Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/VRrYqDGKeVT6xE81peaCpqfLEWw.roa
File: VRrYqDGKeVT6xE81peaCpqfLEWw.roa (raw, json)
Hash identifier: RxHJsSTevuIfh6vcQXY8VkfN6Xd/KGGl51VCy8DzBPk=
Subject key identifier: 55:1A:D8:A8:31:8A:79:54:FA:C4:4F:35:A5:E6:82:A6:A7:CB:11:6C
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 018EE608E8487F05B47CFFF866B79023C3B8
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/VRrYqDGKeVT6xE81peaCpqfLEWw.roa
Signing time: Tue 16 Apr 2024 08:32:07 +0000
ROA not before: Tue 16 Apr 2024 08:32:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 216213
IP address blocks: 2a13:e0c0::/29 maxlen: 29
2a14:17c0::/29 maxlen: 29
2a14:1840::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:e6:08:e8:48:7f:05:b4:7c:ff:f8:66:b7:90:23:c3:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Apr 16 08:32:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=551ad8a8318a7954fac44f35a5e682a6a7cb116c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:03:15:e9:50:77:e7:6c:14:ea:91:a4:9e:b4:
43:3a:bb:b3:69:a7:d2:07:68:3d:d5:4d:fd:2b:f1:
7c:8f:9f:d7:05:6c:42:77:78:c0:8c:9f:7f:96:f3:
bc:8b:84:60:61:a3:13:c3:96:4f:f2:7e:7b:ad:97:
62:a3:c2:9f:d6:53:30:f3:12:eb:89:c5:31:36:41:
7e:70:05:d9:42:6b:78:22:c9:90:80:b1:cc:55:d9:
80:a7:7e:a5:8c:a4:8e:9a:0a:9f:1a:d7:b5:92:91:
1a:bf:4e:ed:a5:d4:a3:f5:be:53:c8:91:46:d2:64:
6d:05:be:52:93:a0:24:52:1d:15:d1:b1:49:78:d5:
2a:65:07:9c:c6:3f:ae:56:68:83:ea:1a:01:97:b0:
d2:ab:b1:ea:79:82:f5:48:41:27:d7:bf:04:4a:37:
3e:6d:e2:7b:d4:30:19:ce:61:af:12:73:6a:50:0e:
af:a3:e4:38:3f:5e:3b:6b:7b:32:be:3b:a8:b8:00:
5f:d1:4e:57:80:15:ea:68:f9:c2:90:1a:57:3c:03:
6b:c7:2b:38:c3:0e:1f:aa:b3:32:00:a5:70:11:0c:
68:4a:ae:db:a3:bb:4a:bf:49:02:a1:74:49:40:07:
cb:86:84:28:12:8c:3b:df:a2:71:00:6c:e1:c3:9e:
e7:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:1A:D8:A8:31:8A:79:54:FA:C4:4F:35:A5:E6:82:A6:A7:CB:11:6C
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/VRrYqDGKeVT6xE81peaCpqfLEWw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:e0c0::/29
2a14:17c0::/29
2a14:1840::/29
Signature Algorithm: sha256WithRSAEncryption
2a:bb:54:15:2d:ae:ad:01:35:92:49:8e:27:00:27:5e:b5:1d:
ff:75:4b:d3:ce:2e:37:68:de:89:c3:8f:df:68:f6:0e:ec:f0:
1e:77:b6:40:56:de:c5:10:2e:eb:39:c0:e4:e5:8e:ce:4d:f5:
a0:a0:0b:13:a6:d8:14:e8:ea:3f:4c:a2:f9:8c:8b:cf:60:95:
3d:6d:15:54:f5:8d:29:f7:03:be:45:3f:81:ed:92:f3:99:f8:
3e:f8:c0:97:a0:29:b6:05:ab:ea:f3:e4:52:d2:4d:01:d8:f8:
3f:c3:d2:0d:a3:c6:2a:90:15:23:2d:0c:1b:98:06:51:98:03:
3b:a0:7b:05:06:71:72:c6:0f:0c:d9:27:1a:b7:36:37:6f:cb:
d3:f9:73:31:78:ef:0d:89:39:59:70:b4:d6:c1:01:2f:6a:11:
2b:e5:17:8a:5c:cb:f1:a0:81:77:95:b9:62:56:19:ad:8c:57:
a3:9c:43:ba:1d:f4:b3:bb:03:68:a9:89:7b:f9:1b:14:b2:cc:
55:11:38:2b:3a:38:d0:ed:60:a8:69:aa:50:76:77:ce:d1:1a:
72:05:2d:d3:5c:9f:3a:70:4e:db:77:d8:f0:1d:2c:5e:66:46:
96:10:23:f8:49:f9:ec:72:8a:d1:67:3f:76:cd:13:a3:1b:70:
cb:b4:77:1f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7mCOhIfwW0fP/4ZreQI8O4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDE2MDgzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTFhZDhhODMxOGE3OTU0ZmFjNDRmMzVhNWU2ODJhNmE3Y2IxMTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQMV6VB352wU6pGknrRDOruzaafS
B2g91U39K/F8j5/XBWxCd3jAjJ9/lvO8i4RgYaMTw5ZP8n57rZdio8Kf1lMw8xLr
icUxNkF+cAXZQmt4IsmQgLHMVdmAp36ljKSOmgqfGte1kpEav07tpdSj9b5TyJFG
0mRtBb5Sk6AkUh0V0bFJeNUqZQecxj+uVmiD6hoBl7DSq7HqeYL1SEEn178ESjc+
beJ71DAZzmGvEnNqUA6vo+Q4P147a3syvjuouABf0U5XgBXqaPnCkBpXPANrxys4
ww4fqrMyAKVwEQxoSq7bo7tKv0kCoXRJQAfLhoQoEow736JxAGzhw57nkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFUa2KgxinlU+sRPNaXmgqanyxFsMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvVlJyWXFER0tlVlQ2eEU4MXBlYUNwcWZMRVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhPgwAMF
AyoUF8ADBQMqFBhAMA0GCSqGSIb3DQEBCwUAA4IBAQAqu1QVLa6tATWSSY4nACde
tR3/dUvTzi43aN6Jw4/faPYO7PAed7ZAVt7FEC7rOcDk5Y7OTfWgoAsTptgU6Oo/
TKL5jIvPYJU9bRVU9Y0p9wO+RT+B7ZLzmfg++MCXoCm2Bavq8+RS0k0B2Pg/w9IN
o8YqkBUjLQwbmAZRmAM7oHsFBnFyxg8M2ScatzY3b8vT+XMxeO8NiTlZcLTWwQEv
ahEr5ReKXMvxoIF3lbliVhmtjFejnEO6HfSzuwNoqYl7+RsUssxVETgrOjjQ7WCo
aapQdnfO0RpyBS3TXJ86cE7bd9jwHSxeZkaWECP4SfnscorRZz92zROjG3DLtHcf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:45 2024 by rpki-client on console-fra.rpki-client.org