Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/TxbdR3e46NGapWllj5rzzwVWh-A.roa
File: TxbdR3e46NGapWllj5rzzwVWh-A.roa (raw, json)
Hash identifier: 1BxTHFkf5aoQ2cRZxnRsqJdqmHs3c4IBYlzRmmmnBTg=
Subject key identifier: 4F:16:DD:47:77:B8:E8:D1:9A:A5:69:65:8F:9A:F3:CF:05:56:87:E0
Certificate issuer: /CN=bc635876af1c7ef82411b404a70d88b7916509f6
Certificate serial: 019003A616100514D65E9EF1366AA074E87E
Authority key identifier: BC:63:58:76:AF:1C:7E:F8:24:11:B4:04:A7:0D:88:B7:91:65:09:F6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/TxbdR3e46NGapWllj5rzzwVWh-A.roa
Signing time: Mon 10 Jun 2024 19:35:34 +0000
ROA not before: Mon 10 Jun 2024 19:35:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7018
IP address blocks: 2a14:62c0::/30 maxlen: 30
2a14:62c4::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:03:a6:16:10:05:14:d6:5e:9e:f1:36:6a:a0:74:e8:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bc635876af1c7ef82411b404a70d88b7916509f6
Validity
Not Before: Jun 10 19:35:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4f16dd4777b8e8d19aa569658f9af3cf055687e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:11:16:c4:b6:77:0e:5d:dd:a9:fd:3a:4d:3f:
b3:56:d9:05:43:4c:ea:f8:9b:d2:77:1d:c9:a4:2d:
e0:d7:da:95:dd:13:2d:ef:84:1b:c2:90:a2:1e:6c:
ee:ca:e7:60:4a:1f:48:68:90:92:0d:8e:45:39:96:
c2:ba:35:b4:71:9a:34:94:c7:19:9e:34:86:a6:f4:
fb:5f:da:4f:c2:ce:a8:3d:79:cc:5c:4c:e8:a1:74:
c8:3b:1d:8d:a1:2f:40:56:14:17:f4:eb:37:e8:6a:
ab:1e:44:6f:17:fc:85:c6:70:93:35:10:40:a8:67:
6c:6e:3d:ac:ab:f4:82:ac:d8:a5:61:ed:8e:13:2e:
c1:cc:60:e5:c3:c9:b4:89:76:c1:57:32:c8:09:54:
80:a8:f3:28:0d:ec:de:c5:9f:cd:e0:a1:30:08:ec:
e0:7f:80:2b:c1:31:4c:79:f0:32:fa:21:16:36:f5:
23:3b:61:62:c6:eb:3c:00:23:76:79:93:d4:1b:99:
fc:2b:0f:9e:e1:84:41:9a:cd:11:00:3d:f5:42:f4:
d8:d0:95:30:89:fc:1c:1a:83:67:ab:2f:b9:44:5f:
c9:e0:d6:7f:99:03:42:c1:ed:0b:01:c8:83:98:96:
76:3b:a7:4a:b6:94:ca:4c:73:b6:e5:99:8b:ee:c2:
fd:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:16:DD:47:77:B8:E8:D1:9A:A5:69:65:8F:9A:F3:CF:05:56:87:E0
X509v3 Authority Key Identifier:
keyid:BC:63:58:76:AF:1C:7E:F8:24:11:B4:04:A7:0D:88:B7:91:65:09:F6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/TxbdR3e46NGapWllj5rzzwVWh-A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:62c0::/29
Signature Algorithm: sha256WithRSAEncryption
07:b0:a4:2c:12:61:08:72:58:81:2f:37:98:47:34:1a:b3:8c:
24:84:93:23:38:90:0a:c1:d5:36:33:72:95:31:82:89:a5:f3:
73:58:4d:2a:e0:6e:57:61:7f:57:a4:40:58:2d:75:54:be:b2:
f5:d7:46:5e:57:4e:0a:62:10:f9:1e:4f:08:27:21:6b:9d:13:
e5:a2:3f:2a:16:59:07:22:17:36:d3:d2:34:3e:34:27:2f:71:
98:53:0f:9f:a1:e2:78:32:33:14:f1:53:43:68:e7:db:c2:21:
d2:1f:74:18:9f:2f:9c:96:d8:3d:b7:6c:77:79:eb:9f:7e:d9:
35:f8:52:ad:3a:c1:96:c8:02:64:71:63:05:20:a3:47:f9:40:
4a:cb:2f:56:b8:ef:e2:2a:4e:46:0d:ee:e5:49:21:5c:75:88:
86:35:82:03:a1:e0:87:34:a5:c5:ad:ad:9a:4d:f0:f9:51:b8:
ae:e9:74:3d:44:82:b0:06:97:53:b6:34:b2:80:b7:69:19:ca:
8f:41:23:06:20:fe:d1:dc:4e:94:05:ce:5e:5f:fe:52:6d:ed:
a5:c0:05:8c:47:62:63:76:8b:95:54:17:23:94:f4:b2:7c:c2:
08:dc:97:cc:dd:4f:e7:6e:f9:fe:d4:d8:66:36:46:38:b7:98:
c4:04:4b:46
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZADphYQBRTWXp7xNmqgdOh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjM1ODc2YWYxYzdlZjgyNDExYjQwNGE3MGQ4OGI3OTE2
NTA5ZjYwHhcNMjQwNjEwMTkzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjE2ZGQ0Nzc3YjhlOGQxOWFhNTY5NjU4ZjlhZjNjZjA1NTY4N2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxEWxLZ3Dl3dqf06TT+zVtkFQ0zq
+JvSdx3JpC3g19qV3RMt74QbwpCiHmzuyudgSh9IaJCSDY5FOZbCujW0cZo0lMcZ
njSGpvT7X9pPws6oPXnMXEzooXTIOx2NoS9AVhQX9Os36GqrHkRvF/yFxnCTNRBA
qGdsbj2sq/SCrNilYe2OEy7BzGDlw8m0iXbBVzLICVSAqPMoDezexZ/N4KEwCOzg
f4ArwTFMefAy+iEWNvUjO2Fixus8ACN2eZPUG5n8Kw+e4YRBms0RAD31QvTY0JUw
ifwcGoNnqy+5RF/J4NZ/mQNCwe0LAciDmJZ2O6dKtpTKTHO25ZmL7sL9fQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE8W3Ud3uOjRmqVpZY+a888FVofgMB8GA1UdIwQY
MBaAFLxjWHavHH74JBG0BKcNiLeRZQn2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdOWWRxOGNmdmdrRWJRRXB3Mkl0NUZsQ2ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8zYWQ0M2UtYTRkYi00NDY1LTgyYjUt
ZmZhZTIwNzAwZTkzLzEvVHhiZFIzZTQ2TkdhcFdsbGo1cnp6d1ZXaC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8zYWQ0M2UtYTRkYi00NDY1LTgyYjUtZmZhZTIwNzAwZTkz
LzEvdkdOWWRxOGNmdmdrRWJRRXB3Mkl0NUZsQ2ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRiwDAN
BgkqhkiG9w0BAQsFAAOCAQEAB7CkLBJhCHJYgS83mEc0GrOMJISTIziQCsHVNjNy
lTGCiaXzc1hNKuBuV2F/V6RAWC11VL6y9ddGXldOCmIQ+R5PCCcha50T5aI/KhZZ
ByIXNtPSND40Jy9xmFMPn6HieDIzFPFTQ2jn28Ih0h90GJ8vnJbYPbdsd3nrn37Z
NfhSrTrBlsgCZHFjBSCjR/lASssvVrjv4ipORg3u5UkhXHWIhjWCA6HghzSlxa2t
mk3w+VG4rul0PUSCsAaXU7Y0soC3aRnKj0EjBiD+0dxOlAXOXl/+Um3tpcAFjEdi
Y3aLlVQXI5T0snzCCNyXzN1P5275/tTYZjZGOLeYxARLRg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:11:48 2025 by rpki-client