Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/1-lIt0x2fz1sJoNxgTqqWoUVytfE.roa
File: 1-lIt0x2fz1sJoNxgTqqWoUVytfE.roa (raw, json)
Hash identifier: 9HW6WQzsDPY3tCz5NfEfWdymXIT9b6b0e84IPBjLTaw=
Subject key identifier: FA:52:2D:D3:1D:9F:CF:5B:09:A0:DC:60:4E:AA:96:A1:45:72:B5:F1
Certificate issuer: /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial: 018CC9BB098CFAA1D6715BC399C643889A58
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/1-lIt0x2fz1sJoNxgTqqWoUVytfE.roa
Signing time: Tue 02 Jan 2024 10:32:07 +0000
ROA not before: Tue 02 Jan 2024 10:32:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31458
IP address blocks: 2a01:be60::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bb:09:8c:fa:a1:d6:71:5b:c3:99:c6:43:88:9a:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
Validity
Not Before: Jan 2 10:32:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fa522dd31d9fcf5b09a0dc604eaa96a14572b5f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:cb:1a:fd:70:bc:c0:34:21:2b:ee:8a:20:b2:
89:f6:2a:93:cf:99:a3:8d:50:83:e5:c8:f4:fe:b2:
ab:9e:c7:06:2b:a2:fc:5e:1c:d3:6f:20:17:b1:0f:
06:f7:2e:a9:14:f3:0e:05:9e:8f:ac:2c:1a:4c:0a:
8a:dc:c7:03:d6:04:7b:36:66:25:32:0d:24:44:20:
b5:3a:8a:cd:c9:13:8f:92:9b:a0:e2:af:94:b6:53:
11:b4:4b:d8:f6:02:7c:60:74:46:f9:31:50:1e:47:
3f:df:95:f3:08:a8:63:5b:d6:c2:85:3f:e2:64:25:
d3:a6:fe:ea:14:44:1e:d0:c3:01:d7:9d:f9:2e:92:
78:b1:60:51:c9:85:e9:ff:3a:1f:9e:11:09:4d:ba:
cf:6f:be:3d:46:68:97:5d:0d:0d:c6:15:fd:91:7d:
81:0f:ff:f4:f0:70:f7:9d:dd:c6:36:60:eb:a0:a3:
11:01:26:89:e1:77:93:65:99:c5:76:4c:d1:74:19:
e6:23:38:26:81:ae:1b:70:f3:2b:ae:57:24:e6:28:
73:c8:a3:88:b3:66:2c:81:b6:12:6a:50:53:53:3c:
18:43:46:b2:b5:87:b5:7f:58:da:cf:38:65:1f:ec:
43:87:27:f5:05:dd:33:1e:19:1f:60:c3:27:37:9a:
73:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:52:2D:D3:1D:9F:CF:5B:09:A0:DC:60:4E:AA:96:A1:45:72:B5:F1
X509v3 Authority Key Identifier:
keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/1-lIt0x2fz1sJoNxgTqqWoUVytfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:be60::/32
Signature Algorithm: sha256WithRSAEncryption
3a:b3:61:9d:8d:c5:89:5e:d8:86:e5:38:0b:30:ba:59:85:a3:
90:a7:8c:7d:9b:13:76:20:6a:5a:ce:09:36:38:73:29:1c:2b:
01:59:7b:17:56:66:26:25:2c:c0:a7:57:67:f3:1f:1c:68:19:
5e:29:ab:d2:16:c0:04:cd:e3:eb:39:46:8a:1f:40:da:ac:38:
49:0e:86:36:ea:7e:05:77:a9:41:1d:89:34:3f:82:fe:56:f4:
9d:fc:2a:4f:2d:ce:db:8f:8a:df:88:37:fd:23:48:a7:43:5b:
8f:d8:0f:e2:04:91:36:29:c2:d4:26:d7:b3:9b:24:5b:b8:ed:
82:3e:58:f1:d7:2b:6f:b5:75:1b:1e:c4:2e:a5:b2:86:6e:38:
6e:a6:e1:f2:24:02:ea:28:b2:d1:c8:a1:e1:81:48:6d:59:a5:
ba:9c:29:a3:ab:d0:8b:37:b2:be:c5:d3:7e:e0:03:a7:c0:38:
0a:14:6c:5b:34:ab:8b:5d:2c:49:42:a3:4d:fd:de:f3:8a:8c:
be:70:ed:ca:7b:bd:0b:c5:37:7c:d7:8a:80:8e:ad:34:50:31:
5e:3b:5d:bf:f7:75:39:b4:1a:58:3a:3f:2b:c3:55:79:36:8a:
f3:ec:58:99:96:c0:b8:87:d2:96:fe:d4:6e:6b:19:97:08:60:
c4:d3:5c:40
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJuwmM+qHWcVvDmcZDiJpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTUyMmRkMzFkOWZjZjViMDlhMGRjNjA0ZWFhOTZhMTQ1NzJiNWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8sa/XC8wDQhK+6KILKJ9iqTz5mj
jVCD5cj0/rKrnscGK6L8XhzTbyAXsQ8G9y6pFPMOBZ6PrCwaTAqK3McD1gR7NmYl
Mg0kRCC1OorNyROPkpug4q+UtlMRtEvY9gJ8YHRG+TFQHkc/35XzCKhjW9bChT/i
ZCXTpv7qFEQe0MMB1535LpJ4sWBRyYXp/zofnhEJTbrPb749RmiXXQ0NxhX9kX2B
D//08HD3nd3GNmDroKMRASaJ4XeTZZnFdkzRdBnmIzgmga4bcPMrrlck5ihzyKOI
s2YsgbYSalBTUzwYQ0aytYe1f1jazzhlH+xDhyf1Bd0zHhkfYMMnN5pz4QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPpSLdMdn89bCaDcYE6qlqFFcrXxMB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvMS1sSXQweDJmejFzSm9OeGdUcXFXb1VWeXRmRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzkvNThlNjU1LWU3MTMtNDVkMi05NThhLTE4MjI4NjdlMTU5
Ni8xLzNFNUZPdl9vbGJaRks0UUNkRGZGd0FfVGNHYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoBvmAw
DQYJKoZIhvcNAQELBQADggEBADqzYZ2NxYle2IblOAswulmFo5CnjH2bE3YgalrO
CTY4cykcKwFZexdWZiYlLMCnV2fzHxxoGV4pq9IWwATN4+s5RoofQNqsOEkOhjbq
fgV3qUEdiTQ/gv5W9J38Kk8tztuPit+IN/0jSKdDW4/YD+IEkTYpwtQm17ObJFu4
7YI+WPHXK2+1dRsexC6lsoZuOG6m4fIkAuoostHIoeGBSG1ZpbqcKaOr0Is3sr7F
037gA6fAOAoUbFs0q4tdLElCo0393vOKjL5w7cp7vQvFN3zXioCOrTRQMV47Xb/3
dTm0Glg6PyvDVXk2ivPsWJmWwLiH0pb+1G5rGZcIYMTTXEA=
-----END CERTIFICATE-----
Generated at Thu Oct 31 11:39:21 2024 by rpki-client on console-fra.rpki-client.org