Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/xJkgrENHImuNny5hmtaeKNujoYc.roa
File: xJkgrENHImuNny5hmtaeKNujoYc.roa (raw, json)
Hash identifier: sfqfRK9LQpKrihLYS4WGA9cQ4Ri9+wEV8MLX7CkQEDY=
Subject key identifier: C4:99:20:AC:43:47:22:6B:8D:9F:2E:61:9A:D6:9E:28:DB:A3:A1:87
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 0186E143459E21384763ED00CD85FF96943E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/xJkgrENHImuNny5hmtaeKNujoYc.roa
Signing time: Tue 14 Mar 2023 17:55:27 +0000
ROA not before: Tue 14 Mar 2023 17:55:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204084
IP address blocks: 2a0f:7c80::/29 maxlen: 29
2a0b:9800::/29 maxlen: 29
2a0f:3380::/29 maxlen: 29
2a0f:2380::/29 maxlen: 29
2a0b:a300::/29 maxlen: 29
2a0f:a700::/29 maxlen: 29
2a0d:88c0::/29 maxlen: 29
2a0f:7300::/29 maxlen: 29
2a0f:c780::/29 maxlen: 29
2a0f:4580::/29 maxlen: 29
2a0c:7440::/29 maxlen: 29
2a0f:5580::/29 maxlen: 29
2a0c:74c0::/29 maxlen: 29
2a0f:1180::/29 maxlen: 29
2a0f:4680::/29 maxlen: 29
2a0c:7540::/29 maxlen: 29
2a0d:2cc0::/29 maxlen: 29
2a0f:a500::/29 maxlen: 29
2a0f:7100::/29 maxlen: 29
2a07:4a00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e1:43:45:9e:21:38:47:63:ed:00:cd:85:ff:96:94:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Mar 14 17:55:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c49920ac4347226b8d9f2e619ad69e28dba3a187
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:c6:c4:34:a4:1d:fc:d4:3f:48:49:a0:ef:f4:
37:be:38:da:c0:b5:c0:70:6c:78:63:00:55:ba:52:
46:d9:b3:91:a5:2f:08:4a:6f:bf:0b:cb:a8:56:0e:
00:31:76:05:c8:35:7a:1e:ce:df:39:29:46:6e:d2:
16:ad:2e:69:8c:ce:18:8a:eb:f0:2b:45:de:bd:db:
e0:05:68:46:9c:13:ab:61:57:8d:ca:2c:8b:5f:1d:
bc:09:49:ff:a2:ec:8b:53:97:f3:28:ff:6d:db:fc:
6e:3f:22:7b:db:49:24:ce:df:c6:41:64:f6:73:ad:
01:a5:66:de:47:19:26:f4:18:a8:81:c3:94:ca:eb:
c2:59:17:43:dc:25:98:f2:40:12:26:94:93:e3:20:
a8:57:25:ea:d3:58:a4:4e:99:71:d1:03:16:76:d2:
e0:0f:d5:36:cf:78:28:d2:d5:d4:3c:c8:7e:05:90:
a1:73:06:5f:30:f6:12:cb:fa:c0:a8:f6:73:94:3b:
6e:34:e3:bf:f1:c4:dd:1a:70:40:8d:7c:1f:f7:5f:
c0:83:ab:63:ec:07:e1:41:c5:ee:77:03:e6:4f:2b:
71:2f:c5:8a:72:76:43:3e:05:ae:d1:99:a1:ef:03:
30:84:89:70:cf:e2:10:62:51:34:4e:07:c6:56:7b:
81:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:99:20:AC:43:47:22:6B:8D:9F:2E:61:9A:D6:9E:28:DB:A3:A1:87
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/xJkgrENHImuNny5hmtaeKNujoYc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:4a00::/29
2a0b:9800::/29
2a0b:a300::/29
2a0c:7440::/29
2a0c:74c0::/29
2a0c:7540::/29
2a0d:2cc0::/29
2a0d:88c0::/29
2a0f:1180::/29
2a0f:2380::/29
2a0f:3380::/29
2a0f:4580::/29
2a0f:4680::/29
2a0f:5580::/29
2a0f:7100::/29
2a0f:7300::/29
2a0f:7c80::/29
2a0f:a500::/29
2a0f:a700::/29
2a0f:c780::/29
Signature Algorithm: sha256WithRSAEncryption
6e:33:3b:be:61:0c:fc:83:15:df:ef:15:1c:a1:4b:ce:34:86:
d6:4f:41:63:bf:1b:46:1b:46:6f:55:31:8d:58:78:30:a0:d0:
2b:2b:c4:07:36:c0:50:0a:04:b2:d4:00:5c:37:cb:76:b2:dd:
e7:65:bd:af:2c:c4:78:6a:19:9a:91:8d:65:d6:53:09:6c:2e:
31:b6:35:04:e4:c0:95:57:28:6b:29:9e:92:de:5b:9b:4f:bd:
fe:8e:27:35:c4:93:29:99:80:84:37:f8:f7:a4:21:4b:b2:f7:
5c:cd:f5:34:1c:df:5c:55:89:6e:e7:1b:6e:b9:a0:91:4c:3e:
3e:3c:b6:fd:33:53:84:fd:df:38:19:50:2b:3c:cc:2e:0b:17:
2a:0e:24:55:59:af:27:0b:0b:ef:45:e2:5d:ae:fe:62:7c:7d:
36:7e:e3:f6:3d:60:de:f7:cb:3c:df:01:42:6d:c4:b6:06:40:
73:70:2b:88:61:9e:0f:2c:04:d1:93:87:93:76:6d:95:0a:62:
98:1b:d5:c8:f1:1a:5d:2a:d5:1e:11:14:b0:8e:b6:9f:5b:02:
c1:3f:68:74:a7:5f:21:f2:e8:14:58:c1:ce:1b:43:6f:bf:de:
5a:e0:6d:a9:02:89:ec:1c:54:97:f9:5f:6a:fc:0c:e7:4e:03:
fe:9f:4f:d9
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYbhQ0WeIThHY+0AzYX/lpQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwMzE0MTc1NTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDk5MjBhYzQzNDcyMjZiOGQ5ZjJlNjE5YWQ2OWUyOGRiYTNhMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8bENKQd/NQ/SEmg7/Q3vjjawLXA
cGx4YwBVulJG2bORpS8ISm+/C8uoVg4AMXYFyDV6Hs7fOSlGbtIWrS5pjM4Yiuvw
K0XevdvgBWhGnBOrYVeNyiyLXx28CUn/ouyLU5fzKP9t2/xuPyJ720kkzt/GQWT2
c60BpWbeRxkm9BiogcOUyuvCWRdD3CWY8kASJpST4yCoVyXq01ikTplx0QMWdtLg
D9U2z3go0tXUPMh+BZChcwZfMPYSy/rAqPZzlDtuNOO/8cTdGnBAjXwf91/Ag6tj
7AfhQcXudwPmTytxL8WKcnZDPgWu0Zmh7wMwhIlwz+IQYlE0TgfGVnuB2QIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFMSZIKxDRyJrjZ8uYZrWnijbo6GHMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEveEprZ3JFTkhJbXVObnk1aG10YWVLTnVqb1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAIwgYwDBQMq
B0oAAwUDKguYAAMFAyoLowADBQMqDHRAAwUDKgx0wAMFAyoMdUADBQMqDSzAAwUD
Kg2IwAMFAyoPEYADBQMqDyOAAwUDKg8zgAMFAyoPRYADBQMqD0aAAwUDKg9VgAMF
AyoPcQADBQMqD3MAAwUDKg98gAMFAyoPpQADBQMqD6cAAwUDKg/HgDANBgkqhkiG
9w0BAQsFAAOCAQEAbjM7vmEM/IMV3+8VHKFLzjSG1k9BY78bRhtGb1UxjVh4MKDQ
KyvEBzbAUAoEstQAXDfLdrLd52W9ryzEeGoZmpGNZdZTCWwuMbY1BOTAlVcoayme
kt5bm0+9/o4nNcSTKZmAhDf496QhS7L3XM31NBzfXFWJbucbbrmgkUw+Pjy2/TNT
hP3fOBlQKzzMLgsXKg4kVVmvJwsL70XiXa7+Ynx9Nn7j9j1g3vfLPN8BQm3EtgZA
c3AriGGeDywE0ZOHk3ZtlQpimBvVyPEaXSrVHhEUsI62n1sCwT9odKdfIfLoFFjB
zhtDb7/eWuBtqQKJ7BxUl/lfavwM504D/p9P2Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:11 2024 by rpki-client on console-ams.rpki-client.org