Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ihkwtleAj30-A6x0VfxXyDJF1ng.roa
File: ihkwtleAj30-A6x0VfxXyDJF1ng.roa (raw, json)
Hash identifier: vFiMsks+K+HuVZGVUjjjHaEKWGrI0aO/Y1S9hwmAQAA=
Subject key identifier: 8A:19:30:B6:57:80:8F:7D:3E:03:AC:74:55:FC:57:C8:32:45:D6:78
Certificate issuer: /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial: 018F38EB0288755E36A5E8C52D6941D72363
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ihkwtleAj30-A6x0VfxXyDJF1ng.roa
Signing time: Thu 02 May 2024 10:47:56 +0000
ROA not before: Thu 02 May 2024 10:47:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205920
IP address blocks: 2001:67c:8dc::/48 maxlen: 48
2a10:a500::/32 maxlen: 32
2a10:a500::/48 maxlen: 48
2a10:a500:10::/48 maxlen: 48
2a10:a500:1a::/48 maxlen: 48
2a10:a500:20::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:38:eb:02:88:75:5e:36:a5:e8:c5:2d:69:41:d7:23:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Validity
Not Before: May 2 10:47:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8a1930b657808f7d3e03ac7455fc57c83245d678
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:54:f2:46:61:f0:cf:c8:a4:33:b7:e5:8d:30:
10:4d:2b:5c:20:c9:89:7a:cc:f9:a3:62:23:c2:4c:
ec:7b:01:02:98:a3:66:7d:19:51:d0:5b:86:ab:12:
f8:be:9f:3e:6e:b2:09:de:c3:23:90:94:d5:4d:3f:
34:49:85:aa:19:e5:73:02:e2:8e:fa:c6:da:10:10:
55:f8:6e:77:96:59:04:36:f7:e5:58:1d:0c:03:6d:
ef:f7:eb:82:19:4b:ce:85:57:57:b2:54:1c:24:42:
13:4d:79:13:e3:ff:d6:ce:9a:6d:4d:aa:ef:fb:76:
8b:91:ce:3c:38:5f:49:d1:dc:2a:da:61:cf:47:ea:
9f:09:a0:2c:e2:0b:77:c3:94:24:b3:f2:f6:7f:54:
5b:c7:a0:e9:6d:50:3a:bd:44:16:73:df:98:91:b1:
3f:05:52:e8:6e:e3:e5:31:83:01:87:01:e8:e7:47:
1d:3f:f8:ca:78:91:91:17:7c:58:01:2c:49:39:e8:
79:b1:72:2c:17:02:8c:cf:b0:5f:8b:72:c6:01:69:
e3:27:c0:6c:7a:4d:3a:79:98:51:93:9e:8e:2b:59:
69:12:33:59:f4:dc:a0:32:eb:f3:54:4d:d7:af:a9:
e9:15:4a:19:aa:6c:11:4b:b6:6c:dc:ac:39:09:82:
81:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:19:30:B6:57:80:8F:7D:3E:03:AC:74:55:FC:57:C8:32:45:D6:78
X509v3 Authority Key Identifier:
keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/ihkwtleAj30-A6x0VfxXyDJF1ng.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:8dc::/48
2a10:a500::/32
Signature Algorithm: sha256WithRSAEncryption
22:1d:f7:1f:26:21:6b:f4:fa:55:e8:d5:02:f6:db:df:38:c8:
ba:1a:2c:23:8e:07:2e:5c:d8:87:17:02:46:5e:95:a7:c3:f3:
3e:d4:ab:9a:dc:0e:86:82:f2:60:ae:ed:48:de:a9:b9:13:1a:
26:d6:e7:9f:c2:8a:b8:01:4c:47:52:71:80:88:dc:ab:09:e0:
01:31:2a:98:b4:82:c0:7c:eb:a0:20:8b:e8:aa:85:be:82:3a:
94:4c:43:8a:03:8f:ea:6c:c7:d8:0b:19:57:39:38:0b:fa:d7:
b2:31:d4:61:bf:6a:99:d0:fe:e2:12:c6:2a:26:b0:d3:3f:83:
ea:e8:07:b0:59:bf:28:2d:95:fb:9a:90:f9:4e:46:63:e6:4b:
f3:dc:45:f2:d2:5f:2d:ca:f7:65:fe:51:ed:aa:5f:a0:17:4d:
96:e9:e0:e6:fc:f7:ee:1e:61:38:da:e0:88:b0:4b:0c:b7:ca:
e0:45:12:c3:ff:f2:f6:5e:32:d7:22:03:73:90:ec:4b:e8:53:
9a:9d:16:91:d8:4c:0c:d3:b1:ab:9c:8c:15:27:59:c0:3a:08:
20:22:ba:94:f9:25:69:92:22:b5:99:9a:e1:3f:53:f3:a0:77:
2f:41:0f:81:ca:11:91:f4:00:ae:ee:08:68:9d:1c:14:54:13:
9a:8e:29:32
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY846wKIdV42pejFLWlB1yNjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwNTAyMTA0NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTE5MzBiNjU3ODA4ZjdkM2UwM2FjNzQ1NWZjNTdjODMyNDVkNjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlTyRmHwz8ikM7fljTAQTStcIMmJ
esz5o2IjwkzsewECmKNmfRlR0FuGqxL4vp8+brIJ3sMjkJTVTT80SYWqGeVzAuKO
+sbaEBBV+G53llkENvflWB0MA23v9+uCGUvOhVdXslQcJEITTXkT4//WzpptTarv
+3aLkc48OF9J0dwq2mHPR+qfCaAs4gt3w5Qks/L2f1Rbx6DpbVA6vUQWc9+YkbE/
BVLobuPlMYMBhwHo50cdP/jKeJGRF3xYASxJOeh5sXIsFwKMz7Bfi3LGAWnjJ8Bs
ek06eZhRk56OK1lpEjNZ9NygMuvzVE3Xr6npFUoZqmwRS7Zs3Kw5CYKBoQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFIoZMLZXgI99PgOsdFX8V8gyRdZ4MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvaWhrd3RsZUFqMzAtQTZ4MFZmeFh5REpGMW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAIAEGfAjc
AwUAKhClADANBgkqhkiG9w0BAQsFAAOCAQEAIh33HyYha/T6VejVAvbb3zjIuhos
I44HLlzYhxcCRl6Vp8PzPtSrmtwOhoLyYK7tSN6puRMaJtbnn8KKuAFMR1JxgIjc
qwngATEqmLSCwHzroCCL6KqFvoI6lExDigOP6mzH2AsZVzk4C/rXsjHUYb9qmdD+
4hLGKiaw0z+D6ugHsFm/KC2V+5qQ+U5GY+ZL89xF8tJfLcr3Zf5R7apfoBdNlung
5vz37h5hONrgiLBLDLfK4EUSw//y9l4y1yIDc5DsS+hTmp0WkdhMDNOxq5yMFSdZ
wDoIICK6lPklaZIitZma4T9T86B3L0EPgcoRkfQAru4IaJ0cFFQTmo4pMg==
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:55:02 2025 by rpki-client