Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/3FvBVG9hUXS4EmkW5i-Aw1dQ5JA.roa
File: 3FvBVG9hUXS4EmkW5i-Aw1dQ5JA.roa (raw, json)
Hash identifier: GjYUGeUROI3CHjnQlbNec0Ov9+gmtaxYyHO8nK3lY6o=
Subject key identifier: DC:5B:C1:54:6F:61:51:74:B8:12:69:16:E6:2F:80:C3:57:50:E4:90
Certificate issuer: /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial: 018A710DF36FFE6F5437759C5280C64D0495
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/3FvBVG9hUXS4EmkW5i-Aw1dQ5JA.roa
Signing time: Thu 07 Sep 2023 19:10:54 +0000
ROA not before: Thu 07 Sep 2023 19:10:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212144
IP address blocks: 2a06:5fc0::/30 maxlen: 30
2a10:3f80::/30 maxlen: 30
2a05:9a40::/29 maxlen: 30
2a05:9a40::/30 maxlen: 30
2a10:3c80::/29 maxlen: 29
2a05:9a44::/30 maxlen: 30
2a10:b40::/29 maxlen: 29
2a0d:6f80::/30 maxlen: 30
2a10:77c0::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:71:0d:f3:6f:fe:6f:54:37:75:9c:52:80:c6:4d:04:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Validity
Not Before: Sep 7 19:10:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dc5bc1546f615174b8126916e62f80c35750e490
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:26:c1:5c:17:92:9a:34:56:33:86:d0:22:da:
5b:54:80:31:bc:8f:c7:fd:9b:59:b4:7e:92:b8:17:
7e:70:4c:d4:b9:83:ed:87:9c:2c:b8:5f:fe:2b:ed:
c3:9a:bb:14:12:fb:6a:2b:e3:74:fb:b1:47:4d:6a:
49:58:3c:70:d1:c8:d8:da:87:fa:e1:57:aa:6c:f9:
f3:cf:95:0f:af:a6:90:28:b2:e9:0f:95:49:95:1f:
e8:11:34:e3:41:d1:99:dd:db:00:84:7d:1e:12:06:
04:24:a6:f1:d1:9b:e9:80:7b:d4:f4:9a:cc:19:03:
8f:0f:ff:32:bf:98:30:89:7f:dd:d3:9f:ab:4b:d9:
b9:b0:00:f7:83:f8:43:6e:34:33:32:7e:85:31:08:
da:a5:39:17:fd:b9:33:de:a7:a1:d5:45:c2:65:e4:
27:cb:04:9c:d1:ea:d6:4f:be:57:ef:4e:68:01:99:
9f:8d:9b:1f:92:a0:bf:21:81:36:d6:d0:0e:d5:73:
73:ed:69:86:42:8e:86:46:99:19:2c:70:1d:11:f0:
09:de:75:be:89:48:71:95:f2:bb:0b:ed:00:6f:cc:
9b:e3:e6:15:d0:c1:36:91:40:ed:fc:07:50:e3:71:
c9:dc:58:a0:5e:8d:58:08:c4:86:6a:91:67:d1:38:
02:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:5B:C1:54:6F:61:51:74:B8:12:69:16:E6:2F:80:C3:57:50:E4:90
X509v3 Authority Key Identifier:
keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/3FvBVG9hUXS4EmkW5i-Aw1dQ5JA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:9a40::/29
2a06:5fc0::/30
2a0d:6f80::/30
2a10:b40::/29
2a10:3c80::/29
2a10:3f80::/30
2a10:77c0::/30
Signature Algorithm: sha256WithRSAEncryption
2e:e2:17:5a:87:de:d8:51:dc:d8:96:cd:f5:0b:5c:89:cf:60:
6f:3e:e5:d2:46:78:97:66:77:83:de:ff:63:e5:c0:9d:42:91:
cf:3e:da:8d:0d:1c:a1:49:63:80:f2:19:e4:78:be:e5:d2:07:
37:10:c0:f7:bf:1a:64:b8:f9:5a:43:07:0c:7b:61:a0:dc:e8:
16:b4:e1:a6:68:38:d2:92:ba:53:5d:14:8c:5a:4c:66:c1:bd:
8f:a1:e5:b3:95:e5:3d:9e:e7:9f:a0:bd:9c:86:bc:c3:94:ba:
df:00:bf:36:63:fb:55:74:fe:b1:12:50:41:a8:05:1b:8c:a9:
ee:f3:7c:b8:c7:6b:2d:cf:e7:5a:29:60:f2:88:b7:58:16:80:
c3:26:18:d3:be:e3:30:bc:3d:12:7c:cb:54:f5:d1:10:12:4b:
94:35:b0:ad:b3:7a:fc:2d:d6:50:22:bb:b7:cf:de:9a:8c:15:
af:d4:2b:dc:0e:d7:cf:27:b1:3c:73:34:c6:9d:1b:46:70:1c:
c7:69:e6:df:61:d4:8d:91:1f:bf:44:2d:87:1d:72:92:3e:eb:
71:72:ca:b3:bb:83:5d:83:dc:d9:42:76:49:e4:e4:6f:bc:e3:
21:c6:17:dd:3c:19:4c:69:d4:45:c4:0e:ec:c7:b7:29:fd:93:
08:dd:c6:2c
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYpxDfNv/m9UN3WcUoDGTQSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwOTA3MTkxMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzViYzE1NDZmNjE1MTc0YjgxMjY5MTZlNjJmODBjMzU3NTBlNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsybBXBeSmjRWM4bQItpbVIAxvI/H
/ZtZtH6SuBd+cEzUuYPth5wsuF/+K+3DmrsUEvtqK+N0+7FHTWpJWDxw0cjY2of6
4VeqbPnzz5UPr6aQKLLpD5VJlR/oETTjQdGZ3dsAhH0eEgYEJKbx0ZvpgHvU9JrM
GQOPD/8yv5gwiX/d05+rS9m5sAD3g/hDbjQzMn6FMQjapTkX/bkz3qeh1UXCZeQn
ywSc0erWT75X705oAZmfjZsfkqC/IYE21tAO1XNz7WmGQo6GRpkZLHAdEfAJ3nW+
iUhxlfK7C+0Ab8yb4+YV0ME2kUDt/AdQ43HJ3FigXo1YCMSGapFn0TgCWQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFNxbwVRvYVF0uBJpFuYvgMNXUOSQMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvM0Z2QlZHOWhVWFM0RW1rVzVpLUF3MWRRNUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUDKgWaQAMF
AioGX8ADBQIqDW+AAwUDKhALQAMFAyoQPIADBQIqED+AAwUCKhB3wDANBgkqhkiG
9w0BAQsFAAOCAQEALuIXWofe2FHc2JbN9Qtcic9gbz7l0kZ4l2Z3g97/Y+XAnUKR
zz7ajQ0coUljgPIZ5Hi+5dIHNxDA978aZLj5WkMHDHthoNzoFrThpmg40pK6U10U
jFpMZsG9j6Hls5XlPZ7nn6C9nIa8w5S63wC/NmP7VXT+sRJQQagFG4yp7vN8uMdr
Lc/nWilg8oi3WBaAwyYY077jMLw9EnzLVPXREBJLlDWwrbN6/C3WUCK7t8/emowV
r9Qr3A7XzyexPHM0xp0bRnAcx2nm32HUjZEfv0Qthx1ykj7rcXLKs7uDXYPc2UJ2
SeTkb7zjIcYX3TwZTGnURcQO7Me3Kf2TCN3GLA==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:33 2023 by rpki-client on console.sobornost.net