Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/lYcbsakn5kq_wyTHRDlZVOiD0J8.roa
File: lYcbsakn5kq_wyTHRDlZVOiD0J8.roa (raw, json)
Hash identifier: T/KeA/8EuWwETPODaKZVzmu219ICogy4h4NLkLsyK1o=
Subject key identifier: 95:87:1B:B1:A9:27:E6:4A:BF:C3:24:C7:44:39:59:54:E8:83:D0:9F
Certificate issuer: /CN=39019f9c0ab29b42e0db12e9ac87b327bfc55af9
Certificate serial: 01856C138A6D8630C82DB5B464BF28E67589
Authority key identifier: 39:01:9F:9C:0A:B2:9B:42:E0:DB:12:E9:AC:87:B3:27:BF:C5:5A:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OQGfnAqym0Lg2xLprIezJ7_FWvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/lYcbsakn5kq_wyTHRDlZVOiD0J8.roa
Signing time: Sun 01 Jan 2023 06:44:58 +0000
ROA not before: Sun 01 Jan 2023 06:44:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 13238
IP address blocks: 2a0e:fd87::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:13:8a:6d:86:30:c8:2d:b5:b4:64:bf:28:e6:75:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=39019f9c0ab29b42e0db12e9ac87b327bfc55af9
Validity
Not Before: Jan 1 06:44:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=95871bb1a927e64abfc324c744395954e883d09f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:bb:e5:10:6b:8e:60:60:df:9c:c6:27:f7:57:
5d:55:79:8b:a2:62:98:68:ad:e9:6d:40:65:b3:13:
e9:c4:03:91:30:e6:f9:e9:a1:e1:d2:bf:36:7c:d0:
be:65:09:0c:57:97:d8:b3:13:33:47:7d:61:6e:2c:
8f:6f:92:6a:99:b4:3f:ad:06:4b:3d:38:88:fe:57:
55:83:ff:03:17:b9:bd:26:95:41:f0:a8:40:40:cd:
04:97:9c:d3:36:47:08:f8:7a:73:99:27:69:e5:5e:
8d:79:57:83:3d:47:18:a5:61:aa:d0:39:f8:35:66:
0a:52:dd:4f:3c:70:b9:59:5c:0c:f2:83:1d:90:82:
d2:08:ad:33:c4:15:5d:25:61:51:37:66:72:b2:05:
3f:81:ff:21:9a:fe:b2:4c:66:46:67:ab:38:ba:73:
40:c1:d5:a5:0f:d7:8a:5e:48:bb:e1:d1:99:45:d4:
cf:2c:43:3e:9f:54:70:14:b6:c9:b2:a4:e2:36:50:
44:e8:0f:eb:00:e7:ed:62:e7:78:5b:02:29:1d:45:
7e:c5:91:25:a9:4d:5e:54:1d:20:a1:72:10:9f:95:
2f:75:73:46:11:67:33:10:50:40:ad:61:6a:e8:72:
50:98:7b:e3:63:66:3d:76:4b:02:2b:f6:b4:d7:2d:
f1:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:87:1B:B1:A9:27:E6:4A:BF:C3:24:C7:44:39:59:54:E8:83:D0:9F
X509v3 Authority Key Identifier:
keyid:39:01:9F:9C:0A:B2:9B:42:E0:DB:12:E9:AC:87:B3:27:BF:C5:5A:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQGfnAqym0Lg2xLprIezJ7_FWvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/lYcbsakn5kq_wyTHRDlZVOiD0J8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/430c81-ee4b-4e88-a36f-788f5a58044f/1/OQGfnAqym0Lg2xLprIezJ7_FWvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:fd87::/32
Signature Algorithm: sha256WithRSAEncryption
79:f9:d5:c4:16:fe:fc:33:8e:a4:c0:0b:f8:09:ee:73:11:29:
54:96:3b:38:00:02:25:19:97:84:62:87:86:f5:6a:6a:c8:23:
01:a2:5f:b6:ed:5b:9e:fb:8e:bf:62:e2:9c:40:09:04:79:b9:
9e:c7:85:ca:4b:bd:a5:d1:16:97:f2:62:c9:d5:e5:50:00:cd:
4c:a7:be:32:a5:f7:36:b1:73:0c:3a:e6:74:9e:d6:41:1e:95:
14:84:25:32:10:7a:64:f0:08:da:22:0c:da:ca:b2:e9:ac:65:
4e:f8:0d:19:a3:05:c6:78:67:49:3a:d1:ab:82:09:ad:ca:14:
8a:b2:ad:f1:e4:f7:0f:0f:3b:ed:12:e6:77:60:7f:48:3c:4c:
28:09:c3:30:b5:93:2c:95:30:ef:a3:1f:2e:c8:c9:3b:47:0a:
a6:64:dc:ae:39:f2:5e:e6:0a:b6:a5:40:c7:dd:ea:7b:71:04:
b8:ba:61:f5:a9:c0:ae:3e:3b:f4:c4:87:38:ad:34:5a:ac:fe:
16:9d:e8:e4:fa:b9:29:92:f1:30:2f:16:8d:7e:2e:de:76:9c:
e6:68:fc:e3:bc:f2:83:10:65:8b:d2:de:54:5b:94:39:da:1e:
c7:4c:d2:83:16:ea:03:7e:fe:ca:77:30:e1:6b:28:01:6b:dd:
98:c3:8b:31
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVsE4pthjDILbW0ZL8o5nWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDE5ZjljMGFiMjliNDJlMGRiMTJlOWFjODdiMzI3YmZj
NTVhZjkwHhcNMjMwMTAxMDY0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTg3MWJiMWE5MjdlNjRhYmZjMzI0Yzc0NDM5NTk1NGU4ODNkMDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrvlEGuOYGDfnMYn91ddVXmLomKY
aK3pbUBlsxPpxAORMOb56aHh0r82fNC+ZQkMV5fYsxMzR31hbiyPb5JqmbQ/rQZL
PTiI/ldVg/8DF7m9JpVB8KhAQM0El5zTNkcI+HpzmSdp5V6NeVeDPUcYpWGq0Dn4
NWYKUt1PPHC5WVwM8oMdkILSCK0zxBVdJWFRN2ZysgU/gf8hmv6yTGZGZ6s4unNA
wdWlD9eKXki74dGZRdTPLEM+n1RwFLbJsqTiNlBE6A/rAOftYud4WwIpHUV+xZEl
qU1eVB0goXIQn5UvdXNGEWczEFBArWFq6HJQmHvjY2Y9dksCK/a01y3xzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJWHG7GpJ+ZKv8Mkx0Q5WVTog9CfMB8GA1UdIwQY
MBaAFDkBn5wKsptC4NsS6ayHsye/xVr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FHZm5BcXltMExnMnhMcHJJZXpKN19GV3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80MzBjODEtZWU0Yi00ZTg4LWEzNmYt
Nzg4ZjVhNTgwNDRmLzEvbFljYnNha241a3Ffd3lUSFJEbFpWT2lEMEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80MzBjODEtZWU0Yi00ZTg4LWEzNmYtNzg4ZjVhNTgwNDRm
LzEvT1FHZm5BcXltMExnMnhMcHJJZXpKN19GV3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg79hzAN
BgkqhkiG9w0BAQsFAAOCAQEAefnVxBb+/DOOpMAL+AnucxEpVJY7OAACJRmXhGKH
hvVqasgjAaJftu1bnvuOv2LinEAJBHm5nseFyku9pdEWl/JiydXlUADNTKe+MqX3
NrFzDDrmdJ7WQR6VFIQlMhB6ZPAI2iIM2sqy6axlTvgNGaMFxnhnSTrRq4IJrcoU
irKt8eT3Dw877RLmd2B/SDxMKAnDMLWTLJUw76MfLsjJO0cKpmTcrjnyXuYKtqVA
x93qe3EEuLph9anArj479MSHOK00Wqz+Fp3o5Pq5KZLxMC8WjX4u3nac5mj847zy
gxBli9LeVFuUOdoex0zSgxbqA37+yncw4WsoAWvdmMOLMQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:22 2024 by rpki-client on console-fra.rpki-client.org