Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/Cm8hAWv7-RUCTZe2fj1mdtXO6Ws.roa
File: Cm8hAWv7-RUCTZe2fj1mdtXO6Ws.roa (raw, json)
Hash identifier: beE35dLto0eBle+anMl3vEme9DKT8ofHxuaj+GO/dN0=
Subject key identifier: 0A:6F:21:01:6B:FB:F9:15:02:4D:97:B6:7E:3D:66:76:D5:CE:E9:6B
Certificate issuer: /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial: 0182E8022705705C26CC642585F9CCD5736E
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/Cm8hAWv7-RUCTZe2fj1mdtXO6Ws.roa
Signing time: Mon 29 Aug 2022 05:10:31 +0000
ROA not before: Mon 29 Aug 2022 05:10:31 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 397881
IP address blocks: 2a10:5c80::/29 maxlen: 29
2a10:5a80::/29 maxlen: 29
2a10:5880::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:e8:02:27:05:70:5c:26:cc:64:25:85:f9:cc:d5:73:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Validity
Not Before: Aug 29 05:10:31 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0a6f21016bfbf915024d97b67e3d6676d5cee96b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:45:0d:fb:8b:f0:07:88:bf:d4:eb:de:55:84:
00:96:97:4f:20:d8:3c:79:29:c1:73:4d:48:bf:d0:
92:75:25:36:51:30:ff:91:c8:3b:cc:37:01:94:a9:
e8:66:1f:e8:96:b1:e1:01:4d:f9:48:33:a3:15:a0:
21:44:07:d2:9c:db:bd:e2:6a:8a:55:3c:2d:50:23:
58:fa:93:5b:b5:98:e2:35:dc:fb:b1:cf:cc:9b:ba:
74:16:57:2f:a7:e9:2c:46:92:0a:21:66:c4:54:51:
ea:a5:3f:31:72:ac:be:14:95:6d:a3:0f:1f:09:a1:
c3:49:ee:5d:29:d0:71:26:a6:e6:5e:7f:bd:ed:4d:
d1:d4:ab:ee:8a:63:22:d4:b9:85:14:76:c5:a8:81:
d5:d5:dc:82:da:8d:9a:77:45:aa:a9:00:e1:38:40:
fd:e2:13:7f:cb:a4:da:4e:31:51:27:f8:ce:c6:1c:
74:44:88:eb:40:ba:7f:d7:87:e8:d5:1a:92:df:cb:
8a:54:d9:ac:9f:5f:20:2b:e7:76:d5:c1:ba:d8:a6:
ff:71:47:b2:84:f2:be:76:9b:27:3c:9a:6f:1f:b3:
79:ef:97:32:e1:6d:0a:5e:60:ca:80:cd:1a:86:0e:
72:12:ca:a1:7f:27:e0:c3:0d:4b:ab:76:a1:ef:92:
80:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:6F:21:01:6B:FB:F9:15:02:4D:97:B6:7E:3D:66:76:D5:CE:E9:6B
X509v3 Authority Key Identifier:
keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/Cm8hAWv7-RUCTZe2fj1mdtXO6Ws.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a10:5880::/29
2a10:5a80::/29
2a10:5c80::/29
Signature Algorithm: sha256WithRSAEncryption
0a:7e:c1:ab:6e:fd:da:52:ee:d6:b9:cb:af:af:53:06:fd:27:
7b:c1:dc:c6:cb:09:02:d4:0f:a5:00:1c:28:7b:f8:e1:60:23:
21:43:76:4b:b2:4f:5f:3d:92:aa:e7:51:29:b6:dc:8e:85:81:
78:d9:eb:5c:68:1e:a0:8e:20:41:e5:f4:c1:f3:cb:24:84:a7:
d9:e7:f9:c0:59:e9:5c:09:a1:d8:41:14:4e:8b:9e:ed:a8:73:
88:94:1f:4a:d5:93:9c:55:0e:e5:02:0c:b6:61:13:99:64:e6:
7c:22:0f:63:6b:3c:0d:2c:81:7c:2d:d5:6b:87:e1:46:16:6a:
1a:da:88:4c:37:14:dd:ae:b1:9e:76:49:ac:56:a9:bf:e2:f4:
5d:09:79:fc:da:6f:51:f8:fb:83:15:7c:48:40:a9:30:34:d6:
21:29:ab:2e:4f:a7:e4:a3:1f:ad:4c:dc:f9:73:3d:36:d4:df:
50:3f:37:e7:fb:99:db:a2:27:09:ed:cf:a2:15:d3:ea:d8:31:
cb:7b:fa:30:83:1b:4b:a3:7d:19:b4:a0:ba:89:cf:c6:7d:5a:
c6:f3:c1:54:0a:27:ce:82:3e:b5:99:d6:ed:b1:67:dd:fc:8a:
d8:fb:de:9e:d0:1b:25:d0:b6:8e:91:e4:1f:6a:86:bf:10:f4:
5c:f7:7c:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYLoAicFcFwmzGQlhfnM1XNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjIwODI5MDUxMDMxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTZmMjEwMTZiZmJmOTE1MDI0ZDk3YjY3ZTNkNjY3NmQ1Y2VlOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEUN+4vwB4i/1OveVYQAlpdPINg8
eSnBc01Iv9CSdSU2UTD/kcg7zDcBlKnoZh/olrHhAU35SDOjFaAhRAfSnNu94mqK
VTwtUCNY+pNbtZjiNdz7sc/Mm7p0Flcvp+ksRpIKIWbEVFHqpT8xcqy+FJVtow8f
CaHDSe5dKdBxJqbmXn+97U3R1KvuimMi1LmFFHbFqIHV1dyC2o2ad0WqqQDhOED9
4hN/y6TaTjFRJ/jOxhx0RIjrQLp/14fo1RqS38uKVNmsn18gK+d21cG62Kb/cUey
hPK+dpsnPJpvH7N575cy4W0KXmDKgM0ahg5yEsqhfyfgww1Lq3ah75KABQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFApvIQFr+/kVAk2Xtn49ZnbVzulrMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvQ204aEFXdjctUlVDVFplMmZqMW1kdFhPNldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhBYgAMF
AyoQWoADBQMqEFyAMA0GCSqGSIb3DQEBCwUAA4IBAQAKfsGrbv3aUu7Wucuvr1MG
/Sd7wdzGywkC1A+lABwoe/jhYCMhQ3ZLsk9fPZKq51EpttyOhYF42etcaB6gjiBB
5fTB88skhKfZ5/nAWelcCaHYQRROi57tqHOIlB9K1ZOcVQ7lAgy2YROZZOZ8Ig9j
azwNLIF8LdVrh+FGFmoa2ohMNxTdrrGedkmsVqm/4vRdCXn82m9R+PuDFXxIQKkw
NNYhKasuT6fkox+tTNz5cz021N9QPzfn+5nboicJ7c+iFdPq2DHLe/owgxtLo30Z
tKC6ic/GfVrG88FUCifOgj61mdbtsWfd/IrY+96e0Bsl0LaOkeQfaoa/EPRc93wG
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:59:17 2023 by rpki-client on console-fra.rpki-client.org