Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/Rsn4o_kNBtDn5i8YffTCW4eC-_s.roa
File: Rsn4o_kNBtDn5i8YffTCW4eC-_s.roa (raw, json)
Hash identifier: a3bJSB8WVgLg2dyxb3Jmr2Fjv1sVyIVq9/gIyXdF7GA=
Subject key identifier: 46:C9:F8:A3:F9:0D:06:D0:E7:E6:2F:18:7D:F4:C2:5B:87:82:FB:FB
Certificate issuer: /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial: 01856ECB94493F8117851AC7AE42C519E47D
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/Rsn4o_kNBtDn5i8YffTCW4eC-_s.roa
Signing time: Sun 01 Jan 2023 19:25:13 +0000
ROA not before: Sun 01 Jan 2023 19:25:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212144
IP address blocks: 2a05:9a40::/29 maxlen: 30
2a05:9a40::/30 maxlen: 30
2a10:3c80::/29 maxlen: 29
2a06:5fc0::/29 maxlen: 29
2a10:3f80::/29 maxlen: 29
2a0f:9ac0::/29 maxlen: 30
2a05:9a44::/30 maxlen: 30
2a10:b40::/29 maxlen: 29
2a0d:6f80::/29 maxlen: 29
2a0f:9b40::/29 maxlen: 29
2a10:77c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:cb:94:49:3f:81:17:85:1a:c7:ae:42:c5:19:e4:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Validity
Not Before: Jan 1 19:25:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=46c9f8a3f90d06d0e7e62f187df4c25b8782fbfb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:16:ad:09:4e:87:43:8a:74:91:3d:7b:fb:6f:
93:9c:7d:77:ca:e8:9d:d6:8c:21:5d:eb:c3:ea:31:
9d:65:cb:0e:cf:96:60:c2:a2:0e:ba:d7:f9:24:fb:
7e:e6:5b:45:17:18:91:a7:54:7e:b2:70:71:0e:d8:
20:28:03:99:3d:07:23:fb:dc:ce:12:46:eb:4b:9c:
62:ad:73:07:a4:41:48:92:ad:6f:d4:37:f9:de:be:
6a:ca:b9:e1:11:7d:10:b5:30:05:af:14:b6:95:c9:
36:00:d7:b8:01:96:ff:47:d0:97:26:08:73:b0:fb:
f2:26:e7:e8:a0:88:02:b9:c4:3e:7c:a9:60:32:f4:
0d:b6:6a:5c:9d:e3:a5:9d:b2:ee:ef:21:32:98:ef:
fb:ae:bb:71:a3:93:9d:18:51:b1:3d:c6:e5:56:0f:
db:fd:34:a5:46:a3:56:f8:39:6f:83:a1:2b:3a:03:
9f:f0:4a:e9:00:7a:09:b1:68:62:2d:de:a1:d7:17:
9e:37:03:10:6e:76:c8:62:33:97:7b:da:0d:2c:56:
45:89:f2:15:4a:dc:93:12:01:13:6a:50:d6:ee:57:
d8:9d:22:e3:47:ea:a1:f5:bf:69:c4:4b:cc:a9:d5:
93:80:2a:b5:a3:4d:b8:18:2e:7f:63:16:f7:69:9e:
f9:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:C9:F8:A3:F9:0D:06:D0:E7:E6:2F:18:7D:F4:C2:5B:87:82:FB:FB
X509v3 Authority Key Identifier:
keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/Rsn4o_kNBtDn5i8YffTCW4eC-_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:9a40::/29
2a06:5fc0::/29
2a0d:6f80::/29
2a0f:9ac0::/29
2a0f:9b40::/29
2a10:b40::/29
2a10:3c80::/29
2a10:3f80::/29
2a10:77c0::/29
Signature Algorithm: sha256WithRSAEncryption
6a:82:47:47:6b:80:22:17:aa:70:91:76:c2:c3:8d:80:7a:2a:
a3:de:45:9d:24:18:69:d3:85:20:a3:a5:f1:f5:a5:a0:a1:f1:
d1:43:ec:ca:df:3f:83:0b:bc:31:75:46:ca:c2:62:ab:0c:f7:
fc:0f:fa:a5:55:d0:10:14:19:e6:cb:ec:57:48:f8:e9:77:c6:
bc:4d:3a:41:8c:ac:7e:24:46:2f:0d:9a:e0:54:38:e4:4a:5a:
73:b0:b1:d7:54:b4:c2:31:08:ff:fc:be:2e:c0:31:c5:1d:41:
af:85:76:94:0e:ed:cf:7d:59:45:e3:df:ca:b2:81:d0:dd:37:
72:4e:d2:b3:78:c0:ba:a9:2f:b6:e5:59:ef:5a:d3:9f:b6:2a:
40:8c:f0:87:03:3e:95:ac:98:e8:3f:c3:84:24:3e:64:21:eb:
9c:a1:f2:89:4e:a0:c8:30:0f:9a:4b:9e:5f:31:4e:0e:18:fb:
45:70:a5:04:d6:72:fd:e2:e4:4b:db:2b:df:a1:e7:87:b1:1f:
48:53:d7:a9:14:7c:11:65:43:0c:6d:42:79:3a:77:76:e7:22:
cf:00:c2:4f:22:73:4b:02:56:25:2b:73:ab:93:79:4c:b9:d0:
03:4e:21:04:df:72:1c:fd:53:73:88:ab:ff:4b:57:f6:26:23:
7b:a9:b5:20
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVuy5RJP4EXhRrHrkLFGeR9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwMTAxMTkyNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmM5ZjhhM2Y5MGQwNmQwZTdlNjJmMTg3ZGY0YzI1Yjg3ODJmYmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxatCU6HQ4p0kT17+2+TnH13yuid
1owhXevD6jGdZcsOz5ZgwqIOutf5JPt+5ltFFxiRp1R+snBxDtggKAOZPQcj+9zO
EkbrS5xirXMHpEFIkq1v1Df53r5qyrnhEX0QtTAFrxS2lck2ANe4AZb/R9CXJghz
sPvyJufooIgCucQ+fKlgMvQNtmpcneOlnbLu7yEymO/7rrtxo5OdGFGxPcblVg/b
/TSlRqNW+Dlvg6ErOgOf8ErpAHoJsWhiLd6h1xeeNwMQbnbIYjOXe9oNLFZFifIV
StyTEgETalDW7lfYnSLjR+qh9b9pxEvMqdWTgCq1o024GC5/Yxb3aZ75bQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFEbJ+KP5DQbQ5+YvGH30wluHgvv7MB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvUnNuNG9fa05CdERuNWk4WWZmVENXNGVDLV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgWaQAMF
AyoGX8ADBQMqDW+AAwUDKg+awAMFAyoPm0ADBQMqEAtAAwUDKhA8gAMFAyoQP4AD
BQMqEHfAMA0GCSqGSIb3DQEBCwUAA4IBAQBqgkdHa4AiF6pwkXbCw42Aeiqj3kWd
JBhp04Ugo6Xx9aWgofHRQ+zK3z+DC7wxdUbKwmKrDPf8D/qlVdAQFBnmy+xXSPjp
d8a8TTpBjKx+JEYvDZrgVDjkSlpzsLHXVLTCMQj//L4uwDHFHUGvhXaUDu3PfVlF
49/KsoHQ3TdyTtKzeMC6qS+25VnvWtOftipAjPCHAz6VrJjoP8OEJD5kIeucofKJ
TqDIMA+aS55fMU4OGPtFcKUE1nL94uRL2yvfoeeHsR9IU9epFHwRZUMMbUJ5Ond2
5yLPAMJPInNLAlYlK3Ork3lMudADTiEE33Ic/VNziKv/S1f2JiN7qbUg
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:33 2023 by rpki-client on console.sobornost.net