Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/0FroNECQ4EGor4w9I2LWE13j-Ck.roa
File: 0FroNECQ4EGor4w9I2LWE13j-Ck.roa (raw, json)
Hash identifier: SoFCmkk9O1m6oPdZMgAr87eeXzY0fNhFmZSoAQcUJhs=
Subject key identifier: D0:5A:E8:34:40:90:E0:41:A8:AF:8C:3D:23:62:D6:13:5D:E3:F8:29
Certificate issuer: /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial: 01856BD37595157E61DD3BA7405FBE12E57E
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/0FroNECQ4EGor4w9I2LWE13j-Ck.roa
Signing time: Sun 01 Jan 2023 05:34:58 +0000
ROA not before: Sun 01 Jan 2023 05:34:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204339
IP address blocks: 2a13:3307::/32 maxlen: 32
2a0c:f644::/30 maxlen: 30
2a06:ddc1::/32 maxlen: 32
2a06:ddc0::/32 maxlen: 32
2a0c:f640::/30 maxlen: 30
2a06:ddc3::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:d3:75:95:15:7e:61:dd:3b:a7:40:5f:be:12:e5:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Validity
Not Before: Jan 1 05:34:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d05ae8344090e041a8af8c3d2362d6135de3f829
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:ea:44:16:98:a4:76:f2:f7:a1:d1:72:58:f1:
f0:a1:ca:dc:9a:bf:d7:98:a1:e3:b0:4f:dd:59:91:
85:97:29:a7:b8:17:19:e9:90:21:6f:d3:42:95:2e:
f8:92:f5:f8:9b:28:1e:ca:9a:e4:28:c2:a8:88:4d:
0b:47:d8:6b:85:1c:51:ab:14:72:fe:d4:69:10:23:
f3:15:b3:35:f3:55:0f:d5:d0:07:f3:a7:47:dd:0a:
ae:d6:ad:d3:f0:25:fb:25:94:93:d3:d3:d1:67:16:
45:c4:3a:77:eb:32:7d:a9:b1:ba:df:42:c4:97:8a:
0d:ba:b2:87:59:98:55:3e:df:e6:1f:66:02:b6:99:
d5:5b:48:27:04:72:bb:4e:6b:01:72:2e:6b:ec:2c:
1f:dc:eb:8e:20:a2:c4:a1:b0:c2:c8:b5:7b:e4:77:
aa:27:17:25:c0:88:6f:82:e3:80:3a:2c:9b:4b:92:
4c:05:c1:fc:c0:b7:bd:b9:6d:6b:66:8a:94:62:d4:
a1:27:69:b6:ac:45:59:31:4c:6a:b6:91:ba:93:51:
74:08:26:82:40:8b:3d:99:6f:9a:a4:92:0a:da:66:
f2:91:d7:68:11:c1:f7:b9:d1:59:a7:39:6b:6d:1d:
cc:90:77:50:bb:0b:cc:cc:81:82:d9:de:62:4d:25:
7c:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:5A:E8:34:40:90:E0:41:A8:AF:8C:3D:23:62:D6:13:5D:E3:F8:29
X509v3 Authority Key Identifier:
keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/0FroNECQ4EGor4w9I2LWE13j-Ck.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:ddc0::/31
2a06:ddc3::/32
2a0c:f640::/29
2a13:3307::/32
Signature Algorithm: sha256WithRSAEncryption
4c:73:e0:02:5a:b1:50:54:3b:0f:fd:e6:22:76:e1:4d:18:eb:
83:93:14:b4:6e:b7:ef:32:56:54:d6:41:c0:2b:56:23:79:c7:
a2:3a:38:a1:44:6a:15:78:a4:f7:4a:2d:d2:bd:a2:bd:a6:a5:
54:f9:4f:b5:c0:9b:96:ed:eb:e9:8e:c8:66:d3:c9:90:1e:ea:
81:a7:8d:be:37:6b:42:61:82:46:a7:fa:87:40:37:3a:a3:b6:
16:97:ce:ab:65:ea:63:f4:98:d0:d3:79:48:51:ea:37:76:c4:
75:52:52:ca:76:ed:e2:15:1b:f2:d4:0a:50:8c:87:80:83:5a:
a8:e2:04:3c:37:e1:23:43:24:3a:3c:00:8e:49:b9:00:97:77:
49:d7:5f:f9:c6:f3:38:1a:fb:33:d2:1e:ce:9b:27:a5:bb:da:
81:64:1d:44:be:db:08:8f:7f:f5:05:f7:dd:e5:af:90:5c:21:
f0:2d:cc:2f:8c:f7:d7:ef:d8:27:a2:2a:d8:cf:37:a9:d1:3c:
3d:c8:31:b7:cc:03:6c:35:2c:f3:b2:b4:2d:e7:e9:5f:e3:fe:
af:d8:a1:c5:37:8e:cd:42:b5:a9:9a:9b:71:a8:1b:2c:86:f4:
6a:48:da:cd:b8:fc:13:42:f5:76:64:20:5e:ee:a3:dc:05:b3:
57:01:55:48
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYVr03WVFX5h3TunQF++EuV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjMwMTAxMDUzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDVhZTgzNDQwOTBlMDQxYThhZjhjM2QyMzYyZDYxMzVkZTNmODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+pEFpikdvL3odFyWPHwocrcmr/X
mKHjsE/dWZGFlymnuBcZ6ZAhb9NClS74kvX4mygeyprkKMKoiE0LR9hrhRxRqxRy
/tRpECPzFbM181UP1dAH86dH3Qqu1q3T8CX7JZST09PRZxZFxDp36zJ9qbG630LE
l4oNurKHWZhVPt/mH2YCtpnVW0gnBHK7TmsBci5r7Cwf3OuOIKLEobDCyLV75Heq
JxclwIhvguOAOiybS5JMBcH8wLe9uW1rZoqUYtShJ2m2rEVZMUxqtpG6k1F0CCaC
QIs9mW+apJIK2mbykddoEcH3udFZpzlrbR3MkHdQuwvMzIGC2d5iTSV8iQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNBa6DRAkOBBqK+MPSNi1hNd4/gpMB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEvMEZyb05FQ1E0RUdvcjR3OUkyTFdFMTNqLUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUBKgbdwAMF
ACoG3cMDBQMqDPZAAwUAKhMzBzANBgkqhkiG9w0BAQsFAAOCAQEATHPgAlqxUFQ7
D/3mInbhTRjrg5MUtG637zJWVNZBwCtWI3nHojo4oURqFXik90ot0r2ivaalVPlP
tcCblu3r6Y7IZtPJkB7qgaeNvjdrQmGCRqf6h0A3OqO2FpfOq2XqY/SY0NN5SFHq
N3bEdVJSynbt4hUb8tQKUIyHgINaqOIEPDfhI0MkOjwAjkm5AJd3Sddf+cbzOBr7
M9IezpsnpbvagWQdRL7bCI9/9QX33eWvkFwh8C3ML4z31+/YJ6Iq2M83qdE8Pcgx
t8wDbDUs87K0LefpX+P+r9ihxTeOzUK1qZqbcagbLIb0akjazbj8E0L1dmQgXu6j
3AWzVwFVSA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:34 2023 by rpki-client on console-ams.rpki-client.org