Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/sR1v7djkRi-s5O3jmezkXd3QftI.roa
File: sR1v7djkRi-s5O3jmezkXd3QftI.roa (raw, json)
Hash identifier: FPNwEsVktlHq+BWdYih6OKDFOIbmz8jsl8TBOY+lJEg=
Subject key identifier: B1:1D:6F:ED:D8:E4:46:2F:AC:E4:ED:E3:99:EC:E4:5D:DD:D0:7E:D2
Certificate issuer: /CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Certificate serial: 018E81325CE5DAACE6B7F89E9E4E1A2D7C89
Authority key identifier: 5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/sR1v7djkRi-s5O3jmezkXd3QftI.roa
Signing time: Wed 27 Mar 2024 18:35:45 +0000
ROA not before: Wed 27 Mar 2024 18:35:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 213220
IP address blocks: 2a11:5181::/32 maxlen: 32
2a11:aac5::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:81:32:5c:e5:da:ac:e6:b7:f8:9e:9e:4e:1a:2d:7c:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Validity
Not Before: Mar 27 18:35:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b11d6fedd8e4462face4ede399ece45dddd07ed2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:0f:f5:b0:e0:48:33:25:8a:24:b9:65:bf:3f:
ba:40:d4:20:0d:c0:45:54:96:eb:b3:29:d3:9d:a5:
61:03:51:8e:c4:c7:96:ab:d8:3e:01:9b:de:7f:f7:
90:68:5f:b9:40:ea:fb:2d:83:c8:c7:d4:64:6c:68:
26:ed:77:c8:c2:0f:3e:c2:79:53:70:40:9d:71:80:
b0:8a:e1:96:39:b7:22:7f:fa:d7:8c:43:8b:f4:80:
53:75:f9:d2:4a:b8:02:6e:05:99:54:39:53:ec:90:
cf:d3:a1:5d:73:82:b9:9a:6d:e9:32:66:96:ab:ac:
0c:f0:e8:af:9d:fe:74:f1:14:8b:b3:3b:b6:e7:b8:
8d:4e:87:b9:9a:32:ac:1c:e4:1f:66:3a:1e:e2:f6:
70:ab:ab:6a:3e:aa:83:d2:5d:4c:67:9e:03:ae:d7:
12:31:6c:3d:14:02:91:b5:00:5b:3e:35:7a:6a:ab:
cd:94:48:62:9c:3e:7f:da:b2:a9:e8:d7:5c:82:00:
55:97:af:59:21:de:26:6c:9e:8f:e8:3c:1f:ac:12:
5b:85:65:41:ff:9a:86:d6:55:ba:3d:95:ed:8e:72:
f2:87:a4:6a:18:6a:17:cb:ef:ec:6e:b3:f2:e4:08:
40:d3:f2:a4:fa:51:1c:e6:76:9b:1c:15:16:68:5f:
44:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:1D:6F:ED:D8:E4:46:2F:AC:E4:ED:E3:99:EC:E4:5D:DD:D0:7E:D2
X509v3 Authority Key Identifier:
keyid:5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/sR1v7djkRi-s5O3jmezkXd3QftI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:5181::/32
2a11:aac5::/32
Signature Algorithm: sha256WithRSAEncryption
2f:22:e7:5d:c7:d2:1e:c9:1a:54:16:26:56:55:3e:aa:b4:b0:
8e:ed:52:3c:fe:c5:de:7d:27:45:24:c7:b5:4c:d0:a5:6a:52:
7b:0b:75:25:9d:1c:34:80:f7:a2:02:b2:7a:df:fd:e6:bf:37:
8c:20:2b:13:c9:e5:7f:d1:0d:05:d9:10:7c:3f:39:03:c8:1f:
69:0f:1c:30:4f:f7:fa:dc:d0:cf:85:74:db:29:d0:f0:7a:07:
1c:cc:35:5c:10:64:56:46:db:a2:f4:ab:33:ce:7b:6d:57:d0:
5b:66:94:98:b5:73:94:0b:f8:06:5f:73:2f:28:ba:ef:ef:b4:
2d:65:8b:4b:7f:94:68:2b:f5:5e:bd:ff:84:a6:cd:80:78:87:
64:42:10:c4:48:c6:6b:ce:2f:6a:10:a0:97:6c:12:c9:99:fc:
65:1d:c4:d3:73:2e:4a:d5:6c:26:3a:df:59:db:e7:3b:bb:cc:
48:b6:87:50:6b:43:fe:c5:c0:ac:85:ea:ee:c3:cf:6a:e3:d5:
43:23:40:f6:06:71:1f:c1:44:9d:e5:14:b7:49:43:c3:e6:2d:
66:e5:94:f1:ac:ab:1f:12:36:ae:d5:cf:ac:31:c5:ab:fe:f2:
8e:86:c7:d9:1c:1a:87:15:ed:0f:f6:5f:8a:f0:9f:67:98:ea:
c3:8e:07:8e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY6BMlzl2qzmt/ienk4aLXyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDc0ZTM5ZGRhNDAwZDEzNjEyNmU2YzNlZmIxY2Y5MzQ0
Mjc3ZWYwHhcNMjQwMzI3MTgzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTFkNmZlZGQ4ZTQ0NjJmYWNlNGVkZTM5OWVjZTQ1ZGRkZDA3ZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnA/1sOBIMyWKJLllvz+6QNQgDcBF
VJbrsynTnaVhA1GOxMeWq9g+AZvef/eQaF+5QOr7LYPIx9RkbGgm7XfIwg8+wnlT
cECdcYCwiuGWObcif/rXjEOL9IBTdfnSSrgCbgWZVDlT7JDP06Fdc4K5mm3pMmaW
q6wM8Oivnf508RSLszu257iNToe5mjKsHOQfZjoe4vZwq6tqPqqD0l1MZ54DrtcS
MWw9FAKRtQBbPjV6aqvNlEhinD5/2rKp6NdcggBVl69ZId4mbJ6P6DwfrBJbhWVB
/5qG1lW6PZXtjnLyh6RqGGoXy+/sbrPy5AhA0/Kk+lEc5nabHBUWaF9EfwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLEdb+3Y5EYvrOTt45ns5F3d0H7SMB8GA1UdIwQY
MBaAFFvXTjndpADRNhJubD77HPk0QnfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYt
YWQ3ODkwYzJlNzUyLzEvc1IxdjdkamtSaS1zNU8zam1lemtYZDNRZnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYtYWQ3ODkwYzJlNzUy
LzEvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhFRgQMF
ACoRqsUwDQYJKoZIhvcNAQELBQADggEBAC8i513H0h7JGlQWJlZVPqq0sI7tUjz+
xd59J0Ukx7VM0KVqUnsLdSWdHDSA96ICsnrf/ea/N4wgKxPJ5X/RDQXZEHw/OQPI
H2kPHDBP9/rc0M+FdNsp0PB6BxzMNVwQZFZG26L0qzPOe21X0FtmlJi1c5QL+AZf
cy8ouu/vtC1li0t/lGgr9V69/4SmzYB4h2RCEMRIxmvOL2oQoJdsEsmZ/GUdxNNz
LkrVbCY631nb5zu7zEi2h1BrQ/7FwKyF6u7Dz2rj1UMjQPYGcR/BRJ3lFLdJQ8Pm
LWbllPGsqx8SNq7Vz6wxxav+8o6Gx9kcGocV7Q/2X4rwn2eY6sOOB44=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:14 2024 by rpki-client on console-ams.rpki-client.org