Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/NUcZgRpwb_fFXQrte9Oe2FBeaG8.roa
File: NUcZgRpwb_fFXQrte9Oe2FBeaG8.roa (raw, json)
Hash identifier: nLhgCTC7vNdcye8I2Oj4B+m9PSwLlHWnVTk7zVuOmkc=
Subject key identifier: 35:47:19:81:1A:70:6F:F7:C5:5D:0A:ED:7B:D3:9E:D8:50:5E:68:6F
Certificate issuer: /CN=1bf180eca4e4405e877a8b63923a7588d77e39d2
Certificate serial: 018EE32094322963585A9E12580E0AD6B39F
Authority key identifier: 1B:F1:80:EC:A4:E4:40:5E:87:7A:8B:63:92:3A:75:88:D7:7E:39:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G_GA7KTkQF6Heotjkjp1iNd-OdI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/NUcZgRpwb_fFXQrte9Oe2FBeaG8.roa
Signing time: Mon 15 Apr 2024 18:59:06 +0000
ROA not before: Mon 15 Apr 2024 18:59:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215697
IP address blocks: 2001:678:554::/48 maxlen: 48
2001:67c:e64::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:e3:20:94:32:29:63:58:5a:9e:12:58:0e:0a:d6:b3:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1bf180eca4e4405e877a8b63923a7588d77e39d2
Validity
Not Before: Apr 15 18:59:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=354719811a706ff7c55d0aed7bd39ed8505e686f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:e4:8f:f9:76:fd:b2:3e:e2:e1:47:85:0b:3f:
15:3d:a4:15:33:91:c3:3a:74:04:1f:7c:27:20:e0:
fa:db:18:e0:eb:26:1a:6a:90:91:c9:f0:37:77:1d:
29:82:73:2b:5d:5d:85:1d:1a:38:8f:cb:b1:32:f1:
99:de:0f:f0:67:22:a6:1a:87:20:12:83:dd:6b:50:
6b:7f:7f:9b:5e:b8:fa:50:31:e0:04:50:44:80:3e:
90:b0:9c:26:89:cf:c6:75:93:06:3c:82:e0:67:c9:
eb:08:99:17:dc:6f:49:cc:bd:1f:11:a1:75:0f:c9:
8e:a3:99:dd:a2:e8:3f:8a:e5:88:6d:65:1d:52:42:
cf:ae:3f:df:69:c4:93:a3:91:d8:4f:62:d7:46:e1:
a2:42:f9:1f:92:29:de:a4:4d:32:c9:2a:a1:ad:e2:
9e:30:3d:f9:74:59:cf:ee:e5:74:e3:f3:9f:1b:c7:
29:2f:20:14:89:67:ef:b1:50:54:43:f5:c4:a9:6d:
ef:ae:d2:00:30:7c:34:dd:66:cb:8c:93:06:7b:00:
59:23:d1:27:99:0a:16:14:88:6e:21:dd:d7:54:58:
0f:00:0e:4f:5d:cf:ee:14:b7:37:10:b9:de:ab:a6:
31:91:b6:af:d1:8e:2d:a7:35:d0:63:02:9e:5d:84:
e2:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:47:19:81:1A:70:6F:F7:C5:5D:0A:ED:7B:D3:9E:D8:50:5E:68:6F
X509v3 Authority Key Identifier:
keyid:1B:F1:80:EC:A4:E4:40:5E:87:7A:8B:63:92:3A:75:88:D7:7E:39:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G_GA7KTkQF6Heotjkjp1iNd-OdI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/NUcZgRpwb_fFXQrte9Oe2FBeaG8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/e8922d-b304-4188-bda6-dc6b1ff72c18/1/G_GA7KTkQF6Heotjkjp1iNd-OdI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:554::/48
2001:67c:e64::/48
Signature Algorithm: sha256WithRSAEncryption
1c:8c:f1:16:65:c9:0c:3c:86:45:c7:61:8e:a8:d0:ce:4c:60:
a9:f9:ad:07:10:de:1a:bc:a8:82:34:76:35:6b:77:78:4b:ab:
7e:3c:f1:24:4a:65:ae:f5:9a:4b:ed:dc:6e:bb:8b:1c:12:3c:
97:95:eb:58:32:07:43:7c:9f:99:12:8e:8c:c7:9b:bc:3c:60:
ea:5e:7e:70:fb:90:32:18:e2:40:8e:30:46:1f:5d:fc:a6:18:
7d:8f:36:c4:ae:90:71:66:b1:75:1b:ed:e7:d2:2e:9d:98:e8:
33:59:aa:ab:7c:00:08:2c:0f:5f:60:c6:3e:ce:0a:64:dd:32:
76:37:21:ec:5c:1c:f1:a6:2c:4b:6f:27:b6:4c:f1:e5:83:a2:
2a:02:10:ca:c5:6f:ab:a6:c0:89:10:e2:47:0d:e0:de:c2:65:
0b:8c:54:5c:99:d0:19:93:3e:d6:9b:cb:35:48:90:89:cd:36:
c7:96:5f:fb:a4:8d:c0:71:22:cf:81:28:58:cb:88:93:ad:a9:
6a:d7:f5:a2:dc:e4:96:de:e6:79:68:ba:cf:0d:28:6a:c3:59:
be:c5:86:d5:56:04:6e:94:24:68:61:bb:b4:d8:5a:8d:a5:47:
19:9f:25:7c:29:88:c8:88:c4:07:c6:e4:93:ef:86:ed:85:19:
6c:17:bf:9d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7jIJQyKWNYWp4SWA4K1rOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZjE4MGVjYTRlNDQwNWU4NzdhOGI2MzkyM2E3NTg4ZDc3
ZTM5ZDIwHhcNMjQwNDE1MTg1OTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQ3MTk4MTFhNzA2ZmY3YzU1ZDBhZWQ3YmQzOWVkODUwNWU2ODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeSP+Xb9sj7i4UeFCz8VPaQVM5HD
OnQEH3wnIOD62xjg6yYaapCRyfA3dx0pgnMrXV2FHRo4j8uxMvGZ3g/wZyKmGocg
EoPda1Brf3+bXrj6UDHgBFBEgD6QsJwmic/GdZMGPILgZ8nrCJkX3G9JzL0fEaF1
D8mOo5ndoug/iuWIbWUdUkLPrj/facSTo5HYT2LXRuGiQvkfkinepE0yySqhreKe
MD35dFnP7uV04/OfG8cpLyAUiWfvsVBUQ/XEqW3vrtIAMHw03WbLjJMGewBZI9En
mQoWFIhuId3XVFgPAA5PXc/uFLc3ELneq6Yxkbav0Y4tpzXQYwKeXYTi9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDVHGYEacG/3xV0K7XvTnthQXmhvMB8GA1UdIwQY
MBaAFBvxgOyk5EBeh3qLY5I6dYjXfjnSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR19HQTdLVGtRRjZIZW90amtqcDFpTmQtT2RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9lODkyMmQtYjMwNC00MTg4LWJkYTYt
ZGM2YjFmZjcyYzE4LzEvTlVjWmdScHdiX2ZGWFFydGU5T2UyRkJlYUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9lODkyMmQtYjMwNC00MTg4LWJkYTYtZGM2YjFmZjcyYzE4
LzEvR19HQTdLVGtRRjZIZW90amtqcDFpTmQtT2RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAVU
AwcAIAEGfA5kMA0GCSqGSIb3DQEBCwUAA4IBAQAcjPEWZckMPIZFx2GOqNDOTGCp
+a0HEN4avKiCNHY1a3d4S6t+PPEkSmWu9ZpL7dxuu4scEjyXletYMgdDfJ+ZEo6M
x5u8PGDqXn5w+5AyGOJAjjBGH138phh9jzbErpBxZrF1G+3n0i6dmOgzWaqrfAAI
LA9fYMY+zgpk3TJ2NyHsXBzxpixLbye2TPHlg6IqAhDKxW+rpsCJEOJHDeDewmUL
jFRcmdAZkz7Wm8s1SJCJzTbHll/7pI3AcSLPgShYy4iTralq1/Wi3OSW3uZ5aLrP
DShqw1m+xYbVVgRulCRoYbu02FqNpUcZnyV8KYjIiMQHxuST74bthRlsF7+d
-----END CERTIFICATE-----
Generated at Sun Feb 16 21:59:09 2025 by rpki-client