Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oOuU4KHejwnbqojbkr1Eh8f_H2E.roa
File: oOuU4KHejwnbqojbkr1Eh8f_H2E.roa (raw, json)
Hash identifier: 7yfDjYVMRTybm3oQrxT5VJ+5ZsQ7YjAB/+vjbK88bDI=
Subject key identifier: A0:EB:94:E0:A1:DE:8F:09:DB:AA:88:DB:92:BD:44:87:C7:FF:1F:61
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 0186217F809CFAE0D7EF89B8DEFD4D4693EB
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oOuU4KHejwnbqojbkr1Eh8f_H2E.roa
Signing time: Sun 05 Feb 2023 12:14:09 +0000
ROA not before: Sun 05 Feb 2023 12:14:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 2a11:fa80::/29 maxlen: 29
2a0e:9bc0::/29 maxlen: 29
2a0f:5b80::/29 maxlen: 29
2a0e:b3c0::/29 maxlen: 29
2a12:5780::/29 maxlen: 29
2a11:f980::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:21:7f:80:9c:fa:e0:d7:ef:89:b8:de:fd:4d:46:93:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Feb 5 12:14:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a0eb94e0a1de8f09dbaa88db92bd4487c7ff1f61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:a1:c7:5c:15:f0:8e:ef:b4:e4:66:84:99:0a:
97:9e:e2:1c:ae:e9:04:2c:e5:67:e4:68:56:4e:2c:
88:a0:95:16:ad:3f:e7:12:62:3b:5e:5a:c9:85:23:
c2:31:e2:9c:53:ec:bd:d6:93:3f:36:1a:42:28:44:
32:5b:70:7f:65:c1:bc:ee:c1:1b:ca:79:0c:5d:4d:
8a:22:f3:a2:b9:08:60:ab:d8:47:f1:54:c8:7e:9b:
52:25:c4:b9:1e:68:51:a6:66:7f:c9:e5:d1:b9:b1:
46:61:84:9e:c8:ad:2a:a8:81:42:68:d7:ab:b4:c4:
35:36:4e:9d:88:8c:93:8e:21:6d:04:85:79:ec:3d:
81:04:7d:35:27:73:70:9a:ef:be:3a:55:4e:bc:1b:
38:06:e5:50:72:09:31:4d:d4:94:6f:5a:8c:da:03:
f9:c6:a5:25:87:d3:3b:29:85:3c:72:a8:a2:83:a9:
b9:da:f0:59:93:b5:f2:87:a1:1d:d0:18:c3:da:42:
b4:66:1e:aa:84:d6:02:e3:94:98:7c:65:ec:97:86:
11:a1:1d:ed:4d:d3:0e:09:e5:6b:d5:99:63:25:fd:
58:68:2c:1c:ff:70:9b:07:b7:3c:87:06:cc:9e:ac:
ec:b6:3b:3c:1e:7a:14:9c:8f:31:35:1a:cb:fe:34:
a5:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:EB:94:E0:A1:DE:8F:09:DB:AA:88:DB:92:BD:44:87:C7:FF:1F:61
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oOuU4KHejwnbqojbkr1Eh8f_H2E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:9bc0::/29
2a0e:b3c0::/29
2a0f:5b80::/29
2a11:f980::/29
2a11:fa80::/29
2a12:5780::/29
Signature Algorithm: sha256WithRSAEncryption
2b:0f:e9:f9:e6:5d:02:de:41:45:6d:e9:48:41:03:81:3a:2e:
c1:7f:9e:f0:6e:0d:55:f0:88:4e:fc:17:41:51:19:e5:6b:aa:
42:e3:5d:57:8a:33:db:74:1b:e8:58:7d:bf:50:0e:92:5e:6f:
36:4c:27:db:62:94:70:59:7f:25:a2:5d:29:f6:56:af:75:57:
a4:02:83:69:a6:56:60:f6:c5:ac:4d:8e:da:fd:52:85:f2:a4:
dc:aa:92:77:6e:6f:6f:b0:23:e3:ad:08:c7:06:d6:23:85:52:
20:8e:61:20:44:26:0b:7d:39:4d:7e:86:76:3f:99:2d:cb:ab:
84:dc:5c:4d:95:1a:ef:cf:bd:32:97:dd:23:d2:af:58:1e:be:
7c:f2:9e:d9:80:80:64:21:31:a5:f1:56:eb:08:b7:a0:7d:e3:
45:41:55:98:85:9a:1d:85:e1:c7:94:f5:4b:49:9c:9b:64:1d:
7e:03:e6:ac:e1:7a:3c:d5:d1:d0:50:b4:91:2f:80:26:63:6f:
05:5e:b4:49:f0:c5:62:29:89:da:b6:c5:ea:fe:0e:74:29:a2:
2a:8e:98:b0:e3:ba:53:c4:20:1a:83:77:58:5c:e8:ed:73:1b:
4c:bb:85:d0:8f:96:53:e0:29:9b:bc:2e:df:a4:5b:a3:6b:bc:
43:1d:cf:52
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYYhf4Cc+uDX74m43v1NRpPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwMjA1MTIxNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGViOTRlMGExZGU4ZjA5ZGJhYTg4ZGI5MmJkNDQ4N2M3ZmYxZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKHHXBXwju+05GaEmQqXnuIcrukE
LOVn5GhWTiyIoJUWrT/nEmI7XlrJhSPCMeKcU+y91pM/NhpCKEQyW3B/ZcG87sEb
ynkMXU2KIvOiuQhgq9hH8VTIfptSJcS5HmhRpmZ/yeXRubFGYYSeyK0qqIFCaNer
tMQ1Nk6diIyTjiFtBIV57D2BBH01J3Nwmu++OlVOvBs4BuVQcgkxTdSUb1qM2gP5
xqUlh9M7KYU8cqiig6m52vBZk7Xyh6Ed0BjD2kK0Zh6qhNYC45SYfGXsl4YRoR3t
TdMOCeVr1ZljJf1YaCwc/3CbB7c8hwbMnqzstjs8HnoUnI8xNRrL/jSl1wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKDrlOCh3o8J26qI25K9RIfH/x9hMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvb091VTRLSGVqd25icW9qYmtyMUVoOGZfSDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKg6bwAMF
AyoOs8ADBQMqD1uAAwUDKhH5gAMFAyoR+oADBQMqEleAMA0GCSqGSIb3DQEBCwUA
A4IBAQArD+n55l0C3kFFbelIQQOBOi7Bf57wbg1V8IhO/BdBURnla6pC411XijPb
dBvoWH2/UA6SXm82TCfbYpRwWX8lol0p9lavdVekAoNpplZg9sWsTY7a/VKF8qTc
qpJ3bm9vsCPjrQjHBtYjhVIgjmEgRCYLfTlNfoZ2P5kty6uE3FxNlRrvz70yl90j
0q9YHr588p7ZgIBkITGl8VbrCLegfeNFQVWYhZodheHHlPVLSZybZB1+A+as4Xo8
1dHQULSRL4AmY28FXrRJ8MViKYnatsXq/g50KaIqjpiw47pTxCAag3dYXOjtcxtM
u4XQj5ZT4CmbvC7fpFuja7xDHc9S
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:06 2023 by rpki-client on console-fra.rpki-client.org