Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/MpQnPgY4fgq4Ii1rPXdQCVnP8zY.roa
File: MpQnPgY4fgq4Ii1rPXdQCVnP8zY.roa (raw, json)
Hash identifier: 50Dp0hqlrete9uGKJXOXxb4hM2jQzvDhaHinDYFFcx8=
Subject key identifier: 32:94:27:3E:06:38:7E:0A:B8:22:2D:6B:3D:77:50:09:59:CF:F3:36
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 01857039B23E5FBD6505C3284C0BB902BEFC
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/MpQnPgY4fgq4Ii1rPXdQCVnP8zY.roa
Signing time: Mon 02 Jan 2023 02:05:07 +0000
ROA not before: Mon 02 Jan 2023 02:05:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211481
IP address blocks: 2a12:f8c0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:39:b2:3e:5f:bd:65:05:c3:28:4c:0b:b9:02:be:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 2 02:05:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3294273e06387e0ab8222d6b3d77500959cff336
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:f1:40:22:56:00:61:ca:b6:d8:38:e7:a1:96:
9b:14:83:13:3a:d8:d1:b5:55:99:b5:5e:64:c7:6a:
59:5e:c3:20:38:e9:d2:5d:c4:78:26:7e:28:e5:a8:
bf:5a:79:66:d9:b8:c2:54:2e:6a:b6:14:c7:26:34:
0d:31:4b:fd:a0:1a:18:6a:fa:a2:d6:32:c2:40:18:
97:78:bc:b7:1d:d2:d9:70:fb:4f:07:2f:ea:bf:94:
94:84:ee:12:87:08:81:d1:58:15:c4:67:86:36:90:
d0:0e:0f:63:9c:c1:0e:d1:80:51:0d:ca:aa:14:12:
92:23:5d:2d:7b:67:eb:2e:bf:49:c1:be:d0:c4:1b:
3b:d9:df:84:9b:9c:52:cf:09:fd:22:da:88:ff:d0:
73:2b:9e:bd:6e:19:b5:68:ba:44:37:01:1e:cb:ae:
06:ad:59:08:63:f4:ea:2b:20:03:ff:d0:94:ed:14:
16:19:2b:dd:36:67:79:7a:d3:c1:a2:cf:5d:44:c4:
f0:20:4a:4a:37:42:9b:f6:32:4a:d2:44:52:6b:64:
e5:ce:6c:73:74:82:c2:68:83:7b:a7:62:61:c8:e3:
d7:62:f9:d1:e8:0c:b1:01:b7:aa:2c:1c:2a:8f:a9:
da:01:a6:cd:43:a4:b9:1a:25:de:38:12:cb:96:15:
c2:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:94:27:3E:06:38:7E:0A:B8:22:2D:6B:3D:77:50:09:59:CF:F3:36
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/MpQnPgY4fgq4Ii1rPXdQCVnP8zY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c0::/32
Signature Algorithm: sha256WithRSAEncryption
23:d5:5e:9b:4d:fa:b6:35:1d:47:6a:66:52:8a:dc:e4:22:2c:
e8:60:b4:31:7a:c4:bb:32:b4:ab:b6:72:d2:db:a4:44:86:b1:
7c:b3:2b:1b:04:da:0e:02:73:35:61:00:10:3d:81:b0:2f:5d:
66:38:ed:0a:11:43:f0:ae:be:1e:32:a9:2a:93:18:ce:80:13:
af:81:33:aa:04:cd:96:72:de:f6:4f:e9:88:52:01:f5:fe:61:
87:6b:4c:6c:7f:c6:d9:00:49:a3:70:45:46:d6:02:88:54:24:
02:d7:20:6d:bb:d1:1d:db:62:d8:e2:4a:62:ce:64:50:f5:ce:
da:7a:81:2b:79:90:2d:1e:01:87:e4:15:bd:c7:78:4b:58:f1:
fb:5d:d9:30:60:49:51:52:5c:9b:17:6f:6f:78:6e:e3:99:d6:
fd:44:c6:56:ed:7b:37:fa:a7:e1:c0:74:ca:21:8c:59:fe:db:
6b:14:40:8a:ad:35:51:c8:14:c1:ac:b9:99:9e:39:14:f7:dd:
f0:27:1c:cb:d2:9d:9e:50:ac:0f:6c:23:09:98:ac:f8:94:20:
50:57:7f:f3:f9:4b:ea:fb:2c:af:fc:59:af:94:f0:a2:b4:c8:
07:f3:31:67:61:35:35:0a:b9:cc:92:36:a8:15:70:65:79:bd:
e5:7f:6f:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVwObI+X71lBcMoTAu5Ar78MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwMTAyMDIwNTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjk0MjczZTA2Mzg3ZTBhYjgyMjJkNmIzZDc3NTAwOTU5Y2ZmMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofFAIlYAYcq22DjnoZabFIMTOtjR
tVWZtV5kx2pZXsMgOOnSXcR4Jn4o5ai/Wnlm2bjCVC5qthTHJjQNMUv9oBoYavqi
1jLCQBiXeLy3HdLZcPtPBy/qv5SUhO4ShwiB0VgVxGeGNpDQDg9jnMEO0YBRDcqq
FBKSI10te2frLr9Jwb7QxBs72d+Em5xSzwn9ItqI/9BzK569bhm1aLpENwEey64G
rVkIY/TqKyAD/9CU7RQWGSvdNmd5etPBos9dRMTwIEpKN0Kb9jJK0kRSa2Tlzmxz
dILCaIN7p2JhyOPXYvnR6AyxAbeqLBwqj6naAabNQ6S5GiXeOBLLlhXCBwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDKUJz4GOH4KuCItaz13UAlZz/M2MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvTXBRblBnWTRmZ3E0SWkxclBYZFFDVm5QOHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAI9Vem036tjUdR2pmUorc5CIs6GC0MXrEuzK0q7Zy
0tukRIaxfLMrGwTaDgJzNWEAED2BsC9dZjjtChFD8K6+HjKpKpMYzoATr4EzqgTN
lnLe9k/piFIB9f5hh2tMbH/G2QBJo3BFRtYCiFQkAtcgbbvRHdti2OJKYs5kUPXO
2nqBK3mQLR4Bh+QVvcd4S1jx+13ZMGBJUVJcmxdvb3hu45nW/UTGVu17N/qn4cB0
yiGMWf7baxRAiq01UcgUway5mZ45FPfd8Cccy9KdnlCsD2wjCZis+JQgUFd/8/lL
6vssr/xZr5TworTIB/MxZ2E1NQq5zJI2qBVwZXm95X9v7g==
-----END CERTIFICATE-----
Generated at Fri Apr 11 23:32:02 2025 by rpki-client