Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/8EA7FOLQ_GfiYtgomNU5jhR8Xa0.roa
File: 8EA7FOLQ_GfiYtgomNU5jhR8Xa0.roa (raw, json)
Hash identifier: 5r9HJzB06/wYxMvj/aKr/s25z8LHdl687vqu/i+Sh9I=
Subject key identifier: F0:40:3B:14:E2:D0:FC:67:E2:62:D8:28:98:D5:39:8E:14:7C:5D:AD
Certificate issuer: /CN=d03febfd537e320cbbec2b4e22677b9ae66f604e
Certificate serial: 018CC9BBBA87C393EED0D93C094355588186
Authority key identifier: D0:3F:EB:FD:53:7E:32:0C:BB:EC:2B:4E:22:67:7B:9A:E6:6F:60:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0D_r_VN-Mgy77CtOImd7muZvYE4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/8EA7FOLQ_GfiYtgomNU5jhR8Xa0.roa
Signing time: Tue 02 Jan 2024 10:32:52 +0000
ROA not before: Tue 02 Jan 2024 10:32:52 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 22773
IP address blocks: 2a0a:cd40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bb:ba:87:c3:93:ee:d0:d9:3c:09:43:55:58:81:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d03febfd537e320cbbec2b4e22677b9ae66f604e
Validity
Not Before: Jan 2 10:32:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f0403b14e2d0fc67e262d82898d5398e147c5dad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:7b:dc:29:fa:fa:c9:11:62:c6:2a:44:6b:e6:
9a:99:a2:08:68:76:a9:5f:f0:b6:f8:29:3d:68:dd:
b1:84:d2:c5:97:d6:5e:3b:27:2e:d4:28:2b:f7:f7:
76:9f:c3:00:04:3d:b7:63:51:41:6f:67:82:9f:03:
26:7c:61:73:88:d9:5e:4c:7b:d9:a7:7b:01:f2:4e:
18:a2:b8:13:40:51:6b:04:b7:5e:f2:84:32:da:31:
37:91:8b:77:aa:0a:a5:40:4c:bb:c7:2b:be:09:ba:
13:6a:f9:73:ee:fe:04:a7:1f:3c:f2:44:31:58:e9:
cf:ea:d8:5d:06:73:b7:81:47:60:47:21:c8:ad:88:
e1:74:a0:37:8f:63:f6:7f:a1:9c:26:d3:b7:37:20:
93:d3:f8:47:1b:37:3e:1e:17:14:7e:9d:50:b5:9b:
87:71:e1:fc:49:29:a6:59:70:5a:29:b2:12:77:23:
12:7e:4d:f7:bd:10:39:4c:2c:4f:9f:05:59:e2:84:
9a:07:3c:8b:59:59:dc:63:a5:b0:f9:84:83:40:fe:
ff:56:e8:c0:b5:b3:d9:8d:be:11:6c:bb:7d:bc:a9:
d4:68:f1:92:df:12:66:b3:e9:aa:e0:e3:54:c7:95:
51:b7:62:83:59:9b:ed:e1:42:0b:51:a7:0e:d5:92:
b9:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:40:3B:14:E2:D0:FC:67:E2:62:D8:28:98:D5:39:8E:14:7C:5D:AD
X509v3 Authority Key Identifier:
keyid:D0:3F:EB:FD:53:7E:32:0C:BB:EC:2B:4E:22:67:7B:9A:E6:6F:60:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0D_r_VN-Mgy77CtOImd7muZvYE4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/8EA7FOLQ_GfiYtgomNU5jhR8Xa0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/0D_r_VN-Mgy77CtOImd7muZvYE4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:cd40::/29
Signature Algorithm: sha256WithRSAEncryption
61:48:6a:74:64:a3:5d:cb:73:4c:79:3d:bd:9d:77:a6:55:99:
ba:a2:c2:ad:86:a9:b2:7d:31:ea:a6:b6:a2:55:41:df:7c:73:
a5:e0:61:65:f1:31:8e:a6:65:78:8e:61:04:8d:a0:d6:cc:65:
a7:1a:fc:c9:4c:2e:91:c9:f6:62:7c:be:5c:ed:df:cf:31:38:
82:a4:91:46:41:2a:36:a6:27:43:51:57:ae:d4:6f:5a:34:ac:
05:71:5e:d3:aa:b7:37:95:b4:55:db:78:66:77:23:a9:0a:59:
2f:f6:ec:09:63:50:d8:28:1d:97:2d:58:b9:50:72:c9:02:70:
19:4c:38:f2:3c:1a:97:d6:cc:df:ef:03:4a:29:a7:09:04:1a:
4e:09:d1:f9:d1:82:8e:97:bf:e1:1d:46:fb:27:e7:46:c2:b6:
64:88:00:f0:d9:7b:9f:0e:f7:c1:bd:34:16:51:85:79:0a:8f:
05:a4:a9:c1:ed:64:ed:28:04:b3:86:78:2c:b2:4c:f2:b4:ad:
1f:56:36:57:77:fc:57:99:97:b8:e3:c0:0c:69:6e:43:f6:1e:
60:25:8d:10:80:37:2e:81:b2:a5:63:cf:d7:ec:4a:0c:45:b0:
bf:d7:0e:f1:ac:48:fc:48:4a:08:72:2c:16:13:b2:bb:17:1c:
73:8c:69:8e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJu7qHw5Pu0Nk8CUNVWIGGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwM2ZlYmZkNTM3ZTMyMGNiYmVjMmI0ZTIyNjc3YjlhZTY2
ZjYwNGUwHhcNMjQwMTAyMTAzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQwM2IxNGUyZDBmYzY3ZTI2MmQ4Mjg5OGQ1Mzk4ZTE0N2M1ZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3vcKfr6yRFixipEa+aamaIIaHap
X/C2+Ck9aN2xhNLFl9ZeOycu1Cgr9/d2n8MABD23Y1FBb2eCnwMmfGFziNleTHvZ
p3sB8k4YorgTQFFrBLde8oQy2jE3kYt3qgqlQEy7xyu+CboTavlz7v4Epx888kQx
WOnP6thdBnO3gUdgRyHIrYjhdKA3j2P2f6GcJtO3NyCT0/hHGzc+HhcUfp1QtZuH
ceH8SSmmWXBaKbISdyMSfk33vRA5TCxPnwVZ4oSaBzyLWVncY6Ww+YSDQP7/VujA
tbPZjb4RbLt9vKnUaPGS3xJms+mq4ONUx5VRt2KDWZvt4UILUacO1ZK5PwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPBAOxTi0Pxn4mLYKJjVOY4UfF2tMB8GA1UdIwQY
MBaAFNA/6/1TfjIMu+wrTiJne5rmb2BOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERfcl9WTi1NZ3k3N0N0T0ltZDdtdVp2WUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9hMTE1NjctMjU5ZS00ZDFiLWJmY2It
MjgxZmFkZTI4MzRiLzEvOEVBN0ZPTFFfR2ZpWXRnb21OVTVqaFI4WGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9hMTE1NjctMjU5ZS00ZDFiLWJmY2ItMjgxZmFkZTI4MzRi
LzEvMERfcl9WTi1NZ3k3N0N0T0ltZDdtdVp2WUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgrNQDAN
BgkqhkiG9w0BAQsFAAOCAQEAYUhqdGSjXctzTHk9vZ13plWZuqLCrYapsn0x6qa2
olVB33xzpeBhZfExjqZleI5hBI2g1sxlpxr8yUwukcn2Yny+XO3fzzE4gqSRRkEq
NqYnQ1FXrtRvWjSsBXFe06q3N5W0Vdt4ZncjqQpZL/bsCWNQ2Cgdly1YuVByyQJw
GUw48jwal9bM3+8DSimnCQQaTgnR+dGCjpe/4R1G+yfnRsK2ZIgA8Nl7nw73wb00
FlGFeQqPBaSpwe1k7SgEs4Z4LLJM8rStH1Y2V3f8V5mXuOPADGluQ/YeYCWNEIA3
LoGypWPP1+xKDEWwv9cO8axI/EhKCHIsFhOyuxccc4xpjg==
-----END CERTIFICATE-----
Generated at Thu Feb 29 16:39:03 2024 by rpki-client on console-ams.rpki-client.org