Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/mSYmyAaNkYCvebwgouk9Twa0HZE.roa
File: mSYmyAaNkYCvebwgouk9Twa0HZE.roa (raw, json)
Hash identifier: E0nDDGpNDpDwfSBvQ/HahABbPTqSgoWz/DojB2KY600=
Subject key identifier: 99:26:26:C8:06:8D:91:80:AF:79:BC:20:A2:E9:3D:4F:06:B4:1D:91
Certificate issuer: /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial: 018A70EED34AF795B110624451DADA304527
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/mSYmyAaNkYCvebwgouk9Twa0HZE.roa
Signing time: Thu 07 Sep 2023 18:36:54 +0000
ROA not before: Thu 07 Sep 2023 18:36:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 216349
IP address blocks: 2a06:5fc4::/30 maxlen: 30
2a10:3f84::/30 maxlen: 30
2a0f:9ac0::/29 maxlen: 30
2a0d:6f84::/30 maxlen: 30
2a0f:9b40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:70:ee:d3:4a:f7:95:b1:10:62:44:51:da:da:30:45:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Validity
Not Before: Sep 7 18:36:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=992626c8068d9180af79bc20a2e93d4f06b41d91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:58:e5:30:7a:cb:4e:17:8a:55:b9:de:54:ce:
0c:27:c8:9d:f1:69:13:15:52:46:b4:08:d3:14:cc:
e1:98:32:44:2e:17:12:b0:f4:d5:3f:89:4d:71:7b:
7e:bc:c4:c4:84:25:94:1d:0a:30:22:ca:b0:a2:2d:
7c:0f:9d:b0:44:29:c9:08:d5:20:36:f1:48:3f:b5:
60:3d:20:30:6e:e4:66:46:20:f2:1b:6d:f5:cc:16:
5a:0b:50:af:d0:a2:2e:f0:71:ed:06:33:d4:70:ed:
61:82:30:00:f1:1a:db:4c:a6:6a:08:94:45:4c:bb:
d6:9f:7c:b0:a4:02:77:1a:86:23:52:08:db:85:86:
f3:5f:60:26:47:42:ad:51:8a:13:79:84:08:41:0f:
f4:97:f9:87:3c:64:08:da:84:1b:ac:b8:90:6d:e2:
4c:c5:0c:2b:1c:e5:21:fa:4c:00:89:5d:cd:16:1b:
58:23:67:d6:1d:50:5c:fe:10:3a:56:ee:fa:c7:5c:
b7:9d:eb:64:57:be:51:eb:d4:f6:82:ac:fd:22:bf:
44:3f:2d:23:b3:57:22:fa:a8:55:be:37:dd:2a:83:
6c:c9:14:d1:9f:54:bc:1e:1d:7d:91:e7:44:ba:d8:
1b:08:48:8d:33:9a:cd:0b:c1:9e:05:e7:6f:a9:51:
7c:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:26:26:C8:06:8D:91:80:AF:79:BC:20:A2:E9:3D:4F:06:B4:1D:91
X509v3 Authority Key Identifier:
keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/mSYmyAaNkYCvebwgouk9Twa0HZE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:5fc4::/30
2a0d:6f84::/30
2a0f:9ac0::/29
2a0f:9b40::/29
2a10:3f84::/30
Signature Algorithm: sha256WithRSAEncryption
14:62:fb:7f:9f:12:6f:42:d5:92:64:85:4b:87:3f:ca:21:02:
31:71:aa:c5:c7:1e:b8:0d:90:81:47:87:59:d3:a5:15:95:0d:
1f:4e:d4:28:00:c9:86:4c:82:7d:ec:d1:33:8d:df:d6:46:21:
25:5e:85:21:97:54:85:7d:6b:6a:aa:c0:f6:63:33:da:84:89:
d3:0a:c0:79:93:d4:2f:83:96:38:84:18:57:39:0f:35:fe:00:
13:04:77:7b:48:51:6f:7c:98:ea:4a:58:aa:db:27:f5:99:2d:
91:8b:da:3f:ae:66:c8:11:19:96:6c:1d:41:24:cc:ae:cf:0f:
e4:04:97:7b:2d:0e:5b:81:b9:93:10:ad:44:4d:cc:9c:3a:c4:
96:f9:17:4a:86:6e:00:5e:fa:34:24:c5:2d:95:71:1a:d5:db:
29:7e:8a:0a:15:22:73:b6:21:63:e9:f3:92:39:fb:67:6c:7e:
f0:9e:c9:5f:c4:26:5e:1c:24:e0:13:e4:d5:b6:f8:03:a4:e5:
02:5a:2d:50:d3:e7:60:ef:4c:94:2b:85:7d:15:57:53:82:33:
20:b0:ad:05:16:c9:d6:e7:32:46:d8:6a:e0:a8:72:6b:21:34:
cc:94:1d:b3:9e:ca:2e:f4:1b:e3:76:ba:27:9b:c7:5c:0a:ae:
89:69:78:35
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYpw7tNK95WxEGJEUdraMEUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwOTA3MTgzNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTI2MjZjODA2OGQ5MTgwYWY3OWJjMjBhMmU5M2Q0ZjA2YjQxZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFjlMHrLTheKVbneVM4MJ8id8WkT
FVJGtAjTFMzhmDJELhcSsPTVP4lNcXt+vMTEhCWUHQowIsqwoi18D52wRCnJCNUg
NvFIP7VgPSAwbuRmRiDyG231zBZaC1Cv0KIu8HHtBjPUcO1hgjAA8RrbTKZqCJRF
TLvWn3ywpAJ3GoYjUgjbhYbzX2AmR0KtUYoTeYQIQQ/0l/mHPGQI2oQbrLiQbeJM
xQwrHOUh+kwAiV3NFhtYI2fWHVBc/hA6Vu76x1y3netkV75R69T2gqz9Ir9EPy0j
s1ci+qhVvjfdKoNsyRTRn1S8Hh19kedEutgbCEiNM5rNC8GeBedvqVF8qwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFJkmJsgGjZGAr3m8IKLpPU8GtB2RMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvbVNZbXlBYU5rWUN2ZWJ3Z291azlUd2EwSFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUCKgZfxAMF
AioNb4QDBQMqD5rAAwUDKg+bQAMFAioQP4QwDQYJKoZIhvcNAQELBQADggEBABRi
+3+fEm9C1ZJkhUuHP8ohAjFxqsXHHrgNkIFHh1nTpRWVDR9O1CgAyYZMgn3s0TON
39ZGISVehSGXVIV9a2qqwPZjM9qEidMKwHmT1C+DljiEGFc5DzX+ABMEd3tIUW98
mOpKWKrbJ/WZLZGL2j+uZsgRGZZsHUEkzK7PD+QEl3stDluBuZMQrURNzJw6xJb5
F0qGbgBe+jQkxS2VcRrV2yl+igoVInO2IWPp85I5+2dsfvCeyV/EJl4cJOAT5NW2
+AOk5QJaLVDT52DvTJQrhX0VV1OCMyCwrQUWydbnMkbYauCocmshNMyUHbOeyi70
G+N2uiebx1wKrolpeDU=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:34 2023 by rpki-client on console.sobornost.net