Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qYd_ir2d_IhItnO5NqLiluzpQvE.roa
File: qYd_ir2d_IhItnO5NqLiluzpQvE.roa (raw, json)
Hash identifier: 8G78JX56V4q+ffLn0oalYqkODAwzSo+cFdiEXUU0LD4=
Subject key identifier: A9:87:7F:8A:BD:9D:FC:88:48:B6:73:B9:36:A2:E2:96:EC:E9:42:F1
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 018CC8DF939FA3C9786CB7E922D28AE71DD2
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qYd_ir2d_IhItnO5NqLiluzpQvE.roa
Signing time: Tue 02 Jan 2024 06:32:24 +0000
ROA not before: Tue 02 Jan 2024 06:32:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12608
IP address blocks: 2a0c:7440::/29 maxlen: 29
2a0f:5580::/29 maxlen: 29
2a0f:2380::/29 maxlen: 29
2a0f:a700::/29 maxlen: 29
2a0d:88c0::/29 maxlen: 29
2a0f:7300::/29 maxlen: 29
2a09:5300::/29 maxlen: 29
2a0d:8340::/29 maxlen: 29
2a0c:7540::/29 maxlen: 29
2a0b:a300::/32 maxlen: 32
2a0f:7b80::/29 maxlen: 29
2a0f:7100::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:93:9f:a3:c9:78:6c:b7:e9:22:d2:8a:e7:1d:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Jan 2 06:32:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a9877f8abd9dfc8848b673b936a2e296ece942f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:f8:9a:15:3f:f3:04:72:bf:3c:3f:b8:57:95:
1a:e0:12:af:dc:b6:25:a8:aa:70:c3:1b:db:29:6b:
1c:79:3b:b2:de:48:81:8a:a5:fc:db:a0:c6:86:65:
26:3d:fb:b1:82:a4:7b:03:06:9b:14:cd:0d:23:bb:
fc:b1:97:26:35:84:5d:4e:62:ae:35:82:df:f4:bd:
9e:40:d7:c3:8b:73:bb:8b:ed:c8:72:ef:2c:42:64:
0e:12:23:ef:6d:1c:e7:f9:51:27:3f:91:b2:f2:3e:
67:a6:81:0c:71:31:2e:84:6e:41:1b:12:1c:ad:8d:
9f:94:de:02:92:b4:02:1e:60:c3:49:b7:50:d6:97:
3e:80:be:a6:d3:05:62:61:63:0e:9f:9d:1a:0c:7b:
4f:1c:97:e0:61:e2:62:a8:13:ff:c4:e4:54:8a:0c:
4a:b6:a9:8e:9b:15:4c:d8:3e:b7:48:50:e8:78:29:
f2:2c:e1:15:f8:89:e3:bd:4d:89:aa:bf:26:c5:5f:
2e:37:4b:b0:d6:dc:07:a8:e2:ce:ea:bd:50:4d:0d:
fb:72:84:8f:3b:86:7f:61:2a:04:d3:70:0a:8d:35:
d9:f6:3a:0f:ef:0b:d0:57:7b:b8:7a:e8:21:de:fd:
86:35:76:0e:23:38:f3:88:ee:14:55:0e:a6:33:60:
ed:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:87:7F:8A:BD:9D:FC:88:48:B6:73:B9:36:A2:E2:96:EC:E9:42:F1
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qYd_ir2d_IhItnO5NqLiluzpQvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:5300::/29
2a0b:a300::/32
2a0c:7440::/29
2a0c:7540::/29
2a0d:8340::/29
2a0d:88c0::/29
2a0f:2380::/29
2a0f:5580::/29
2a0f:7100::/29
2a0f:7300::/29
2a0f:7b80::/29
2a0f:a700::/29
Signature Algorithm: sha256WithRSAEncryption
58:23:57:b1:3e:05:33:1e:ee:cc:20:4e:94:87:a7:19:87:82:
19:8d:8c:a9:3b:22:bf:da:6b:b1:18:72:47:ec:83:e8:ba:fa:
4e:da:f1:96:91:98:b8:bd:58:40:57:f7:92:10:75:43:48:b2:
56:12:aa:80:db:9c:62:53:91:f4:0b:6e:76:44:65:b2:ef:f6:
56:93:70:65:8b:e0:44:c7:87:9c:ab:b0:bd:80:fd:1c:84:27:
b6:37:31:d5:3a:33:4c:48:12:78:93:93:fc:73:c3:de:91:e8:
4a:40:76:d5:bd:98:db:8c:69:aa:2d:82:0a:20:c2:2a:d3:1d:
a9:c3:85:a4:3f:56:f4:5e:c9:ba:7a:c8:af:4f:73:1c:06:ee:
cd:86:03:56:e4:26:79:1f:f1:a4:74:15:76:51:93:e9:62:fa:
5e:be:89:3b:f0:d3:2c:f2:12:36:f9:00:65:e6:96:84:54:2f:
96:86:72:23:41:a1:cf:4c:e2:fb:4a:3f:aa:e8:41:b9:8e:25:
51:bb:d5:7d:4e:7d:7e:1c:5d:36:5c:68:de:e6:29:74:1d:9a:
14:66:6e:e5:41:a9:b0:20:95:ea:e0:38:3e:c2:f8:f9:7f:73:
d9:0b:ca:00:fd:7a:1d:06:c8:07:4c:51:d0:5a:e7:b7:cb:c2:
3b:93:b9:c2
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzI35Ofo8l4bLfpItKK5x3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTg3N2Y4YWJkOWRmYzg4NDhiNjczYjkzNmEyZTI5NmVjZTk0MmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/iaFT/zBHK/PD+4V5Ua4BKv3LYl
qKpwwxvbKWsceTuy3kiBiqX826DGhmUmPfuxgqR7AwabFM0NI7v8sZcmNYRdTmKu
NYLf9L2eQNfDi3O7i+3Icu8sQmQOEiPvbRzn+VEnP5Gy8j5npoEMcTEuhG5BGxIc
rY2flN4CkrQCHmDDSbdQ1pc+gL6m0wViYWMOn50aDHtPHJfgYeJiqBP/xORUigxK
tqmOmxVM2D63SFDoeCnyLOEV+InjvU2Jqr8mxV8uN0uw1twHqOLO6r1QTQ37coSP
O4Z/YSoE03AKjTXZ9joP7wvQV3u4eugh3v2GNXYOIzjziO4UVQ6mM2DtfwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFKmHf4q9nfyISLZzuTai4pbs6ULxMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvcVlkX2lyMmRfSWhJdG5PNU5xTGlsdXpwUXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAAjBUAwUDKglTAAMF
ACoLowADBQMqDHRAAwUDKgx1QAMFAyoNg0ADBQMqDYjAAwUDKg8jgAMFAyoPVYAD
BQMqD3EAAwUDKg9zAAMFAyoPe4ADBQMqD6cAMA0GCSqGSIb3DQEBCwUAA4IBAQBY
I1exPgUzHu7MIE6Uh6cZh4IZjYypOyK/2muxGHJH7IPouvpO2vGWkZi4vVhAV/eS
EHVDSLJWEqqA25xiU5H0C252RGWy7/ZWk3Bli+BEx4ecq7C9gP0chCe2NzHVOjNM
SBJ4k5P8c8PekehKQHbVvZjbjGmqLYIKIMIq0x2pw4WkP1b0Xsm6esivT3McBu7N
hgNW5CZ5H/GkdBV2UZPpYvpevok78NMs8hI2+QBl5paEVC+WhnIjQaHPTOL7Sj+q
6EG5jiVRu9V9Tn1+HF02XGje5il0HZoUZm7lQamwIJXq4Dg+wvj5f3PZC8oA/Xod
BsgHTFHQWue3y8I7k7nC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:11 2024 by rpki-client on console-ams.rpki-client.org