Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/_XH0xwRl937unA-hjVHCz2znwHU.roa
File: _XH0xwRl937unA-hjVHCz2znwHU.roa (raw, json)
Hash identifier: xnHuDOqZnEBb5IGGIA4Qj27VFdsLr2zuWtUodgTXegk=
Subject key identifier: FD:71:F4:C7:04:65:F7:7E:EE:9C:0F:A1:8D:51:C2:CF:6C:E7:C0:75
Certificate issuer: /CN=d24f497d157847005336b777361b1d20905c5213
Certificate serial: 018CC56E9B1C14584C019748E08097567DF4
Authority key identifier: D2:4F:49:7D:15:78:47:00:53:36:B7:77:36:1B:1D:20:90:5C:52:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0k9JfRV4RwBTNrd3NhsdIJBcUhM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/_XH0xwRl937unA-hjVHCz2znwHU.roa
Signing time: Mon 01 Jan 2024 14:30:09 +0000
ROA not before: Mon 01 Jan 2024 14:30:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212985
IP address blocks: 2a0e:9b43::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:9b:1c:14:58:4c:01:97:48:e0:80:97:56:7d:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d24f497d157847005336b777361b1d20905c5213
Validity
Not Before: Jan 1 14:30:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fd71f4c70465f77eee9c0fa18d51c2cf6ce7c075
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fb:ee:85:c6:bc:a0:b5:9a:8f:73:8c:71:21:f5:
e5:b6:86:ec:af:1c:73:0d:9c:ff:a8:6e:b3:68:6c:
5c:68:0f:65:a6:91:b8:cc:39:64:8e:4b:4f:69:ea:
af:02:ac:4d:98:85:3b:ab:ed:56:fe:07:fa:8c:bc:
81:e6:6f:32:a2:72:1e:45:7d:2b:6c:c2:c8:aa:0c:
3d:99:af:61:56:30:dd:08:ab:6c:98:7d:2d:cc:ec:
a8:d1:71:1c:14:95:5c:0f:3c:07:db:2c:22:2c:d3:
74:b3:6f:fc:0c:1d:0b:44:4f:e7:00:11:bc:4a:0a:
de:5e:c5:c8:a5:11:e7:f5:8a:45:5e:62:c8:d8:8f:
fe:69:1f:1e:d2:d2:87:95:0b:31:22:57:57:f4:6a:
ad:0a:b8:64:87:65:8b:5b:ed:7a:85:8e:a2:31:5f:
e1:90:67:b0:24:22:54:a3:63:cc:69:2a:87:f9:e6:
69:f2:d6:3d:97:75:fe:b5:4d:a3:74:23:d0:ea:0f:
3b:9a:c5:47:e0:b1:3f:44:bf:d8:6a:a1:ea:a6:b5:
cf:cb:f2:64:70:25:48:83:e8:58:d4:57:02:5d:f6:
5c:6d:56:d7:78:c5:7f:bf:30:87:53:d1:f2:60:bc:
74:bd:7e:c5:25:42:8b:8e:29:d5:e4:e8:13:f5:0b:
7a:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:71:F4:C7:04:65:F7:7E:EE:9C:0F:A1:8D:51:C2:CF:6C:E7:C0:75
X509v3 Authority Key Identifier:
keyid:D2:4F:49:7D:15:78:47:00:53:36:B7:77:36:1B:1D:20:90:5C:52:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0k9JfRV4RwBTNrd3NhsdIJBcUhM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/_XH0xwRl937unA-hjVHCz2znwHU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/0k9JfRV4RwBTNrd3NhsdIJBcUhM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:9b43::/32
Signature Algorithm: sha256WithRSAEncryption
27:06:67:0f:5f:52:e0:98:2c:86:da:39:fd:14:8c:dd:2e:e6:
ab:9e:00:e7:7f:f3:1d:5a:30:bd:59:ce:29:90:87:55:8d:97:
10:0d:95:b8:e8:8f:95:54:9e:77:c6:e3:40:85:1d:43:d7:f3:
b8:6c:4d:b1:3b:fd:51:dd:db:b4:b7:6b:cf:b1:89:3b:a6:fa:
ed:5a:50:f7:d2:e6:8d:94:c4:ee:be:b7:06:03:cd:1c:01:12:
ff:90:ca:39:7b:00:b5:0c:3d:2d:ef:cc:fc:55:64:3a:9b:82:
9f:f6:06:60:db:34:44:95:95:f0:3e:39:de:a1:1a:f3:c2:27:
e3:e4:41:42:46:4f:85:01:cd:59:f3:5e:96:01:fc:48:2f:1c:
ef:46:09:06:1c:43:d3:c6:47:04:70:17:5c:51:66:90:41:d3:
37:08:b7:0a:30:b6:36:fd:d7:89:24:29:ad:b3:99:b7:cb:34:
40:4a:5b:75:6b:d6:ca:cc:23:8c:3b:53:23:a2:c9:18:b0:49:
d3:0b:8f:d2:84:4f:3b:ec:91:be:24:e4:63:aa:e0:d6:70:2a:
56:e6:0f:02:36:bc:c9:e9:b2:36:50:49:7c:38:94:7c:14:a5:
0d:da:82:a4:3d:42:77:c5:ab:f9:90:8a:1f:9b:e1:0d:2b:48:
45:5b:1a:72
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbpscFFhMAZdI4ICXVn30MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNGY0OTdkMTU3ODQ3MDA1MzM2Yjc3NzM2MWIxZDIwOTA1
YzUyMTMwHhcNMjQwMTAxMTQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDcxZjRjNzA0NjVmNzdlZWU5YzBmYTE4ZDUxYzJjZjZjZTdjMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA++6FxrygtZqPc4xxIfXltobsrxxz
DZz/qG6zaGxcaA9lppG4zDlkjktPaeqvAqxNmIU7q+1W/gf6jLyB5m8yonIeRX0r
bMLIqgw9ma9hVjDdCKtsmH0tzOyo0XEcFJVcDzwH2ywiLNN0s2/8DB0LRE/nABG8
SgreXsXIpRHn9YpFXmLI2I/+aR8e0tKHlQsxIldX9GqtCrhkh2WLW+16hY6iMV/h
kGewJCJUo2PMaSqH+eZp8tY9l3X+tU2jdCPQ6g87msVH4LE/RL/YaqHqprXPy/Jk
cCVIg+hY1FcCXfZcbVbXeMV/vzCHU9HyYLx0vX7FJUKLjinV5OgT9Qt6GwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP1x9McEZfd+7pwPoY1Rws9s58B1MB8GA1UdIwQY
MBaAFNJPSX0VeEcAUza3dzYbHSCQXFITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGs5SmZSVjRSd0JUTnJkM05oc2RJSkJjVWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9jZjNjYTMtMWNkNy00MzEyLWJhNzMt
ODNjODU5NjIyOWZhLzEvX1hIMHh3Umw5Mzd1bkEtaGpWSEN6Mnpud0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9jZjNjYTMtMWNkNy00MzEyLWJhNzMtODNjODU5NjIyOWZh
LzEvMGs5SmZSVjRSd0JUTnJkM05oc2RJSkJjVWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6bQzAN
BgkqhkiG9w0BAQsFAAOCAQEAJwZnD19S4Jgshto5/RSM3S7mq54A53/zHVowvVnO
KZCHVY2XEA2VuOiPlVSed8bjQIUdQ9fzuGxNsTv9Ud3btLdrz7GJO6b67VpQ99Lm
jZTE7r63BgPNHAES/5DKOXsAtQw9Le/M/FVkOpuCn/YGYNs0RJWV8D453qEa88In
4+RBQkZPhQHNWfNelgH8SC8c70YJBhxD08ZHBHAXXFFmkEHTNwi3CjC2Nv3XiSQp
rbOZt8s0QEpbdWvWyswjjDtTI6LJGLBJ0wuP0oRPO+yRviTkY6rg1nAqVuYPAja8
yemyNlBJfDiUfBSlDdqCpD1Cd8Wr+ZCKH5vhDStIRVsacg==
-----END CERTIFICATE-----
Generated at Thu May 2 16:58:44 2024 by rpki-client on console-fra.rpki-client.org