Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/UFnRFOX9Es2ELiM0JzG4xgaM25k.roa
File: UFnRFOX9Es2ELiM0JzG4xgaM25k.roa (raw, json)
Hash identifier: i/r0YthI0ajkzcFCkMrtyRQnNC+siw8SvKiMsce7Cao=
Subject key identifier: 50:59:D1:14:E5:FD:12:CD:84:2E:23:34:27:31:B8:C6:06:8C:DB:99
Certificate issuer: /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial: 018A8E4C27E42249A8562193EDD75260083E
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/UFnRFOX9Es2ELiM0JzG4xgaM25k.roa
Signing time: Wed 13 Sep 2023 11:27:50 +0000
ROA not before: Wed 13 Sep 2023 11:27:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 216349
IP address blocks: 2a06:5fc0::/29 maxlen: 29
2a10:3f84::/30 maxlen: 30
2a0f:9ac0::/29 maxlen: 30
2a0d:6f80::/29 maxlen: 29
2a0f:9b40::/29 maxlen: 29
2a10:77c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:8e:4c:27:e4:22:49:a8:56:21:93:ed:d7:52:60:08:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Validity
Not Before: Sep 13 11:27:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5059d114e5fd12cd842e23342731b8c6068cdb99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:b0:ab:0c:de:69:76:b4:18:59:7b:6c:86:0b:
1d:78:78:d5:e8:20:25:45:6a:81:10:e8:fe:b9:30:
54:11:0e:38:b1:8c:51:5a:94:3a:1b:61:a2:d4:50:
ac:31:be:67:07:62:1c:da:f4:8a:12:1e:9d:a4:13:
4d:9a:13:cd:6a:5e:1f:46:1a:7d:5f:50:75:ee:6f:
12:a2:0d:8a:b8:38:cd:83:15:0c:bb:81:99:c4:d5:
13:0a:20:f2:35:f7:66:30:67:2e:2c:87:09:43:91:
56:2e:d1:d4:6b:29:c3:ea:3e:94:c7:e0:48:79:48:
d0:ef:6c:d7:28:ad:bd:b2:0e:63:63:7d:f3:3c:07:
78:0f:46:61:d1:77:5a:96:67:34:39:d5:b0:b3:f2:
00:69:df:75:4f:21:e0:8a:a1:54:a6:3a:5a:c1:1f:
48:14:87:cd:86:f8:84:6c:4f:a8:c9:a9:bb:4e:08:
d1:7b:82:d5:d0:79:a4:54:b5:8c:d7:25:6b:db:2d:
fa:4d:64:20:22:bb:ba:25:4d:2f:4d:e4:99:5a:b9:
42:af:7b:66:fb:c2:78:c4:a2:7b:15:80:94:cb:dc:
e5:ad:ee:65:50:b3:2a:79:53:da:dc:a3:c8:b0:45:
93:02:a0:e8:54:35:9e:da:3b:70:b0:02:11:f2:ee:
98:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:59:D1:14:E5:FD:12:CD:84:2E:23:34:27:31:B8:C6:06:8C:DB:99
X509v3 Authority Key Identifier:
keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/UFnRFOX9Es2ELiM0JzG4xgaM25k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:5fc0::/29
2a0d:6f80::/29
2a0f:9ac0::/29
2a0f:9b40::/29
2a10:3f84::/30
2a10:77c0::/29
Signature Algorithm: sha256WithRSAEncryption
74:d0:68:55:8e:c0:f6:2c:3d:ea:b0:49:a0:8c:44:d4:6a:50:
f4:c3:79:2f:ce:30:a6:e8:a7:ff:6b:bf:82:65:1c:91:e3:2d:
fa:bc:25:91:b9:a7:3c:56:8f:e3:53:7b:85:e9:2b:88:63:61:
70:4d:5a:b7:d4:14:98:48:a1:7a:9f:bd:5c:b6:19:c1:5e:ed:
75:49:0c:d0:21:e2:d4:60:cc:20:b1:a1:b1:68:ed:ad:e8:5c:
3c:94:3c:45:14:b6:e7:a5:28:2b:f3:5f:e3:ee:5f:c7:e5:37:
30:aa:8e:bf:a4:f0:5e:36:d0:46:e7:5b:2b:1c:2f:df:87:a1:
10:9a:06:5c:d6:8a:2c:2c:0e:bb:35:63:bf:eb:3d:8d:16:71:
2b:68:0f:2d:27:6e:80:11:47:00:f6:1a:9f:7d:16:33:bd:32:
79:52:69:25:25:19:53:df:b4:b8:5c:eb:92:98:42:b2:bf:d5:
57:25:21:5e:5b:81:70:ac:cb:14:d8:d4:cc:85:78:75:f2:78:
34:3c:a5:b0:23:22:cc:ad:da:1a:ed:94:93:e4:7e:a7:cd:51:
57:bd:b2:0f:2c:fc:86:68:73:38:a9:0d:6a:14:14:0e:13:1d:
64:50:c1:4a:c6:30:fd:e3:c3:ab:10:1a:ce:1c:84:43:be:74:
6b:b8:e4:78
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYqOTCfkIkmoViGT7ddSYAg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwOTEzMTEyNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDU5ZDExNGU1ZmQxMmNkODQyZTIzMzQyNzMxYjhjNjA2OGNkYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLCrDN5pdrQYWXtshgsdeHjV6CAl
RWqBEOj+uTBUEQ44sYxRWpQ6G2Gi1FCsMb5nB2Ic2vSKEh6dpBNNmhPNal4fRhp9
X1B17m8Sog2KuDjNgxUMu4GZxNUTCiDyNfdmMGcuLIcJQ5FWLtHUaynD6j6Ux+BI
eUjQ72zXKK29sg5jY33zPAd4D0Zh0Xdalmc0OdWws/IAad91TyHgiqFUpjpawR9I
FIfNhviEbE+oyam7TgjRe4LV0HmkVLWM1yVr2y36TWQgIru6JU0vTeSZWrlCr3tm
+8J4xKJ7FYCUy9zlre5lULMqeVPa3KPIsEWTAqDoVDWe2jtwsAIR8u6Y9QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFFBZ0RTl/RLNhC4jNCcxuMYGjNuZMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvVUZuUkZPWDlFczJFTGlNMEp6RzR4Z2FNMjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKgZfwAMF
AyoNb4ADBQMqD5rAAwUDKg+bQAMFAioQP4QDBQMqEHfAMA0GCSqGSIb3DQEBCwUA
A4IBAQB00GhVjsD2LD3qsEmgjETUalD0w3kvzjCm6Kf/a7+CZRyR4y36vCWRuac8
Vo/jU3uF6SuIY2FwTVq31BSYSKF6n71cthnBXu11SQzQIeLUYMwgsaGxaO2t6Fw8
lDxFFLbnpSgr81/j7l/H5Tcwqo6/pPBeNtBG51srHC/fh6EQmgZc1oosLA67NWO/
6z2NFnEraA8tJ26AEUcA9hqffRYzvTJ5UmklJRlT37S4XOuSmEKyv9VXJSFeW4Fw
rMsU2NTMhXh18ng0PKWwIyLMrdoa7ZST5H6nzVFXvbIPLPyGaHM4qQ1qFBQOEx1k
UMFKxjD948OrEBrOHIRDvnRruOR4
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:33 2023 by rpki-client on console.sobornost.net