Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/8BIQzLKotPSBOp1CQhX7AdmhWnM.roa
File: 8BIQzLKotPSBOp1CQhX7AdmhWnM.roa (raw, json)
Hash identifier: cowBgS5FlTvSwKt6A9nYRjuM7BMH80+WBbD4MkxeJ2s=
Subject key identifier: F0:12:10:CC:B2:A8:B4:F4:81:3A:9D:42:42:15:FB:01:D9:A1:5A:73
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 018DA8BBE27BD60105D837B8815AF931247A
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/8BIQzLKotPSBOp1CQhX7AdmhWnM.roa
Signing time: Wed 14 Feb 2024 17:48:21 +0000
ROA not before: Wed 14 Feb 2024 17:48:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 216213
IP address blocks: 2a13:e0c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:a8:bb:e2:7b:d6:01:05:d8:37:b8:81:5a:f9:31:24:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Feb 14 17:48:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f01210ccb2a8b4f4813a9d424215fb01d9a15a73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:6c:c5:bd:e3:a4:d0:a8:18:75:61:bc:b0:16:
23:5a:a7:0b:64:77:de:b7:0b:a2:67:2d:87:26:47:
61:51:52:65:46:80:91:6c:72:84:b6:e8:14:90:d1:
8d:b5:fa:7c:4f:34:b9:47:21:76:f9:ae:96:5a:2f:
9e:b0:15:37:05:38:ab:da:4a:ef:b3:56:31:fb:d9:
8a:f6:e3:d1:08:06:25:4b:29:f7:72:3e:9f:3f:96:
c8:cc:b3:33:be:33:1f:e1:8f:77:5c:15:b7:b3:3c:
c8:92:37:be:8f:a4:45:b1:93:40:e2:b4:fb:df:85:
49:5a:81:08:81:ee:bb:24:c1:6d:50:69:2b:d9:f0:
ec:a0:5a:79:33:23:7e:90:b8:6a:88:5d:59:7d:5d:
fa:87:34:30:e1:77:8a:8d:ad:f5:81:ee:d4:cd:1c:
9b:b3:63:c6:4b:ef:a2:68:3e:86:44:4c:2e:1c:97:
51:ea:78:14:cd:68:9a:bf:9f:0b:97:d5:78:a5:a5:
28:b4:a2:be:0b:29:65:51:e3:b7:f0:fb:a0:c3:79:
7f:72:a5:8b:4d:18:fe:3c:d7:8d:eb:db:ec:c2:23:
b4:0b:75:3e:99:c7:60:ab:a6:41:0e:c0:a1:22:f9:
29:f8:39:70:5d:66:00:0d:81:5c:91:2e:62:bb:48:
81:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:12:10:CC:B2:A8:B4:F4:81:3A:9D:42:42:15:FB:01:D9:A1:5A:73
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/8BIQzLKotPSBOp1CQhX7AdmhWnM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:e0c0::/29
Signature Algorithm: sha256WithRSAEncryption
1b:41:3f:54:c6:22:60:c0:5b:4c:40:62:63:e0:10:93:8e:78:
ff:42:88:0b:42:d7:1e:19:50:2b:63:5f:f7:14:0a:9e:c8:4b:
0c:45:5f:24:67:7a:b3:31:c2:66:9e:39:47:6e:80:cb:85:67:
e1:74:ef:42:7c:29:a2:70:84:88:5b:91:da:02:cf:ea:2c:77:
cd:81:ec:7b:23:5a:9c:28:38:5e:89:26:70:57:91:71:a0:48:
36:21:53:f4:1c:ec:b3:ba:a0:a7:8b:e5:77:6e:de:7a:8b:19:
84:8c:e1:cd:f5:91:9a:5e:96:36:d0:49:04:9b:f8:25:9c:fb:
d2:00:38:46:cf:3f:72:88:a7:52:04:ec:18:42:9d:d0:dd:4d:
3d:b6:49:d6:a7:74:cd:ad:15:df:92:52:9d:cb:0e:b3:83:d3:
c7:78:18:8f:16:d4:69:f1:f8:2b:09:0b:b5:1e:83:a6:88:31:
4a:d4:15:38:7a:f6:c8:11:20:ad:1f:e7:d9:4f:54:9f:05:d3:
14:66:45:55:d4:9f:da:dc:c8:4c:31:e4:4a:4e:96:34:70:15:
0c:35:20:35:51:4e:ea:0a:3e:5f:1b:63:12:cf:82:12:52:10:
6f:ac:29:9f:5c:40:ab:f2:0b:11:37:f4:c1:b5:2f:d7:3b:37:
14:30:22:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY2ou+J71gEF2De4gVr5MSR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMjE0MTc0ODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDEyMTBjY2IyYThiNGY0ODEzYTlkNDI0MjE1ZmIwMWQ5YTE1YTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmzFveOk0KgYdWG8sBYjWqcLZHfe
twuiZy2HJkdhUVJlRoCRbHKEtugUkNGNtfp8TzS5RyF2+a6WWi+esBU3BTir2krv
s1Yx+9mK9uPRCAYlSyn3cj6fP5bIzLMzvjMf4Y93XBW3szzIkje+j6RFsZNA4rT7
34VJWoEIge67JMFtUGkr2fDsoFp5MyN+kLhqiF1ZfV36hzQw4XeKja31ge7UzRyb
s2PGS++iaD6GREwuHJdR6ngUzWiav58Ll9V4paUotKK+CyllUeO38Pugw3l/cqWL
TRj+PNeN69vswiO0C3U+mcdgq6ZBDsChIvkp+DlwXWYADYFckS5iu0iBZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPASEMyyqLT0gTqdQkIV+wHZoVpzMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOEJJUXpMS290UFNCT3AxQ1FoWDdBZG1oV25NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPgwDAN
BgkqhkiG9w0BAQsFAAOCAQEAG0E/VMYiYMBbTEBiY+AQk454/0KIC0LXHhlQK2Nf
9xQKnshLDEVfJGd6szHCZp45R26Ay4Vn4XTvQnwponCEiFuR2gLP6ix3zYHseyNa
nCg4XokmcFeRcaBINiFT9Bzss7qgp4vld27eeosZhIzhzfWRml6WNtBJBJv4JZz7
0gA4Rs8/coinUgTsGEKd0N1NPbZJ1qd0za0V35JSncsOs4PTx3gYjxbUafH4KwkL
tR6DpogxStQVOHr2yBEgrR/n2U9UnwXTFGZFVdSf2tzITDHkSk6WNHAVDDUgNVFO
6go+XxtjEs+CElIQb6wpn1xAq/ILETf0wbUv1zs3FDAiVw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:05:24 2025 by rpki-client