Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/xeHpoRE5XXPrmqHM3_b-BZOPxE0.roa
File: xeHpoRE5XXPrmqHM3_b-BZOPxE0.roa (raw, json)
Hash identifier: oxEMMoHA+nrm34UmAFJUrUqGsHWs5X7+r9+Wn73yJDs=
Subject key identifier: C5:E1:E9:A1:11:39:5D:73:EB:9A:A1:CC:DF:F6:FE:05:93:8F:C4:4D
Certificate issuer: /CN=3026806a6b8dac68c2a32b65849229524fc33da7
Certificate serial: 0186641EFA66EA76C7003CBB4546209C01BC
Authority key identifier: 30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/xeHpoRE5XXPrmqHM3_b-BZOPxE0.roa
Signing time: Sat 18 Feb 2023 10:43:17 +0000
ROA not before: Sat 18 Feb 2023 10:43:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49697
IP address blocks: 2001:678:a00::/48 maxlen: 48
2001:678:964::/48 maxlen: 48
2001:678:974::/48 maxlen: 48
2001:678:97c::/48 maxlen: 48
2001:67c:1250::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:64:1e:fa:66:ea:76:c7:00:3c:bb:45:46:20:9c:01:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3026806a6b8dac68c2a32b65849229524fc33da7
Validity
Not Before: Feb 18 10:43:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5e1e9a111395d73eb9aa1ccdff6fe05938fc44d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:bc:14:2a:2c:5b:c1:7d:f3:ae:1b:c2:57:71:
47:88:14:bf:31:85:fb:dc:91:4b:fd:ba:0b:a3:c1:
ca:49:5b:9d:43:dc:26:e8:3b:77:56:5f:ad:19:71:
91:56:87:cb:e6:26:68:8f:c3:ed:95:26:2a:ca:3c:
3a:17:d2:4e:5f:7d:97:55:ff:35:d6:b1:45:a8:5c:
63:39:fb:7f:a9:5b:24:17:9c:9c:dd:e6:3d:36:9d:
f4:a7:3c:1d:e5:1c:75:63:3e:0c:37:30:79:5d:20:
9b:d6:e7:bf:af:7a:27:b2:01:6f:33:22:c5:b7:8c:
f2:ed:83:4f:eb:b5:af:99:cd:1e:64:c5:67:9d:51:
dd:80:d6:66:54:2e:2f:f3:f4:c6:14:36:70:26:97:
a2:00:8d:80:f6:fe:e2:75:f0:89:97:b9:8f:1e:cc:
70:82:d7:4d:57:d0:55:b6:bf:8d:1b:8a:19:d3:33:
7a:d4:62:7c:d6:b7:12:dc:bd:60:82:b9:9d:c1:34:
d3:3d:5d:01:9e:08:13:6c:2c:43:96:e6:b9:2f:b9:
d4:45:fa:98:c4:32:e1:4c:87:dd:df:91:2d:83:12:
22:55:8a:32:d4:aa:7f:1c:cb:77:d0:7d:77:2d:28:
0e:ba:a1:de:9e:6c:3b:df:88:c0:ae:88:9e:c9:ec:
a9:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:E1:E9:A1:11:39:5D:73:EB:9A:A1:CC:DF:F6:FE:05:93:8F:C4:4D
X509v3 Authority Key Identifier:
keyid:30:26:80:6A:6B:8D:AC:68:C2:A3:2B:65:84:92:29:52:4F:C3:3D:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCaAamuNrGjCoytlhJIpUk_DPac.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/xeHpoRE5XXPrmqHM3_b-BZOPxE0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9dca0e-a41b-4972-bbb5-08e2b1017927/1/MCaAamuNrGjCoytlhJIpUk_DPac.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:964::/48
2001:678:974::/48
2001:678:97c::/48
2001:678:a00::/48
2001:67c:1250::/48
Signature Algorithm: sha256WithRSAEncryption
15:2a:18:6c:02:c5:38:a6:cd:66:63:9c:97:37:16:c4:70:a0:
67:a1:11:05:9a:d3:45:3c:d6:78:17:ff:b7:a8:11:c3:15:75:
c4:87:78:48:9b:6e:d3:cc:f9:ff:0e:8b:1b:e2:bb:77:7a:51:
e4:f7:88:0f:80:1e:0e:e7:e0:b9:48:de:3d:e6:45:36:74:13:
1d:50:5e:29:cf:b0:0d:47:ca:be:f9:25:1e:93:98:fe:d6:24:
d1:ea:77:4c:0f:8a:cb:1d:78:e9:c5:e1:74:b4:ae:0e:c0:2c:
7a:37:24:d1:d0:be:4b:ad:5a:aa:58:61:60:7d:87:3f:82:2e:
66:47:5d:36:a4:98:d3:79:8a:18:df:6f:5d:0f:37:46:19:b6:
03:6b:ba:a6:32:3a:24:1b:93:3d:f9:16:ff:36:71:da:ea:bb:
05:a5:cd:c5:b0:9b:a9:47:40:11:62:e7:c1:46:1d:71:a4:2b:
56:42:aa:60:72:1a:68:db:86:e7:94:93:b7:3a:fd:be:15:cd:
1c:d3:77:92:27:c3:0b:0e:84:92:39:3c:52:c7:a2:f7:01:eb:
51:c9:d9:9b:c5:0f:46:b3:b8:ac:7c:b2:d9:60:c4:45:d5:f1:
6d:eb:02:93:3b:76:74:f2:8e:f6:8d:a6:87:ed:96:cf:42:09:
1d:45:c4:1e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYZkHvpm6nbHADy7RUYgnAG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjY4MDZhNmI4ZGFjNjhjMmEzMmI2NTg0OTIyOTUyNGZj
MzNkYTcwHhcNMjMwMjE4MTA0MzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWUxZTlhMTExMzk1ZDczZWI5YWExY2NkZmY2ZmUwNTkzOGZjNDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7wUKixbwX3zrhvCV3FHiBS/MYX7
3JFL/boLo8HKSVudQ9wm6Dt3Vl+tGXGRVofL5iZoj8PtlSYqyjw6F9JOX32XVf81
1rFFqFxjOft/qVskF5yc3eY9Np30pzwd5Rx1Yz4MNzB5XSCb1ue/r3onsgFvMyLF
t4zy7YNP67Wvmc0eZMVnnVHdgNZmVC4v8/TGFDZwJpeiAI2A9v7idfCJl7mPHsxw
gtdNV9BVtr+NG4oZ0zN61GJ81rcS3L1ggrmdwTTTPV0BnggTbCxDlua5L7nURfqY
xDLhTIfd35EtgxIiVYoy1Kp/HMt30H13LSgOuqHenmw734jAroieyeyp1QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFMXh6aEROV1z65qhzN/2/gWTj8RNMB8GA1UdIwQY
MBaAFDAmgGprjaxowqMrZYSSKVJPwz2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUt
MDhlMmIxMDE3OTI3LzEveGVIcG9SRTVYWFBybXFITTNfYi1CWk9QeEUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85ZGNhMGUtYTQxYi00OTcyLWJiYjUtMDhlMmIxMDE3OTI3
LzEvTUNhQWFtdU5yR2pDb3l0bGhKSXBVa19EUGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAAjAtAwcAIAEGeAlk
AwcAIAEGeAl0AwcAIAEGeAl8AwcAIAEGeAoAAwcAIAEGfBJQMA0GCSqGSIb3DQEB
CwUAA4IBAQAVKhhsAsU4ps1mY5yXNxbEcKBnoREFmtNFPNZ4F/+3qBHDFXXEh3hI
m27TzPn/Dosb4rt3elHk94gPgB4O5+C5SN495kU2dBMdUF4pz7ANR8q++SUek5j+
1iTR6ndMD4rLHXjpxeF0tK4OwCx6NyTR0L5LrVqqWGFgfYc/gi5mR102pJjTeYoY
329dDzdGGbYDa7qmMjokG5M9+Rb/NnHa6rsFpc3FsJupR0ARYufBRh1xpCtWQqpg
chpo24bnlJO3Ov2+Fc0c03eSJ8MLDoSSOTxSx6L3AetRydmbxQ9Gs7isfLLZYMRF
1fFt6wKTO3Z08o72jaaH7ZbPQgkdRcQe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:14 2024 by rpki-client on console-fra.rpki-client.org