Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/haDna8hNQosO9yQiiYzB9ahGCNk.roa
File: haDna8hNQosO9yQiiYzB9ahGCNk.roa (raw, json)
Hash identifier: YFZSUK2eaOUzXX4et53gtGAcM4nZ2ceGLqQHBx/+s18=
Subject key identifier: 85:A0:E7:6B:C8:4D:42:8B:0E:F7:24:22:89:8C:C1:F5:A8:46:08:D9
Certificate issuer: /CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Certificate serial: 018EA0438C2AACF3E0661A879E627202E259
Authority key identifier: 5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/haDna8hNQosO9yQiiYzB9ahGCNk.roa
Signing time: Tue 02 Apr 2024 19:22:45 +0000
ROA not before: Tue 02 Apr 2024 19:22:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 213220
IP address blocks: 2a11:5181::/32 maxlen: 32
2a11:5185::/32 maxlen: 32
2a11:5187::/32 maxlen: 32
2a11:68c6::/32 maxlen: 32
2a11:aac0::/32 maxlen: 32
2a11:aac5::/32 maxlen: 32
2a11:e9c1::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a0:43:8c:2a:ac:f3:e0:66:1a:87:9e:62:72:02:e2:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Validity
Not Before: Apr 2 19:22:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=85a0e76bc84d428b0ef72422898cc1f5a84608d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:cc:c0:f0:aa:d0:a0:e9:74:ca:9b:70:4b:4a:
c4:22:1b:01:4f:0c:4a:48:60:95:5c:cb:19:b7:c1:
4f:30:03:d9:91:c8:45:f6:2f:f0:90:05:17:34:0f:
e6:3a:66:2c:e4:84:3b:74:71:ff:db:69:d0:f0:af:
80:c7:e9:f6:8c:2f:c1:14:ec:85:8e:6b:1c:40:42:
7a:05:bd:8c:7f:a6:67:d1:41:65:5c:c6:90:be:f2:
20:69:ae:3e:e5:23:89:19:18:54:a5:8a:52:94:b9:
33:c0:34:74:20:53:25:30:8a:66:ff:72:d6:42:1f:
44:96:06:f6:58:3e:43:8b:fc:73:3f:a4:d6:81:33:
e1:b4:cc:d2:83:7f:37:8e:c0:b8:57:51:6d:64:20:
ea:b6:bb:ef:c0:57:39:78:b0:af:8e:5d:0c:fe:6b:
be:8f:8a:89:f3:08:4c:64:64:19:1f:f7:1d:0c:12:
f1:28:1a:fd:b2:d1:0d:f4:9a:1d:fc:4a:f2:40:0e:
d3:b4:fa:0b:eb:c2:e9:cc:7c:31:c8:97:2a:91:b0:
4d:9b:ac:ac:0e:2b:2c:83:92:19:8c:1a:85:2c:02:
b7:5d:e2:a1:4d:fa:e6:15:aa:5e:ac:27:de:2e:54:
ae:64:ad:e8:8f:30:2d:39:94:77:82:e3:eb:d9:31:
9c:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A0:E7:6B:C8:4D:42:8B:0E:F7:24:22:89:8C:C1:F5:A8:46:08:D9
X509v3 Authority Key Identifier:
keyid:5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/haDna8hNQosO9yQiiYzB9ahGCNk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:5181::/32
2a11:5185::/32
2a11:5187::/32
2a11:68c6::/32
2a11:aac0::/32
2a11:aac5::/32
2a11:e9c1::/32
Signature Algorithm: sha256WithRSAEncryption
bc:9e:ab:7d:a8:cc:6d:b6:2b:e3:b2:2a:a7:d6:ed:8e:0c:c0:
17:92:64:a1:4f:82:cf:94:d8:a1:af:7c:e0:dc:bc:ea:d8:20:
b0:b9:9d:d6:4f:75:c0:6c:c8:3f:78:92:b0:b4:95:40:b7:0e:
c7:cb:84:5b:ec:d1:c5:47:31:ed:1e:d0:59:fa:d4:a4:c6:f0:
ac:e7:4b:7d:c1:e1:be:97:aa:f6:22:e0:a9:b6:0e:3b:63:6e:
f5:87:0a:6f:f5:63:50:c5:83:51:93:6d:2a:8f:6b:95:a6:ca:
59:33:51:fe:f2:c2:36:3a:fc:a8:5e:38:4d:44:f7:11:66:00:
be:69:d8:cc:11:de:f1:e8:9a:48:77:1d:40:2c:7e:b3:f6:05:
92:90:7c:72:a0:9c:5b:10:a7:a7:e5:0a:aa:86:57:8f:75:e4:
97:44:73:ab:18:fc:af:6f:a9:31:34:b2:4b:2d:77:50:84:c8:
18:c0:8d:da:31:e9:32:cc:cc:bd:16:bd:d1:b4:cf:88:40:71:
f9:12:86:7f:1d:33:d6:d9:e0:c2:ca:0a:af:fb:58:2a:21:56:
85:ab:ed:c2:17:cd:0b:8f:91:bf:a2:18:b8:33:19:03:7c:12:
34:60:11:46:d9:02:cc:31:f6:c6:3c:8d:c2:fa:d1:ed:bc:3f:
89:49:0c:32
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAY6gQ4wqrPPgZhqHnmJyAuJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDc0ZTM5ZGRhNDAwZDEzNjEyNmU2YzNlZmIxY2Y5MzQ0
Mjc3ZWYwHhcNMjQwNDAyMTkyMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWEwZTc2YmM4NGQ0MjhiMGVmNzI0MjI4OThjYzFmNWE4NDYwOGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvczA8KrQoOl0yptwS0rEIhsBTwxK
SGCVXMsZt8FPMAPZkchF9i/wkAUXNA/mOmYs5IQ7dHH/22nQ8K+Ax+n2jC/BFOyF
jmscQEJ6Bb2Mf6Zn0UFlXMaQvvIgaa4+5SOJGRhUpYpSlLkzwDR0IFMlMIpm/3LW
Qh9Elgb2WD5Di/xzP6TWgTPhtMzSg383jsC4V1FtZCDqtrvvwFc5eLCvjl0M/mu+
j4qJ8whMZGQZH/cdDBLxKBr9stEN9Jod/EryQA7TtPoL68LpzHwxyJcqkbBNm6ys
Dissg5IZjBqFLAK3XeKhTfrmFaperCfeLlSuZK3ojzAtOZR3guPr2TGczQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFIWg52vITUKLDvckIomMwfWoRgjZMB8GA1UdIwQY
MBaAFFvXTjndpADRNhJubD77HPk0QnfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYt
YWQ3ODkwYzJlNzUyLzEvaGFEbmE4aE5Rb3NPOXlRaWlZekI5YWhHQ05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYtYWQ3ODkwYzJlNzUy
LzEvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUAKhFRgQMF
ACoRUYUDBQAqEVGHAwUAKhFoxgMFACoRqsADBQAqEarFAwUAKhHpwTANBgkqhkiG
9w0BAQsFAAOCAQEAvJ6rfajMbbYr47Iqp9btjgzAF5JkoU+Cz5TYoa984Ny86tgg
sLmd1k91wGzIP3iSsLSVQLcOx8uEW+zRxUcx7R7QWfrUpMbwrOdLfcHhvpeq9iLg
qbYOO2Nu9YcKb/VjUMWDUZNtKo9rlabKWTNR/vLCNjr8qF44TUT3EWYAvmnYzBHe
8eiaSHcdQCx+s/YFkpB8cqCcWxCnp+UKqoZXj3Xkl0Rzqxj8r2+pMTSySy13UITI
GMCN2jHpMszMvRa90bTPiEBx+RKGfx0z1tngwsoKr/tYKiFWhavtwhfNC4+Rv6IY
uDMZA3wSNGARRtkCzDH2xjyNwvrR7bw/iUkMMg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:42 2024 by rpki-client on console-fra.rpki-client.org