Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/HXwyO4MXX6w6JZVTzQ0kMswlhOo.roa
File: HXwyO4MXX6w6JZVTzQ0kMswlhOo.roa (raw, json)
Hash identifier: 9/CnzRblkKetF1TGvl7W+5EWwR1w/uHcV7Tnv97whwQ=
Subject key identifier: 1D:7C:32:3B:83:17:5F:AC:3A:25:95:53:CD:0D:24:32:CC:25:84:EA
Certificate issuer: /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial: 08322052
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/HXwyO4MXX6w6JZVTzQ0kMswlhOo.roa
Signing time: Sat 01 Jan 2022 04:58:52 +0000
ROA not before: Sat 01 Jan 2022 04:58:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35820
IP address blocks: 2a0f:5ec4::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 137502802 (0x8322052)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Validity
Not Before: Jan 1 04:58:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1d7c323b83175fac3a259553cd0d2432cc2584ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:8a:73:b2:76:07:4b:73:47:48:43:cd:7f:74:
8a:a0:36:ca:1c:3f:bd:0d:ba:bf:36:92:15:97:10:
65:53:e7:61:ad:49:3e:ec:58:28:34:a7:64:88:29:
79:45:3c:e3:bc:ac:25:89:49:3a:ec:5f:e2:9d:92:
26:a4:40:3e:74:a7:c7:ff:38:b8:f2:f7:43:34:d9:
5a:0b:05:14:b2:32:65:4e:27:7b:53:5a:3d:66:22:
12:e4:73:2b:02:b5:b5:32:ef:d9:0e:c6:f9:2b:8c:
f7:6d:78:23:9e:50:c6:d1:d9:be:21:46:f7:fb:dd:
7b:55:d6:7b:f4:6d:d7:42:75:db:30:0b:ad:79:6c:
d3:5e:f5:58:8d:7e:fb:48:f3:c6:d1:98:bb:c9:50:
3e:e8:9d:6f:c4:ca:54:e3:a9:fb:80:30:83:56:85:
03:a4:e6:c9:b4:6e:e9:af:c1:27:3f:ff:32:96:e8:
89:ec:34:76:c4:ad:6f:5d:4e:96:bd:55:c2:6d:87:
a4:ba:7b:d5:85:ec:b5:f0:c3:08:3b:93:28:d9:31:
70:30:ab:3f:86:5d:96:81:12:05:78:8f:40:4a:20:
7d:8d:6e:44:52:97:20:53:26:4e:bd:52:aa:a3:7e:
5e:21:eb:b0:29:17:93:a8:02:37:f6:d7:16:f8:84:
9d:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:7C:32:3B:83:17:5F:AC:3A:25:95:53:CD:0D:24:32:CC:25:84:EA
X509v3 Authority Key Identifier:
keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/HXwyO4MXX6w6JZVTzQ0kMswlhOo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:5ec4::/48
Signature Algorithm: sha256WithRSAEncryption
28:78:4f:42:ee:c4:25:66:01:4a:55:bb:6f:fe:ac:ef:fe:29:
10:a5:cc:b7:3e:38:0d:04:b1:68:ba:cb:3a:6e:0f:12:96:82:
b1:c8:2f:67:9d:02:27:a4:45:35:e1:a8:ad:6e:84:7f:f4:b7:
a6:d4:19:9a:e3:d4:e2:98:af:04:cd:6b:8d:d4:1b:14:8c:56:
e9:84:ab:9b:fb:56:c0:57:f3:50:98:d1:de:54:bb:79:29:57:
9f:89:69:ec:7f:4a:aa:9b:56:2c:1c:ab:d3:23:76:13:1b:14:
9a:bf:8e:8c:41:e2:72:b5:ea:fe:89:89:61:e7:f8:6c:a7:94:
56:8c:19:e4:8a:d2:aa:9f:fe:75:6d:24:ee:b6:6e:d1:13:4e:
f7:dc:57:b1:78:e3:18:2d:58:b8:12:b3:37:d8:61:06:cf:63:
ef:22:92:5e:f6:e2:01:2d:e0:cb:34:32:27:7a:df:17:84:6d:
89:e4:b9:60:4f:44:99:fb:e0:c9:db:65:cb:26:97:a3:c6:bc:
17:c6:6f:c9:ce:6d:ee:47:94:6b:35:6a:f0:83:75:63:57:66:
5b:16:5e:03:a9:f0:24:44:9a:7d:53:a0:cd:bd:aa:9c:d8:96:
0f:d1:ec:43:38:b2:83:28:85:8d:1c:d1:98:a9:43:bf:33:bb:
72:b8:13:08
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIECDIgUjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
ZjgyMzA5YTY4MTQ2NzhhZDcyZTNmMzFhNGZlMDI3MmY0MGJkOTg2MB4XDTIyMDEw
MTA0NTg1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWQ3YzMyM2I4MzE3
NWZhYzNhMjU5NTUzY2QwZDI0MzJjYzI1ODRlYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL+Kc7J2B0tzR0hDzX90iqA2yhw/vQ26vzaSFZcQZVPnYa1J
PuxYKDSnZIgpeUU847ysJYlJOuxf4p2SJqRAPnSnx/84uPL3QzTZWgsFFLIyZU4n
e1NaPWYiEuRzKwK1tTLv2Q7G+SuM9214I55QxtHZviFG9/vde1XWe/Rt10J12zAL
rXls0171WI1++0jzxtGYu8lQPuidb8TKVOOp+4Awg1aFA6TmybRu6a/BJz//Mpbo
iew0dsStb11Olr1Vwm2HpLp71YXstfDDCDuTKNkxcDCrP4ZdloESBXiPQEogfY1u
RFKXIFMmTr1SqqN+XiHrsCkXk6gCN/bXFviEnasCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBQdfDI7gxdfrDollVPNDSQyzCWE6jAfBgNVHSMEGDAWgBT/gjCaaBRnitcu
PzGk/gJy9AvZhjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L180SXdtbWdVWjRyWExqOHhwUDRDY3ZRTDJZWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTgvOWZhODNkLWIyYTMtNDVlNC04NDk5LWY1MjU4MTY0MDJiZC8x
L0hYd3lPNE1YWDZ3NkpaVlR6UTBrTXN3bGhPby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgv
OWZhODNkLWIyYTMtNDVlNC04NDk5LWY1MjU4MTY0MDJiZC8xL180SXdtbWdVWjRy
WExqOHhwUDRDY3ZRTDJZWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoPXsQAADANBgkqhkiG9w0BAQsF
AAOCAQEAKHhPQu7EJWYBSlW7b/6s7/4pEKXMtz44DQSxaLrLOm4PEpaCscgvZ50C
J6RFNeGorW6Ef/S3ptQZmuPU4pivBM1rjdQbFIxW6YSrm/tWwFfzUJjR3lS7eSlX
n4lp7H9KqptWLByr0yN2ExsUmr+OjEHicrXq/omJYef4bKeUVowZ5IrSqp/+dW0k
7rZu0RNO99xXsXjjGC1YuBKzN9hhBs9j7yKSXvbiAS3gyzQyJ3rfF4RtieS5YE9E
mfvgydtlyyaXo8a8F8Zvyc5t7keUazVq8IN1Y1dmWxZeA6nwJESafVOgzb2qnNiW
D9HsQziygyiFjRzRmKlDvzO7crgTCA==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:41:58 2025 by rpki-client