Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/18j9sJKYVCzEr2WN8i4lYE4cKgM.roa
File: 18j9sJKYVCzEr2WN8i4lYE4cKgM.roa (raw, json)
Hash identifier: rnLIzEkikYALSSV06xpbnGmc2lCw2acBcGmvXh46H1E=
Subject key identifier: D7:C8:FD:B0:92:98:54:2C:C4:AF:65:8D:F2:2E:25:60:4E:1C:2A:03
Certificate issuer: /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial: 018AE532B428CEF50E0A756ACEC442D2C3DE
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/18j9sJKYVCzEr2WN8i4lYE4cKgM.roa
Signing time: Sat 30 Sep 2023 08:26:59 +0000
ROA not before: Sat 30 Sep 2023 08:26:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205920
IP address blocks: 2a10:a500:1a::/48 maxlen: 48
2001:67c:8dc::/48 maxlen: 48
2a10:a500::/32 maxlen: 32
2a10:a500::/48 maxlen: 48
2a10:a500:20::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:e5:32:b4:28:ce:f5:0e:0a:75:6a:ce:c4:42:d2:c3:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Validity
Not Before: Sep 30 08:26:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d7c8fdb09298542cc4af658df22e25604e1c2a03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:1b:37:41:7a:16:c5:e2:b4:86:ec:a5:71:76:
9f:90:52:c1:04:e7:92:18:97:b6:7b:a5:c3:74:2f:
52:10:2f:52:d9:cc:76:92:b4:7c:e2:de:af:64:d3:
39:09:b1:e0:2e:bd:f9:46:9e:ce:6d:e1:55:5c:44:
79:85:20:14:35:29:e0:5f:95:8d:be:f3:a8:68:6b:
d2:09:5b:03:96:a1:7e:59:ad:b7:6d:d2:5f:68:7e:
15:be:02:72:0b:e9:83:0a:8e:c3:8b:39:e0:c4:b7:
1d:09:cc:dc:fc:e8:46:86:43:35:92:26:d4:70:68:
79:b0:da:0a:79:c7:d2:41:43:f1:74:78:0b:f8:f5:
30:8d:67:07:a5:46:c0:e4:46:b8:7e:5d:40:91:3e:
d7:ed:23:c4:2d:30:9a:fc:c6:da:ea:91:a8:24:d6:
76:53:55:a3:43:38:ee:45:6b:c6:d8:b5:0d:65:33:
45:c2:c1:0f:8d:f5:e7:44:41:74:82:b1:a5:8d:4f:
cb:77:a0:cf:51:47:ce:7f:45:ab:52:be:4f:9a:49:
bd:82:bd:85:1f:ae:0a:90:95:d0:95:87:32:e6:df:
3e:f4:ac:0d:cc:bc:58:d9:24:6b:60:35:67:b6:0c:
fd:ac:45:e5:fc:6f:13:83:90:84:15:58:b5:f0:b7:
50:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:C8:FD:B0:92:98:54:2C:C4:AF:65:8D:F2:2E:25:60:4E:1C:2A:03
X509v3 Authority Key Identifier:
keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/18j9sJKYVCzEr2WN8i4lYE4cKgM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:8dc::/48
2a10:a500::/32
Signature Algorithm: sha256WithRSAEncryption
50:b4:b9:25:2c:3f:68:ea:e9:45:07:fc:0d:fc:a8:8a:a6:0c:
c2:5f:38:90:47:69:a3:0b:5b:60:ad:69:f4:3c:06:c4:91:b0:
00:82:63:b0:7a:8f:24:b5:ec:06:57:14:ef:9c:0d:e2:d0:9f:
fe:99:8f:21:90:01:9a:17:a4:40:c9:67:f8:56:92:ed:05:ec:
b7:3e:4e:3c:17:ec:76:32:27:eb:a3:fc:04:99:b9:96:a1:80:
53:e0:7a:c5:87:cd:bd:ee:69:a1:c8:3f:3d:ac:56:08:52:d0:
10:ec:2c:8e:2c:ce:b3:b4:3d:04:af:4e:d5:fc:a9:e0:6a:c9:
52:dc:c2:31:98:76:f9:90:0e:26:06:0a:82:02:f9:1e:4f:0c:
7f:92:e3:11:ad:7e:c6:99:be:6f:32:73:12:ec:34:bf:8a:3e:
c8:4f:5e:ce:3c:6c:98:8f:61:b7:3e:4e:74:7c:14:25:7e:a2:
3b:8a:c7:7a:61:90:d8:2f:c7:fe:a9:8d:e5:08:90:77:d0:2d:
35:86:b7:71:d0:c2:a3:20:03:ef:6d:de:11:17:6b:49:34:65:
29:0d:88:3e:53:a7:47:08:34:35:20:eb:04:53:bd:c1:b7:71:
65:4b:ed:a1:55:f0:20:fd:23:72:a3:24:66:48:88:50:1d:11:
37:0c:9c:5d
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYrlMrQozvUOCnVqzsRC0sPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjMwOTMwMDgyNjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M4ZmRiMDkyOTg1NDJjYzRhZjY1OGRmMjJlMjU2MDRlMWMyYTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRs3QXoWxeK0huylcXafkFLBBOeS
GJe2e6XDdC9SEC9S2cx2krR84t6vZNM5CbHgLr35Rp7ObeFVXER5hSAUNSngX5WN
vvOoaGvSCVsDlqF+Wa23bdJfaH4VvgJyC+mDCo7DizngxLcdCczc/OhGhkM1kibU
cGh5sNoKecfSQUPxdHgL+PUwjWcHpUbA5Ea4fl1AkT7X7SPELTCa/Mba6pGoJNZ2
U1WjQzjuRWvG2LUNZTNFwsEPjfXnREF0grGljU/Ld6DPUUfOf0WrUr5Pmkm9gr2F
H64KkJXQlYcy5t8+9KwNzLxY2SRrYDVntgz9rEXl/G8Tg5CEFVi18LdQ/QIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFNfI/bCSmFQsxK9ljfIuJWBOHCoDMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvMThqOXNKS1lWQ3pFcjJXTjhpNGxZRTRjS2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAIAEGfAjc
AwUAKhClADANBgkqhkiG9w0BAQsFAAOCAQEAULS5JSw/aOrpRQf8DfyoiqYMwl84
kEdpowtbYK1p9DwGxJGwAIJjsHqPJLXsBlcU75wN4tCf/pmPIZABmhekQMln+FaS
7QXstz5OPBfsdjIn66P8BJm5lqGAU+B6xYfNve5pocg/PaxWCFLQEOwsjizOs7Q9
BK9O1fyp4GrJUtzCMZh2+ZAOJgYKggL5Hk8Mf5LjEa1+xpm+bzJzEuw0v4o+yE9e
zjxsmI9htz5OdHwUJX6iO4rHemGQ2C/H/qmN5QiQd9AtNYa3cdDCoyAD723eERdr
STRlKQ2IPlOnRwg0NSDrBFO9wbdxZUvtoVXwIP0jcqMkZkiIUB0RNwycXQ==
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:50:10 2025 by rpki-client