Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/QHdqaZJzP7dQ311o4-kXX5fCaS8.roa
File: QHdqaZJzP7dQ311o4-kXX5fCaS8.roa (raw, json)
Hash identifier: qtdF3TbpquBer/TaFygZNCe9lqOrKNs/f0XT3P/CnyU=
Subject key identifier: 40:77:6A:69:92:73:3F:B7:50:DF:5D:68:E3:E9:17:5F:97:C2:69:2F
Certificate issuer: /CN=d0c3d358812e60b680e4e11632f139560bf525fb
Certificate serial: 01856D41905D1608216D01821ECF1A5608DC
Authority key identifier: D0:C3:D3:58:81:2E:60:B6:80:E4:E1:16:32:F1:39:56:0B:F5:25:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/QHdqaZJzP7dQ311o4-kXX5fCaS8.roa
Signing time: Sun 01 Jan 2023 12:14:51 +0000
ROA not before: Sun 01 Jan 2023 12:14:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 174
IP address blocks: 2a12:7f40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:41:90:5d:16:08:21:6d:01:82:1e:cf:1a:56:08:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0c3d358812e60b680e4e11632f139560bf525fb
Validity
Not Before: Jan 1 12:14:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=40776a6992733fb750df5d68e3e9175f97c2692f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:ba:78:e7:a0:d0:80:50:c3:c6:2b:40:3d:66:
3c:34:28:00:97:b2:12:94:c9:6c:2c:0f:81:6c:d9:
50:2d:bc:8b:85:fe:e8:5b:76:16:dd:2c:19:0e:9b:
0d:53:77:ba:5a:4b:be:01:fc:8f:84:e2:35:2f:26:
a5:88:a6:2c:00:32:e5:17:fb:fd:cd:7f:b1:e1:9f:
3e:09:93:06:c4:31:b3:00:b7:56:4e:b5:67:f8:49:
23:46:bb:30:d7:57:8b:2b:1c:ad:68:28:de:dd:c1:
53:ec:6e:aa:80:e4:9c:47:c4:12:58:29:87:93:49:
c9:2d:27:ef:ac:18:b2:22:b3:59:c5:ce:dd:f5:66:
f9:26:1b:d7:c9:62:35:3c:ac:1e:38:7b:bc:3e:71:
e5:3e:62:b6:13:a8:e0:ad:a6:fb:bf:7b:5f:d8:d9:
69:7a:78:8f:d3:19:5a:2e:69:b0:34:52:b9:29:d4:
0f:ab:23:6d:fc:b1:7c:c0:09:c5:4b:94:a5:08:d3:
c0:51:b7:86:12:98:ec:6c:08:25:16:5a:a4:ec:85:
c0:23:38:00:b7:c5:cf:00:be:a0:d9:c1:a9:3b:37:
1e:1c:ea:0d:eb:22:ad:e9:57:1d:36:90:34:95:db:
a2:f3:ab:aa:f6:c3:6d:66:a6:37:08:3a:90:f9:c6:
7b:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:77:6A:69:92:73:3F:B7:50:DF:5D:68:E3:E9:17:5F:97:C2:69:2F
X509v3 Authority Key Identifier:
keyid:D0:C3:D3:58:81:2E:60:B6:80:E4:E1:16:32:F1:39:56:0B:F5:25:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/QHdqaZJzP7dQ311o4-kXX5fCaS8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:7f40::/29
Signature Algorithm: sha256WithRSAEncryption
75:aa:3d:c3:52:44:96:55:95:4e:f8:c4:97:d2:d5:4f:46:1f:
d4:17:3c:a8:78:08:d7:76:ab:55:db:3d:ed:1c:58:e3:0d:75:
ac:49:cf:ef:29:7e:10:ba:b4:bb:8f:a2:b6:10:d0:9a:6e:de:
87:ca:65:e4:19:f1:1d:62:23:0f:13:fd:7c:07:ab:ed:7f:76:
ae:db:2f:33:2c:eb:87:d0:56:1b:c4:1a:42:09:ed:a6:19:d2:
e2:dd:db:ca:05:96:56:41:64:33:04:57:1c:56:81:54:ec:ef:
8c:1e:21:60:e1:06:1d:7d:40:57:07:00:a3:a4:f7:e0:6a:23:
86:0f:f9:84:61:97:88:52:d0:d8:0d:21:4d:8e:8d:07:fe:5f:
5f:53:1d:b4:9e:cb:1a:d6:27:57:1e:48:ec:58:16:5a:6a:29:
b2:09:ff:7e:b3:ba:cd:f8:54:6d:bd:9a:76:5a:41:f1:e2:be:
03:b5:c4:dc:30:fb:25:dc:53:8f:d7:0c:10:37:e1:20:56:88:
7b:a8:a1:ba:93:29:9b:d9:11:a9:fb:59:6c:2f:fa:05:b2:bb:
5c:e9:06:a0:ca:e5:46:79:a6:a6:3d:7b:07:34:a3:89:ec:d2:
57:a7:9f:a8:d8:0a:ed:82:ba:9c:13:54:bc:48:3a:39:fd:08:
4b:10:e8:00
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVtQZBdFgghbQGCHs8aVgjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYzNkMzU4ODEyZTYwYjY4MGU0ZTExNjMyZjEzOTU2MGJm
NTI1ZmIwHhcNMjMwMTAxMTIxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDc3NmE2OTkyNzMzZmI3NTBkZjVkNjhlM2U5MTc1Zjk3YzI2OTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLp456DQgFDDxitAPWY8NCgAl7IS
lMlsLA+BbNlQLbyLhf7oW3YW3SwZDpsNU3e6Wku+AfyPhOI1LyaliKYsADLlF/v9
zX+x4Z8+CZMGxDGzALdWTrVn+EkjRrsw11eLKxytaCje3cFT7G6qgOScR8QSWCmH
k0nJLSfvrBiyIrNZxc7d9Wb5JhvXyWI1PKweOHu8PnHlPmK2E6jgrab7v3tf2Nlp
eniP0xlaLmmwNFK5KdQPqyNt/LF8wAnFS5SlCNPAUbeGEpjsbAglFlqk7IXAIzgA
t8XPAL6g2cGpOzceHOoN6yKt6VcdNpA0ldui86uq9sNtZqY3CDqQ+cZ7gQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEB3ammScz+3UN9daOPpF1+XwmkvMB8GA1UdIwQY
MBaAFNDD01iBLmC2gOThFjLxOVYL9SX7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME1QVFdJRXVZTGFBNU9FV012RTVWZ3YxSmZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9kYTVlM2ItY2EwYi00ZmNlLWIxZTIt
NWRkMzM2ZjM4MDYwLzEvUUhkcWFaSnpQN2RRMzExbzQta1hYNWZDYVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9kYTVlM2ItY2EwYi00ZmNlLWIxZTItNWRkMzM2ZjM4MDYw
LzEvME1QVFdJRXVZTGFBNU9FV012RTVWZ3YxSmZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhJ/QDAN
BgkqhkiG9w0BAQsFAAOCAQEAdao9w1JEllWVTvjEl9LVT0Yf1Bc8qHgI13arVds9
7RxY4w11rEnP7yl+ELq0u4+ithDQmm7eh8pl5BnxHWIjDxP9fAer7X92rtsvMyzr
h9BWG8QaQgntphnS4t3bygWWVkFkMwRXHFaBVOzvjB4hYOEGHX1AVwcAo6T34Goj
hg/5hGGXiFLQ2A0hTY6NB/5fX1MdtJ7LGtYnVx5I7FgWWmopsgn/frO6zfhUbb2a
dlpB8eK+A7XE3DD7JdxTj9cMEDfhIFaIe6ihupMpm9kRqftZbC/6BbK7XOkGoMrl
Rnmmpj17BzSjiezSV6efqNgK7YK6nBNUvEg6Of0ISxDoAA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:18:01 2025 by rpki-client