Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/xbCUK-ay74J8lXSolPtqmeY1geQ.roa
File: xbCUK-ay74J8lXSolPtqmeY1geQ.roa (raw, json)
Hash identifier: a6em/zrpem4ZqGYcdIFBijvTm2yUY4H/q8J4SRUXGqM=
Subject key identifier: C5:B0:94:2B:E6:B2:EF:82:7C:95:74:A8:94:FB:6A:99:E6:35:81:E4
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 018DA8BAF73A6513CC345EC5FCE782BC6F3E
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/xbCUK-ay74J8lXSolPtqmeY1geQ.roa
Signing time: Wed 14 Feb 2024 17:47:21 +0000
ROA not before: Wed 14 Feb 2024 17:47:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215568
IP address blocks: 2a13:cd40::/29 maxlen: 29
2a13:d340::/29 maxlen: 29
2a13:d840::/29 maxlen: 29
2a13:df40::/29 maxlen: 29
2a13:e140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:a8:ba:f7:3a:65:13:cc:34:5e:c5:fc:e7:82:bc:6f:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Feb 14 17:47:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c5b0942be6b2ef827c9574a894fb6a99e63581e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:1a:09:11:ec:aa:46:ff:0e:2f:09:44:a1:83:
06:a7:17:ec:32:f7:f1:d8:0c:ee:2a:31:0c:26:4e:
39:af:0b:84:9b:34:a7:04:20:3e:d3:a1:7a:9c:53:
ee:9c:29:40:b1:a3:ed:8d:5c:16:a4:1c:cf:2e:8c:
e1:f5:f3:71:df:01:25:90:91:0c:6b:c5:b5:ce:01:
b5:ec:50:db:08:7a:c5:89:9c:29:71:41:5b:85:8d:
22:0e:ec:98:05:66:7f:b2:3f:14:ec:5f:68:f1:89:
a8:96:dd:00:5e:c4:bc:d4:35:e2:77:b1:61:61:89:
35:4f:fb:60:db:42:06:01:b8:27:46:c3:fd:6f:df:
9c:d9:9a:4e:41:11:64:38:5f:8f:88:13:36:97:35:
71:c3:3b:26:ef:d4:5c:3a:64:34:e6:77:ba:cf:11:
06:00:e8:9d:e4:1a:66:9d:43:bc:ba:50:cb:cc:1d:
64:5a:4f:b3:62:72:ad:18:4a:c9:cb:1d:3a:54:d5:
e5:db:fc:77:57:0c:d1:39:a8:24:88:e7:7c:0b:1b:
42:67:b6:98:9a:59:b8:56:ed:04:bd:bd:c4:9a:20:
90:3a:58:64:e1:04:f7:06:00:47:0f:8e:a6:de:be:
aa:2d:91:ce:30:6a:7c:3b:71:c2:5f:a7:3f:7d:84:
6e:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:B0:94:2B:E6:B2:EF:82:7C:95:74:A8:94:FB:6A:99:E6:35:81:E4
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/xbCUK-ay74J8lXSolPtqmeY1geQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a13:cd40::/29
2a13:d340::/29
2a13:d840::/29
2a13:df40::/29
2a13:e140::/29
Signature Algorithm: sha256WithRSAEncryption
dc:83:06:d5:5b:fe:2b:45:1b:e0:1f:4c:e1:c6:0d:31:6a:4b:
c3:3c:47:77:5a:86:81:40:f0:59:72:b7:ce:ab:f9:00:6f:07:
16:bc:cf:d1:4c:af:4b:47:a5:8a:bf:13:2c:42:44:c3:15:ad:
05:33:19:9d:04:29:ab:09:c3:3a:b0:ea:95:b4:b3:63:19:6b:
d8:d6:89:76:a8:b9:af:c6:a8:ed:6e:d1:de:60:f9:79:e0:ef:
06:29:c9:6f:ea:6c:15:e3:ad:96:48:65:24:27:3d:cc:26:a5:
ea:b6:c4:c8:b3:21:e1:06:46:94:33:85:a2:bc:02:7e:f5:3f:
fe:c0:c4:5c:8c:82:38:5f:7d:55:cb:c6:a7:43:6a:2b:59:32:
8f:24:a3:2b:3a:91:54:04:54:ef:c9:20:21:b8:e2:8f:23:e3:
bf:5f:45:40:3a:04:00:d3:0a:41:fe:78:aa:fa:4b:c6:9d:ac:
97:0b:9b:c5:c3:3f:6f:21:e3:c5:4c:30:34:9e:43:d5:bb:4f:
cc:c5:97:b1:73:90:3d:91:d2:49:25:02:9d:f1:6e:a9:fb:e7:
e0:ee:6e:8d:62:a3:67:9d:1f:b9:df:3e:59:15:12:9e:69:96:
0a:e5:6f:e6:d9:c2:06:e2:d3:72:25:d1:62:66:3c:0c:ab:6a:
65:84:81:0c
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAY2ouvc6ZRPMNF7F/OeCvG8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMjE0MTc0NzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIwOTQyYmU2YjJlZjgyN2M5NTc0YTg5NGZiNmE5OWU2MzU4MWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBoJEeyqRv8OLwlEoYMGpxfsMvfx
2AzuKjEMJk45rwuEmzSnBCA+06F6nFPunClAsaPtjVwWpBzPLozh9fNx3wElkJEM
a8W1zgG17FDbCHrFiZwpcUFbhY0iDuyYBWZ/sj8U7F9o8Ymolt0AXsS81DXid7Fh
YYk1T/tg20IGAbgnRsP9b9+c2ZpOQRFkOF+PiBM2lzVxwzsm79RcOmQ05ne6zxEG
AOid5BpmnUO8ulDLzB1kWk+zYnKtGErJyx06VNXl2/x3VwzROagkiOd8CxtCZ7aY
mlm4Vu0Evb3EmiCQOlhk4QT3BgBHD46m3r6qLZHOMGp8O3HCX6c/fYRuOQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFMWwlCvmsu+CfJV0qJT7apnmNYHkMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEveGJDVUstYXk3NEo4bFhTb2xQdHFtZVkxZ2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKhPNQAMF
AyoT00ADBQMqE9hAAwUDKhPfQAMFAyoT4UAwDQYJKoZIhvcNAQELBQADggEBANyD
BtVb/itFG+AfTOHGDTFqS8M8R3dahoFA8Flyt86r+QBvBxa8z9FMr0tHpYq/EyxC
RMMVrQUzGZ0EKasJwzqw6pW0s2MZa9jWiXaoua/GqO1u0d5g+Xng7wYpyW/qbBXj
rZZIZSQnPcwmpeq2xMizIeEGRpQzhaK8An71P/7AxFyMgjhffVXLxqdDaitZMo8k
oys6kVQEVO/JICG44o8j479fRUA6BADTCkH+eKr6S8adrJcLm8XDP28h48VMMDSe
Q9W7T8zFl7FzkD2R0kklAp3xbqn75+Dubo1io2edH7nfPlkVEp5plgrlb+bZwgbi
03Il0WJmPAyramWEgQw=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:25:36 2025 by rpki-client