Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/067d02-52b6-43c4-bf01-ecb5fecf7d0e/1/BrCrF-F72aP5OVowT8FW43HG5lE.roa
File: BrCrF-F72aP5OVowT8FW43HG5lE.roa (raw, json)
Hash identifier: MHTC9bdnZpqRRQzOaiCq6PTXNF04x2Jtbhg4ZxO6bAE=
Subject key identifier: 06:B0:AB:17:E1:7B:D9:A3:F9:39:5A:30:4F:C1:56:E3:71:C6:E6:51
Certificate issuer: /CN=219f8d1fba35d49835d42fcd2294008fa741da8f
Certificate serial: 0189608C90517972101DC2CDA81BA32C63B9
Authority key identifier: 21:9F:8D:1F:BA:35:D4:98:35:D4:2F:CD:22:94:00:8F:A7:41:DA:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IZ-NH7o11Jg11C_NIpQAj6dB2o8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/067d02-52b6-43c4-bf01-ecb5fecf7d0e/1/BrCrF-F72aP5OVowT8FW43HG5lE.roa
Signing time: Sun 16 Jul 2023 21:12:51 +0000
ROA not before: Sun 16 Jul 2023 21:12:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209641
IP address blocks: 2a06:ddc0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:60:8c:90:51:79:72:10:1d:c2:cd:a8:1b:a3:2c:63:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=219f8d1fba35d49835d42fcd2294008fa741da8f
Validity
Not Before: Jul 16 21:12:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=06b0ab17e17bd9a3f9395a304fc156e371c6e651
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:d0:42:ab:a4:74:e3:23:5a:db:58:24:c1:ce:
ea:53:23:e8:69:91:93:0b:e7:4b:b6:b3:48:65:04:
e1:19:fd:eb:54:f0:df:6a:2c:a1:af:20:e7:9a:a7:
ac:f5:12:2b:52:4a:04:df:5d:a5:02:1e:b4:5a:5f:
67:c0:7e:2b:b0:13:5c:a5:2e:cb:76:15:70:9a:b8:
46:0f:52:d4:b4:55:e9:26:d5:8c:4f:83:85:75:97:
2a:f4:00:3d:aa:0f:b2:e1:41:c2:a9:33:81:c9:f7:
e5:f2:ac:80:87:df:da:bf:17:b0:2e:3b:4f:ca:43:
db:f3:eb:82:50:c2:57:a3:5a:fe:84:63:d0:4a:f9:
23:f7:d4:8f:a1:e9:74:87:b9:6c:c6:5a:b8:7b:8b:
e1:ae:d2:0e:cd:ff:60:7d:82:f6:74:d9:c7:6a:79:
0e:f9:d5:ca:c1:ce:bc:58:65:85:c0:b0:6c:68:ac:
01:05:54:eb:b1:b7:d8:41:2a:93:f5:26:f7:c7:af:
05:24:52:05:0c:6e:97:ee:e8:d6:96:ad:c8:c1:94:
c2:1c:06:db:4c:6a:cf:d8:6b:c1:5b:48:4e:60:d8:
48:5a:32:90:61:82:a5:9f:55:b1:bb:41:97:75:7e:
fd:d6:fa:af:c0:24:77:14:f1:64:a5:1c:c8:05:52:
51:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:B0:AB:17:E1:7B:D9:A3:F9:39:5A:30:4F:C1:56:E3:71:C6:E6:51
X509v3 Authority Key Identifier:
keyid:21:9F:8D:1F:BA:35:D4:98:35:D4:2F:CD:22:94:00:8F:A7:41:DA:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IZ-NH7o11Jg11C_NIpQAj6dB2o8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/067d02-52b6-43c4-bf01-ecb5fecf7d0e/1/BrCrF-F72aP5OVowT8FW43HG5lE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/067d02-52b6-43c4-bf01-ecb5fecf7d0e/1/IZ-NH7o11Jg11C_NIpQAj6dB2o8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:ddc0::/29
Signature Algorithm: sha256WithRSAEncryption
7a:5e:e7:e2:2b:18:bc:49:f8:ae:8b:eb:44:84:c4:8a:65:be:
b4:ea:b7:51:b2:35:0e:27:3c:91:16:34:8a:18:3b:1d:28:3f:
84:f9:8a:8d:f7:df:7e:da:91:a9:47:ea:51:e5:50:24:8e:a8:
33:95:e2:70:bb:40:94:f5:66:18:db:1e:31:27:f6:1d:94:5c:
6a:cc:39:ff:8c:98:2b:a1:c6:48:ad:79:f7:e2:34:32:10:60:
96:34:90:72:7d:ac:61:f2:17:c0:4b:a8:56:c9:ba:26:f9:4b:
2f:ed:8f:2c:62:25:0b:65:de:5d:a3:d7:68:ce:9a:f3:db:e5:
e8:d0:93:9b:ab:0d:2b:96:f2:7a:8b:44:f4:5c:63:10:c1:de:
02:a5:ac:2e:4e:cc:4b:56:d4:b0:b1:35:f9:07:1f:df:4a:c6:
b6:c7:80:34:d0:75:df:d7:d3:e5:38:56:e1:ca:85:89:9e:62:
9d:3c:85:77:d0:f4:ab:30:d0:3d:0e:d7:1c:c2:d0:ce:6e:91:
5a:5f:bb:10:6a:95:f4:14:57:2c:ea:64:c6:4f:3b:e1:e1:e5:
07:6a:ce:af:50:80:92:26:51:da:3e:73:8d:77:30:17:d3:80:
26:32:1a:a7:b6:a8:e3:06:01:6d:d6:73:26:da:0e:cb:6a:b3:
2a:80:b0:bc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYlgjJBReXIQHcLNqBujLGO5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOWY4ZDFmYmEzNWQ0OTgzNWQ0MmZjZDIyOTQwMDhmYTc0
MWRhOGYwHhcNMjMwNzE2MjExMjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmIwYWIxN2UxN2JkOWEzZjkzOTVhMzA0ZmMxNTZlMzcxYzZlNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NBCq6R04yNa21gkwc7qUyPoaZGT
C+dLtrNIZQThGf3rVPDfaiyhryDnmqes9RIrUkoE312lAh60Wl9nwH4rsBNcpS7L
dhVwmrhGD1LUtFXpJtWMT4OFdZcq9AA9qg+y4UHCqTOByffl8qyAh9/avxewLjtP
ykPb8+uCUMJXo1r+hGPQSvkj99SPoel0h7lsxlq4e4vhrtIOzf9gfYL2dNnHankO
+dXKwc68WGWFwLBsaKwBBVTrsbfYQSqT9Sb3x68FJFIFDG6X7ujWlq3IwZTCHAbb
TGrP2GvBW0hOYNhIWjKQYYKln1Wxu0GXdX791vqvwCR3FPFkpRzIBVJRrwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAawqxfhe9mj+TlaME/BVuNxxuZRMB8GA1UdIwQY
MBaAFCGfjR+6NdSYNdQvzSKUAI+nQdqPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVotTkg3bzExSmcxMUNfTklwUUFqNmRCMm84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8wNjdkMDItNTJiNi00M2M0LWJmMDEt
ZWNiNWZlY2Y3ZDBlLzEvQnJDckYtRjcyYVA1T1Zvd1Q4Rlc0M0hHNWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8wNjdkMDItNTJiNi00M2M0LWJmMDEtZWNiNWZlY2Y3ZDBl
LzEvSVotTkg3bzExSmcxMUNfTklwUUFqNmRCMm84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgbdwDAN
BgkqhkiG9w0BAQsFAAOCAQEAel7n4isYvEn4rovrRITEimW+tOq3UbI1Dic8kRY0
ihg7HSg/hPmKjfffftqRqUfqUeVQJI6oM5XicLtAlPVmGNseMSf2HZRcasw5/4yY
K6HGSK159+I0MhBgljSQcn2sYfIXwEuoVsm6JvlLL+2PLGIlC2XeXaPXaM6a89vl
6NCTm6sNK5byeotE9FxjEMHeAqWsLk7MS1bUsLE1+Qcf30rGtseANNB139fT5ThW
4cqFiZ5inTyFd9D0qzDQPQ7XHMLQzm6RWl+7EGqV9BRXLOpkxk874eHlB2rOr1CA
kiZR2j5zjXcwF9OAJjIap7ao4wYBbdZzJtoOy2qzKoCwvA==
-----END CERTIFICATE-----
Generated at Fri Jul 21 12:13:43 2023 by rpki-client on console-fra.rpki-client.org