Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/zu9DHS5FAUzuVfAvux6rnQjYzBM.roa
File: zu9DHS5FAUzuVfAvux6rnQjYzBM.roa (raw, json)
Hash identifier: FTzNRMbM7n+YoDbi/CFcBrSzaAf6isUFlUuXgZ96QzE=
Subject key identifier: CE:EF:43:1D:2E:45:01:4C:EE:55:F0:2F:BB:1E:AB:9D:08:D8:CC:13
Certificate issuer: /CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Certificate serial: 01825457E818E4FA72693AC49D29E9FB723E
Authority key identifier: 9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/zu9DHS5FAUzuVfAvux6rnQjYzBM.roa
Signing time: Sun 31 Jul 2022 13:00:23 +0000
ROA not before: Sun 31 Jul 2022 13:00:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61439
IP address blocks: 2a0d:8041::/32 maxlen: 32
2a0f:a1c1::/32 maxlen: 32
2a0d:8044::/32 maxlen: 32
2a0f:a1c4::/32 maxlen: 32
2a0d:8045::/32 maxlen: 32
2a0f:a1c5::/32 maxlen: 32
2a0f:a1c2::/32 maxlen: 32
2a0d:8042::/32 maxlen: 32
2a0d:8043::/32 maxlen: 32
2a0f:a1c3::/32 maxlen: 32
2a0f:a1c7::/32 maxlen: 32
2a0d:8047::/32 maxlen: 32
2a0d:8040::/32 maxlen: 32
2a0f:a1c0::/32 maxlen: 32
2a0d:8046::/32 maxlen: 32
2a0f:a1c6::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:54:57:e8:18:e4:fa:72:69:3a:c4:9d:29:e9:fb:72:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Validity
Not Before: Jul 31 13:00:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ceef431d2e45014cee55f02fbb1eab9d08d8cc13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:a4:f1:b5:a8:1f:87:7b:20:d6:3e:64:3a:a5:
f2:69:32:50:77:d5:2d:ae:a1:81:ce:a1:64:3b:e4:
f0:91:85:9d:35:21:e5:a8:34:9d:a4:26:2a:75:bf:
c2:d6:c9:d5:4d:86:6d:45:c7:53:e6:fc:f2:d6:3e:
ae:84:15:16:fd:42:5b:7f:b1:a3:6c:f4:dd:6e:02:
43:15:aa:d1:c2:42:b4:d2:21:77:e2:1d:c8:1c:91:
96:fb:c2:59:e1:74:84:4e:65:39:f5:6a:8e:16:e3:
95:cc:79:26:e1:c6:a6:e8:b8:6a:4c:95:cc:44:0c:
d7:f6:78:05:3b:3c:ed:fd:ec:2b:44:00:92:bb:7c:
3b:98:f4:18:1f:f5:e6:dc:7f:d5:06:36:70:35:9f:
76:75:18:69:4e:4b:f4:cb:4b:c6:4f:5d:83:93:74:
8e:36:30:eb:38:1a:f0:37:5e:c1:2b:e4:9c:3b:8f:
b2:fe:54:86:14:88:6b:81:6b:d5:82:1f:59:bd:3b:
0f:e4:2e:4e:cf:e4:29:59:41:f0:a1:d0:53:af:85:
fd:57:14:d2:6f:ab:00:c5:fe:b0:42:96:ce:cc:56:
96:86:2f:02:71:9a:ec:38:53:73:ab:0f:58:7a:f9:
17:36:91:37:08:32:71:c1:a8:70:15:ab:82:65:b0:
dc:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:EF:43:1D:2E:45:01:4C:EE:55:F0:2F:BB:1E:AB:9D:08:D8:CC:13
X509v3 Authority Key Identifier:
keyid:9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/zu9DHS5FAUzuVfAvux6rnQjYzBM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:8040::/29
2a0f:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
d3:fa:c6:50:0f:39:30:d6:87:43:8e:c5:2c:47:8c:17:33:12:
33:6e:74:0e:76:eb:6b:cb:7a:54:4e:36:a9:bf:14:2d:ce:a0:
b8:34:cd:07:3e:08:73:e4:04:77:90:90:f9:77:0d:9c:9c:22:
90:23:4a:31:ac:28:af:15:6f:1c:76:bd:d8:24:4b:73:4a:11:
1e:52:39:bc:f5:14:84:62:ff:0d:e3:48:55:c4:77:31:6d:2c:
f6:fa:7f:69:09:1b:70:b3:af:43:64:c7:c3:54:ff:c0:aa:7a:
ab:b1:d8:fe:7a:88:44:94:e1:7c:de:20:05:b1:16:2d:5e:b9:
1a:86:18:81:46:e5:2e:a7:78:da:47:22:0d:97:96:bf:43:65:
f9:76:b2:09:de:57:a8:d7:b0:1f:2e:05:25:aa:3e:5b:10:bd:
ca:1f:51:27:6e:73:0b:18:2c:c0:50:7f:46:39:b8:3d:66:2e:
49:d0:a9:18:ac:46:57:b7:9e:8a:6c:94:fb:cc:0c:39:eb:66:
4d:83:d8:e2:6d:d8:64:ef:e9:3c:13:88:ba:29:fd:91:1f:0c:
b8:79:c9:77:d1:e7:3e:c1:70:5f:3c:3d:c7:10:57:58:a0:0e:
27:14:44:b6:09:7a:7f:08:17:f8:b2:d5:21:bf:83:d4:8f:3d:
a6:e1:d5:9e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYJUV+gY5PpyaTrEnSnp+3I+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMWFlZDk5MTNmODg4MGFmNzU1N2VlZjNlZjAyZDZlMGZm
M2ZkNDkwHhcNMjIwNzMxMTMwMDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWVmNDMxZDJlNDUwMTRjZWU1NWYwMmZiYjFlYWI5ZDA4ZDhjYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKTxtagfh3sg1j5kOqXyaTJQd9Ut
rqGBzqFkO+TwkYWdNSHlqDSdpCYqdb/C1snVTYZtRcdT5vzy1j6uhBUW/UJbf7Gj
bPTdbgJDFarRwkK00iF34h3IHJGW+8JZ4XSETmU59WqOFuOVzHkm4cam6LhqTJXM
RAzX9ngFOzzt/ewrRACSu3w7mPQYH/Xm3H/VBjZwNZ92dRhpTkv0y0vGT12Dk3SO
NjDrOBrwN17BK+ScO4+y/lSGFIhrgWvVgh9ZvTsP5C5Oz+QpWUHwodBTr4X9VxTS
b6sAxf6wQpbOzFaWhi8CcZrsOFNzqw9YevkXNpE3CDJxwahwFauCZbDcKQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM7vQx0uRQFM7lXwL7seq50I2MwTMB8GA1UdIwQY
MBaAFJwa7ZkT+IgK91V+7z7wLW4P8/1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJydG1SUDRpQXIzVlg3dlB2QXRiZ196X1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mZjk0ZjEtYmE2My00MGQ2LWJlY2Et
NWU2MjRhMzAzOGNmLzEvenU5REhTNUZBVXp1VmZBdnV4NnJuUWpZekJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mZjk0ZjEtYmE2My00MGQ2LWJlY2EtNWU2MjRhMzAzOGNm
LzEvbkJydG1SUDRpQXIzVlg3dlB2QXRiZ196X1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg2AQAMF
AyoPocAwDQYJKoZIhvcNAQELBQADggEBANP6xlAPOTDWh0OOxSxHjBczEjNudA52
62vLelRONqm/FC3OoLg0zQc+CHPkBHeQkPl3DZycIpAjSjGsKK8Vbxx2vdgkS3NK
ER5SObz1FIRi/w3jSFXEdzFtLPb6f2kJG3Czr0Nkx8NU/8Cqequx2P56iESU4Xze
IAWxFi1euRqGGIFG5S6neNpHIg2Xlr9DZfl2sgneV6jXsB8uBSWqPlsQvcofUSdu
cwsYLMBQf0Y5uD1mLknQqRisRle3nopslPvMDDnrZk2D2OJt2GTv6TwTiLop/ZEf
DLh5yXfR5z7BcF88PccQV1igDicURLYJen8IF/iy1SG/g9SPPabh1Z4=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:25 2023 by rpki-client on console.sobornost.net