Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/DTWyffHisxmtbRqRLJjuGh8IeZk.roa
File: DTWyffHisxmtbRqRLJjuGh8IeZk.roa (raw, json)
Hash identifier: 3arfwXqhG0JwnRL9iRGeC9cNaHzmi9YSV3YvD2jmhs0=
Subject key identifier: 0D:35:B2:7D:F1:E2:B3:19:AD:6D:1A:91:2C:98:EE:1A:1F:08:79:99
Certificate issuer: /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial: 01856F42982D7C40FD81E10E0C6696348101
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/DTWyffHisxmtbRqRLJjuGh8IeZk.roa
Signing time: Sun 01 Jan 2023 21:35:13 +0000
ROA not before: Sun 01 Jan 2023 21:35:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29486
IP address blocks: 178.21.128.0/21 maxlen: 21
31.24.128.0/21 maxlen: 21
81.27.32.0/20 maxlen: 20
2a00:1c90::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:42:98:2d:7c:40:fd:81:e1:0e:0c:66:96:34:81:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Validity
Not Before: Jan 1 21:35:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0d35b27df1e2b319ad6d1a912c98ee1a1f087999
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:02:39:a3:89:2a:95:00:e2:9f:a7:b4:d4:dd:
55:6d:ed:19:c6:af:43:a0:66:f7:1e:e9:c6:69:00:
0c:c3:f8:29:b5:2b:d4:c3:8c:f1:f3:0b:83:57:b4:
d7:f6:55:b6:bd:f8:9d:0a:09:b2:a5:ea:d8:bf:f2:
13:a9:bc:88:2b:bb:f6:10:ba:10:55:5b:64:e9:80:
a8:c5:42:66:2e:99:61:fa:44:4a:41:bf:d9:97:63:
3c:20:b8:83:e4:f2:27:88:bd:41:58:cf:79:47:4b:
33:c6:50:5b:d7:ac:93:4e:61:94:69:1c:01:e3:26:
f8:d7:9c:0f:94:55:78:38:36:71:b7:22:ce:a4:20:
59:b6:51:ae:d5:d8:63:47:62:af:44:d9:e1:fe:7a:
f3:5f:65:a8:2c:59:68:aa:3b:ab:8d:3b:b4:8e:39:
d4:03:a3:69:e1:86:50:5c:18:bd:de:2a:38:34:43:
fb:a6:36:a4:10:8c:e4:6b:ef:09:b0:d4:f9:48:ce:
d5:9d:5f:c3:3b:7b:4f:43:72:40:4d:2d:b6:a0:ef:
76:b6:4f:bd:9e:0d:c3:37:7d:75:4b:a3:ce:fa:5d:
e4:34:88:60:3e:78:aa:c0:38:4e:66:17:b6:df:6f:
b0:53:9d:6d:05:0d:be:e0:ee:19:ee:86:71:ad:c2:
64:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:35:B2:7D:F1:E2:B3:19:AD:6D:1A:91:2C:98:EE:1A:1F:08:79:99
X509v3 Authority Key Identifier:
keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/DTWyffHisxmtbRqRLJjuGh8IeZk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.128.0/21
81.27.32.0/20
178.21.128.0/21
IPv6:
2a00:1c90::/32
Signature Algorithm: sha256WithRSAEncryption
88:97:f9:27:02:32:aa:2a:0a:f9:53:92:76:ec:d8:b5:10:ee:
af:7c:3f:8e:50:70:23:53:6b:9d:b7:24:e3:64:10:c6:16:1d:
de:2e:b2:44:96:26:99:bf:77:56:2e:30:4a:f1:2f:05:a5:a7:
f7:c7:3d:23:cb:1c:8f:39:05:c8:24:ab:86:df:0d:e9:c8:c4:
ff:e9:8c:d4:f4:4b:db:23:38:eb:bc:fa:f9:6e:bf:d5:98:bb:
8d:d6:4e:83:9d:a9:40:0e:52:3e:bb:05:b1:ed:d2:6a:16:6c:
86:24:f0:48:f6:43:b3:1a:e0:96:f0:76:1a:8a:a3:a6:71:45:
ac:8a:96:77:6f:78:10:26:96:59:3c:1a:f5:4d:df:aa:21:36:
74:66:19:1d:91:15:cf:3c:a7:52:97:22:dd:a0:5c:c9:bb:55:
cb:fb:00:89:b8:e9:ee:a0:9e:cf:19:7c:17:db:a9:ff:a2:fa:
6e:d1:43:f0:ed:95:6c:4c:94:12:67:6b:4b:91:c7:e0:16:02:
a1:e4:6b:0c:4d:68:16:98:bd:aa:75:0d:d8:38:9b:a8:9b:29:
93:18:9f:96:e6:d8:7d:f5:ee:ce:ac:36:05:88:90:5d:e5:0a:
57:8e:bb:8c:48:3c:aa:5d:09:d2:1f:58:f3:47:65:0b:d0:23:
cf:e9:7c:d8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVvQpgtfED9geEODGaWNIEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjMwMTAxMjEzNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDM1YjI3ZGYxZTJiMzE5YWQ2ZDFhOTEyYzk4ZWUxYTFmMDg3OTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwI5o4kqlQDin6e01N1Vbe0Zxq9D
oGb3HunGaQAMw/gptSvUw4zx8wuDV7TX9lW2vfidCgmyperYv/ITqbyIK7v2ELoQ
VVtk6YCoxUJmLplh+kRKQb/Zl2M8ILiD5PIniL1BWM95R0szxlBb16yTTmGUaRwB
4yb415wPlFV4ODZxtyLOpCBZtlGu1dhjR2KvRNnh/nrzX2WoLFloqjurjTu0jjnU
A6Np4YZQXBi93io4NEP7pjakEIzka+8JsNT5SM7VnV/DO3tPQ3JATS22oO92tk+9
ng3DN311S6PO+l3kNIhgPniqwDhOZhe232+wU51tBQ2+4O4Z7oZxrcJkpQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFA01sn3x4rMZrW0akSyY7hofCHmZMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvRFRXeWZmSGlzeG10YlJxUkxKanVHaDhJZVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDHxiAAwQE
URsgAwQDshWAMA0EAgACMAcDBQAqAByQMA0GCSqGSIb3DQEBCwUAA4IBAQCIl/kn
AjKqKgr5U5J27Ni1EO6vfD+OUHAjU2udtyTjZBDGFh3eLrJEliaZv3dWLjBK8S8F
paf3xz0jyxyPOQXIJKuG3w3pyMT/6YzU9EvbIzjrvPr5br/VmLuN1k6DnalADlI+
uwWx7dJqFmyGJPBI9kOzGuCW8HYaiqOmcUWsipZ3b3gQJpZZPBr1Td+qITZ0Zhkd
kRXPPKdSlyLdoFzJu1XL+wCJuOnuoJ7PGXwX26n/ovpu0UPw7ZVsTJQSZ2tLkcfg
FgKh5GsMTWgWmL2qdQ3YOJuomymTGJ+W5th99e7OrDYFiJBd5QpXjruMSDyqXQnS
H1jzR2UL0CPP6XzY
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:40 2024 by rpki-client on console-ams.rpki-client.org