Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/a1i1C8xE7zeWKzdzatKDzOfGAYU.roa
File: a1i1C8xE7zeWKzdzatKDzOfGAYU.roa (raw, json)
Hash identifier: d7UDAohRjByV56gnq2G5od1/ZRSv2I1MQBgj5oiat9U=
Subject key identifier: 6B:58:B5:0B:CC:44:EF:37:96:2B:37:73:6A:D2:83:CC:E7:C6:01:85
Certificate issuer: /CN=a036af22669183ba26f23976530e349b34651968
Certificate serial: 018CC4254626E85F964E028685F86B9BFA94
Authority key identifier: A0:36:AF:22:66:91:83:BA:26:F2:39:76:53:0E:34:9B:34:65:19:68
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oDavImaRg7om8jl2Uw40mzRlGWg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/a1i1C8xE7zeWKzdzatKDzOfGAYU.roa
Signing time: Mon 01 Jan 2024 08:30:26 +0000
ROA not before: Mon 01 Jan 2024 08:30:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201844
IP address blocks: 80.64.22.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:25:46:26:e8:5f:96:4e:02:86:85:f8:6b:9b:fa:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a036af22669183ba26f23976530e349b34651968
Validity
Not Before: Jan 1 08:30:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6b58b50bcc44ef37962b37736ad283cce7c60185
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:16:d2:1f:bb:09:47:6b:c9:ff:58:4b:af:70:
1d:95:05:d5:53:f8:c4:6e:61:58:ef:3e:8c:4f:a5:
e8:57:e0:82:4d:33:f1:5b:d7:80:ed:a2:e1:fe:d9:
8f:fd:e6:80:02:cb:af:48:c5:56:44:58:c1:38:09:
31:8e:24:fd:fc:9d:c1:f1:09:99:54:c8:04:35:98:
76:b7:ee:72:5a:7a:88:de:c9:a9:55:63:df:8d:45:
b9:a8:e8:1f:a6:3b:95:21:fa:b6:b9:96:10:c4:ae:
b0:a9:00:c0:64:7c:e6:26:09:ce:a4:d6:6e:78:c1:
8d:ee:5f:ef:14:b2:d1:c3:54:91:9d:55:d7:32:1c:
f2:36:86:e8:65:ae:e6:80:ca:ed:8e:82:e2:fa:4e:
da:2a:d7:7a:64:57:eb:9d:0d:ec:f8:02:6e:ec:c6:
23:77:a8:27:f5:fe:8e:55:9b:bc:64:1e:84:be:5b:
9a:d5:5e:c1:28:cc:5c:37:ab:be:ca:7c:b0:2a:32:
cc:23:90:cd:08:8a:79:19:74:a0:10:f0:c7:df:68:
cb:46:8d:76:e6:f3:72:be:11:2a:4d:ee:81:be:69:
5a:b0:eb:36:a5:26:0f:84:fa:0d:4d:6c:cb:62:ff:
1c:f1:b5:25:39:61:ff:81:b1:34:47:23:89:39:c8:
cf:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:58:B5:0B:CC:44:EF:37:96:2B:37:73:6A:D2:83:CC:E7:C6:01:85
X509v3 Authority Key Identifier:
keyid:A0:36:AF:22:66:91:83:BA:26:F2:39:76:53:0E:34:9B:34:65:19:68
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oDavImaRg7om8jl2Uw40mzRlGWg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/a1i1C8xE7zeWKzdzatKDzOfGAYU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6ca5b6-c423-4b54-9655-7c5964990397/1/oDavImaRg7om8jl2Uw40mzRlGWg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.64.22.0/23
Signature Algorithm: sha256WithRSAEncryption
13:d1:61:a3:1c:82:d1:4f:6e:42:fa:f5:63:53:32:5b:4b:59:
05:1b:97:b6:40:00:5b:74:94:5e:76:db:ef:a9:d7:bf:70:9f:
82:aa:0a:84:b8:23:1d:84:aa:8e:1a:d4:97:d4:5f:43:2a:5d:
52:22:a4:ef:ae:bf:11:e3:fb:80:be:90:29:8d:54:62:89:57:
5d:6b:88:d8:4c:24:0b:a9:3f:cb:11:a3:51:cc:af:d8:5a:f4:
52:68:b3:3c:69:cf:74:0f:d8:c6:0f:6d:12:65:e1:7d:ca:de:
53:4e:de:a5:b3:ab:da:fe:b9:38:26:b6:88:db:10:02:e1:b0:
7a:7f:36:79:74:eb:c2:0e:88:bb:51:77:be:d4:75:99:17:2b:
ab:86:4b:a4:43:de:d9:b7:d6:eb:ac:10:d5:a2:cc:8d:3d:10:
64:c6:10:ff:fd:dc:2f:7d:4a:2c:a4:a8:b3:c9:77:da:4d:ad:
f2:28:cb:50:87:e2:20:91:95:4d:13:2f:f2:9d:61:1a:8a:95:
66:da:cd:1c:83:62:07:b3:27:db:22:ff:83:31:2d:26:b7:2e:
74:c3:ae:50:df:64:8d:dc:8e:fc:64:39:bb:32:21:96:e1:f9:
f4:b8:7e:62:7f:3b:2b:dd:cf:6b:e3:1b:36:9f:bc:12:bd:81:
82:44:08:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUYm6F+WTgKGhfhrm/qUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMzZhZjIyNjY5MTgzYmEyNmYyMzk3NjUzMGUzNDliMzQ2
NTE5NjgwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjU4YjUwYmNjNDRlZjM3OTYyYjM3NzM2YWQyODNjY2U3YzYwMTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhbSH7sJR2vJ/1hLr3AdlQXVU/jE
bmFY7z6MT6XoV+CCTTPxW9eA7aLh/tmP/eaAAsuvSMVWRFjBOAkxjiT9/J3B8QmZ
VMgENZh2t+5yWnqI3smpVWPfjUW5qOgfpjuVIfq2uZYQxK6wqQDAZHzmJgnOpNZu
eMGN7l/vFLLRw1SRnVXXMhzyNoboZa7mgMrtjoLi+k7aKtd6ZFfrnQ3s+AJu7MYj
d6gn9f6OVZu8ZB6Evlua1V7BKMxcN6u+ynywKjLMI5DNCIp5GXSgEPDH32jLRo12
5vNyvhEqTe6BvmlasOs2pSYPhPoNTWzLYv8c8bUlOWH/gbE0RyOJOcjPYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtYtQvMRO83lis3c2rSg8znxgGFMB8GA1UdIwQY
MBaAFKA2ryJmkYO6JvI5dlMONJs0ZRloMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0RhdkltYVJnN29tOGpsMlV3NDBtelJsR1dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC82Y2E1YjYtYzQyMy00YjU0LTk2NTUt
N2M1OTY0OTkwMzk3LzEvYTFpMUM4eEU3emVXS3pkemF0S0R6T2ZHQVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC82Y2E1YjYtYzQyMy00YjU0LTk2NTUtN2M1OTY0OTkwMzk3
LzEvb0RhdkltYVJnN29tOGpsMlV3NDBtelJsR1dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUEAWMA0G
CSqGSIb3DQEBCwUAA4IBAQAT0WGjHILRT25C+vVjUzJbS1kFG5e2QABbdJRedtvv
qde/cJ+CqgqEuCMdhKqOGtSX1F9DKl1SIqTvrr8R4/uAvpApjVRiiVdda4jYTCQL
qT/LEaNRzK/YWvRSaLM8ac90D9jGD20SZeF9yt5TTt6ls6va/rk4JraI2xAC4bB6
fzZ5dOvCDoi7UXe+1HWZFyurhkukQ97Zt9brrBDVosyNPRBkxhD//dwvfUospKiz
yXfaTa3yKMtQh+IgkZVNEy/ynWEaipVm2s0cg2IHsyfbIv+DMS0mty50w65Q32SN
3I78ZDm7MiGW4fn0uH5ifzsr3c9r4xs2n7wSvYGCRAhu
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:19 2025 by rpki-client