Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/BRCFeCdx47jOu1sIGxUjKhsaNhE.roa
File: BRCFeCdx47jOu1sIGxUjKhsaNhE.roa (raw, json)
Hash identifier: dlXEobjOXBI3fA1Mxx53XkcH3uq2lXRSGd/3i9Nllpo=
Subject key identifier: 05:10:85:78:27:71:E3:B8:CE:BB:5B:08:1B:15:23:2A:1B:1A:36:11
Certificate issuer: /CN=0648a991805f93d24bbe1edb3e961f5a1d25b248
Certificate serial: 1C1775
Authority key identifier: 06:48:A9:91:80:5F:93:D2:4B:BE:1E:DB:3E:96:1F:5A:1D:25:B2:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BkipkYBfk9JLvh7bPpYfWh0lskg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/BRCFeCdx47jOu1sIGxUjKhsaNhE.roa
Signing time: Tue 15 Mar 2022 11:07:01 +0000
ROA not before: Tue 15 Mar 2022 11:07:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 174
IP address blocks: 2a0b:4140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1841013 (0x1c1775)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0648a991805f93d24bbe1edb3e961f5a1d25b248
Validity
Not Before: Mar 15 11:07:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=051085782771e3b8cebb5b081b15232a1b1a3611
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:0a:37:f8:2c:20:75:79:11:be:8f:c7:a9:f0:
c0:12:1f:9a:37:9c:86:c1:75:f6:e8:92:ea:5f:16:
0a:d1:c2:e3:63:3a:c3:bb:23:3e:cc:a7:6c:9c:f5:
9e:b8:d2:95:65:3f:92:ac:6f:b7:56:20:c7:3e:34:
41:0e:57:c4:95:02:7a:ed:69:1d:4e:aa:10:49:da:
f0:43:35:2d:db:6a:b0:36:d2:98:87:4d:42:d6:15:
4f:61:74:7a:11:12:eb:e3:6a:ba:87:12:10:11:52:
fa:0a:d7:fe:32:46:3b:59:14:d4:1d:5d:3d:c7:eb:
af:ab:d5:d7:2a:5a:8b:39:cc:27:4b:d7:0e:5f:6d:
83:02:c2:e0:93:d4:1c:2b:87:e4:e9:f3:a2:df:7e:
3b:3e:2a:52:36:c2:ea:0c:f2:44:21:a2:53:ee:30:
38:12:91:f6:65:ab:78:c5:f2:c3:30:e3:8a:38:72:
5f:0c:bf:bd:82:68:f6:b2:1c:95:df:e0:69:2b:8c:
7f:f8:b6:0b:a2:58:ca:88:ec:6f:8c:86:37:c6:b8:
32:82:ac:ea:75:ce:71:ef:ca:56:5c:c2:f1:b6:8c:
ce:b3:13:e2:79:12:44:8a:a6:27:09:06:fa:13:7a:
21:3d:7a:66:42:62:97:51:a9:eb:f7:e9:bb:fa:cc:
88:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:10:85:78:27:71:E3:B8:CE:BB:5B:08:1B:15:23:2A:1B:1A:36:11
X509v3 Authority Key Identifier:
keyid:06:48:A9:91:80:5F:93:D2:4B:BE:1E:DB:3E:96:1F:5A:1D:25:B2:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BkipkYBfk9JLvh7bPpYfWh0lskg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/BRCFeCdx47jOu1sIGxUjKhsaNhE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/BkipkYBfk9JLvh7bPpYfWh0lskg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0b:4140::/29
Signature Algorithm: sha256WithRSAEncryption
28:f0:46:12:8d:e5:55:b8:ec:a6:b0:7a:2f:5b:47:9e:1a:f8:
51:e6:47:10:d7:c5:65:ca:e1:d4:69:4c:a3:78:5f:08:9c:30:
e7:cb:f3:c6:92:1b:47:31:9a:48:0f:16:36:ab:79:ed:53:be:
6e:bb:7e:94:84:b0:3a:94:26:f5:1f:e3:74:a8:d9:c5:ac:a1:
ad:8e:a1:71:95:72:d7:05:d0:b9:fd:79:83:bf:72:7e:f3:5f:
2f:ba:13:fb:2b:3d:6a:90:1b:b5:6e:19:9e:19:3b:14:1c:64:
a9:c1:86:de:c5:48:17:ab:62:2d:64:a8:98:79:54:0e:dc:ae:
3f:88:fa:6a:79:d0:90:7e:69:fd:8d:38:30:68:98:3e:48:5d:
ee:46:df:59:de:f0:63:46:c0:f2:78:dc:00:2c:86:b0:fe:1a:
28:53:44:9a:37:d9:ed:4c:07:3a:74:7e:84:04:15:21:6d:74:
b6:52:c5:a3:a2:0e:a3:40:07:2e:89:8d:b7:04:a3:8c:75:71:
34:4d:65:c7:97:16:d5:cf:27:b2:bc:51:d5:36:bd:d1:3d:d6:
dc:dd:8c:da:84:25:07:42:00:66:9c:45:ae:7e:76:5f:fe:82:
06:56:0f:d2:78:08:df:cc:73:11:e7:b9:b6:71:08:7a:f1:d2:
46:c2:a4:d9
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIDHBd1MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDA2
NDhhOTkxODA1ZjkzZDI0YmJlMWVkYjNlOTYxZjVhMWQyNWIyNDgwHhcNMjIwMzE1
MTEwNzAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwNTEwODU3ODI3NzFl
M2I4Y2ViYjViMDgxYjE1MjMyYTFiMWEzNjExMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAkgo3+CwgdXkRvo/HqfDAEh+aN5yGwXX26JLqXxYK0cLjYzrD
uyM+zKdsnPWeuNKVZT+SrG+3ViDHPjRBDlfElQJ67WkdTqoQSdrwQzUt22qwNtKY
h01C1hVPYXR6ERLr42q6hxIQEVL6Ctf+MkY7WRTUHV09x+uvq9XXKlqLOcwnS9cO
X22DAsLgk9QcK4fk6fOi3347PipSNsLqDPJEIaJT7jA4EpH2Zat4xfLDMOOKOHJf
DL+9gmj2shyV3+BpK4x/+LYLoljKiOxvjIY3xrgygqzqdc5x78pWXMLxtozOsxPi
eRJEiqYnCQb6E3ohPXpmQmKXUanr9+m7+syIkQIDAQABo4ICCjCCAgYwHQYDVR0O
BBYEFAUQhXgnceO4zrtbCBsVIyobGjYRMB8GA1UdIwQYMBaAFAZIqZGAX5PSS74e
2z6WH1odJbJIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
QmtpcGtZQmZrOUpMdmg3YlBwWWZXaDBsc2tnLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9mMC80YTAyMzctODM2Yi00NTk2LTg0OWUtMmQ0MjNiODFkZjFjLzEv
QlJDRmVDZHg0N2pPdTFzSUd4VWpLaHNhTmhFLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC80
YTAyMzctODM2Yi00NTk2LTg0OWUtMmQ0MjNiODFkZjFjLzEvQmtpcGtZQmZrOUpM
dmg3YlBwWWZXaDBsc2tnLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAG
CCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgtBQDANBgkqhkiG9w0BAQsFAAOC
AQEAKPBGEo3lVbjsprB6L1tHnhr4UeZHENfFZcrh1GlMo3hfCJww58vzxpIbRzGa
SA8WNqt57VO+brt+lISwOpQm9R/jdKjZxayhrY6hcZVy1wXQuf15g79yfvNfL7oT
+ys9apAbtW4Znhk7FBxkqcGG3sVIF6tiLWSomHlUDtyuP4j6annQkH5p/Y04MGiY
Pkhd7kbfWd7wY0bA8njcACyGsP4aKFNEmjfZ7UwHOnR+hAQVIW10tlLFo6IOo0AH
LomNtwSjjHVxNE1lx5cW1c8nsrxR1Ta90T3W3N2M2oQlB0IAZpxFrn52X/6CBlYP
0ngI38xzEee5tnEIevHSRsKk2Q==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:13 2023 by rpki-client on console-fra.rpki-client.org