Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/pcCUFd5ypIK_XStaaXop5nIV7Z0.roa
File: pcCUFd5ypIK_XStaaXop5nIV7Z0.roa (raw, json)
Hash identifier: CY8GdC4wv4+tyuLCr/aV63RU9Zb9gqzKvcD9bPLbw8U=
Subject key identifier: A5:C0:94:15:DE:72:A4:82:BF:5D:2B:5A:69:7A:29:E6:72:15:ED:9D
Certificate issuer: /CN=c3a8e8648e0ba36a323ab9df6341d668bda6b4d2
Certificate serial: 0185704BA7D7DB56DA9374C43D843EB9AE31
Authority key identifier: C3:A8:E8:64:8E:0B:A3:6A:32:3A:B9:DF:63:41:D6:68:BD:A6:B4:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w6joZI4Lo2oyOrnfY0HWaL2mtNI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/pcCUFd5ypIK_XStaaXop5nIV7Z0.roa
Signing time: Mon 02 Jan 2023 02:24:44 +0000
ROA not before: Mon 02 Jan 2023 02:24:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34734
IP address blocks: 2a11:3780::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:4b:a7:d7:db:56:da:93:74:c4:3d:84:3e:b9:ae:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c3a8e8648e0ba36a323ab9df6341d668bda6b4d2
Validity
Not Before: Jan 2 02:24:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a5c09415de72a482bf5d2b5a697a29e67215ed9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:c1:2c:66:ff:2a:b2:fa:a2:15:47:2a:a7:74:
ea:0c:0b:e7:ef:ea:40:0d:b9:88:9a:ba:eb:3b:92:
d1:31:27:61:94:04:8c:ae:4e:d2:f2:ca:28:55:3e:
82:37:d4:88:53:6e:a4:29:0a:64:61:06:a1:e2:b1:
27:21:e5:91:d9:a4:4c:53:25:44:ab:cc:12:73:8a:
d8:a9:c9:ed:d8:dc:64:c2:c5:9d:0e:50:df:99:bf:
f2:d9:6c:05:e6:f8:ce:a8:c6:37:86:da:ba:3c:03:
64:84:8a:9e:8b:30:2b:05:dc:f2:42:46:3e:f3:21:
75:2b:77:e3:08:23:28:f3:1d:d9:53:50:26:4c:37:
d3:f2:e3:bc:dc:4f:00:21:dc:0a:c8:af:21:78:4c:
da:c0:72:2f:1c:30:59:80:b9:2f:ac:b1:b0:7c:23:
cf:2f:b6:9e:ba:d4:9f:a8:eb:55:b2:63:04:57:50:
16:54:62:37:11:9c:65:bb:65:83:c6:49:ee:67:1e:
3b:15:c1:b1:66:8e:81:fa:49:9c:aa:13:ec:5b:72:
b3:78:a4:64:6c:92:c5:0f:a7:a4:40:f4:80:43:b9:
11:54:66:0b:13:30:01:ee:db:36:b0:98:90:6f:07:
4a:ca:7b:6d:58:ac:71:33:a2:04:42:32:6d:ec:64:
30:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:C0:94:15:DE:72:A4:82:BF:5D:2B:5A:69:7A:29:E6:72:15:ED:9D
X509v3 Authority Key Identifier:
keyid:C3:A8:E8:64:8E:0B:A3:6A:32:3A:B9:DF:63:41:D6:68:BD:A6:B4:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6joZI4Lo2oyOrnfY0HWaL2mtNI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/pcCUFd5ypIK_XStaaXop5nIV7Z0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/w6joZI4Lo2oyOrnfY0HWaL2mtNI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:3780::/29
Signature Algorithm: sha256WithRSAEncryption
08:98:3f:27:50:e3:75:9c:ae:e9:63:d1:8c:96:3a:55:7b:a3:
7f:7d:be:62:58:b2:0b:77:1a:cc:d7:52:fc:0e:2f:0f:bc:9c:
b9:fe:8d:a4:73:74:8a:8a:7c:b1:aa:7e:0e:30:11:e8:2c:0a:
44:04:da:8c:cc:d5:a0:82:25:09:7a:b0:82:49:31:ea:96:6d:
c2:8c:f9:dd:89:14:27:4e:24:01:a3:84:92:1d:ca:b0:0c:70:
2c:d7:ea:12:e7:6e:47:1a:ee:01:61:40:6f:ca:56:3a:13:59:
65:5e:59:eb:d8:a0:f1:64:dd:99:e4:78:f4:fc:2b:56:14:6e:
9e:8e:ff:d0:ab:d5:18:ea:30:8f:18:3b:80:30:f9:a4:fd:56:
e7:65:7e:77:4b:0f:68:ed:08:41:c9:30:0b:90:18:3f:f1:d2:
c2:4b:00:89:7d:db:63:fd:df:e8:28:dc:42:0f:fe:1b:5f:55:
1f:23:a3:8f:29:29:64:3c:24:19:3c:5a:16:ec:b0:31:08:55:
9f:14:7e:2b:8e:22:b7:57:0d:33:69:53:ba:64:74:d3:32:bf:
58:3b:77:d1:4d:3a:7c:6d:d6:a9:08:5b:04:fa:2c:e8:1e:57:
80:95:b5:60:c6:36:e1:37:3f:4a:6a:b0:5c:96:ef:45:5d:25:
d6:a4:d5:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVwS6fX21bak3TEPYQ+ua4xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYThlODY0OGUwYmEzNmEzMjNhYjlkZjYzNDFkNjY4YmRh
NmI0ZDIwHhcNMjMwMTAyMDIyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWMwOTQxNWRlNzJhNDgyYmY1ZDJiNWE2OTdhMjllNjcyMTVlZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8EsZv8qsvqiFUcqp3TqDAvn7+pA
DbmImrrrO5LRMSdhlASMrk7S8sooVT6CN9SIU26kKQpkYQah4rEnIeWR2aRMUyVE
q8wSc4rYqcnt2NxkwsWdDlDfmb/y2WwF5vjOqMY3htq6PANkhIqeizArBdzyQkY+
8yF1K3fjCCMo8x3ZU1AmTDfT8uO83E8AIdwKyK8heEzawHIvHDBZgLkvrLGwfCPP
L7aeutSfqOtVsmMEV1AWVGI3EZxlu2WDxknuZx47FcGxZo6B+kmcqhPsW3KzeKRk
bJLFD6ekQPSAQ7kRVGYLEzAB7ts2sJiQbwdKynttWKxxM6IEQjJt7GQw2wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKXAlBXecqSCv10rWml6KeZyFe2dMB8GA1UdIwQY
MBaAFMOo6GSOC6NqMjq532NB1mi9prTSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZqb1pJNExvMm95T3JuZlkwSFdhTDJtdE5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC81YTNkMjAtZWNhYS00MGVhLTlkYjIt
ZDU5ODQ1ZmI5YjNkLzEvcGNDVUZkNXlwSUtfWFN0YWFYb3A1bklWN1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC81YTNkMjAtZWNhYS00MGVhLTlkYjItZDU5ODQ1ZmI5YjNk
LzEvdzZqb1pJNExvMm95T3JuZlkwSFdhTDJtdE5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhE3gDAN
BgkqhkiG9w0BAQsFAAOCAQEACJg/J1DjdZyu6WPRjJY6VXujf32+YliyC3cazNdS
/A4vD7ycuf6NpHN0iop8sap+DjAR6CwKRATajMzVoIIlCXqwgkkx6pZtwoz53YkU
J04kAaOEkh3KsAxwLNfqEuduRxruAWFAb8pWOhNZZV5Z69ig8WTdmeR49PwrVhRu
no7/0KvVGOowjxg7gDD5pP1W52V+d0sPaO0IQckwC5AYP/HSwksAiX3bY/3f6Cjc
Qg/+G19VHyOjjykpZDwkGTxaFuywMQhVnxR+K44it1cNM2lTumR00zK/WDt30U06
fG3WqQhbBPos6B5XgJW1YMY24Tc/SmqwXJbvRV0l1qTVag==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:13 2023 by rpki-client on console-ams.rpki-client.org