Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/xamo3MByyeWA0zX6MkZY4sH9Ejc.roa
File: xamo3MByyeWA0zX6MkZY4sH9Ejc.roa (raw, json)
Hash identifier: F1OJcAt4Rau7+v1DEuuvFeLK2p19hSIUnnAJWQqyRrg=
Subject key identifier: C5:A9:A8:DC:C0:72:C9:E5:80:D3:35:FA:32:46:58:E2:C1:FD:12:37
Certificate issuer: /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial: 018A8E4C279629186926302E20D5C0E4FE07
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/xamo3MByyeWA0zX6MkZY4sH9Ejc.roa
Signing time: Wed 13 Sep 2023 11:27:50 +0000
ROA not before: Wed 13 Sep 2023 11:27:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212144
IP address blocks: 2a10:3f80::/30 maxlen: 30
2a05:9a40::/29 maxlen: 30
2a05:9a40::/30 maxlen: 30
2a10:3c80::/29 maxlen: 29
2a05:9a44::/30 maxlen: 30
2a10:b40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:8e:4c:27:96:29:18:69:26:30:2e:20:d5:c0:e4:fe:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Validity
Not Before: Sep 13 11:27:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5a9a8dcc072c9e580d335fa324658e2c1fd1237
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:88:e4:85:7f:47:8a:13:87:85:87:6f:df:be:
2b:43:04:4f:38:47:7c:3b:02:c9:5b:ea:d1:5c:cd:
9d:74:52:8f:36:59:73:f8:f7:31:1d:d5:eb:f2:05:
79:38:b1:53:26:c7:68:cf:17:f7:46:19:9c:aa:fa:
6c:6c:e1:7d:85:05:5e:b5:1d:48:da:18:62:a7:4b:
5b:91:2a:9c:9f:0a:e5:79:7f:f0:a6:88:27:a9:6c:
6c:9b:5d:21:cd:59:85:d8:b3:da:98:22:89:e3:e9:
4b:33:cb:22:11:bc:14:16:17:97:bb:af:b8:dd:1a:
c0:e2:e3:d4:8a:04:d2:44:4e:37:e0:4d:d9:3c:8d:
aa:8e:1f:f8:d8:f7:cc:0d:15:02:32:c0:84:94:5e:
ca:57:ff:4a:fb:1e:d7:5f:1f:ce:12:72:0f:a9:62:
1c:6c:33:cc:6f:7a:63:c7:c7:55:63:67:64:9e:5b:
0d:0c:45:69:0a:55:9a:8a:ec:75:d4:93:1b:1c:80:
69:06:c7:9b:9d:42:b1:ae:66:54:7a:c5:e3:6f:53:
6f:f8:10:2e:a9:ca:78:50:ff:6e:2d:4c:3b:53:f1:
c3:4a:f4:84:b4:d1:a5:8d:fe:9e:cc:db:e0:86:15:
14:86:1d:53:ee:f5:96:f1:39:3c:c5:16:d2:a9:98:
17:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:A9:A8:DC:C0:72:C9:E5:80:D3:35:FA:32:46:58:E2:C1:FD:12:37
X509v3 Authority Key Identifier:
keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/xamo3MByyeWA0zX6MkZY4sH9Ejc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:9a40::/29
2a10:b40::/29
2a10:3c80::/29
2a10:3f80::/30
Signature Algorithm: sha256WithRSAEncryption
38:fe:92:c1:b1:6a:6c:57:a1:ce:b0:de:fa:d7:86:36:2d:11:
c9:ef:cd:5d:eb:09:5e:80:1e:e9:21:37:d4:9e:e7:9e:f2:27:
73:c0:a7:43:e2:c3:5a:fc:bf:a3:65:87:6f:0b:45:12:3c:3a:
07:41:29:fc:d4:da:46:b4:50:10:71:92:60:0b:f9:48:7d:74:
14:2a:45:0e:7e:d8:19:0a:be:72:a5:e7:c4:13:6e:ee:4d:99:
16:54:85:a4:46:41:3d:65:5d:44:2f:e4:17:67:01:d6:f4:7e:
76:4a:af:dd:3a:ec:ac:d8:ae:68:b2:05:17:c1:07:44:c0:c4:
cd:ea:82:7f:62:a9:b2:f6:ba:46:60:43:56:1c:2b:8e:22:84:
e2:9f:27:b9:9d:49:61:91:e0:98:77:ec:ed:b4:71:b1:54:79:
48:60:16:c0:1e:bd:c3:3e:b3:7a:17:32:a2:ab:a6:0c:d2:f2:
65:dc:e9:13:42:47:71:c1:6c:2c:ff:5e:6a:d3:c9:e3:68:85:
36:99:d7:12:b2:60:bc:c0:1a:f4:c7:da:5b:91:81:06:60:67:
db:4f:f5:f2:6d:ed:35:ba:67:ff:e6:33:37:05:0e:cc:74:d0:
7d:89:f3:95:66:ee:06:b8:ba:04:2b:af:f0:fd:24:55:98:84:
2c:17:dc:34
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYqOTCeWKRhpJjAuINXA5P4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwOTEzMTEyNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE5YThkY2MwNzJjOWU1ODBkMzM1ZmEzMjQ2NThlMmMxZmQxMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnojkhX9HihOHhYdv374rQwRPOEd8
OwLJW+rRXM2ddFKPNllz+PcxHdXr8gV5OLFTJsdozxf3RhmcqvpsbOF9hQVetR1I
2hhip0tbkSqcnwrleX/wpognqWxsm10hzVmF2LPamCKJ4+lLM8siEbwUFheXu6+4
3RrA4uPUigTSRE434E3ZPI2qjh/42PfMDRUCMsCElF7KV/9K+x7XXx/OEnIPqWIc
bDPMb3pjx8dVY2dknlsNDEVpClWaiux11JMbHIBpBsebnUKxrmZUesXjb1Nv+BAu
qcp4UP9uLUw7U/HDSvSEtNGljf6ezNvghhUUhh1T7vWW8Tk8xRbSqZgX7wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFMWpqNzAcsnlgNM1+jJGWOLB/RI3MB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEveGFtbzNNQnl5ZVdBMHpYNk1rWlk0c0g5RWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKgWaQAMF
AyoQC0ADBQMqEDyAAwUCKhA/gDANBgkqhkiG9w0BAQsFAAOCAQEAOP6SwbFqbFeh
zrDe+teGNi0Rye/NXesJXoAe6SE31J7nnvInc8CnQ+LDWvy/o2WHbwtFEjw6B0Ep
/NTaRrRQEHGSYAv5SH10FCpFDn7YGQq+cqXnxBNu7k2ZFlSFpEZBPWVdRC/kF2cB
1vR+dkqv3TrsrNiuaLIFF8EHRMDEzeqCf2Kpsva6RmBDVhwrjiKE4p8nuZ1JYZHg
mHfs7bRxsVR5SGAWwB69wz6zehcyoqumDNLyZdzpE0JHccFsLP9eatPJ42iFNpnX
ErJgvMAa9MfaW5GBBmBn20/18m3tNbpn/+YzNwUOzHTQfYnzlWbuBri6BCuv8P0k
VZiELBfcNA==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:34 2023 by rpki-client on console.sobornost.net