Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Tfi3GpB68Au8sMfMBESGMAkqKh0.roa
File: Tfi3GpB68Au8sMfMBESGMAkqKh0.roa (raw, json)
Hash identifier: aLZpQP7yIpdEw3pdeb8tYEJawVyl1SQMj1ABv4hqcgw=
Subject key identifier: 4D:F8:B7:1A:90:7A:F0:0B:BC:B0:C7:CC:04:44:86:30:09:2A:2A:1D
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 0182E3D3EC3BA70F66835BE6C20ACB43BC2A
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Tfi3GpB68Au8sMfMBESGMAkqKh0.roa
Signing time: Sun 28 Aug 2022 09:41:32 +0000
ROA not before: Sun 28 Aug 2022 09:41:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 204339
IP address blocks: 2a0d:e244::/30 maxlen: 30
2a09:5904::/30 maxlen: 30
2a09:1a04::/30 maxlen: 30
2a0d:c1c0::/30 maxlen: 30
2a0d:cc40::/30 maxlen: 30
2a09:a800::/30 maxlen: 30
2a0d:cc44::/30 maxlen: 30
2a0d:c1c4::/30 maxlen: 30
2a0d:e240::/30 maxlen: 30
2a09:1a00::/30 maxlen: 30
2a09:5900::/30 maxlen: 30
2a09:6504::/30 maxlen: 30
2a09:6500::/30 maxlen: 30
2a09:a804::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:e3:d3:ec:3b:a7:0f:66:83:5b:e6:c2:0a:cb:43:bc:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Aug 28 09:41:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4df8b71a907af00bbcb0c7cc04448630092a2a1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:79:ee:88:41:71:0a:9f:12:64:53:e9:31:1b:
9c:df:c4:09:b4:7e:cb:2c:95:93:95:a2:f1:a7:58:
39:d5:77:49:e1:da:41:88:82:67:26:51:87:09:dc:
ad:b0:90:b4:40:af:80:15:9c:8d:61:da:26:ff:b7:
45:0d:a0:26:d9:b6:29:47:46:cd:c2:5b:a9:02:54:
4e:6c:8a:36:76:3a:83:5a:65:3b:9d:70:c3:85:cb:
81:3f:e3:38:2b:85:e3:2d:f9:8e:b6:ba:8c:3e:35:
6a:c2:aa:45:40:e8:b3:00:fa:7a:0c:a7:b3:ec:bd:
9d:ce:c9:71:f6:e2:93:e1:d7:da:af:6d:40:13:ba:
69:cd:54:45:93:6f:29:b7:f3:14:b0:00:53:dc:83:
b5:c3:62:90:95:46:ac:00:0e:7f:1a:55:58:92:9d:
94:27:e4:3e:90:4a:f1:b9:62:e3:50:79:00:92:2f:
c7:d8:e8:a9:2a:2b:c4:8d:dd:33:72:87:ac:b6:bd:
45:fc:b8:66:71:3d:4a:dd:e4:66:90:a3:db:c2:35:
91:02:14:16:e2:d5:c4:31:62:4f:1c:36:49:db:41:
6e:64:48:73:84:52:13:01:f5:8b:8f:f5:3a:af:45:
50:4c:45:4e:21:1d:37:d9:ec:d2:63:cd:0c:21:4c:
a1:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:F8:B7:1A:90:7A:F0:0B:BC:B0:C7:CC:04:44:86:30:09:2A:2A:1D
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Tfi3GpB68Au8sMfMBESGMAkqKh0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:1a00::/29
2a09:5900::/29
2a09:6500::/29
2a09:a800::/29
2a0d:c1c0::/29
2a0d:cc40::/29
2a0d:e240::/29
Signature Algorithm: sha256WithRSAEncryption
41:b9:3b:40:d3:46:cb:1d:c4:47:e4:e0:04:9c:87:11:2b:f8:
ce:5a:70:ed:c4:60:58:4f:d0:db:1c:72:f7:71:53:c9:62:a4:
fa:f9:42:52:44:09:53:e3:12:5e:f1:ff:c9:83:b9:12:dd:7d:
ab:12:d3:14:20:78:a3:9d:32:00:9a:28:9c:3f:1e:83:59:b9:
14:6f:58:fc:1f:1d:ad:23:aa:28:23:ad:24:51:ff:d7:45:4b:
30:66:76:2b:21:72:98:c4:e9:e1:1d:cc:a5:2b:1a:bc:9c:4f:
79:b4:03:d3:3d:1d:e6:06:f7:65:f5:62:0f:2d:18:23:68:61:
91:fa:dc:c0:de:1c:2e:30:33:0c:88:c9:99:17:07:12:d6:ec:
ca:8f:c0:54:85:21:91:9e:5c:5f:d7:c2:63:0d:b7:31:0d:b2:
81:d6:cb:8e:f5:33:d6:34:0d:94:53:86:fd:9d:8f:41:5b:de:
87:67:a7:03:4a:fa:4e:2c:e1:1f:d9:60:54:73:41:94:81:9b:
8a:1d:f5:07:fd:33:6a:30:fb:b4:92:2f:1c:53:f7:f0:76:be:
1e:b2:d1:fb:62:e1:58:82:95:a4:c8:aa:73:53:7f:73:95:00:
f3:64:a5:c0:7b:ce:9e:40:61:34:50:ce:df:97:7e:49:87:9c:
10:d7:6c:3a
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYLj0+w7pw9mg1vmwgrLQ7wqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjIwODI4MDk0MTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY4YjcxYTkwN2FmMDBiYmNiMGM3Y2MwNDQ0ODYzMDA5MmEyYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonnuiEFxCp8SZFPpMRuc38QJtH7L
LJWTlaLxp1g51XdJ4dpBiIJnJlGHCdytsJC0QK+AFZyNYdom/7dFDaAm2bYpR0bN
wlupAlRObIo2djqDWmU7nXDDhcuBP+M4K4XjLfmOtrqMPjVqwqpFQOizAPp6DKez
7L2dzslx9uKT4dfar21AE7ppzVRFk28pt/MUsABT3IO1w2KQlUasAA5/GlVYkp2U
J+Q+kErxuWLjUHkAki/H2OipKivEjd0zcoestr1F/LhmcT1K3eRmkKPbwjWRAhQW
4tXEMWJPHDZJ20FuZEhzhFITAfWLj/U6r0VQTEVOIR032ezSY80MIUyh+QIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFE34txqQevALvLDHzAREhjAJKiodMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvVGZpM0dwQjY4QXU4c01mTUJFU0dNQWtxS2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUDKgkaAAMF
AyoJWQADBQMqCWUAAwUDKgmoAAMFAyoNwcADBQMqDcxAAwUDKg3iQDANBgkqhkiG
9w0BAQsFAAOCAQEAQbk7QNNGyx3ER+TgBJyHESv4zlpw7cRgWE/Q2xxy93FTyWKk
+vlCUkQJU+MSXvH/yYO5Et19qxLTFCB4o50yAJoonD8eg1m5FG9Y/B8drSOqKCOt
JFH/10VLMGZ2KyFymMTp4R3MpSsavJxPebQD0z0d5gb3ZfViDy0YI2hhkfrcwN4c
LjAzDIjJmRcHEtbsyo/AVIUhkZ5cX9fCYw23MQ2ygdbLjvUz1jQNlFOG/Z2PQVve
h2enA0r6TizhH9lgVHNBlIGbih31B/0zajD7tJIvHFP38Ha+HrLR+2LhWIKVpMiq
c1N/c5UA82SlwHvOnkBhNFDO35d+SYecENdsOg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org