Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/M4nk8KtxwOXt3RafZSC5r1zo_qI.roa
File: M4nk8KtxwOXt3RafZSC5r1zo_qI.roa (raw, json)
Hash identifier: 3lQ6TJVdugfqrOd3PTCUB7XRqJnPaKQOFLaJWfmjjM0=
Subject key identifier: 33:89:E4:F0:AB:71:C0:E5:ED:DD:16:9F:65:20:B9:AF:5C:E8:FE:A2
Certificate issuer: /CN=0648a991805f93d24bbe1edb3e961f5a1d25b248
Certificate serial: 6847
Authority key identifier: 06:48:A9:91:80:5F:93:D2:4B:BE:1E:DB:3E:96:1F:5A:1D:25:B2:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BkipkYBfk9JLvh7bPpYfWh0lskg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/M4nk8KtxwOXt3RafZSC5r1zo_qI.roa
Signing time: Fri 04 Mar 2022 16:01:14 +0000
ROA not before: Fri 04 Mar 2022 16:01:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50113
IP address blocks: 2a0b:4140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26695 (0x6847)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0648a991805f93d24bbe1edb3e961f5a1d25b248
Validity
Not Before: Mar 4 16:01:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3389e4f0ab71c0e5eddd169f6520b9af5ce8fea2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:3b:67:fa:e9:55:6a:22:45:56:08:6d:80:d6:
d7:ec:24:df:de:b2:25:2f:81:7d:e9:18:60:9b:06:
42:6a:76:2f:f0:c0:d4:e0:81:c2:d3:5c:4b:4c:e9:
00:c1:0c:f2:5d:10:75:3c:a0:d5:35:c6:0e:e8:50:
57:66:78:ab:57:f1:db:00:4b:0c:7b:83:4a:e2:21:
7f:97:e2:06:fe:4a:09:65:1d:0f:e9:4b:fb:e1:0f:
db:35:d9:b2:0f:56:e3:3f:bc:0f:b7:6a:cf:1f:70:
31:95:b9:75:e8:40:9e:35:2a:9b:f2:95:10:cb:7a:
2b:27:ad:74:d5:74:b2:98:e2:1b:56:11:14:87:9f:
78:db:05:53:50:6e:eb:44:a5:92:a2:83:3c:b3:64:
e9:bd:8f:58:96:41:e4:0d:97:80:8a:e0:d9:d6:30:
b9:fb:bc:7c:c1:96:29:dd:0f:54:c8:79:62:3c:af:
ca:80:ea:ec:63:31:4f:2f:de:54:bb:19:ae:13:62:
c9:79:67:00:04:d3:87:4a:c2:f6:d0:42:98:e3:58:
3c:3e:34:15:00:1b:4d:3b:2a:9f:31:cf:40:a4:54:
65:42:f5:34:92:84:c6:7c:e5:ff:1a:5d:e5:35:e5:
93:6a:f1:85:02:42:75:8d:f2:a8:bd:e4:9b:fc:5a:
72:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:89:E4:F0:AB:71:C0:E5:ED:DD:16:9F:65:20:B9:AF:5C:E8:FE:A2
X509v3 Authority Key Identifier:
keyid:06:48:A9:91:80:5F:93:D2:4B:BE:1E:DB:3E:96:1F:5A:1D:25:B2:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BkipkYBfk9JLvh7bPpYfWh0lskg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/M4nk8KtxwOXt3RafZSC5r1zo_qI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a0237-836b-4596-849e-2d423b81df1c/1/BkipkYBfk9JLvh7bPpYfWh0lskg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0b:4140::/29
Signature Algorithm: sha256WithRSAEncryption
36:09:20:ee:a2:0d:d1:c0:36:f5:51:a9:5c:af:45:7e:92:d1:
d8:dd:d9:08:a5:01:cf:8a:65:c4:26:a3:59:2a:1a:4c:c8:36:
61:47:9c:3f:1e:d4:8d:e8:d7:48:da:fb:2d:ed:f3:1d:e1:fa:
5d:3c:84:fa:e8:3a:a8:30:35:b8:80:a3:5f:ad:c4:15:4f:58:
f9:49:f3:fb:7c:bc:7c:64:62:10:89:26:ba:47:82:92:82:c3:
9c:47:84:b9:a4:dc:2b:36:0b:c0:e6:bf:98:ac:4d:01:ae:12:
36:bb:57:72:0d:d8:3d:0b:51:6a:f5:df:2e:05:98:8d:fe:2a:
ac:78:47:22:a9:76:c9:84:ec:be:94:38:77:2d:7d:cc:a8:97:
01:f2:b8:60:39:1a:2a:95:66:11:36:71:ca:19:3e:c6:aa:3d:
4e:43:94:b4:45:eb:62:d3:a5:34:26:c7:aa:68:ca:61:bd:c2:
d5:c6:82:b1:d6:7e:82:0f:7a:c3:11:c8:52:8c:28:73:5d:b9:
86:07:12:0b:de:c5:ae:ec:35:53:19:e0:a3:77:b3:33:38:ec:
95:30:f8:ff:67:87:a8:e7:b0:4f:9a:92:a0:de:68:7d:1f:fa:
38:71:b7:ad:55:44:69:7d:97:87:40:2a:5e:06:40:33:28:db:
ea:ed:ac:9a
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgICaEcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMDY0
OGE5OTE4MDVmOTNkMjRiYmUxZWRiM2U5NjFmNWExZDI1YjI0ODAeFw0yMjAzMDQx
NjAxMTRaFw0yMzA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKDMzODllNGYwYWI3MWMw
ZTVlZGRkMTY5ZjY1MjBiOWFmNWNlOGZlYTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMO2f66VVqIkVWCG2A1tfsJN/esiUvgX3pGGCbBkJqdi/wwNTg
gcLTXEtM6QDBDPJdEHU8oNU1xg7oUFdmeKtX8dsASwx7g0riIX+X4gb+SgllHQ/p
S/vhD9s12bIPVuM/vA+3as8fcDGVuXXoQJ41KpvylRDLeisnrXTVdLKY4htWERSH
n3jbBVNQbutEpZKigzyzZOm9j1iWQeQNl4CK4NnWMLn7vHzBlindD1TIeWI8r8qA
6uxjMU8v3lS7Ga4TYsl5ZwAE04dKwvbQQpjjWDw+NBUAG007Kp8xz0CkVGVC9TSS
hMZ85f8aXeU15ZNq8YUCQnWN8qi95Jv8WnIJAgMBAAGjggIKMIICBjAdBgNVHQ4E
FgQUM4nk8KtxwOXt3RafZSC5r1zo/qIwHwYDVR0jBBgwFoAUBkipkYBfk9JLvh7b
PpYfWh0lskgwDgYDVR0PAQH/BAQDAgeAMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEF
BQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9C
a2lwa1lCZms5Skx2aDdiUHBZZldoMGxza2cuY2VyMIGNBggrBgEFBQcBCwSBgDB+
MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9E
RUZBVUxUL2YwLzRhMDIzNy04MzZiLTQ1OTYtODQ5ZS0yZDQyM2I4MWRmMWMvMS9N
NG5rOEt0eHdPWHQzUmFmWlNDNXIxem9fcUkucm9hMIGBBgNVHR8EejB4MHagdKBy
hnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YwLzRh
MDIzNy04MzZiLTQ1OTYtODQ5ZS0yZDQyM2I4MWRmMWMvMS9Ca2lwa1lCZms5Skx2
aDdiUHBZZldoMGxza2cuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYI
KwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqC0FAMA0GCSqGSIb3DQEBCwUAA4IB
AQA2CSDuog3RwDb1Ualcr0V+ktHY3dkIpQHPimXEJqNZKhpMyDZhR5w/HtSN6NdI
2vst7fMd4fpdPIT66DqoMDW4gKNfrcQVT1j5SfP7fLx8ZGIQiSa6R4KSgsOcR4S5
pNwrNgvA5r+YrE0BrhI2u1dyDdg9C1Fq9d8uBZiN/iqseEciqXbJhOy+lDh3LX3M
qJcB8rhgORoqlWYRNnHKGT7Gqj1OQ5S0Reti06U0JseqaMphvcLVxoKx1n6CD3rD
EchSjChzXbmGBxIL3sWu7DVTGeCjd7MzOOyVMPj/Z4eo57BPmpKg3mh9H/o4cbet
VURpfZeHQCpeBkAzKNvq7aya
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:03 2023 by rpki-client on console-ams.rpki-client.org