Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/CWS2fEb8LezdGaO8aa_KUCmlQ4k.roa
File: CWS2fEb8LezdGaO8aa_KUCmlQ4k.roa (raw, json)
Hash identifier: RJ3nsVjG0vXdjC2NkDJluw2eI7baOnBU4k+B42+Qb58=
Subject key identifier: 09:64:B6:7C:46:FC:2D:EC:DD:19:A3:BC:69:AF:CA:50:29:A5:43:89
Certificate issuer: /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial: 018A70C9499601B3D17676E44D4CBB542D56
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/CWS2fEb8LezdGaO8aa_KUCmlQ4k.roa
Signing time: Thu 07 Sep 2023 17:55:54 +0000
ROA not before: Thu 07 Sep 2023 17:55:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212144
IP address blocks: 2a10:3f80::/30 maxlen: 30
2a05:9a40::/29 maxlen: 30
2a05:9a40::/30 maxlen: 30
2a10:3c80::/29 maxlen: 29
2a06:5fc0::/29 maxlen: 29
2a0f:9ac0::/29 maxlen: 30
2a05:9a44::/30 maxlen: 30
2a10:b40::/29 maxlen: 29
2a0d:6f80::/29 maxlen: 29
2a0f:9b40::/29 maxlen: 29
2a10:77c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:70:c9:49:96:01:b3:d1:76:76:e4:4d:4c:bb:54:2d:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Validity
Not Before: Sep 7 17:55:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0964b67c46fc2decdd19a3bc69afca5029a54389
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:95:f7:22:0f:3d:cb:18:8d:d5:83:c1:8e:26:
50:d6:d3:0b:17:93:64:56:84:21:ce:20:99:42:d9:
19:4e:84:cc:fb:d2:65:ed:eb:32:8c:d9:75:b9:c0:
6d:66:f4:1a:e1:b7:68:05:06:e6:62:5d:5a:7f:37:
20:d7:01:4e:03:1a:d0:e9:87:4b:c4:2f:e2:29:e1:
41:8e:62:00:6f:ac:ed:76:7f:34:85:d6:b0:a2:0f:
26:ba:57:8d:bb:0a:e7:99:e8:eb:22:73:7e:11:4e:
bc:4b:b1:23:62:99:cb:19:68:f2:0a:7f:4b:d6:a2:
94:8d:d3:6e:c7:a0:11:dc:a3:45:f0:00:8a:1f:1d:
bd:a9:88:b8:e8:05:e8:35:44:70:9f:e6:f2:31:e3:
15:e5:b3:ed:ef:35:0e:3c:c7:79:ee:2e:48:42:40:
5a:36:72:bd:ef:61:0d:eb:bc:e5:07:e3:d0:04:36:
87:a5:22:b1:30:2c:87:12:01:c9:fa:8f:03:d9:7a:
53:b9:d7:36:e1:70:97:5f:21:91:23:49:32:d7:9d:
d8:e0:e0:5b:c0:82:01:c0:b4:e3:0a:40:ec:2d:8b:
cd:9f:81:a2:a4:f4:14:aa:09:cd:7a:a9:de:a5:8b:
bc:f3:b3:fc:55:9a:aa:dd:64:2e:22:48:54:0e:d9:
b7:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:64:B6:7C:46:FC:2D:EC:DD:19:A3:BC:69:AF:CA:50:29:A5:43:89
X509v3 Authority Key Identifier:
keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/CWS2fEb8LezdGaO8aa_KUCmlQ4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:9a40::/29
2a06:5fc0::/29
2a0d:6f80::/29
2a0f:9ac0::/29
2a0f:9b40::/29
2a10:b40::/29
2a10:3c80::/29
2a10:3f80::/30
2a10:77c0::/29
Signature Algorithm: sha256WithRSAEncryption
5f:68:05:17:01:a1:1d:33:c0:dd:f8:f2:8a:53:2a:9b:5b:d8:
19:77:99:7f:41:13:93:9d:01:43:b4:4f:f6:0a:68:b7:a2:08:
ae:b3:29:dc:fd:b3:e7:0b:02:51:a2:02:c9:ee:18:6a:f0:13:
92:9a:da:03:e6:7e:ab:5f:c1:5b:5e:9c:e0:13:63:64:3d:8e:
1b:38:f9:c7:33:99:af:e1:7c:73:55:ec:dc:92:bd:ff:c2:c0:
26:a4:62:c5:ba:b0:3f:ba:9f:59:bb:be:32:f4:ef:b7:f7:08:
e7:e5:9e:ef:56:44:d6:5b:43:cd:2f:0f:9c:92:fa:06:05:fa:
45:8e:38:5f:8c:7d:ca:fb:17:17:d0:70:a3:9b:b1:e9:dc:5a:
a7:bb:dd:b2:7a:b3:ed:45:53:15:00:d6:9d:23:1a:d1:4e:57:
29:fb:63:42:ae:42:9b:65:63:33:38:cb:c0:e8:0a:55:08:f6:
7a:7d:15:44:7f:fd:e5:47:36:04:f1:27:05:33:92:a1:a7:04:
c8:1a:03:c6:be:d8:66:88:d2:51:12:e3:22:f8:56:2e:43:f7:
f5:15:96:33:b3:a0:fd:e4:a4:60:44:6e:e8:a3:1f:c3:e0:52:
84:8c:7c:4c:ff:55:d7:6b:00:99:a7:7b:7c:24:dd:5d:0c:a4:
14:48:d2:17
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYpwyUmWAbPRdnbkTUy7VC1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwOTA3MTc1NTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTY0YjY3YzQ2ZmMyZGVjZGQxOWEzYmM2OWFmY2E1MDI5YTU0Mzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15X3Ig89yxiN1YPBjiZQ1tMLF5Nk
VoQhziCZQtkZToTM+9Jl7esyjNl1ucBtZvQa4bdoBQbmYl1afzcg1wFOAxrQ6YdL
xC/iKeFBjmIAb6ztdn80hdawog8muleNuwrnmejrInN+EU68S7EjYpnLGWjyCn9L
1qKUjdNux6AR3KNF8ACKHx29qYi46AXoNURwn+byMeMV5bPt7zUOPMd57i5IQkBa
NnK972EN67zlB+PQBDaHpSKxMCyHEgHJ+o8D2XpTudc24XCXXyGRI0ky153Y4OBb
wIIBwLTjCkDsLYvNn4GipPQUqgnNeqnepYu887P8VZqq3WQuIkhUDtm3/wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFAlktnxG/C3s3RmjvGmvylAppUOJMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvQ1dTMmZFYjhMZXpkR2FPOGFhX0tVQ21sUTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgWaQAMF
AyoGX8ADBQMqDW+AAwUDKg+awAMFAyoPm0ADBQMqEAtAAwUDKhA8gAMFAioQP4AD
BQMqEHfAMA0GCSqGSIb3DQEBCwUAA4IBAQBfaAUXAaEdM8Dd+PKKUyqbW9gZd5l/
QROTnQFDtE/2Cmi3ogiusync/bPnCwJRogLJ7hhq8BOSmtoD5n6rX8FbXpzgE2Nk
PY4bOPnHM5mv4XxzVezckr3/wsAmpGLFurA/up9Zu74y9O+39wjn5Z7vVkTWW0PN
Lw+ckvoGBfpFjjhfjH3K+xcX0HCjm7Hp3Fqnu92yerPtRVMVANadIxrRTlcp+2NC
rkKbZWMzOMvA6ApVCPZ6fRVEf/3lRzYE8ScFM5KhpwTIGgPGvthmiNJREuMi+FYu
Q/f1FZYzs6D95KRgRG7oox/D4FKEjHxM/1XXawCZp3t8JN1dDKQUSNIX
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:33 2023 by rpki-client on console.sobornost.net