Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/M1o03nmk3JY4_ZmG3L4yrBwFRH0.roa
File: M1o03nmk3JY4_ZmG3L4yrBwFRH0.roa (raw, json)
Hash identifier: /xvNq4wbL345ETgLAfLvVy4SankIe0mTiwLzQoip0pg=
Subject key identifier: 33:5A:34:DE:79:A4:DC:96:38:FD:99:86:DC:BE:32:AC:1C:05:44:7D
Certificate issuer: /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial: 018A8E4D11E365CA8C23B8E0CE5C2CA9B7B2
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/M1o03nmk3JY4_ZmG3L4yrBwFRH0.roa
Signing time: Wed 13 Sep 2023 11:28:50 +0000
ROA not before: Wed 13 Sep 2023 11:28:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 216349
IP address blocks: 2a06:5fc0::/29 maxlen: 29
2a10:3f80::/29 maxlen: 29
2a0f:9ac0::/29 maxlen: 30
2a0d:6f80::/29 maxlen: 29
2a0f:9b40::/29 maxlen: 29
2a10:77c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:8e:4d:11:e3:65:ca:8c:23:b8:e0:ce:5c:2c:a9:b7:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Validity
Not Before: Sep 13 11:28:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=335a34de79a4dc9638fd9986dcbe32ac1c05447d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:89:b5:4c:26:a3:22:21:eb:b7:ff:73:54:fc:
89:94:ff:af:72:55:22:a0:27:e7:22:79:ed:1a:09:
de:44:b1:7c:b4:3d:64:ca:2e:02:d1:cb:63:15:74:
b7:e5:5a:fa:56:e8:7a:24:d0:1b:39:62:d7:f0:9c:
a7:08:b3:41:d1:1e:4f:f8:2e:e1:bb:e6:40:2b:5b:
27:27:d0:a4:71:15:26:98:d5:06:e0:32:81:64:cf:
79:9e:95:3e:bd:98:f9:a2:e7:aa:21:83:d0:8f:7c:
e0:21:9b:48:d8:0e:96:2f:44:ff:ea:c4:84:d2:61:
f3:b9:f1:9d:68:2e:6d:b2:a8:13:24:96:03:ba:95:
53:e9:75:30:ac:07:77:25:ad:67:e6:e0:5f:72:33:
f0:dc:6a:91:d4:cb:05:05:30:02:e0:2d:90:38:6c:
f7:4c:48:a0:79:f5:0c:c1:d0:b8:46:b7:a4:33:6a:
f9:40:d0:15:1b:cd:a8:ac:37:c5:6b:a6:e6:8b:09:
a9:fa:13:cc:ac:d0:94:f8:81:7d:e7:c8:82:e2:4f:
29:c4:96:92:4f:71:93:47:3b:68:cc:30:6e:43:6f:
52:c7:a8:c9:60:5a:27:7b:73:e1:2c:80:0a:87:be:
01:a9:6a:8b:81:8c:e6:c4:6d:c4:76:ee:96:96:4a:
4a:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:5A:34:DE:79:A4:DC:96:38:FD:99:86:DC:BE:32:AC:1C:05:44:7D
X509v3 Authority Key Identifier:
keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/M1o03nmk3JY4_ZmG3L4yrBwFRH0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:5fc0::/29
2a0d:6f80::/29
2a0f:9ac0::/29
2a0f:9b40::/29
2a10:3f80::/29
2a10:77c0::/29
Signature Algorithm: sha256WithRSAEncryption
41:c2:ee:34:e3:84:67:76:e2:80:f5:f3:7e:fc:2f:19:7f:4a:
d8:70:3e:61:21:fa:b0:f0:0b:8a:2d:98:41:be:ce:91:0c:2a:
d2:cc:1f:1a:44:39:fb:87:9d:9c:c6:b1:67:6c:cd:b2:ee:21:
e8:07:6c:0e:53:f0:77:5e:0e:d4:81:af:67:94:e7:4b:7e:6e:
54:f5:80:3d:85:84:ce:b2:2d:57:9b:e9:e7:5e:1a:bb:0c:bd:
de:f8:48:2a:27:b1:36:79:be:97:07:42:2d:f3:7f:78:bb:48:
20:f0:cc:b1:e1:88:de:27:a4:48:a1:32:4a:8b:c8:3e:ad:ec:
57:fa:66:a0:5e:cd:4a:79:36:91:46:98:ee:1d:fa:00:06:5d:
58:a0:6a:31:6d:aa:e0:09:ee:f2:26:4a:85:7d:1c:f6:37:f1:
a6:ad:19:83:94:67:10:4d:01:1b:99:ba:72:15:67:d9:5b:a7:
f4:03:ca:d6:11:02:81:55:ae:27:e7:b7:fa:bd:33:1e:59:70:
0c:28:d9:63:37:64:5b:6c:ce:c1:46:65:07:ae:ca:1f:33:5b:
19:6a:a7:20:80:c1:9e:93:57:28:f7:fb:94:dd:33:7c:29:3f:
4a:8d:89:e2:fd:ff:2d:8e:85:cf:ae:d0:6d:e9:2a:17:e0:fa:
07:da:1a:ab
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYqOTRHjZcqMI7jgzlwsqbeyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwOTEzMTEyODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzVhMzRkZTc5YTRkYzk2MzhmZDk5ODZkY2JlMzJhYzFjMDU0NDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYm1TCajIiHrt/9zVPyJlP+vclUi
oCfnInntGgneRLF8tD1kyi4C0ctjFXS35Vr6Vuh6JNAbOWLX8JynCLNB0R5P+C7h
u+ZAK1snJ9CkcRUmmNUG4DKBZM95npU+vZj5oueqIYPQj3zgIZtI2A6WL0T/6sSE
0mHzufGdaC5tsqgTJJYDupVT6XUwrAd3Ja1n5uBfcjPw3GqR1MsFBTAC4C2QOGz3
TEigefUMwdC4RrekM2r5QNAVG82orDfFa6bmiwmp+hPMrNCU+IF958iC4k8pxJaS
T3GTRztozDBuQ29Sx6jJYFone3PhLIAKh74BqWqLgYzmxG3Edu6WlkpKLQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDNaNN55pNyWOP2Zhty+MqwcBUR9MB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvTTFvMDNubWszSlk0X1ptRzNMNHlyQndGUkgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKgZfwAMF
AyoNb4ADBQMqD5rAAwUDKg+bQAMFAyoQP4ADBQMqEHfAMA0GCSqGSIb3DQEBCwUA
A4IBAQBBwu4044RnduKA9fN+/C8Zf0rYcD5hIfqw8AuKLZhBvs6RDCrSzB8aRDn7
h52cxrFnbM2y7iHoB2wOU/B3Xg7Uga9nlOdLfm5U9YA9hYTOsi1Xm+nnXhq7DL3e
+EgqJ7E2eb6XB0It8394u0gg8Myx4YjeJ6RIoTJKi8g+rexX+magXs1KeTaRRpju
HfoABl1YoGoxbargCe7yJkqFfRz2N/GmrRmDlGcQTQEbmbpyFWfZW6f0A8rWEQKB
Va4n57f6vTMeWXAMKNljN2RbbM7BRmUHrsofM1sZaqcggMGek1co9/uU3TN8KT9K
jYni/f8tjoXPrtBt6SoX4PoH2hqr
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:33 2023 by rpki-client on console.sobornost.net