Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/PBcS5HMWYQUcv7EAmWFjOmgNsVw.roa
File: PBcS5HMWYQUcv7EAmWFjOmgNsVw.roa (raw, json)
Hash identifier: xp1E94E8MsnGRaz2U3JzuiZOoYoMYGcIFt1vioGfdA0=
Subject key identifier: 3C:17:12:E4:73:16:61:05:1C:BF:B1:00:99:61:63:3A:68:0D:B1:5C
Certificate issuer: /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial: 0185704299347C95986376E9FBC236C5FA36
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/PBcS5HMWYQUcv7EAmWFjOmgNsVw.roa
Signing time: Mon 02 Jan 2023 02:14:50 +0000
ROA not before: Mon 02 Jan 2023 02:14:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208861
IP address blocks: 2a09:c300::/29 maxlen: 29
2a10:4b00::/29 maxlen: 29
2a09:da00::/29 maxlen: 29
2a0d:c3c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:42:99:34:7c:95:98:63:76:e9:fb:c2:36:c5:fa:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Validity
Not Before: Jan 2 02:14:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3c1712e4731661051cbfb1009961633a680db15c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:e3:c4:57:16:d9:13:92:c1:54:b9:d9:f6:77:
e8:7e:9d:1f:e3:63:22:61:f7:e5:ff:3e:c6:00:4f:
7e:89:7b:c5:bd:2c:c2:a2:6f:f3:3d:c7:06:e1:84:
51:32:d4:0b:e5:d2:42:ad:a4:03:ae:31:b3:c9:c1:
5a:2c:ce:5d:27:08:41:c0:c3:48:85:21:44:db:78:
30:40:d5:59:b1:f0:48:b5:de:d2:5f:b2:4e:09:ff:
e4:52:5d:12:9b:d6:c0:b6:b1:ff:d9:56:fe:3d:45:
0a:f4:73:d3:b8:e3:56:94:ea:4a:a8:89:f3:90:ad:
f8:dd:26:43:64:c8:43:35:4f:6b:eb:26:01:69:de:
85:32:f6:76:cf:9b:03:fb:43:8f:52:55:ad:4a:26:
cb:56:38:bd:68:3b:25:39:e0:6e:0c:34:bb:db:d7:
2f:37:9c:9f:cc:92:0d:eb:23:81:e1:94:2a:53:ce:
a8:16:4e:51:70:37:76:16:dc:e7:b6:13:b6:94:55:
5b:06:04:8f:0c:ea:10:7b:1a:66:f7:a6:3b:ef:3b:
db:60:0e:3e:19:73:27:a9:db:78:4c:14:3c:1c:86:
75:04:ad:f3:a6:ee:40:b7:5e:ed:2e:89:e9:1a:2e:
3c:51:d2:32:21:85:13:dc:53:4e:e9:3d:6a:b6:8d:
04:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:17:12:E4:73:16:61:05:1C:BF:B1:00:99:61:63:3A:68:0D:B1:5C
X509v3 Authority Key Identifier:
keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/PBcS5HMWYQUcv7EAmWFjOmgNsVw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:c300::/29
2a09:da00::/29
2a0d:c3c0::/29
2a10:4b00::/29
Signature Algorithm: sha256WithRSAEncryption
8c:52:7a:09:e0:c2:62:0b:dc:21:03:95:69:32:40:fe:ec:7c:
60:3d:06:c2:9a:5a:a5:9f:5e:70:f6:b2:5e:5f:30:71:c3:dd:
26:bc:26:7a:81:c2:06:cc:c7:f9:75:f7:06:c9:d7:13:36:a6:
8a:98:79:68:33:67:2a:4f:05:fb:89:6c:8a:84:5f:48:95:5b:
98:29:5f:6c:66:07:4a:df:40:0a:18:a5:06:63:83:82:6b:56:
4f:b1:df:0b:5d:a8:55:79:19:8d:9d:43:fe:7b:85:4d:af:87:
67:09:a5:68:6f:80:9e:6d:bc:38:f2:a7:58:2a:0c:00:93:cb:
4f:c8:ef:49:39:67:2a:67:39:78:f5:70:aa:6b:bd:0f:76:b4:
83:03:3d:70:96:c7:59:59:10:36:9f:4d:aa:f2:13:41:ec:85:
f0:92:e7:c7:0f:2d:62:ac:31:22:a8:7d:96:c3:48:68:fe:ce:
1e:9d:e4:23:bf:54:02:8c:70:48:a2:d1:85:6b:d3:1f:b0:ad:
b7:ac:f2:ab:24:6c:18:f9:e3:ab:fa:c0:64:48:31:51:79:c0:
ea:2a:09:9c:85:d0:9c:42:f4:1d:c7:56:30:91:61:c8:22:34:
c6:e0:69:df:72:92:4b:86:61:93:ac:bf:72:76:d4:a6:bd:34:
bd:9e:42:c0
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYVwQpk0fJWYY3bp+8I2xfo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjMwMTAyMDIxNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzE3MTJlNDczMTY2MTA1MWNiZmIxMDA5OTYxNjMzYTY4MGRiMTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkePEVxbZE5LBVLnZ9nfofp0f42Mi
Yffl/z7GAE9+iXvFvSzCom/zPccG4YRRMtQL5dJCraQDrjGzycFaLM5dJwhBwMNI
hSFE23gwQNVZsfBItd7SX7JOCf/kUl0Sm9bAtrH/2Vb+PUUK9HPTuONWlOpKqInz
kK343SZDZMhDNU9r6yYBad6FMvZ2z5sD+0OPUlWtSibLVji9aDslOeBuDDS729cv
N5yfzJIN6yOB4ZQqU86oFk5RcDd2FtznthO2lFVbBgSPDOoQexpm96Y77zvbYA4+
GXMnqdt4TBQ8HIZ1BK3zpu5At17tLonpGi48UdIyIYUT3FNO6T1qto0EywIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFDwXEuRzFmEFHL+xAJlhYzpoDbFcMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvUEJjUzVITVdZUVVjdjdFQW1XRmpPbWdOc1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKgnDAAMF
AyoJ2gADBQMqDcPAAwUDKhBLADANBgkqhkiG9w0BAQsFAAOCAQEAjFJ6CeDCYgvc
IQOVaTJA/ux8YD0GwppapZ9ecPayXl8wccPdJrwmeoHCBszH+XX3BsnXEzamiph5
aDNnKk8F+4lsioRfSJVbmClfbGYHSt9AChilBmODgmtWT7HfC12oVXkZjZ1D/nuF
Ta+HZwmlaG+Anm28OPKnWCoMAJPLT8jvSTlnKmc5ePVwqmu9D3a0gwM9cJbHWVkQ
Np9NqvITQeyF8JLnxw8tYqwxIqh9lsNIaP7OHp3kI79UAoxwSKLRhWvTH7Ctt6zy
qyRsGPnjq/rAZEgxUXnA6ioJnIXQnEL0HcdWMJFhyCI0xuBp33KSS4Zhk6y/cnbU
pr00vZ5CwA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:41 2024 by rpki-client on console-ams.rpki-client.org