Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/lkJwBVxARLzzCOMvs6jJCtV_WzE.roa
File: lkJwBVxARLzzCOMvs6jJCtV_WzE.roa (raw, json)
Hash identifier: SbS7xomtr1I/3U1sXxHVp28WW2lzZelwPtde8DXqpHw=
Subject key identifier: 96:42:70:05:5C:40:44:BC:F3:08:E3:2F:B3:A8:C9:0A:D5:7F:5B:31
Certificate issuer: /CN=ca707e086640056bc271d5d2b3e24d01440baa04
Certificate serial: 018FEECA9F9362838002796237D4BBCA18F0
Authority key identifier: CA:70:7E:08:66:40:05:6B:C2:71:D5:D2:B3:E2:4D:01:44:0B:AA:04
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/lkJwBVxARLzzCOMvs6jJCtV_WzE.roa
Signing time: Thu 06 Jun 2024 18:23:27 +0000
ROA not before: Thu 06 Jun 2024 18:23:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215427
IP address blocks: 2a14:41c0::/29 maxlen: 29
2a14:42c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:ee:ca:9f:93:62:83:80:02:79:62:37:d4:bb:ca:18:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca707e086640056bc271d5d2b3e24d01440baa04
Validity
Not Before: Jun 6 18:23:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=964270055c4044bcf308e32fb3a8c90ad57f5b31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:96:38:ff:40:9e:f1:e3:dc:10:85:58:bc:ca:
31:a2:52:c9:7a:9b:4b:9c:ea:4b:c7:af:a7:6b:de:
89:6c:7c:77:da:53:0c:9f:28:25:f5:97:f1:05:36:
68:0d:07:0c:fc:c2:63:63:13:5b:ac:0d:df:a4:63:
8b:2e:d5:65:f4:54:e5:c4:7a:31:49:4f:76:20:aa:
9a:26:f9:cb:1a:c6:16:92:00:6e:0b:bb:99:2c:03:
12:0e:9e:48:dd:10:5e:74:ca:f4:88:90:d7:3a:68:
a9:8e:b6:8e:0b:3a:57:6c:46:ee:66:4e:fc:35:49:
aa:82:12:dc:39:91:3a:dd:af:4d:3b:d4:94:7a:6b:
bf:74:48:bf:42:55:78:91:7c:a7:69:99:f5:1e:cc:
84:e8:ee:dc:dc:49:21:4a:fb:58:82:28:e6:77:a4:
b4:73:f5:94:81:09:3c:c1:62:07:7d:f1:0a:19:3e:
ab:c9:e6:91:83:15:7c:1c:f4:15:16:74:10:b5:26:
08:a9:db:4a:d1:66:cc:7b:e6:14:40:e3:13:6e:78:
4c:c3:40:3b:f0:b8:23:67:2a:dc:8e:99:d6:e9:30:
a6:cb:e6:9a:cc:52:ee:90:29:10:9e:d5:77:06:4d:
38:fd:7d:88:f2:cb:56:8e:90:37:8e:9b:32:83:0d:
78:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:42:70:05:5C:40:44:BC:F3:08:E3:2F:B3:A8:C9:0A:D5:7F:5B:31
X509v3 Authority Key Identifier:
keyid:CA:70:7E:08:66:40:05:6B:C2:71:D5:D2:B3:E2:4D:01:44:0B:AA:04
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ynB-CGZABWvCcdXSs-JNAUQLqgQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/lkJwBVxARLzzCOMvs6jJCtV_WzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/376ccd-defa-4028-af1c-b99ce30d839f/1/ynB-CGZABWvCcdXSs-JNAUQLqgQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:41c0::/29
2a14:42c0::/29
Signature Algorithm: sha256WithRSAEncryption
42:11:cf:23:63:54:99:54:d2:34:11:24:91:a5:ff:a2:47:83:
81:8f:5e:28:32:43:b1:3d:10:a3:37:c5:e3:b3:90:94:ab:93:
ec:a1:9e:74:17:59:42:ef:d7:32:cb:02:1c:23:a1:25:73:8f:
97:ae:05:41:a3:20:d8:89:2e:26:15:1b:ef:72:42:29:0a:01:
0d:13:ed:32:c3:2f:29:ea:fb:5b:12:9d:2e:de:74:ee:2a:16:
95:45:d3:de:f5:c7:ea:33:2b:64:1f:33:c5:29:05:e6:85:f9:
76:22:0a:65:8b:22:cd:42:5d:a6:55:b2:33:8a:fa:37:79:1c:
92:e9:a4:a9:76:98:ab:3a:a9:05:f6:a3:53:0d:cc:3e:a5:fa:
fb:2f:7c:39:24:58:b3:54:4e:3d:dd:65:59:2f:10:db:8f:b6:
f0:b9:6f:4d:69:a7:85:30:71:87:af:cf:03:d8:fd:49:ff:0c:
c3:b2:a6:cf:bd:1a:e2:5a:a1:5b:17:4a:07:35:23:6c:12:c9:
58:58:cf:79:bf:ae:c0:57:a2:81:c9:e7:91:a7:76:24:36:77:
69:3f:8e:d6:f3:b4:7f:71:be:ab:3c:a3:11:32:79:78:d7:a2:
71:48:39:3f:6a:f2:09:c2:53:d1:67:26:e9:f2:a3:c3:d7:87:
f9:1d:48:16
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY/uyp+TYoOAAnliN9S7yhjwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNzA3ZTA4NjY0MDA1NmJjMjcxZDVkMmIzZTI0ZDAxNDQw
YmFhMDQwHhcNMjQwNjA2MTgyMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjQyNzAwNTVjNDA0NGJjZjMwOGUzMmZiM2E4YzkwYWQ1N2Y1YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5Y4/0Ce8ePcEIVYvMoxolLJeptL
nOpLx6+na96JbHx32lMMnygl9ZfxBTZoDQcM/MJjYxNbrA3fpGOLLtVl9FTlxHox
SU92IKqaJvnLGsYWkgBuC7uZLAMSDp5I3RBedMr0iJDXOmipjraOCzpXbEbuZk78
NUmqghLcOZE63a9NO9SUemu/dEi/QlV4kXynaZn1HsyE6O7c3EkhSvtYgijmd6S0
c/WUgQk8wWIHffEKGT6ryeaRgxV8HPQVFnQQtSYIqdtK0WbMe+YUQOMTbnhMw0A7
8LgjZyrcjpnW6TCmy+aazFLukCkQntV3Bk04/X2I8stWjpA3jpsygw14HQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJZCcAVcQES88wjjL7OoyQrVf1sxMB8GA1UdIwQY
MBaAFMpwfghmQAVrwnHV0rPiTQFEC6oEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW5CLUNHWkFCV3ZDY2RYU3MtSk5BVVFMcWdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zNzZjY2QtZGVmYS00MDI4LWFmMWMt
Yjk5Y2UzMGQ4MzlmLzEvbGtKd0JWeEFSTHp6Q09NdnM2akpDdFZfV3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zNzZjY2QtZGVmYS00MDI4LWFmMWMtYjk5Y2UzMGQ4Mzlm
LzEveW5CLUNHWkFCV3ZDY2RYU3MtSk5BVVFMcWdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhRBwAMF
AyoUQsAwDQYJKoZIhvcNAQELBQADggEBAEIRzyNjVJlU0jQRJJGl/6JHg4GPXigy
Q7E9EKM3xeOzkJSrk+yhnnQXWULv1zLLAhwjoSVzj5euBUGjINiJLiYVG+9yQikK
AQ0T7TLDLynq+1sSnS7edO4qFpVF0971x+ozK2QfM8UpBeaF+XYiCmWLIs1CXaZV
sjOK+jd5HJLppKl2mKs6qQX2o1MNzD6l+vsvfDkkWLNUTj3dZVkvENuPtvC5b01p
p4UwcYevzwPY/Un/DMOyps+9GuJaoVsXSgc1I2wSyVhYz3m/rsBXooHJ55GndiQ2
d2k/jtbztH9xvqs8oxEyeXjXonFIOT9q8gnCU9FnJunyo8PXh/kdSBY=
-----END CERTIFICATE-----
Generated at Mon Jul 1 18:05:18 2024 by rpki-client on console-ams.rpki-client.org