Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/ZSDJhP4qlD0KR1YGpEXCcTVTJIk.roa
File: ZSDJhP4qlD0KR1YGpEXCcTVTJIk.roa (raw, json)
Hash identifier: A7NJEYaTeSyToY3SoBZZXRo4ob7upbXoCTNXdsLrrQw=
Subject key identifier: 65:20:C9:84:FE:2A:94:3D:0A:47:56:06:A4:45:C2:71:35:53:24:89
Certificate issuer: /CN=8936df4ac2f467ea66c1197a8629d3f64bb563f0
Certificate serial: 03050C18
Authority key identifier: 89:36:DF:4A:C2:F4:67:EA:66:C1:19:7A:86:29:D3:F6:4B:B5:63:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/ZSDJhP4qlD0KR1YGpEXCcTVTJIk.roa
Signing time: Sat 01 Jan 2022 07:54:11 +0000
ROA not before: Sat 01 Jan 2022 07:54:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207722
IP address blocks: 2001:678:ba8::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 50662424 (0x3050c18)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8936df4ac2f467ea66c1197a8629d3f64bb563f0
Validity
Not Before: Jan 1 07:54:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6520c984fe2a943d0a475606a445c27135532489
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:c8:f7:61:34:dd:d1:d0:40:b7:50:32:cc:64:
30:59:81:3e:7b:ac:6d:c3:a3:12:43:f7:73:51:cc:
e3:f8:2f:f7:97:44:ee:e1:e7:81:a0:ae:28:08:d8:
ff:7d:8f:a7:24:5c:6f:71:61:5e:8b:9b:03:ee:9f:
73:9a:ed:f1:d6:20:79:a9:63:ae:fc:5e:9f:c4:e3:
3e:ba:39:7c:6b:26:96:7f:a3:50:1a:85:0b:98:4d:
25:3a:5d:43:b5:4c:69:a5:15:b0:df:c9:e1:a4:15:
e0:e5:5f:32:b4:3e:c5:e4:75:26:7c:99:fc:cd:5a:
b1:e1:8b:48:a5:2a:2d:a2:a9:e3:72:84:fe:8e:66:
b4:f7:25:75:75:16:11:27:58:10:e0:fb:d2:ad:bf:
6b:b8:61:bb:c1:8c:9e:49:76:58:3b:2f:a1:96:53:
a0:14:e7:f4:d1:60:7f:3c:16:4c:bb:10:e4:02:68:
5a:8c:97:9d:79:48:97:19:90:f0:8d:51:22:d8:cd:
90:1e:b6:e0:dd:93:ae:d3:2b:40:dd:ea:ca:6b:fb:
83:f1:e3:0b:2c:55:33:d6:35:57:6f:1b:0a:4b:2a:
3e:26:d6:c5:ba:ca:8b:a0:0e:de:19:b9:76:10:e1:
ef:4d:21:9c:4e:9a:8a:90:2d:fb:dd:76:f4:30:f5:
7d:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:20:C9:84:FE:2A:94:3D:0A:47:56:06:A4:45:C2:71:35:53:24:89
X509v3 Authority Key Identifier:
keyid:89:36:DF:4A:C2:F4:67:EA:66:C1:19:7A:86:29:D3:F6:4B:B5:63:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/ZSDJhP4qlD0KR1YGpEXCcTVTJIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:ba8::/48
Signature Algorithm: sha256WithRSAEncryption
a2:10:e4:ad:de:d0:a6:b3:c6:83:08:4b:ff:62:37:3c:ad:69:
d0:e6:1e:6a:2b:d2:04:95:87:0a:30:a5:95:dd:6d:b5:60:59:
43:79:42:ad:c5:80:1f:a2:49:b5:25:a5:c2:28:7a:2a:87:20:
c2:e1:ae:9e:a1:97:a6:11:df:d8:67:89:54:f0:c2:9c:c4:1b:
c0:61:4a:40:83:62:1f:30:93:25:5f:59:2b:19:f7:d9:4e:6c:
98:67:33:fb:cf:ff:10:68:68:5c:ed:30:33:ae:a4:f7:64:e5:
05:bc:25:a4:ef:55:0e:ca:03:0e:20:5d:13:f8:78:ed:4b:41:
60:f3:ab:d2:0a:82:f6:17:7c:aa:48:07:52:0d:e7:fc:80:c6:
3a:a9:04:15:f3:c9:b9:a8:80:74:d1:3a:2a:a8:93:9e:28:f3:
dc:51:c6:ca:21:50:0e:72:4f:1e:96:f0:e6:e6:b3:27:47:43:
42:8d:dc:94:41:0c:85:02:4b:06:3b:14:ba:08:1e:ed:91:4b:
e4:4e:a4:89:ce:5e:65:2d:0d:93:9a:f1:09:43:5b:e2:12:2c:
07:f0:68:af:6b:04:97:7e:e5:b1:d6:92:72:68:56:f0:ad:bf:
02:8c:ef:ff:e3:4c:b2:4f:44:23:a8:84:37:1d:54:05:43:f7:
25:7f:c9:73
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEAwUMGDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
OTM2ZGY0YWMyZjQ2N2VhNjZjMTE5N2E4NjI5ZDNmNjRiYjU2M2YwMB4XDTIyMDEw
MTA3NTQxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjUyMGM5ODRmZTJh
OTQzZDBhNDc1NjA2YTQ0NWMyNzEzNTUzMjQ4OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJjI92E03dHQQLdQMsxkMFmBPnusbcOjEkP3c1HM4/gv95dE
7uHngaCuKAjY/32PpyRcb3FhXoubA+6fc5rt8dYgealjrvxen8TjPro5fGsmln+j
UBqFC5hNJTpdQ7VMaaUVsN/J4aQV4OVfMrQ+xeR1JnyZ/M1aseGLSKUqLaKp43KE
/o5mtPcldXUWESdYEOD70q2/a7hhu8GMnkl2WDsvoZZToBTn9NFgfzwWTLsQ5AJo
WoyXnXlIlxmQ8I1RItjNkB624N2TrtMrQN3qymv7g/HjCyxVM9Y1V28bCksqPibW
xbrKi6AO3hm5dhDh700hnE6aipAt+9129DD1fdUCAwEAAaOCAgwwggIIMB0GA1Ud
DgQWBBRlIMmE/iqUPQpHVgakRcJxNVMkiTAfBgNVHSMEGDAWgBSJNt9KwvRn6mbB
GXqGKdP2S7Vj8DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2lUYmZTc0wwWi1wbXdSbDZoaW5UOWt1MVlfQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmIvNzg5NWY4LWFjMzEtNDc5OC04NDA0LTRlMjc4ZGQ0OGEzZi8x
L1pTREpoUDRxbEQwS1IxWUdwRVhDY1RWVEpJay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmIv
Nzg5NWY4LWFjMzEtNDc5OC04NDA0LTRlMjc4ZGQ0OGEzZi8xL2lUYmZTc0wwWi1w
bXdSbDZoaW5UOWt1MVlfQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAi
BggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBngLqDANBgkqhkiG9w0BAQsF
AAOCAQEAohDkrd7QprPGgwhL/2I3PK1p0OYeaivSBJWHCjClld1ttWBZQ3lCrcWA
H6JJtSWlwih6KocgwuGunqGXphHf2GeJVPDCnMQbwGFKQINiHzCTJV9ZKxn32U5s
mGcz+8//EGhoXO0wM66k92TlBbwlpO9VDsoDDiBdE/h47UtBYPOr0gqC9hd8qkgH
Ug3n/IDGOqkEFfPJuaiAdNE6KqiTnijz3FHGyiFQDnJPHpbw5uazJ0dDQo3clEEM
hQJLBjsUugge7ZFL5E6kic5eZS0Nk5rxCUNb4hIsB/Bor2sEl37lsdaScmhW8K2/
Aozv/+NMsk9EI6iENx1UBUP3JX/Jcw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:27:33 2025 by rpki-client