Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/3kfqWOOataQxSzlz4uiZFr8RDMQ.roa
File: 3kfqWOOataQxSzlz4uiZFr8RDMQ.roa (raw, json)
Hash identifier: C0YylfjDx+rJ6gcdj5778LtdWXqktyCVjJ3LSaOdFjM=
Subject key identifier: DE:47:EA:58:E3:9A:B5:A4:31:4B:39:73:E2:E8:99:16:BF:11:0C:C4
Certificate issuer: /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial: 0185388493572DC9682F0BDE4A9649D26408
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/3kfqWOOataQxSzlz4uiZFr8RDMQ.roa
Signing time: Thu 22 Dec 2022 06:28:10 +0000
ROA not before: Thu 22 Dec 2022 06:28:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 22773
IP address blocks: 2a12:7d80::/29 maxlen: 29
2a10:5c80::/29 maxlen: 29
2a12:7e80::/29 maxlen: 29
2a10:5a80::/29 maxlen: 29
2a12:1b40::/29 maxlen: 29
2a10:5880::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:38:84:93:57:2d:c9:68:2f:0b:de:4a:96:49:d2:64:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Validity
Not Before: Dec 22 06:28:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=de47ea58e39ab5a4314b3973e2e89916bf110cc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:be:17:ae:00:d2:3c:32:b5:bc:2f:4e:5e:24:
90:26:d2:3a:75:a0:80:0c:c5:24:c4:2a:02:2d:b3:
18:99:0f:b0:53:45:fb:61:27:96:d4:00:f9:e6:5d:
44:4b:27:89:11:df:d8:dc:ca:e5:c0:a2:21:b6:6d:
97:68:03:32:cb:08:52:52:81:5e:6c:a1:5b:af:94:
f1:11:ff:af:14:14:bb:63:18:04:61:62:35:ac:c4:
59:d6:13:68:2a:e7:f9:b4:86:25:bb:a9:f5:44:29:
fd:42:90:08:cb:38:85:d9:6d:6a:64:8e:3c:6b:95:
b7:2e:2f:ca:f0:74:18:77:00:f5:7a:35:5b:f3:bf:
5f:3a:37:08:6f:9f:06:8f:00:22:f0:4e:1b:04:a9:
9f:98:3f:0f:dc:a2:5d:ad:2d:36:a4:1d:4e:25:cb:
b4:2b:17:79:e4:29:71:4b:80:c8:f2:d3:ca:37:97:
71:0b:93:90:da:e3:a7:5e:35:54:fd:1a:e2:53:b2:
60:5c:73:17:6c:f1:3e:4c:a3:9d:ca:b5:0f:c4:f3:
55:5a:a2:eb:18:bc:bc:69:9a:9e:51:b0:4e:fc:82:
c6:f1:a8:02:22:a7:c1:63:24:6a:cb:f8:88:5a:38:
40:b1:5f:c1:0b:2d:0c:75:08:7e:43:cb:5e:3c:89:
d6:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:47:EA:58:E3:9A:B5:A4:31:4B:39:73:E2:E8:99:16:BF:11:0C:C4
X509v3 Authority Key Identifier:
keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/3kfqWOOataQxSzlz4uiZFr8RDMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a10:5880::/29
2a10:5a80::/29
2a10:5c80::/29
2a12:1b40::/29
2a12:7d80::/29
2a12:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
3c:09:79:31:40:c8:d7:c0:2b:ef:db:ba:21:8c:09:38:3a:66:
b6:81:26:ee:4c:aa:c5:da:29:8a:b1:e9:4b:4f:77:44:9e:7e:
ca:a3:c0:12:57:24:1b:62:6c:c0:40:54:be:7f:79:c9:02:66:
a4:6f:26:9c:79:33:ab:00:be:8f:05:4c:b9:73:aa:86:01:16:
84:a2:0c:2e:44:97:0a:7a:9a:a4:47:90:01:67:c7:db:55:b9:
a3:68:67:b1:cb:29:ad:16:1c:52:a4:88:96:1a:44:8f:a9:d7:
25:35:4d:68:c3:2f:7b:eb:e0:04:bf:e5:5a:d0:31:36:60:2f:
22:ee:1c:da:05:12:69:f2:8a:5b:e2:4e:60:30:a3:a4:a2:ef:
b5:30:e0:0c:1a:6d:29:0e:a2:13:9c:da:38:a8:db:d3:b9:4d:
19:62:f8:be:be:6a:38:38:df:df:3c:91:80:27:0d:9e:33:2d:
cd:16:14:34:ce:a5:7f:0e:01:f8:3b:59:62:63:d1:22:8d:29:
11:6c:6e:30:14:d6:5b:d2:15:c0:bc:c7:95:1c:a9:36:3a:3d:
88:22:a0:01:5f:8d:79:53:12:5d:b0:4f:14:94:4a:21:dd:d6:
9f:93:91:16:c0:41:4c:63:83:43:10:95:61:c9:fd:e7:2e:a0:
70:a1:48:f3
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYU4hJNXLcloLwveSpZJ0mQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjIxMjIyMDYyODEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTQ3ZWE1OGUzOWFiNWE0MzE0YjM5NzNlMmU4OTkxNmJmMTEwY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlr4XrgDSPDK1vC9OXiSQJtI6daCA
DMUkxCoCLbMYmQ+wU0X7YSeW1AD55l1ESyeJEd/Y3MrlwKIhtm2XaAMyywhSUoFe
bKFbr5TxEf+vFBS7YxgEYWI1rMRZ1hNoKuf5tIYlu6n1RCn9QpAIyziF2W1qZI48
a5W3Li/K8HQYdwD1ejVb879fOjcIb58GjwAi8E4bBKmfmD8P3KJdrS02pB1OJcu0
Kxd55ClxS4DI8tPKN5dxC5OQ2uOnXjVU/RriU7JgXHMXbPE+TKOdyrUPxPNVWqLr
GLy8aZqeUbBO/ILG8agCIqfBYyRqy/iIWjhAsV/BCy0MdQh+Q8tePInWtwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFN5H6ljjmrWkMUs5c+LomRa/EQzEMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvM2tmcVdPT2F0YVF4U3psejR1aVpGcjhSRE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKhBYgAMF
AyoQWoADBQMqEFyAAwUDKhIbQAMFAyoSfYADBQMqEn6AMA0GCSqGSIb3DQEBCwUA
A4IBAQA8CXkxQMjXwCvv27ohjAk4Oma2gSbuTKrF2imKselLT3dEnn7Ko8ASVyQb
YmzAQFS+f3nJAmakbyaceTOrAL6PBUy5c6qGARaEogwuRJcKepqkR5ABZ8fbVbmj
aGexyymtFhxSpIiWGkSPqdclNU1owy976+AEv+Va0DE2YC8i7hzaBRJp8opb4k5g
MKOkou+1MOAMGm0pDqITnNo4qNvTuU0ZYvi+vmo4ON/fPJGAJw2eMy3NFhQ0zqV/
DgH4O1liY9EijSkRbG4wFNZb0hXAvMeVHKk2Oj2IIqABX415UxJdsE8UlEoh3daf
k5EWwEFMY4NDEJVhyf3nLqBwoUjz
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:01 2023 by rpki-client on console-ams.rpki-client.org