Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/5ZZtcXbAILAl16cD_mznmm9TegY.roa
File: 5ZZtcXbAILAl16cD_mznmm9TegY.roa (raw, json)
Hash identifier: BqKdtHngrGiZdbuHRn8FiR9am05YEroGNajxy22p42g=
Subject key identifier: E5:96:6D:71:76:C0:20:B0:25:D7:A7:03:FE:6C:E7:9A:6F:53:7A:06
Certificate issuer: /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial: 03BB3EAE
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/5ZZtcXbAILAl16cD_mznmm9TegY.roa
Signing time: Sat 01 Jan 2022 14:08:26 +0000
ROA not before: Sat 01 Jan 2022 14:08:26 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 201341
IP address blocks: 2a0a:eb00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 62602926 (0x3bb3eae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
Validity
Not Before: Jan 1 14:08:26 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e5966d7176c020b025d7a703fe6ce79a6f537a06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:c4:de:f8:12:1a:e2:d9:71:f2:1e:03:66:52:
76:6b:c6:eb:80:fe:c4:84:3d:21:20:b3:6b:8c:71:
ea:25:80:54:5a:59:85:f0:e1:06:66:77:1b:6b:ca:
d0:ca:0e:62:c7:69:6f:96:6b:fc:38:7b:5b:5e:5c:
db:7f:ce:1a:c1:b1:55:a0:4a:b8:65:d7:c8:60:09:
63:8e:b9:4b:88:b8:b7:b4:07:04:30:37:2e:fb:49:
06:13:9d:2b:ff:8a:b1:2e:8f:ca:98:bc:7b:cd:1e:
bf:b9:8c:e8:cf:2d:43:4b:90:b9:3a:ee:24:69:27:
75:ab:4a:d1:a7:02:37:eb:a4:c1:dd:85:86:d9:d9:
d9:f6:2c:03:41:10:7d:04:90:be:34:ba:ec:f8:69:
f2:45:22:1d:f3:04:42:c8:e6:e4:67:84:59:6a:88:
60:11:20:97:98:ec:54:6a:89:93:90:5f:cb:1a:28:
4f:4e:a2:d9:ca:17:00:b6:8e:f0:2b:d2:70:65:7c:
28:57:1a:ec:54:eb:e3:16:db:47:40:27:14:41:d0:
19:f4:c7:be:fc:67:61:85:bb:98:6d:c5:3e:bd:97:
89:75:45:96:e3:9a:08:b4:40:4d:08:8b:af:1f:b7:
c2:fc:9d:81:e5:fd:63:4d:cc:86:ca:4c:f1:a0:be:
1b:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:96:6D:71:76:C0:20:B0:25:D7:A7:03:FE:6C:E7:9A:6F:53:7A:06
X509v3 Authority Key Identifier:
keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/5ZZtcXbAILAl16cD_mznmm9TegY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:eb00::/29
Signature Algorithm: sha256WithRSAEncryption
6c:64:04:0f:01:6f:ed:a1:fa:23:cd:c1:b0:23:0e:49:d0:a5:
79:26:99:70:05:9f:30:4c:7d:5f:34:b4:b7:bf:a4:1f:41:ea:
63:97:58:3a:38:a4:92:29:c1:5a:93:43:73:47:0f:65:dc:8a:
0e:e1:d5:a9:45:b6:3d:1a:a9:d8:56:4a:85:8a:08:f6:27:26:
72:65:4b:02:51:67:6b:e3:90:02:e3:22:71:87:0b:87:d5:ba:
70:22:2f:53:1e:d6:ce:ac:8c:c1:72:a9:26:6d:05:af:d8:58:
a4:13:38:b9:98:ab:28:f4:a3:b8:d3:8d:06:d9:ce:e6:38:c2:
3c:4c:75:1d:d4:5a:26:74:d6:dc:16:aa:ec:02:c6:8d:7f:a2:
94:8e:f5:bc:c6:7a:8d:ee:06:1f:a0:d7:be:5b:71:f8:d0:de:
2c:bc:53:ac:d1:36:67:93:64:18:69:e2:cb:d1:41:67:91:87:
b6:78:85:06:9a:0a:f1:ce:83:a1:3a:dc:19:53:92:80:85:10:
68:ba:c8:ba:10:59:42:d6:16:43:60:18:f9:e6:ff:c9:3c:cf:
86:6d:2d:5e:12:85:02:6f:bf:01:a1:1f:0a:97:d2:2b:4a:52:
ac:a8:f0:e8:18:2a:f1:c7:ac:f7:62:f8:7c:40:93:df:35:fa:
65:bd:0e:13
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIEA7s+rjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MTAyMWIyNTIyMjI5OTdiZmUzM2I3ZTRiMzE1YWM4ZDVlMDY3OTU0MB4XDTIyMDEw
MTE0MDgyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTU5NjZkNzE3NmMw
MjBiMDI1ZDdhNzAzZmU2Y2U3OWE2ZjUzN2EwNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALzE3vgSGuLZcfIeA2ZSdmvG64D+xIQ9ISCza4xx6iWAVFpZ
hfDhBmZ3G2vK0MoOYsdpb5Zr/Dh7W15c23/OGsGxVaBKuGXXyGAJY465S4i4t7QH
BDA3LvtJBhOdK/+KsS6Pypi8e80ev7mM6M8tQ0uQuTruJGkndatK0acCN+ukwd2F
htnZ2fYsA0EQfQSQvjS67Php8kUiHfMEQsjm5GeEWWqIYBEgl5jsVGqJk5Bfyxoo
T06i2coXALaO8CvScGV8KFca7FTr4xbbR0AnFEHQGfTHvvxnYYW7mG3FPr2XiXVF
luOaCLRATQiLrx+3wvydgeX9Y03MhspM8aC+G70CAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBTllm1xdsAgsCXXpwP+bOeab1N6BjAfBgNVHSMEGDAWgBQhAhslIiKZe/4z
t+SzFayNXgZ5VDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lRSWJKU0lpbVh2LU03ZmtzeFdzalY0R2VWUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWQvNTkyOTRjLTBmMjQtNDBjNS1iNWMzLTZlYWM2MmU2MGRmNy8x
LzVaWnRjWGJBSUxBbDE2Y0RfbXpubW05VGVnWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQv
NTkyOTRjLTBmMjQtNDBjNS1iNWMzLTZlYWM2MmU2MGRmNy8xL0lRSWJKU0lpbVh2
LU03ZmtzeFdzalY0R2VWUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoK6wAwDQYJKoZIhvcNAQELBQAD
ggEBAGxkBA8Bb+2h+iPNwbAjDknQpXkmmXAFnzBMfV80tLe/pB9B6mOXWDo4pJIp
wVqTQ3NHD2Xcig7h1alFtj0aqdhWSoWKCPYnJnJlSwJRZ2vjkALjInGHC4fVunAi
L1Me1s6sjMFyqSZtBa/YWKQTOLmYqyj0o7jTjQbZzuY4wjxMdR3UWiZ01twWquwC
xo1/opSO9bzGeo3uBh+g175bcfjQ3iy8U6zRNmeTZBhp4svRQWeRh7Z4hQaaCvHO
g6E63BlTkoCFEGi6yLoQWULWFkNgGPnm/8k8z4ZtLV4ShQJvvwGhHwqX0itKUqyo
8OgYKvHHrPdi+HxAk981+mW9DhM=
-----END CERTIFICATE-----
Generated at Thu Apr 17 20:01:11 2025 by rpki-client