Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/ZzYO4qoMaJAlxrL94XnqrcXIOjU.roa
File: ZzYO4qoMaJAlxrL94XnqrcXIOjU.roa (raw, json)
Hash identifier: 04OnC5nSXigDcJnNwzMMxGvIhpzhPhYdK4931wa0ygY=
Subject key identifier: 67:36:0E:E2:AA:0C:68:90:25:C6:B2:FD:E1:79:EA:AD:C5:C8:3A:35
Certificate issuer: /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial: 018A710DF494D4E797CF8A83142FDB684F91
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/ZzYO4qoMaJAlxrL94XnqrcXIOjU.roa
Signing time: Thu 07 Sep 2023 19:10:54 +0000
ROA not before: Thu 07 Sep 2023 19:10:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 216349
IP address blocks: 2a06:5fc4::/30 maxlen: 30
2a10:3f84::/30 maxlen: 30
2a0f:9ac0::/29 maxlen: 30
2a0d:6f84::/30 maxlen: 30
2a10:77c4::/30 maxlen: 30
2a0f:9b40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:71:0d:f4:94:d4:e7:97:cf:8a:83:14:2f:db:68:4f:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Validity
Not Before: Sep 7 19:10:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=67360ee2aa0c689025c6b2fde179eaadc5c83a35
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:d2:e1:e2:20:37:48:44:69:ae:20:a7:08:8c:
23:b3:5d:73:d8:c2:0d:81:bd:4a:c2:4a:3e:08:bc:
8a:24:e6:ae:6d:f7:69:23:f6:71:90:55:a6:14:47:
18:78:d4:58:d6:64:42:9c:23:ba:a5:81:fd:50:cc:
00:6b:1e:97:21:82:c4:0c:73:03:e8:d3:e0:72:2f:
e7:f4:5d:98:f8:8e:85:a2:a3:06:ff:3a:34:87:9b:
59:13:91:1c:eb:69:e2:e0:1a:62:17:59:11:a4:10:
3d:28:d7:3c:d0:64:a4:d6:56:71:c0:69:3a:c5:6f:
b7:fa:06:23:79:ea:84:4d:95:20:96:72:92:69:f5:
b6:64:9a:86:3e:27:2a:7a:7f:a4:49:c0:9c:cb:6d:
0c:22:f0:db:fd:28:a9:ab:ef:87:e4:54:01:d4:21:
8f:9c:6a:b3:c4:82:cb:cf:60:13:76:d2:4e:7e:66:
fe:20:40:61:04:e6:52:b9:fc:09:f2:84:12:ae:1d:
e1:46:94:59:ce:08:b6:6b:31:9a:5d:04:e3:08:2e:
e6:5a:21:5f:80:48:fa:12:d8:8c:e0:68:de:4f:9c:
5b:f0:14:9e:c2:ef:72:07:77:9d:7e:81:f0:63:2e:
3a:fa:31:ea:dd:2d:d8:72:20:a9:e5:cb:ad:c4:bb:
54:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:36:0E:E2:AA:0C:68:90:25:C6:B2:FD:E1:79:EA:AD:C5:C8:3A:35
X509v3 Authority Key Identifier:
keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/ZzYO4qoMaJAlxrL94XnqrcXIOjU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:5fc4::/30
2a0d:6f84::/30
2a0f:9ac0::/29
2a0f:9b40::/29
2a10:3f84::/30
2a10:77c4::/30
Signature Algorithm: sha256WithRSAEncryption
0b:9a:7c:40:ea:10:4e:dc:56:78:31:e8:bb:19:cd:cf:69:bb:
b6:1d:dc:51:5d:7f:13:da:8e:43:24:89:1a:5e:6a:53:62:99:
ce:04:9c:94:61:81:52:45:ab:3a:4f:b3:5b:b0:ea:c1:fe:33:
18:1c:ff:fd:48:ab:3b:e3:b8:7f:95:23:14:d5:4d:45:c8:a5:
5d:d4:95:8e:c8:82:6f:36:24:40:02:d6:d5:c4:25:e7:80:0e:
8a:e9:95:55:4c:cf:1c:11:0d:85:c6:ab:d7:05:43:36:b9:ea:
62:5e:89:b2:00:d7:ad:cc:9e:74:35:44:76:42:d4:18:9d:ce:
dd:83:13:58:f7:ca:80:66:19:2f:69:c2:64:06:8c:37:99:ff:
63:45:65:72:aa:52:a2:65:69:b1:bb:3c:82:29:5f:27:5a:92:
8b:93:aa:48:e6:bd:42:9b:ef:90:fa:62:50:56:fd:15:c3:d5:
9d:9a:a2:82:9b:b2:0d:cf:9a:28:e3:06:3f:bb:81:f2:81:84:
41:4b:e8:2b:52:67:cc:09:29:f5:be:85:dd:68:3d:93:a4:91:
52:be:60:63:b7:fd:c0:11:8a:14:cd:95:c4:ef:d6:41:69:35:
09:ac:bb:62:3b:58:6d:50:f3:fd:b0:95:e9:7c:bf:66:44:7a:
6a:76:d3:96
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYpxDfSU1OeXz4qDFC/baE+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwOTA3MTkxMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzM2MGVlMmFhMGM2ODkwMjVjNmIyZmRlMTc5ZWFhZGM1YzgzYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltLh4iA3SERpriCnCIwjs11z2MIN
gb1Kwko+CLyKJOaubfdpI/ZxkFWmFEcYeNRY1mRCnCO6pYH9UMwAax6XIYLEDHMD
6NPgci/n9F2Y+I6FoqMG/zo0h5tZE5Ec62ni4BpiF1kRpBA9KNc80GSk1lZxwGk6
xW+3+gYjeeqETZUglnKSafW2ZJqGPicqen+kScCcy20MIvDb/Sipq++H5FQB1CGP
nGqzxILLz2ATdtJOfmb+IEBhBOZSufwJ8oQSrh3hRpRZzgi2azGaXQTjCC7mWiFf
gEj6EtiM4GjeT5xb8BSewu9yB3edfoHwYy46+jHq3S3YciCp5cutxLtUyQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGc2DuKqDGiQJcay/eF56q3FyDo1MB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvWnpZTzRxb01hSkFseHJMOTRYbnFyY1hJT2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUCKgZfxAMF
AioNb4QDBQMqD5rAAwUDKg+bQAMFAioQP4QDBQIqEHfEMA0GCSqGSIb3DQEBCwUA
A4IBAQALmnxA6hBO3FZ4Mei7Gc3Pabu2HdxRXX8T2o5DJIkaXmpTYpnOBJyUYYFS
Ras6T7NbsOrB/jMYHP/9SKs747h/lSMU1U1FyKVd1JWOyIJvNiRAAtbVxCXngA6K
6ZVVTM8cEQ2FxqvXBUM2uepiXomyANetzJ50NUR2QtQYnc7dgxNY98qAZhkvacJk
Bow3mf9jRWVyqlKiZWmxuzyCKV8nWpKLk6pI5r1Cm++Q+mJQVv0Vw9WdmqKCm7IN
z5oo4wY/u4HygYRBS+grUmfMCSn1voXdaD2TpJFSvmBjt/3AEYoUzZXE79ZBaTUJ
rLtiO1htUPP9sJXpfL9mRHpqdtOW
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:34 2023 by rpki-client on console.sobornost.net