Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/IMEMWLE0kxC5zFT9R2h4BTuvuws.roa
File: IMEMWLE0kxC5zFT9R2h4BTuvuws.roa (raw, json)
Hash identifier: Kb+7ixkdDZefVRANnsiV0Ke5cksC3B6aE4ccX7CIwTk=
Subject key identifier: 20:C1:0C:58:B1:34:93:10:B9:CC:54:FD:47:68:78:05:3B:AF:BB:0B
Certificate issuer: /CN=eefbe8369a7bbc03a86fbe639b7efaa02b717287
Certificate serial: 01856D8AFFEB78891491AF750184D9B96BAD
Authority key identifier: EE:FB:E8:36:9A:7B:BC:03:A8:6F:BE:63:9B:7E:FA:A0:2B:71:72:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7vvoNpp7vAOob75jm376oCtxcoc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/IMEMWLE0kxC5zFT9R2h4BTuvuws.roa
Signing time: Sun 01 Jan 2023 13:35:04 +0000
ROA not before: Sun 01 Jan 2023 13:35:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204363
IP address blocks: 2a0f:6287::/44 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:8a:ff:eb:78:89:14:91:af:75:01:84:d9:b9:6b:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eefbe8369a7bbc03a86fbe639b7efaa02b717287
Validity
Not Before: Jan 1 13:35:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20c10c58b1349310b9cc54fd476878053bafbb0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:b9:d3:d1:7d:ed:65:69:0a:75:35:e6:d2:ca:
57:e6:86:97:a7:82:76:87:2b:1f:c5:ad:6c:2f:fc:
07:b6:ef:c9:dc:9f:af:a7:bb:c1:30:75:55:41:26:
07:d6:62:69:c9:f3:ce:7c:b4:0e:e1:84:84:5a:27:
12:0a:0d:e2:47:8b:e8:55:34:1c:66:4f:3e:32:53:
b6:b4:29:97:a2:af:32:54:55:8b:cc:1a:83:a7:65:
08:54:8d:05:47:58:af:a3:c0:c3:71:69:c6:8b:cd:
d9:a6:55:5d:b8:4c:e1:fe:9e:41:79:9a:37:7d:f2:
f5:14:fb:71:b9:b6:89:42:4b:40:7d:7f:7f:33:90:
d4:49:30:f4:f3:c8:51:d0:63:94:ac:0d:a2:15:ab:
b3:5b:4b:65:22:28:e1:23:25:7b:31:39:82:eb:91:
42:85:1d:4a:d9:35:54:2e:a9:b4:e9:68:6c:ba:be:
07:f8:a9:a3:80:c0:2f:77:33:85:04:6e:64:18:a2:
d2:84:1c:c1:22:aa:ed:a2:a1:67:d0:29:13:c1:3b:
55:12:9c:b7:53:91:52:ee:3d:2b:18:80:01:a5:72:
99:10:b5:88:e1:87:bf:d6:bf:39:ae:fa:9d:68:d5:
f6:9b:bd:88:dc:e9:af:ab:70:e6:b3:8b:79:05:8b:
c3:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:C1:0C:58:B1:34:93:10:B9:CC:54:FD:47:68:78:05:3B:AF:BB:0B
X509v3 Authority Key Identifier:
keyid:EE:FB:E8:36:9A:7B:BC:03:A8:6F:BE:63:9B:7E:FA:A0:2B:71:72:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7vvoNpp7vAOob75jm376oCtxcoc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/IMEMWLE0kxC5zFT9R2h4BTuvuws.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/7vvoNpp7vAOob75jm376oCtxcoc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:6287::/44
Signature Algorithm: sha256WithRSAEncryption
1b:10:63:87:d0:e0:b8:95:f8:44:15:90:9c:e2:67:80:52:38:
71:e5:96:c2:ed:72:a9:94:3c:1b:d0:7b:b7:ad:97:cf:dc:99:
45:82:8f:11:5d:ec:2c:3f:8a:03:82:ba:dd:f8:17:1e:f3:cf:
96:0e:81:c2:b7:6c:78:08:1a:3a:3f:21:ec:f7:e7:8e:40:37:
50:dc:59:30:ac:ea:4a:c5:1f:77:f8:89:0e:c8:88:99:16:6a:
52:48:27:43:59:a3:51:67:74:05:aa:eb:e2:fd:08:d2:59:01:
b3:e9:43:ee:75:54:ad:42:1f:d4:f7:c3:e0:2e:fd:64:14:04:
82:6e:55:f2:ff:6e:3e:9e:01:8e:d7:6f:f0:be:a6:0f:61:f2:
b3:ce:1e:7f:d7:5b:68:38:7c:76:99:1a:7f:9f:01:c9:47:cf:
09:61:7a:aa:16:1c:ea:47:06:f7:f0:7e:3b:1b:ad:5f:c0:0f:
81:10:e5:b8:b4:aa:d1:cc:49:8a:3e:88:54:f2:80:2f:81:a1:
36:96:81:9d:03:f3:ac:da:de:55:fc:a4:bd:4f:63:44:d0:7e:
cd:c1:32:65:f7:fc:6f:2a:b3:1c:06:00:70:b8:88:b5:2b:04:
fc:c7:f6:44:b3:2b:27:73:9a:c7:56:c3:8c:02:47:20:14:d5:
93:5e:88:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVtiv/reIkUka91AYTZuWutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZmJlODM2OWE3YmJjMDNhODZmYmU2MzliN2VmYWEwMmI3
MTcyODcwHhcNMjMwMTAxMTMzNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGMxMGM1OGIxMzQ5MzEwYjljYzU0ZmQ0NzY4NzgwNTNiYWZiYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrnT0X3tZWkKdTXm0spX5oaXp4J2
hysfxa1sL/wHtu/J3J+vp7vBMHVVQSYH1mJpyfPOfLQO4YSEWicSCg3iR4voVTQc
Zk8+MlO2tCmXoq8yVFWLzBqDp2UIVI0FR1ivo8DDcWnGi83ZplVduEzh/p5BeZo3
ffL1FPtxubaJQktAfX9/M5DUSTD088hR0GOUrA2iFauzW0tlIijhIyV7MTmC65FC
hR1K2TVULqm06Whsur4H+KmjgMAvdzOFBG5kGKLShBzBIqrtoqFn0CkTwTtVEpy3
U5FS7j0rGIABpXKZELWI4Ye/1r85rvqdaNX2m72I3Omvq3Dms4t5BYvDIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCDBDFixNJMQucxU/UdoeAU7r7sLMB8GA1UdIwQY
MBaAFO776Daae7wDqG++Y5t++qArcXKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3Z2b05wcDd2QU9vYjc1am0zNzZvQ3R4Y29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xYmU5OTktNWE1OS00YzEwLTkyZmYt
ZGExYjU4NjE4ODQxLzEvSU1FTVdMRTBreEM1ekZUOVIyaDRCVHV2dXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xYmU5OTktNWE1OS00YzEwLTkyZmYtZGExYjU4NjE4ODQx
LzEvN3Z2b05wcDd2QU9vYjc1am0zNzZvQ3R4Y29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9ihwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAbEGOH0OC4lfhEFZCc4meAUjhx5ZbC7XKplDwb
0Hu3rZfP3JlFgo8RXewsP4oDgrrd+Bce88+WDoHCt2x4CBo6PyHs9+eOQDdQ3Fkw
rOpKxR93+IkOyIiZFmpSSCdDWaNRZ3QFquvi/QjSWQGz6UPudVStQh/U98PgLv1k
FASCblXy/24+ngGO12/wvqYPYfKzzh5/11toOHx2mRp/nwHJR88JYXqqFhzqRwb3
8H47G61fwA+BEOW4tKrRzEmKPohU8oAvgaE2loGdA/Os2t5V/KS9T2NE0H7NwTJl
9/xvKrMcBgBwuIi1KwT8x/ZEsysnc5rHVsOMAkcgFNWTXojE
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:53 2025 by rpki-client