-31.169.78.255
31.169.81.0/24
31.169.88.0/24
31.169.91.0-31.169.94.255
185.33.61.0/24
185.33.63.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:6f:47:a7:0d:9f:e1:b9:71:81:07:ac:6e:da:94:ab:ef:68:
01:41:dc:88:5e:c8:9b:7a:a5:52:b1:f5:0f:73:65:be:e9:6b:
6f:b9:7b:73:d8:47:0c:e8:4d:3e:9f:bf:6c:6a:1c:85:a9:f2:
6f:f9:d0:9a:48:c2:35:32:23:a9:59:e1:23:5f:8d:57:20:61:
f2:6f:46:a1:5c:6e:03:ea:57:2a:53:d7:bd:a4:76:c5:e8:d2:
ae:6b:da:ab:60:24:75:77:72:81:e4:08:47:20:67:95:03:57:
ce:07:d1:8f:5c:c4:0f:1b:d1:93:05:76:c4:1d:43:7f:1c:0f:
9d:76:2e:eb:90:1d:c3:b4:d4:e2:03:da:0c:82:03:45:85:e3:
6e:54:f8:f2:c9:6b:aa:b0:c6:15:a9:ba:c1:ea:91:c3:8a:0a:
21:d8:17:e7:23:0a:28:f5:70:2d:63:66:f3:f8:6b:97:8b:0d:
4b:51:aa:fd:ad:22:46:c3:f9:55:43:81:0c:a0:5c:11:7a:64:
a7:ee:03:c4:08:3e:39:5a:ff:a3:1a:f7:5a:4a:ba:ac:43:ab:
96:7a:a9:85:e3:35:ea:81:f9:c0:d6:b1:2f:78:7b:c5:bf:a9:
5a:2a:c0:a8:f1:d6:a1:71:cb:ff:11:fc:8d:43:47:04:5d:8b:
f2:3f:b4:57
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYsEFPN1z4t604wuicCWPEYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjMxMDA2MDgyMjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE2YWNmNDUxNjAyYmQ5OWFmYTM4ZjZjN2VmOThlNWFiZTY2MzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DwyB9QBfxfGS4Ch6b/gf/nywbgl
uUssmPAwgOEKRJqzdzIRadS9COH+jXaxJWYvnGzv37HK/OcxFM/75ZEUJTSw8sUW
Sn8yuU71FzkT9BuhOJjv6BV3gubuBoqeKP0H9xIrNvSHZsTL2I40HnQnvwdoTE/E
/pBr7rPy6GzcWpv/hdUueL8xfyjkZxncH4eN6ncOkkAYOcYX8hs6rEfT7xDi7SqQ
wUB0vZ3VP5+I9Y17G+GPe53odEhW24KHbmpCtxXJDMZH3DY+L9kgYdDP527Tp/RT
7QuGVaDHrbehvXC0Syus2T4XniSQcLOE4t94ZeKpGJjOv7mndDBPE45dTwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNimrPRRYCvZmvo49sfvmOWr5mN9MB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvMkthczlGRmdLOW1hLWpqMngtLVk1YXZtWTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCH6lAMAwD
BAAfqUUDBAAfqUgwDAMEAB+pTQMEAB+pTgMEAB+pUQMEAB+pWDAMAwQAH6lbAwQA
H6leAwQAuSE9AwQAuSE/MA0GCSqGSIb3DQEBCwUAA4IBAQCkb0enDZ/huXGBB6xu
2pSr72gBQdyIXsibeqVSsfUPc2W+6WtvuXtz2EcM6E0+n79sahyFqfJv+dCaSMI1
MiOpWeEjX41XIGHyb0ahXG4D6lcqU9e9pHbF6NKua9qrYCR1d3KB5AhHIGeVA1fO
B9GPXMQPG9GTBXbEHUN/HA+ddi7rkB3DtNTiA9oMggNFheNuVPjyyWuqsMYVqbrB
6pHDigoh2BfnIwoo9XAtY2bz+GuXiw1LUar9rSJGw/lVQ4EMoFwRemSn7gPECD45
Wv+jGvdaSrqsQ6uWeqmF4zXqgfnA1rEveHvFv6laKsCo8dahccv/EfyNQ0cEXYvy
P7RX
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:47 2024 by rpki-client on console-ams.rpki-client.org