Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/AipyFmSYnZzcJ4gV-n7H-eOsyr8.roa
File: AipyFmSYnZzcJ4gV-n7H-eOsyr8.roa (raw, json)
Hash identifier: F21syUz5thtfLl74a3LqL9Dzhcj2J9eoiAlJZOZUqVA=
Subject key identifier: 02:2A:72:16:64:98:9D:9C:DC:27:88:15:FA:7E:C7:F9:E3:AC:CA:BF
Certificate issuer: /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial: 018CC5DC3209B9EC5042B6BCCC472BF3F054
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/AipyFmSYnZzcJ4gV-n7H-eOsyr8.roa
Signing time: Mon 01 Jan 2024 16:29:51 +0000
ROA not before: Mon 01 Jan 2024 16:29:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208861
IP address blocks: 2a10:4b00::/29 maxlen: 29
2a09:da00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:32:09:b9:ec:50:42:b6:bc:cc:47:2b:f3:f0:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Validity
Not Before: Jan 1 16:29:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=022a721664989d9cdc278815fa7ec7f9e3accabf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:3e:0c:5b:69:24:55:38:6b:a8:df:f6:23:19:
ed:66:69:ec:f7:5a:73:85:a8:5f:f6:55:3c:2a:ca:
d9:6a:6e:32:9b:02:7f:76:e2:3c:b8:b2:5d:d9:bf:
2f:e2:ff:4c:5f:39:0c:8a:bf:cc:ed:f4:a6:60:6d:
d8:c4:ad:66:6f:bc:c5:a3:a3:08:e0:7e:db:ba:05:
9b:c2:6f:aa:d7:2f:53:30:98:b6:fb:00:ad:79:dc:
a4:27:00:54:44:02:71:aa:93:f6:00:de:ac:ea:cd:
95:f4:88:cb:a1:1a:3a:17:82:aa:23:fc:11:39:44:
6f:a3:c5:42:35:df:54:29:ef:ae:91:45:c3:51:3a:
21:76:a4:6b:20:a9:3f:b2:4b:f2:ad:38:da:fa:ce:
27:0f:c4:3a:6b:a8:c6:9e:e2:d6:50:a5:03:b0:82:
d5:e7:56:29:9f:73:4c:10:38:41:02:a9:21:35:ad:
2a:58:d1:24:56:0f:65:f9:99:d8:11:e1:78:f6:32:
cb:e6:d0:83:c2:db:cb:c4:d4:31:f4:04:16:f8:5c:
a6:17:c3:31:ab:3a:d5:a1:3e:2c:7c:7d:2c:ca:75:
3c:65:69:bd:91:30:ef:f3:e9:27:6f:35:37:da:ea:
e3:bb:d4:8c:08:dc:87:b6:93:37:67:ab:f7:8b:85:
09:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:2A:72:16:64:98:9D:9C:DC:27:88:15:FA:7E:C7:F9:E3:AC:CA:BF
X509v3 Authority Key Identifier:
keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/AipyFmSYnZzcJ4gV-n7H-eOsyr8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:da00::/29
2a10:4b00::/29
Signature Algorithm: sha256WithRSAEncryption
18:f5:fe:b1:15:32:8c:2b:14:59:1e:43:f7:7b:90:fd:75:9a:
be:82:84:4a:de:4b:94:bf:ca:b5:89:17:94:66:25:5d:72:e7:
4e:5a:27:94:23:63:4e:87:ff:96:ab:eb:08:31:26:3e:c5:6a:
01:05:75:3b:7e:dd:4e:a2:40:95:ae:9a:9d:7b:49:6a:79:57:
6c:9f:98:6e:eb:22:12:fd:84:66:ba:ba:1d:33:fe:bc:8f:69:
50:f3:51:99:82:17:16:4a:f4:a7:34:bd:dc:4e:55:d5:bf:28:
d8:c1:c7:2b:a3:67:f9:0e:59:73:6a:5d:d1:cd:f3:80:a7:50:
77:46:c9:b0:9f:da:13:49:e9:da:a7:6f:a8:d7:c5:e0:0d:19:
d1:da:77:5a:5d:a6:6b:2b:27:58:10:3c:2e:36:d5:07:44:60:
73:89:29:40:01:84:e9:86:de:3c:7f:6d:9c:d2:87:01:8b:49:
07:90:5e:b8:68:a4:42:f6:53:dd:de:9a:64:6c:96:ea:b0:51:
63:12:f2:19:c4:71:13:58:c1:7d:cd:b8:44:c2:27:92:21:32:
f8:2f:2f:24:e7:c9:98:41:26:9d:b7:34:4c:39:1b:48:06:88:
c8:b7:2f:e4:e2:67:c1:8a:9d:ba:26:15:6c:58:31:b0:91:b0:
81:3d:ba:19
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF3DIJuexQQra8zEcr8/BUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjJhNzIxNjY0OTg5ZDljZGMyNzg4MTVmYTdlYzdmOWUzYWNjYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz4MW2kkVThrqN/2IxntZmns91pz
hahf9lU8KsrZam4ymwJ/duI8uLJd2b8v4v9MXzkMir/M7fSmYG3YxK1mb7zFo6MI
4H7bugWbwm+q1y9TMJi2+wCtedykJwBURAJxqpP2AN6s6s2V9IjLoRo6F4KqI/wR
OURvo8VCNd9UKe+ukUXDUTohdqRrIKk/skvyrTja+s4nD8Q6a6jGnuLWUKUDsILV
51Ypn3NMEDhBAqkhNa0qWNEkVg9l+ZnYEeF49jLL5tCDwtvLxNQx9AQW+FymF8Mx
qzrVoT4sfH0synU8ZWm9kTDv8+knbzU32urju9SMCNyHtpM3Z6v3i4UJuQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAIqchZkmJ2c3CeIFfp+x/njrMq/MB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvQWlweUZtU1luWnpjSjRnVi1uN0gtZU9zeXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgnaAAMF
AyoQSwAwDQYJKoZIhvcNAQELBQADggEBABj1/rEVMowrFFkeQ/d7kP11mr6ChEre
S5S/yrWJF5RmJV1y505aJ5QjY06H/5ar6wgxJj7FagEFdTt+3U6iQJWump17SWp5
V2yfmG7rIhL9hGa6uh0z/ryPaVDzUZmCFxZK9Kc0vdxOVdW/KNjBxyujZ/kOWXNq
XdHN84CnUHdGybCf2hNJ6dqnb6jXxeANGdHad1pdpmsrJ1gQPC421QdEYHOJKUAB
hOmG3jx/bZzShwGLSQeQXrhopEL2U93emmRsluqwUWMS8hnEcRNYwX3NuETCJ5Ih
MvgvLyTnyZhBJp23NEw5G0gGiMi3L+TiZ8GKnbomFWxYMbCRsIE9uhk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:41 2024 by rpki-client on console-ams.rpki-client.org