Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/9ZQc8sJ8C63WdY3YH0gsT4N1qwA.roa
File: 9ZQc8sJ8C63WdY3YH0gsT4N1qwA.roa (raw, json)
Hash identifier: LhxKJbISlpxUNFH96Omlt6Y1rE5/pbPLIQkrZ6uT5pw=
Subject key identifier: F5:94:1C:F2:C2:7C:0B:AD:D6:75:8D:D8:1F:48:2C:4F:83:75:AB:00
Certificate issuer: /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial: 01856BD3735DF4027F5F90503CFA16999B5C
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/9ZQc8sJ8C63WdY3YH0gsT4N1qwA.roa
Signing time: Sun 01 Jan 2023 05:34:57 +0000
ROA not before: Sun 01 Jan 2023 05:34:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12608
IP address blocks: 2a06:ddc7::/32 maxlen: 32
2a13:3305::/32 maxlen: 32
2a06:ddc6::/32 maxlen: 32
2a06:ddc4::/32 maxlen: 32
2a13:3304::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:d3:73:5d:f4:02:7f:5f:90:50:3c:fa:16:99:9b:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Validity
Not Before: Jan 1 05:34:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f5941cf2c27c0badd6758dd81f482c4f8375ab00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:3a:ee:ca:ce:61:6f:b1:84:03:66:79:77:28:
1b:d0:b1:a3:11:94:b9:b5:eb:8b:21:4a:72:1f:b9:
65:0e:ea:89:39:eb:e4:fb:d8:e5:23:5b:53:4a:bb:
40:39:31:ba:2c:a1:a5:d4:bd:81:b2:cb:d5:c4:f1:
54:91:d8:8c:eb:e5:0f:e3:39:7b:0c:fd:1c:99:27:
58:cc:3d:20:5c:86:6b:d5:c3:48:0e:cb:e6:20:49:
c2:83:28:09:59:e3:54:8c:19:44:1b:b9:7f:b6:bc:
84:bf:41:6c:c1:6d:84:02:af:80:79:e5:db:45:0e:
5a:bf:71:96:5c:c3:58:c1:50:a1:8e:a2:19:dd:44:
2e:1f:1c:c1:a8:98:37:57:fb:50:4a:cf:01:85:bf:
2b:86:fa:e2:51:73:d2:c6:28:53:64:66:fb:0e:a9:
00:26:0b:fb:22:32:4c:84:97:08:45:35:f3:f7:15:
c0:ce:53:0c:be:2d:3c:93:fb:22:48:3b:1f:1f:ab:
57:73:af:58:70:f9:23:77:8c:57:c9:4d:96:6f:d2:
f8:a5:96:5d:c3:ad:64:fc:63:a3:f1:b9:00:4b:d0:
20:8d:e5:00:93:be:bd:b8:58:d0:5d:bb:69:61:ad:
0f:e8:ff:40:f1:aa:98:0f:98:8d:06:f5:a1:2f:9b:
8a:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:94:1C:F2:C2:7C:0B:AD:D6:75:8D:D8:1F:48:2C:4F:83:75:AB:00
X509v3 Authority Key Identifier:
keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/9ZQc8sJ8C63WdY3YH0gsT4N1qwA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:ddc4::/32
2a06:ddc6::/31
2a13:3304::/31
Signature Algorithm: sha256WithRSAEncryption
7f:0e:4e:d4:c5:14:fd:6f:af:be:98:8d:95:3c:c9:6f:94:53:
fc:03:4d:9d:dc:63:26:c8:2c:23:b5:75:e7:68:da:58:ac:22:
a4:ad:d9:68:5c:6e:3b:84:b3:4d:c9:8e:62:fa:b4:91:f9:13:
88:d3:04:bb:fc:cb:e8:e9:ca:cb:34:91:81:0a:a9:42:8a:d9:
b9:34:e9:3f:dd:bc:10:2d:59:10:f1:13:9c:a1:c4:76:10:7a:
05:e9:5a:be:7f:a5:43:a9:72:01:73:d1:24:f1:ac:9c:96:4d:
6c:f0:06:d7:30:fd:8d:23:37:fc:cb:8b:a7:46:a2:b0:c9:e1:
8e:0e:a7:6c:be:17:d2:49:29:35:98:5a:22:35:83:c8:85:95:
d3:46:fe:cc:5b:ff:fc:c3:f9:ca:c3:37:c5:2c:81:59:f3:fe:
21:3f:98:f2:c1:77:1d:3d:28:df:81:ff:78:5b:e2:ec:da:be:
f9:7a:59:8b:e7:b6:b7:6c:a4:a0:05:ac:6b:3c:33:64:8c:c5:
2e:08:dc:b8:7b:b9:fd:76:fb:5d:51:3b:e6:70:c5:fa:c4:b5:
10:72:b2:34:ee:02:b4:32:1f:0c:39:ce:70:f9:56:77:f4:06:
0f:41:66:9c:ee:5b:03:68:de:8a:3b:54:b2:f3:af:4d:e3:23:
44:30:b4:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVr03Nd9AJ/X5BQPPoWmZtcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjMwMTAxMDUzNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTk0MWNmMmMyN2MwYmFkZDY3NThkZDgxZjQ4MmM0ZjgzNzVhYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTruys5hb7GEA2Z5dygb0LGjEZS5
teuLIUpyH7llDuqJOevk+9jlI1tTSrtAOTG6LKGl1L2BssvVxPFUkdiM6+UP4zl7
DP0cmSdYzD0gXIZr1cNIDsvmIEnCgygJWeNUjBlEG7l/tryEv0FswW2EAq+AeeXb
RQ5av3GWXMNYwVChjqIZ3UQuHxzBqJg3V/tQSs8Bhb8rhvriUXPSxihTZGb7DqkA
Jgv7IjJMhJcIRTXz9xXAzlMMvi08k/siSDsfH6tXc69YcPkjd4xXyU2Wb9L4pZZd
w61k/GOj8bkAS9AgjeUAk769uFjQXbtpYa0P6P9A8aqYD5iNBvWhL5uKQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPWUHPLCfAut1nWN2B9ILE+DdasAMB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEvOVpRYzhzSjhDNjNXZFkzWUgwZ3NUNE4xcXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgbdxAMF
ASoG3cYDBQEqEzMEMA0GCSqGSIb3DQEBCwUAA4IBAQB/Dk7UxRT9b6++mI2VPMlv
lFP8A02d3GMmyCwjtXXnaNpYrCKkrdloXG47hLNNyY5i+rSR+ROI0wS7/Mvo6crL
NJGBCqlCitm5NOk/3bwQLVkQ8ROcocR2EHoF6Vq+f6VDqXIBc9Ek8ayclk1s8AbX
MP2NIzf8y4unRqKwyeGODqdsvhfSSSk1mFoiNYPIhZXTRv7MW//8w/nKwzfFLIFZ
8/4hP5jywXcdPSjfgf94W+Ls2r75elmL57a3bKSgBaxrPDNkjMUuCNy4e7n9dvtd
UTvmcMX6xLUQcrI07gK0Mh8MOc5w+VZ39AYPQWac7lsDaN6KO1Sy869N4yNEMLSC
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:34 2023 by rpki-client on console-ams.rpki-client.org