Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/c185f6-6274-49da-b2ef-6000cb2d5990/1/RZdLyyQonA8q43JoL3uUTJg4K0s.roa
File: RZdLyyQonA8q43JoL3uUTJg4K0s.roa (raw, json)
Hash identifier: ztRDBg24ASIjPlb2QAyUTxtyC0ymQ1p8BTDbYhGteK4=
Subject key identifier: 45:97:4B:CB:24:28:9C:0F:2A:E3:72:68:2F:7B:94:4C:98:38:2B:4B
Certificate issuer: /CN=23f87aa18dda6a5d48af80390b2827808cfef285
Certificate serial: 018F00E2B67749F1810871C2FF63DA746ABA
Authority key identifier: 23:F8:7A:A1:8D:DA:6A:5D:48:AF:80:39:0B:28:27:80:8C:FE:F2:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I_h6oY3aal1Ir4A5CygngIz-8oU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/c185f6-6274-49da-b2ef-6000cb2d5990/1/RZdLyyQonA8q43JoL3uUTJg4K0s.roa
Signing time: Sun 21 Apr 2024 13:40:08 +0000
ROA not before: Sun 21 Apr 2024 13:40:08 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7018
IP address blocks: 2a0d:f40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:00:e2:b6:77:49:f1:81:08:71:c2:ff:63:da:74:6a:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23f87aa18dda6a5d48af80390b2827808cfef285
Validity
Not Before: Apr 21 13:40:08 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=45974bcb24289c0f2ae372682f7b944c98382b4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:f8:ca:b0:60:70:14:ca:d6:b3:d1:6e:3b:68:
91:26:79:88:e7:6b:78:fd:42:4d:a2:dc:9d:21:be:
dc:5b:e5:0f:f3:bd:9d:cf:1f:5a:8a:22:1d:79:d5:
b9:ec:ff:a2:cc:84:67:da:0c:82:af:75:87:27:fc:
45:ba:01:24:ca:5d:93:7b:ef:76:cc:7e:cb:62:09:
ff:a7:cd:89:8f:1d:f1:dd:68:9a:fc:13:f9:ba:14:
d4:7a:1f:6d:24:1e:a8:5c:34:9e:67:44:47:e1:9a:
31:5f:8b:40:e2:d4:60:3c:07:61:a3:8e:7b:e6:52:
9c:0a:03:e7:ee:cf:3b:8f:be:32:3a:3a:0d:24:1c:
22:41:8b:66:93:15:15:3a:19:b6:01:ee:ef:80:56:
95:7c:b0:21:9d:a1:9e:26:4d:0d:a0:21:7e:e7:2b:
67:6f:41:ba:14:a4:83:81:69:ad:f1:dd:e5:d0:0b:
3c:25:61:99:2d:e9:e4:e3:1b:16:b1:c8:ac:a4:6c:
0b:ee:44:fc:cf:cf:44:37:46:37:8e:27:0e:34:32:
a2:94:e4:2d:a3:67:54:43:00:d2:5d:9c:9b:0e:0a:
f3:7b:3c:5b:d6:46:3b:6f:ff:4c:0a:b2:47:a8:5f:
f5:fd:3d:62:cc:28:96:5c:ed:65:61:ca:11:7b:29:
89:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:97:4B:CB:24:28:9C:0F:2A:E3:72:68:2F:7B:94:4C:98:38:2B:4B
X509v3 Authority Key Identifier:
keyid:23:F8:7A:A1:8D:DA:6A:5D:48:AF:80:39:0B:28:27:80:8C:FE:F2:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I_h6oY3aal1Ir4A5CygngIz-8oU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/c185f6-6274-49da-b2ef-6000cb2d5990/1/RZdLyyQonA8q43JoL3uUTJg4K0s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/c185f6-6274-49da-b2ef-6000cb2d5990/1/I_h6oY3aal1Ir4A5CygngIz-8oU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:f40::/29
Signature Algorithm: sha256WithRSAEncryption
b2:54:0f:b7:48:5b:29:1d:69:13:cf:36:b8:fd:f9:1c:d4:bb:
0f:cc:14:3a:61:e7:95:bb:65:b2:22:45:0e:d3:09:52:97:77:
30:07:f2:0c:1a:49:4e:26:58:74:65:66:73:58:d0:67:83:c6:
62:9b:58:30:f4:05:78:7b:78:f8:cf:cb:d5:3d:3c:a0:4a:13:
40:d7:b2:c6:c6:4c:ab:49:ac:90:1c:1d:31:52:cf:f6:80:9b:
6a:50:45:bd:32:e8:b3:9e:bf:3b:9d:94:c5:96:1b:32:40:1f:
b0:13:25:bd:21:da:e3:53:bd:cf:1f:8e:fe:86:6f:7a:8e:6b:
4b:8a:f5:94:e9:d1:cc:6c:70:25:2f:c6:d2:ee:b9:f1:8f:9a:
56:27:b4:61:af:85:ba:af:8e:00:d7:72:3e:ea:56:8f:57:28:
d9:e2:b7:2e:fc:57:6f:b9:ec:9a:cb:bc:b0:26:ff:6c:41:50:
6c:83:b2:c4:05:76:21:db:fd:88:1f:4b:fb:15:35:11:69:c3:
c7:17:c2:1a:94:2e:28:d0:02:3c:e4:3c:4a:2a:4e:97:df:c0:
5d:af:65:58:66:62:ed:ab:98:b4:c0:7d:b3:43:1b:5e:aa:1a:
77:48:a2:6a:51:15:8c:94:88:ef:bc:29:9e:ac:12:c7:6e:23:
b8:32:e4:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8A4rZ3SfGBCHHC/2PadGq6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZjg3YWExOGRkYTZhNWQ0OGFmODAzOTBiMjgyNzgwOGNm
ZWYyODUwHhcNMjQwNDIxMTM0MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTk3NGJjYjI0Mjg5YzBmMmFlMzcyNjgyZjdiOTQ0Yzk4MzgyYjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/jKsGBwFMrWs9FuO2iRJnmI52t4
/UJNotydIb7cW+UP872dzx9aiiIdedW57P+izIRn2gyCr3WHJ/xFugEkyl2Te+92
zH7LYgn/p82Jjx3x3Wia/BP5uhTUeh9tJB6oXDSeZ0RH4ZoxX4tA4tRgPAdho457
5lKcCgPn7s87j74yOjoNJBwiQYtmkxUVOhm2Ae7vgFaVfLAhnaGeJk0NoCF+5ytn
b0G6FKSDgWmt8d3l0As8JWGZLenk4xsWscispGwL7kT8z89EN0Y3jicONDKilOQt
o2dUQwDSXZybDgrzezxb1kY7b/9MCrJHqF/1/T1izCiWXO1lYcoReymJ7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEWXS8skKJwPKuNyaC97lEyYOCtLMB8GA1UdIwQY
MBaAFCP4eqGN2mpdSK+AOQsoJ4CM/vKFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSV9oNm9ZM2FhbDFJcjRBNUN5Z25nSXotOG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9jMTg1ZjYtNjI3NC00OWRhLWIyZWYt
NjAwMGNiMmQ1OTkwLzEvUlpkTHl5UW9uQThxNDNKb0wzdVVUSmc0SzBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9jMTg1ZjYtNjI3NC00OWRhLWIyZWYtNjAwMGNiMmQ1OTkw
LzEvSV9oNm9ZM2FhbDFJcjRBNUN5Z25nSXotOG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg0PQDAN
BgkqhkiG9w0BAQsFAAOCAQEAslQPt0hbKR1pE882uP35HNS7D8wUOmHnlbtlsiJF
DtMJUpd3MAfyDBpJTiZYdGVmc1jQZ4PGYptYMPQFeHt4+M/L1T08oEoTQNeyxsZM
q0mskBwdMVLP9oCbalBFvTLos56/O52UxZYbMkAfsBMlvSHa41O9zx+O/oZveo5r
S4r1lOnRzGxwJS/G0u658Y+aVie0Ya+Fuq+OANdyPupWj1co2eK3LvxXb7nsmsu8
sCb/bEFQbIOyxAV2Idv9iB9L+xU1EWnDxxfCGpQuKNACPOQ8SipOl9/AXa9lWGZi
7auYtMB9s0MbXqoad0iialEVjJSI77wpnqwSx24juDLknQ==
-----END CERTIFICATE-----
Generated at Wed Apr 24 07:50:07 2024 by rpki-client on console-ams.rpki-client.org