Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/sMVxahiEmAYE1zoDaOtTYnGz41M.roa
File: sMVxahiEmAYE1zoDaOtTYnGz41M.roa (raw, json)
Hash identifier: Lt3EuXkf3C0P13yQoqOMECxwVBFT9hccLaOjK5cStrg=
Subject key identifier: B0:C5:71:6A:18:84:98:06:04:D7:3A:03:68:EB:53:62:71:B3:E3:53
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 018E0D380FF0D4E9B5A23862D7EB7B27F14F
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/sMVxahiEmAYE1zoDaOtTYnGz41M.roa
Signing time: Tue 05 Mar 2024 06:06:01 +0000
ROA not before: Tue 05 Mar 2024 06:06:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215568
IP address blocks: 2a13:c3c0::/29 maxlen: 29
2a13:cd40::/29 maxlen: 29
2a13:d340::/29 maxlen: 29
2a13:d840::/29 maxlen: 29
2a13:df40::/29 maxlen: 29
2a13:e140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:0d:38:0f:f0:d4:e9:b5:a2:38:62:d7:eb:7b:27:f1:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Mar 5 06:06:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b0c5716a1884980604d73a0368eb536271b3e353
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:b8:2b:3f:25:06:b2:f2:b1:f4:c6:ed:7f:dd:
69:61:46:e6:b6:2e:36:13:16:e2:5d:a7:7f:10:18:
29:37:1b:63:39:d7:60:bf:a0:03:b9:96:e8:ab:77:
66:25:ec:ac:5a:68:6b:be:35:79:1e:07:de:75:0f:
b4:95:e2:91:60:2f:e7:63:4f:80:be:ed:10:bc:9d:
07:ee:3a:09:0c:35:de:6e:6d:ea:c7:d5:dc:23:11:
3e:bc:9c:2e:0e:63:cb:18:01:ff:31:83:d9:1c:62:
a6:90:2a:a9:64:32:e0:39:2b:03:4e:4c:d5:5f:fe:
72:6e:62:bc:b6:61:23:1f:b9:2f:6f:31:0c:83:56:
66:b5:e9:ca:1d:24:31:72:b2:67:e6:dc:f8:a6:93:
03:6c:80:c4:ea:e6:0e:f8:aa:f5:b6:a0:8e:74:e5:
8c:48:e4:dd:bb:e6:46:e3:01:be:7b:db:f5:58:3a:
4e:dd:ae:33:17:40:b7:c8:34:02:ef:ef:76:49:ea:
4d:3a:d4:b8:10:0f:e5:fd:a2:ee:93:70:06:ca:1e:
0f:cf:69:b4:a7:27:4c:01:aa:bd:02:25:ba:ab:d2:
d5:8a:77:26:e5:c5:83:2d:97:be:26:cd:19:89:fa:
9f:23:fb:c7:8d:c9:d5:41:a7:aa:e4:fc:f6:82:4c:
0c:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:C5:71:6A:18:84:98:06:04:D7:3A:03:68:EB:53:62:71:B3:E3:53
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/sMVxahiEmAYE1zoDaOtTYnGz41M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:c3c0::/29
2a13:cd40::/29
2a13:d340::/29
2a13:d840::/29
2a13:df40::/29
2a13:e140::/29
Signature Algorithm: sha256WithRSAEncryption
d4:17:cb:a0:41:65:5e:60:6d:21:76:66:0b:b6:c9:94:27:a9:
d2:71:7b:e2:bc:e1:6d:ce:d8:3c:96:a7:73:8a:2e:3d:b0:a5:
19:ec:53:11:2d:40:fb:16:0f:d6:32:00:01:5d:6e:d7:d7:6f:
91:96:db:06:83:02:11:ba:04:dd:98:41:b5:7a:82:98:cb:96:
d5:f6:e3:c9:71:66:6d:ce:6b:9a:fa:23:c2:97:15:b3:49:13:
9a:c8:69:3a:3f:00:7d:2d:6a:7b:84:97:5c:f1:be:66:cd:77:
10:81:cd:b0:62:d5:0a:83:5e:49:56:03:db:b4:27:ec:b1:ea:
43:27:a2:a1:3f:05:5e:81:de:ac:a3:7d:e4:45:71:4d:36:65:
26:a4:3f:5c:14:53:6d:f4:7a:82:ef:69:d0:e9:59:02:02:fd:
7c:41:11:11:c4:62:b2:a0:cf:4f:17:a2:2b:94:65:3c:7e:2c:
2b:9c:16:c3:72:9c:57:10:b6:fa:ce:21:25:fc:39:0f:fb:cc:
00:1c:46:b1:ff:2b:c0:d1:b7:0a:64:ee:4b:5d:52:f9:72:c5:
99:e5:8f:ba:d1:7c:ac:79:78:6f:d9:ed:37:8c:34:fe:80:ce:
a6:84:c6:ef:06:b6:31:99:2b:fa:c2:72:63:29:0d:13:ae:bd:
66:8f:da:37
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY4NOA/w1Om1ojhi1+t7J/FPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMzA1MDYwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM1NzE2YTE4ODQ5ODA2MDRkNzNhMDM2OGViNTM2MjcxYjNlMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rgrPyUGsvKx9Mbtf91pYUbmti42
ExbiXad/EBgpNxtjOddgv6ADuZboq3dmJeysWmhrvjV5HgfedQ+0leKRYC/nY0+A
vu0QvJ0H7joJDDXebm3qx9XcIxE+vJwuDmPLGAH/MYPZHGKmkCqpZDLgOSsDTkzV
X/5ybmK8tmEjH7kvbzEMg1ZmtenKHSQxcrJn5tz4ppMDbIDE6uYO+Kr1tqCOdOWM
SOTdu+ZG4wG+e9v1WDpO3a4zF0C3yDQC7+92SepNOtS4EA/l/aLuk3AGyh4Pz2m0
pydMAaq9AiW6q9LVincm5cWDLZe+Js0ZifqfI/vHjcnVQaeq5Pz2gkwMFwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFLDFcWoYhJgGBNc6A2jrU2Jxs+NTMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvc01WeGFoaUVtQVlFMXpvRGFPdFRZbkd6NDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKhPDwAMF
AyoTzUADBQMqE9NAAwUDKhPYQAMFAyoT30ADBQMqE+FAMA0GCSqGSIb3DQEBCwUA
A4IBAQDUF8ugQWVeYG0hdmYLtsmUJ6nScXvivOFtztg8lqdzii49sKUZ7FMRLUD7
Fg/WMgABXW7X12+RltsGgwIRugTdmEG1eoKYy5bV9uPJcWZtzmua+iPClxWzSROa
yGk6PwB9LWp7hJdc8b5mzXcQgc2wYtUKg15JVgPbtCfssepDJ6KhPwVegd6so33k
RXFNNmUmpD9cFFNt9HqC72nQ6VkCAv18QRERxGKyoM9PF6IrlGU8fiwrnBbDcpxX
ELb6ziEl/DkP+8wAHEax/yvA0bcKZO5LXVL5csWZ5Y+60XyseXhv2e03jDT+gM6m
hMbvBrYxmSv6wnJjKQ0Trr1mj9o3
-----END CERTIFICATE-----
Generated at Wed Apr 24 14:49:15 2024 by rpki-client on console-ams.rpki-client.org