Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/PS7Fsj2Ca5lLjWuDcP4trufFYoI.roa
File: PS7Fsj2Ca5lLjWuDcP4trufFYoI.roa (raw, json)
Hash identifier: 3txuxlZfnCDpdQfVbjWsv0x1gUi2XIWaoZQ3O3c98Ts=
Subject key identifier: 3D:2E:C5:B2:3D:82:6B:99:4B:8D:6B:83:70:FE:2D:AE:E7:C5:62:82
Certificate issuer: /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial: 018CC9BB0A0EB76D74BC85750FD8B00BCE88
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/PS7Fsj2Ca5lLjWuDcP4trufFYoI.roa
Signing time: Tue 02 Jan 2024 10:32:07 +0000
ROA not before: Tue 02 Jan 2024 10:32:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39122
IP address blocks: 2a0b:bc7::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bb:0a:0e:b7:6d:74:bc:85:75:0f:d8:b0:0b:ce:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
Validity
Not Before: Jan 2 10:32:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3d2ec5b23d826b994b8d6b8370fe2daee7c56282
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:e9:07:77:b1:59:62:18:9e:98:67:95:2f:46:
86:fb:7d:bb:78:6d:05:70:f1:f9:84:4f:84:bb:4c:
ce:04:f7:40:df:73:f5:68:a9:f7:48:41:71:1d:ec:
37:78:1b:07:16:ce:e8:b7:d2:82:e3:20:ad:fd:f2:
37:5b:40:42:05:fe:46:87:44:0d:2d:36:b7:fc:df:
e9:80:88:7e:66:42:b1:72:9f:5f:ef:47:c9:21:dc:
e8:f2:45:57:b8:d8:61:56:98:eb:09:d1:2c:91:54:
18:77:6b:f6:2d:11:97:ab:b0:33:4c:f5:87:30:a0:
ed:87:3f:d7:0a:ec:80:c0:d2:e7:17:22:92:f3:43:
b4:06:2e:dc:cb:57:17:d0:9f:c0:47:ae:c5:92:67:
fa:db:6b:fb:36:2a:f3:16:59:8a:cd:51:2d:8d:17:
82:ec:7b:1e:ba:68:aa:a4:ce:e3:df:2c:72:0e:a3:
97:0b:d0:5f:db:e3:6a:0e:15:55:5a:40:51:0d:b7:
0e:45:a8:53:ee:4c:2a:86:71:b0:75:36:5a:4e:39:
e9:5c:45:cf:21:a9:df:a1:e3:ff:43:65:62:03:04:
b6:db:6c:4f:34:a7:9a:25:e5:48:04:6e:f4:4f:eb:
96:f4:80:63:30:f4:97:34:19:e1:89:d9:27:74:cc:
bd:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:2E:C5:B2:3D:82:6B:99:4B:8D:6B:83:70:FE:2D:AE:E7:C5:62:82
X509v3 Authority Key Identifier:
keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/PS7Fsj2Ca5lLjWuDcP4trufFYoI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0b:bc7::/32
Signature Algorithm: sha256WithRSAEncryption
5d:3a:07:3d:0a:79:5e:95:4c:bf:25:29:b7:a0:17:af:74:9f:
a0:6a:2d:0b:69:63:d2:65:52:c6:13:01:b8:2d:ac:ae:69:e8:
25:f7:dd:f9:f1:af:98:08:45:9d:61:a0:19:11:bd:64:39:9e:
9a:2f:b9:62:ec:ff:ea:af:a8:30:5f:ff:4f:f1:8b:f6:cc:ac:
b9:64:60:34:fb:3e:27:e9:35:87:6f:3b:f2:87:cf:8d:13:c0:
0a:df:91:d5:74:da:ea:26:e9:4e:7e:1f:95:12:10:27:da:62:
ba:1a:6c:3e:25:9c:6d:40:e5:6f:4e:70:49:60:97:7a:34:ca:
0e:af:ab:e2:d1:70:5b:c8:6b:80:b8:11:b7:13:2d:dd:70:e4:
59:af:61:10:e6:04:10:c1:d1:0b:9e:34:33:a7:7e:f9:a6:43:
ac:65:9c:da:b0:11:9b:3c:36:8f:78:00:f1:05:cb:c1:17:1b:
e1:25:94:b2:43:40:84:93:1c:1d:75:fd:62:a6:c8:35:10:12:
86:d3:76:80:71:29:73:f4:ce:c8:a1:4f:96:13:8b:b2:48:fa:
94:f9:bd:41:fe:88:ce:4d:22:15:10:82:52:90:0b:61:99:15:
f6:b2:75:c9:bb:a2:df:48:85:85:b8:e3:0a:1c:e2:44:32:41:
de:37:ce:c4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJuwoOt210vIV1D9iwC86IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJlYzViMjNkODI2Yjk5NGI4ZDZiODM3MGZlMmRhZWU3YzU2MjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOkHd7FZYhiemGeVL0aG+327eG0F
cPH5hE+Eu0zOBPdA33P1aKn3SEFxHew3eBsHFs7ot9KC4yCt/fI3W0BCBf5Gh0QN
LTa3/N/pgIh+ZkKxcp9f70fJIdzo8kVXuNhhVpjrCdEskVQYd2v2LRGXq7AzTPWH
MKDthz/XCuyAwNLnFyKS80O0Bi7cy1cX0J/AR67Fkmf622v7NirzFlmKzVEtjReC
7HseumiqpM7j3yxyDqOXC9Bf2+NqDhVVWkBRDbcORahT7kwqhnGwdTZaTjnpXEXP
IanfoeP/Q2ViAwS222xPNKeaJeVIBG70T+uW9IBjMPSXNBnhidkndMy9VQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD0uxbI9gmuZS41rg3D+La7nxWKCMB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvUFM3RnNqMkNhNWxMald1RGNQNHRydWZGWW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEtMTgyMjg2N2UxNTk2
LzEvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgsLxzAN
BgkqhkiG9w0BAQsFAAOCAQEAXToHPQp5XpVMvyUpt6AXr3SfoGotC2lj0mVSxhMB
uC2srmnoJffd+fGvmAhFnWGgGRG9ZDmemi+5Yuz/6q+oMF//T/GL9sysuWRgNPs+
J+k1h2878ofPjRPACt+R1XTa6ibpTn4flRIQJ9piuhpsPiWcbUDlb05wSWCXejTK
Dq+r4tFwW8hrgLgRtxMt3XDkWa9hEOYEEMHRC540M6d++aZDrGWc2rARmzw2j3gA
8QXLwRcb4SWUskNAhJMcHXX9YqbINRAShtN2gHEpc/TOyKFPlhOLskj6lPm9Qf6I
zk0iFRCCUpALYZkV9rJ1ybui30iFhbjjChziRDJB3jfOxA==
-----END CERTIFICATE-----
Generated at Thu Oct 31 11:39:22 2024 by rpki-client on console-fra.rpki-client.org