Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/se3mwUbcK3KFPXiVa2z70ujigW4.roa
File: se3mwUbcK3KFPXiVa2z70ujigW4.roa (raw, json)
Hash identifier: ey3LyksHQjhYZDrTmmZi+1RufW6/9uXJZz+k3MVvtiI=
Subject key identifier: B1:ED:E6:C1:46:DC:2B:72:85:3D:78:95:6B:6C:FB:D2:E8:E2:81:6E
Certificate issuer: /CN=3026806a6b8dac68c2a32b65849229524fc33da7
Certificate serial: 01862B2685685581AF5E28E8433C6415FC06
Authority key identifier: 30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/se3mwUbcK3KFPXiVa2z70ujigW4.roa
Signing time: Tue 07 Feb 2023 09:13:10 +0000
ROA not before: Tue 07 Feb 2023 09:13:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49697
IP address blocks: 2001:678:a00::/48 maxlen: 48
2001:678:974::/48 maxlen: 48
2001:678:964::/48 maxlen: 48
2001:67c:1250::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:2b:26:85:68:55:81:af:5e:28:e8:43:3c:64:15:fc:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3026806a6b8dac68c2a32b65849229524fc33da7
Validity
Not Before: Feb 7 09:13:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b1ede6c146dc2b72853d78956b6cfbd2e8e2816e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:fd:c1:66:48:a5:96:b2:d4:e5:a5:4c:53:6e:
c0:b7:a1:02:99:32:d5:5d:e5:69:67:5f:20:29:9f:
3d:3e:9a:8b:b8:d8:b8:e4:5f:01:fb:70:57:13:b3:
89:5d:d2:93:9b:fb:f7:dd:32:b5:c8:30:97:ff:e9:
25:29:4d:55:d9:4f:4e:63:d0:3f:90:31:02:ac:76:
91:59:7d:25:25:ef:dd:4a:7d:95:56:97:c4:8e:66:
f5:04:a9:2f:01:e8:95:3e:d4:74:d2:a8:64:d0:f9:
2c:ac:5c:62:0a:2c:54:2e:7b:5b:4b:10:db:e7:cc:
31:60:c5:8b:73:b6:0b:79:f7:6b:aa:09:5a:24:ac:
51:bb:ce:97:7a:5f:56:89:09:a3:1e:80:99:7a:06:
c2:56:ce:bf:30:c8:8c:ab:06:53:f4:e1:33:d8:86:
06:84:77:3f:fd:0b:e1:76:b3:c4:5c:10:03:f8:c4:
c4:9d:08:39:a3:9f:ac:86:f3:0f:87:83:4e:fa:88:
62:03:fa:60:52:60:68:82:97:2d:03:9b:9a:cd:67:
4a:74:a5:2d:13:eb:9b:63:c1:f1:9e:c4:37:97:51:
e7:fb:5d:07:d2:05:90:7f:6c:41:7f:18:13:b8:ad:
48:cb:d7:ff:7b:82:29:b1:98:01:f7:a6:35:1f:ad:
7f:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:ED:E6:C1:46:DC:2B:72:85:3D:78:95:6B:6C:FB:D2:E8:E2:81:6E
X509v3 Authority Key Identifier:
keyid:30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/se3mwUbcK3KFPXiVa2z70ujigW4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:964::/48
2001:678:974::/48
2001:678:a00::/48
2001:67c:1250::/48
Signature Algorithm: sha256WithRSAEncryption
4d:1e:00:6d:91:c0:e9:a8:ce:c3:13:ce:de:f9:d6:1a:48:e3:
71:03:39:30:e0:bb:a6:cc:36:7d:d7:7c:a0:aa:54:0e:6b:eb:
4a:ee:26:77:2a:20:db:73:57:dc:15:d0:4e:81:38:b3:ac:fb:
a0:b6:fd:0d:e1:fc:38:e6:da:3f:de:c0:34:70:6c:6b:d0:c1:
9c:4f:4e:8d:3e:f4:fc:d7:99:75:50:b9:d2:33:b3:33:8e:71:
d3:2d:91:ad:c8:9b:cc:17:da:7b:19:b1:32:de:23:ce:0a:0e:
11:cc:07:4f:88:ef:f7:81:93:94:1b:16:78:91:8a:57:75:37:
bf:e3:61:97:d9:ea:78:62:f7:9f:5b:e2:ad:10:e2:47:df:53:
6e:c8:d1:5d:81:d7:ef:d3:7b:57:d2:49:f5:8c:62:70:94:c8:
76:b3:98:3c:3d:8a:6e:55:1a:6f:ae:3b:dc:4f:72:28:f9:c5:
85:52:8d:88:60:f1:84:dc:63:b7:6e:82:55:81:b2:73:73:e0:
ba:f1:03:21:81:21:a7:5d:9d:97:eb:0c:c3:f3:f2:55:7b:40:
77:d6:e5:a5:5e:88:e5:7f:3d:8a:21:8f:14:d6:0c:56:d6:6f:
f8:d8:1c:b9:72:d8:43:c5:d7:98:17:9c:c6:cf:23:8c:f0:7f:
32:e8:51:26
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYYrJoVoVYGvXijoQzxkFfwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjY4MDZhNmI4ZGFjNjhjMmEzMmI2NTg0OTIyOTUyNGZj
MzNkYTcwHhcNMjMwMjA3MDkxMzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWVkZTZjMTQ2ZGMyYjcyODUzZDc4OTU2YjZjZmJkMmU4ZTI4MTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxv3BZkillrLU5aVMU27At6ECmTLV
XeVpZ18gKZ89PpqLuNi45F8B+3BXE7OJXdKTm/v33TK1yDCX/+klKU1V2U9OY9A/
kDECrHaRWX0lJe/dSn2VVpfEjmb1BKkvAeiVPtR00qhk0PksrFxiCixULntbSxDb
58wxYMWLc7YLefdrqglaJKxRu86Xel9WiQmjHoCZegbCVs6/MMiMqwZT9OEz2IYG
hHc//QvhdrPEXBAD+MTEnQg5o5+shvMPh4NO+ohiA/pgUmBogpctA5uazWdKdKUt
E+ubY8HxnsQ3l1Hn+10H0gWQf2xBfxgTuK1Iy9f/e4IpsZgB96Y1H61/uwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLHt5sFG3CtyhT14lWts+9Lo4oFuMB8GA1UdIwQY
MBaAFDAmgGprjaxowqMrZYSSKVJPwz2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUt
MDhlMmIxMDE3OTI3LzEvc2UzbXdVYmNLM0tGUFhpVmEyejcwdWppZ1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUtMDhlMmIxMDE3OTI3
LzEvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcAIAEGeAlk
AwcAIAEGeAl0AwcAIAEGeAoAAwcAIAEGfBJQMA0GCSqGSIb3DQEBCwUAA4IBAQBN
HgBtkcDpqM7DE87e+dYaSONxAzkw4LumzDZ913ygqlQOa+tK7iZ3KiDbc1fcFdBO
gTizrPugtv0N4fw45to/3sA0cGxr0MGcT06NPvT815l1ULnSM7MzjnHTLZGtyJvM
F9p7GbEy3iPOCg4RzAdPiO/3gZOUGxZ4kYpXdTe/42GX2ep4YvefW+KtEOJH31Nu
yNFdgdfv03tX0kn1jGJwlMh2s5g8PYpuVRpvrjvcT3Io+cWFUo2IYPGE3GO3boJV
gbJzc+C68QMhgSGnXZ2X6wzD8/JVe0B31uWlXojlfz2KIY8U1gxW1m/42By5cthD
xdeYF5zGzyOM8H8y6FEm
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:14 2024 by rpki-client on console-fra.rpki-client.org