Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/aPLXr_P44tqjbIa-rdekeXma0PQ.roa
File: aPLXr_P44tqjbIa-rdekeXma0PQ.roa (raw, json)
Hash identifier: jj91tM8kEKWhAcwvUdYoGjqf2ruwFykofoG1WugpB6M=
Subject key identifier: 68:F2:D7:AF:F3:F8:E2:DA:A3:6C:86:BE:AD:D7:A4:79:79:9A:D0:F4
Certificate issuer: /CN=2956584b70ce847c1a9b400548b14db031bedff2
Certificate serial: 018D5D0EAE0A7BB8EEE729946B55DF74C866
Authority key identifier: 29:56:58:4B:70:CE:84:7C:1A:9B:40:05:48:B1:4D:B0:31:BE:DF:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/aPLXr_P44tqjbIa-rdekeXma0PQ.roa
Signing time: Wed 31 Jan 2024 01:07:39 +0000
ROA not before: Wed 31 Jan 2024 01:07:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50225
IP address blocks: 2a0f:9fc0::/29 maxlen: 29
2a0f:a140::/29 maxlen: 29
2a12:2500::/29 maxlen: 29
2a12:2700::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:5d:0e:ae:0a:7b:b8:ee:e7:29:94:6b:55:df:74:c8:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2956584b70ce847c1a9b400548b14db031bedff2
Validity
Not Before: Jan 31 01:07:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=68f2d7aff3f8e2daa36c86beadd7a479799ad0f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:b8:81:e2:f7:4c:1e:3b:4f:ff:ba:69:3c:87:
05:2d:1c:93:45:1a:f2:7c:49:85:4d:09:4e:bf:7a:
6d:81:5a:fd:00:f0:cc:e1:94:97:d0:7a:18:2e:ad:
51:7d:10:14:03:9f:2c:b8:84:0a:81:a9:ca:12:f8:
bf:6d:93:35:60:a2:c4:f5:5c:57:e5:b5:64:5e:4e:
1a:5a:7a:99:cd:4d:18:20:7e:a4:f4:00:30:1d:f4:
26:94:29:ff:3a:25:49:19:15:43:db:7f:a9:25:37:
11:d2:3e:05:10:e7:60:89:d0:f4:3e:d5:c2:d9:30:
34:72:dc:09:b3:07:92:89:33:a9:34:8d:62:0a:72:
04:f6:4e:69:20:1e:f7:f7:65:ee:0e:bc:93:d0:12:
17:34:63:58:83:ba:35:7c:6c:ed:58:6c:90:9b:a4:
e6:34:27:e5:19:3c:57:bf:e5:12:2c:3c:67:eb:60:
fb:06:48:ee:74:bf:e3:48:49:78:bf:d2:28:0f:ba:
cc:8c:01:fa:ab:97:cd:8c:42:46:16:53:d9:5a:3e:
0e:ab:9b:21:dd:0f:17:46:d2:d8:70:10:ca:9d:4c:
50:ac:8d:26:47:b9:40:98:08:d0:15:e8:41:f7:4f:
79:03:ad:d3:fe:0d:6e:e4:34:f9:31:c3:c6:27:e5:
0d:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:F2:D7:AF:F3:F8:E2:DA:A3:6C:86:BE:AD:D7:A4:79:79:9A:D0:F4
X509v3 Authority Key Identifier:
keyid:29:56:58:4B:70:CE:84:7C:1A:9B:40:05:48:B1:4D:B0:31:BE:DF:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/aPLXr_P44tqjbIa-rdekeXma0PQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/KVZYS3DOhHwam0AFSLFNsDG-3_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:9fc0::/29
2a0f:a140::/29
2a12:2500::/29
2a12:2700::/29
Signature Algorithm: sha256WithRSAEncryption
04:04:8d:73:80:c3:74:17:ec:7c:47:6c:d9:6a:11:f2:a2:74:
30:f7:dd:54:36:8f:ea:23:70:fd:a4:4c:79:a1:02:92:8a:3b:
93:78:c7:e9:24:8b:76:2c:81:18:29:77:ab:9d:e6:b1:7e:74:
10:59:a6:f6:37:78:a2:5f:d8:ba:11:d2:af:a1:4a:5a:57:35:
70:8e:07:c0:48:40:ef:8a:0e:ac:61:2a:2d:58:32:3d:30:5a:
be:dd:b4:01:bc:0d:ab:e8:ac:de:67:2b:12:01:74:a0:ea:a9:
93:f1:fa:d1:a6:b8:99:c7:9f:ca:2d:3f:7f:bc:cf:c5:af:14:
61:d8:7c:27:86:22:ab:4c:16:7e:e9:86:3c:eb:3d:9a:80:a7:
d2:e0:08:6a:9c:31:1a:5d:b2:a5:c5:5b:f2:2c:fc:24:ae:41:
57:e8:d8:1f:70:ae:99:bd:7c:48:4e:53:32:69:95:a0:62:0f:
f1:62:a3:f2:d2:db:91:af:61:7a:75:da:55:f9:72:3d:d1:05:
28:b4:9e:ae:46:b3:fe:ea:d5:45:ff:ae:63:4f:5e:ed:f0:72:
bf:6c:f1:99:24:a9:dc:89:27:a7:9f:4a:23:1d:02:b5:1f:5e:
bf:cb:e7:80:fd:80:0e:65:51:60:20:b1:4d:4b:5b:e5:4c:7a:
14:f1:1a:2b
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY1dDq4Ke7ju5ymUa1XfdMhmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTY1ODRiNzBjZTg0N2MxYTliNDAwNTQ4YjE0ZGIwMzFi
ZWRmZjIwHhcNMjQwMTMxMDEwNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGYyZDdhZmYzZjhlMmRhYTM2Yzg2YmVhZGQ3YTQ3OTc5OWFkMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbiB4vdMHjtP/7ppPIcFLRyTRRry
fEmFTQlOv3ptgVr9APDM4ZSX0HoYLq1RfRAUA58suIQKganKEvi/bZM1YKLE9VxX
5bVkXk4aWnqZzU0YIH6k9AAwHfQmlCn/OiVJGRVD23+pJTcR0j4FEOdgidD0PtXC
2TA0ctwJsweSiTOpNI1iCnIE9k5pIB7392XuDryT0BIXNGNYg7o1fGztWGyQm6Tm
NCflGTxXv+USLDxn62D7BkjudL/jSEl4v9IoD7rMjAH6q5fNjEJGFlPZWj4Oq5sh
3Q8XRtLYcBDKnUxQrI0mR7lAmAjQFehB9095A63T/g1u5DT5McPGJ+UNJwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFGjy16/z+OLao2yGvq3XpHl5mtD0MB8GA1UdIwQY
MBaAFClWWEtwzoR8GptABUixTbAxvt/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZaWVMzRE9oSHdhbTBBRlNMRk5zREctM19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82NGZlN2QtODYyZC00ZTFhLTlmZDAt
MDZiNDFlZjEzOThkLzEvYVBMWHJfUDQ0dHFqYklhLXJkZWtlWG1hMFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82NGZlN2QtODYyZC00ZTFhLTlmZDAtMDZiNDFlZjEzOThk
LzEvS1ZaWVMzRE9oSHdhbTBBRlNMRk5zREctM19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKg+fwAMF
AyoPoUADBQMqEiUAAwUDKhInADANBgkqhkiG9w0BAQsFAAOCAQEABASNc4DDdBfs
fEds2WoR8qJ0MPfdVDaP6iNw/aRMeaECkoo7k3jH6SSLdiyBGCl3q53msX50EFmm
9jd4ol/YuhHSr6FKWlc1cI4HwEhA74oOrGEqLVgyPTBavt20AbwNq+is3mcrEgF0
oOqpk/H60aa4mcefyi0/f7zPxa8UYdh8J4Yiq0wWfumGPOs9moCn0uAIapwxGl2y
pcVb8iz8JK5BV+jYH3Cumb18SE5TMmmVoGIP8WKj8tLbka9henXaVflyPdEFKLSe
rkaz/urVRf+uY09e7fByv2zxmSSp3Iknp59KIx0CtR9ev8vngP2ADmVRYCCxTUtb
5Ux6FPEaKw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:03 2024 by rpki-client on console-fra.rpki-client.org