Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/janXJsKWYvVNtkvEWX1uB08Nd9w.roa
File: janXJsKWYvVNtkvEWX1uB08Nd9w.roa (raw, json)
Hash identifier: /VVgyvlTfepJF0hZglzG3G5SaOLgcnCU4YI213sYIqg=
Subject key identifier: 8D:A9:D7:26:C2:96:62:F5:4D:B6:4B:C4:59:7D:6E:07:4F:0D:77:DC
Certificate issuer: /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial: 01833166E49A8692705EEDD3829BE5BD3A24
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/janXJsKWYvVNtkvEWX1uB08Nd9w.roa
Signing time: Mon 12 Sep 2022 11:12:50 +0000
ROA not before: Mon 12 Sep 2022 11:12:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 204084
IP address blocks: 2a0b:8040::/29 maxlen: 29
2a0b:e9c0::/29 maxlen: 29
2a0c:5d00::/29 maxlen: 29
2a13:3301::/32 maxlen: 32
2a13:3302::/32 maxlen: 32
2a03:f7c0::/29 maxlen: 29
2a0c:65c0::/29 maxlen: 29
2a0b:d900::/29 maxlen: 29
2a13:3300::/32 maxlen: 32
2a0c:6980::/29 maxlen: 29
2a0c:5c0::/29 maxlen: 29
2a13:3303::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:31:66:e4:9a:86:92:70:5e:ed:d3:82:9b:e5:bd:3a:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Validity
Not Before: Sep 12 11:12:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8da9d726c29662f54db64bc4597d6e074f0d77dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:ed:51:34:6e:ef:2f:84:c8:d6:e0:ec:33:ce:
ea:78:71:34:22:b8:c6:75:9e:4d:a2:e0:2c:3a:57:
63:90:18:41:ba:89:5e:15:74:cf:c4:f1:56:83:aa:
ef:e2:dc:0d:57:38:f2:1d:f8:14:84:96:7a:4e:36:
2b:d6:47:dc:0e:a3:41:0c:8d:e4:52:a2:60:a5:31:
7e:3c:92:6e:0d:35:41:7b:91:2c:90:51:44:db:82:
b6:a4:3a:82:3b:d8:1d:ca:b6:1c:04:bc:2b:33:63:
8c:07:f4:45:e6:58:30:b3:57:f0:17:69:2b:4c:0d:
8f:1d:38:50:dd:db:09:1e:42:8d:5a:79:68:e0:aa:
43:02:79:f9:48:b2:59:5e:75:01:ee:06:5e:fd:b1:
9b:37:31:aa:cf:01:45:54:2d:77:bd:32:da:75:e8:
a5:3e:9d:c7:31:19:92:57:50:a4:c9:ac:54:a9:dc:
12:a4:8d:f0:36:0f:72:5e:70:b5:c4:4b:58:7a:3c:
b8:18:48:60:ef:40:20:ee:b1:1a:c2:27:6f:03:f0:
60:27:74:3b:84:42:c6:94:07:84:e1:19:2f:08:bb:
f6:09:b1:80:40:9e:61:01:a5:7a:4c:a5:85:d7:b8:
ab:3c:a5:5a:d9:9b:b5:6a:ce:28:01:d9:bc:6f:f2:
6f:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:A9:D7:26:C2:96:62:F5:4D:B6:4B:C4:59:7D:6E:07:4F:0D:77:DC
X509v3 Authority Key Identifier:
keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/janXJsKWYvVNtkvEWX1uB08Nd9w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a03:f7c0::/29
2a0b:8040::/29
2a0b:d900::/29
2a0b:e9c0::/29
2a0c:5c0::/29
2a0c:5d00::/29
2a0c:65c0::/29
2a0c:6980::/29
2a13:3300::/30
Signature Algorithm: sha256WithRSAEncryption
29:b2:c1:d4:04:01:5b:18:23:f8:6e:64:99:ba:d2:e5:b3:dd:
67:6d:2c:e3:4a:3c:a8:95:33:38:40:7a:0f:04:79:64:c0:5f:
32:bd:10:15:be:f5:ca:4b:ac:1a:d5:ca:d9:a6:68:96:53:b1:
c0:c9:4b:56:b1:fc:08:93:1c:b8:a7:d9:de:43:a8:54:bf:aa:
37:ce:08:57:75:a1:1a:ef:cd:47:33:70:a2:3f:03:a7:8c:fb:
fe:eb:56:0c:ad:a3:1f:98:8d:cc:e0:ff:7d:04:aa:24:28:bb:
8c:bc:26:89:15:71:b0:1e:3b:c0:5b:7c:34:5d:46:b0:1c:e1:
a4:4f:65:56:a0:ac:4e:29:7c:f4:e9:aa:fb:c1:19:32:b5:ff:
a9:a0:03:6c:42:80:ac:2a:df:09:6c:ea:fe:7d:77:b2:f5:ae:
35:b1:60:35:3b:9f:6b:a7:27:bf:34:0c:a9:05:1a:74:60:30:
b3:9a:6f:7b:99:0f:25:17:2e:4d:31:c6:44:4e:65:5f:32:21:
b3:fd:7a:81:9f:e5:a7:31:67:08:26:cf:47:32:36:30:cf:3b:
49:88:fe:ab:27:d6:20:af:d9:e9:a3:1b:5c:e4:43:56:51:ee:
13:38:a4:23:2e:50:ad:9a:fc:06:fa:09:1a:6b:6a:d4:a7:2b:
1b:91:ea:b6
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYMxZuSahpJwXu3TgpvlvTokMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjIwOTEyMTExMjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGE5ZDcyNmMyOTY2MmY1NGRiNjRiYzQ1OTdkNmUwNzRmMGQ3N2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9u1RNG7vL4TI1uDsM87qeHE0IrjG
dZ5NouAsOldjkBhBuoleFXTPxPFWg6rv4twNVzjyHfgUhJZ6TjYr1kfcDqNBDI3k
UqJgpTF+PJJuDTVBe5EskFFE24K2pDqCO9gdyrYcBLwrM2OMB/RF5lgws1fwF2kr
TA2PHThQ3dsJHkKNWnlo4KpDAnn5SLJZXnUB7gZe/bGbNzGqzwFFVC13vTLadeil
Pp3HMRmSV1CkyaxUqdwSpI3wNg9yXnC1xEtYejy4GEhg70Ag7rEawidvA/BgJ3Q7
hELGlAeE4RkvCLv2CbGAQJ5hAaV6TKWF17irPKVa2Zu1as4oAdm8b/JvJwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFI2p1ybClmL1TbZLxFl9bgdPDXfcMB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEvamFuWEpzS1dZdlZOdGt2RVdYMXVCMDhOZDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgP3wAMF
AyoLgEADBQMqC9kAAwUDKgvpwAMFAyoMBcADBQMqDF0AAwUDKgxlwAMFAyoMaYAD
BQIqEzMAMA0GCSqGSIb3DQEBCwUAA4IBAQApssHUBAFbGCP4bmSZutLls91nbSzj
SjyolTM4QHoPBHlkwF8yvRAVvvXKS6wa1crZpmiWU7HAyUtWsfwIkxy4p9neQ6hU
v6o3zghXdaEa781HM3CiPwOnjPv+61YMraMfmI3M4P99BKokKLuMvCaJFXGwHjvA
W3w0XUawHOGkT2VWoKxOKXz06ar7wRkytf+poANsQoCsKt8JbOr+fXey9a41sWA1
O59rpye/NAypBRp0YDCzmm97mQ8lFy5NMcZETmVfMiGz/XqBn+WnMWcIJs9HMjYw
zztJiP6rJ9Ygr9npoxtc5ENWUe4TOKQjLlCtmvwG+gkaa2rUpysbkeq2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:56 2024 by rpki-client on console-ams.rpki-client.org