Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/c3206a-9c16-4527-8b89-6e8dcbaeaf7f/1/HpApmVQhEh1dXZXZjkkEj8egKeA.roa
File: HpApmVQhEh1dXZXZjkkEj8egKeA.roa (raw, json)
Hash identifier: 1DGxLL/YzaHk8fgDSltj73pTPu7JJ0yseXqZ3d9EQzk=
Subject key identifier: 1E:90:29:99:54:21:12:1D:5D:5D:95:D9:8E:49:04:8F:C7:A0:29:E0
Certificate issuer: /CN=f95d39e5b6890a46c8ce5c9037e6d26365e857bc
Certificate serial: 0183AD609BEB2E16F0100DEA417065A60222
Authority key identifier: F9:5D:39:E5:B6:89:0A:46:C8:CE:5C:90:37:E6:D2:63:65:E8:57:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-V055baJCkbIzlyQN-bSY2XoV7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/c3206a-9c16-4527-8b89-6e8dcbaeaf7f/1/HpApmVQhEh1dXZXZjkkEj8egKeA.roa
Signing time: Thu 06 Oct 2022 12:58:53 +0000
ROA not before: Thu 06 Oct 2022 12:58:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 213027
IP address blocks: 2001:678:f78::/48 maxlen: 48
2001:678:f70::/48 maxlen: 48
2001:678:f7c::/48 maxlen: 48
2001:678:f74::/48 maxlen: 48
2a11:a00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:ad:60:9b:eb:2e:16:f0:10:0d:ea:41:70:65:a6:02:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f95d39e5b6890a46c8ce5c9037e6d26365e857bc
Validity
Not Before: Oct 6 12:58:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1e9029995421121d5d5d95d98e49048fc7a029e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:2b:d1:48:c9:72:f2:c8:d1:84:bb:22:08:55:
70:7f:ee:e9:c5:38:c3:c9:e5:d0:9a:70:76:09:cc:
e4:eb:28:c7:22:ca:40:d6:21:2f:b0:7b:21:98:8c:
8d:aa:0e:e2:34:a0:6c:bd:df:b8:c6:a6:76:62:cf:
b0:31:04:ee:2a:50:51:b1:f2:50:98:92:f0:59:04:
6b:4a:97:ee:c2:b0:49:0b:ea:07:4d:99:17:94:74:
82:9b:12:7d:61:ad:2a:43:7e:ec:cd:83:8e:68:17:
aa:da:44:e8:9b:b8:ae:77:9b:a0:79:dd:7b:31:47:
6f:bc:ba:ac:96:4a:17:96:82:b3:58:98:91:ba:3c:
82:2b:a2:b6:c6:b1:8d:5e:a5:d6:39:75:49:d1:08:
11:b0:88:3e:b0:ce:2b:c8:f6:42:13:d5:df:84:74:
c1:7f:e6:ea:04:42:fe:eb:b9:dd:d7:ea:7e:fb:2a:
4e:a2:04:37:f4:14:9c:4a:e2:d6:5a:61:79:5b:bb:
0a:a2:6c:af:e4:66:dd:48:51:c5:0d:40:f1:7d:96:
21:4d:c5:48:52:49:80:44:34:d1:77:cd:e6:45:f6:
74:f0:d2:ff:cd:f3:bc:4a:e9:0a:95:6a:bf:09:5e:
0b:b3:f2:79:8a:21:09:13:89:df:f6:5d:d1:ca:c0:
2c:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:90:29:99:54:21:12:1D:5D:5D:95:D9:8E:49:04:8F:C7:A0:29:E0
X509v3 Authority Key Identifier:
keyid:F9:5D:39:E5:B6:89:0A:46:C8:CE:5C:90:37:E6:D2:63:65:E8:57:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-V055baJCkbIzlyQN-bSY2XoV7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/c3206a-9c16-4527-8b89-6e8dcbaeaf7f/1/HpApmVQhEh1dXZXZjkkEj8egKeA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/c3206a-9c16-4527-8b89-6e8dcbaeaf7f/1/1-V055baJCkbIzlyQN-bSY2XoV7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:f70::/48
2001:678:f74::/48
2001:678:f78::/48
2001:678:f7c::/48
2a11:a00::/29
Signature Algorithm: sha256WithRSAEncryption
36:ad:43:b9:a9:48:12:3e:e2:2c:18:ef:41:ad:1d:5e:f8:dd:
cd:d3:c3:71:f0:e1:a4:4e:b4:88:ab:f6:95:19:15:c1:71:3c:
8b:9a:31:01:8e:0b:16:c6:dc:c5:51:f2:93:97:ae:1c:2c:78:
b3:30:8e:ab:50:9c:e4:dc:a1:1f:81:f2:57:3d:72:af:d8:0e:
2d:c3:9c:2d:ae:39:45:91:60:a4:dd:cf:62:35:71:41:fe:3a:
11:94:c1:7d:00:7b:e0:5a:b3:f7:70:7a:92:0e:b8:7b:69:b7:
a9:2d:ff:54:9d:d4:a5:11:c2:e5:82:7b:2a:f3:75:0b:06:52:
bb:73:13:56:c0:9f:c6:49:9c:d4:00:89:bf:ee:b2:59:c9:8e:
59:f4:0f:1a:44:fe:47:a2:40:c9:8b:7d:de:3c:aa:ac:af:25:
c4:52:cb:ed:e7:73:17:bb:1b:3c:5e:fc:13:95:b2:c4:d3:2f:
c9:28:9b:28:12:9c:99:39:cd:18:2e:e2:16:7c:27:86:5b:8a:
ca:a3:ce:fd:4a:a9:fd:ba:e1:93:92:af:f2:03:3e:7f:db:02:
77:10:9b:c7:f6:1e:6c:a5:43:a8:20:e1:91:8a:0d:95:81:ee:
d8:9e:3e:24:c8:89:b1:fe:af:9a:0f:e5:d4:b1:ae:81:b6:54:
a5:da:8e:4e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYOtYJvrLhbwEA3qQXBlpgIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NWQzOWU1YjY4OTBhNDZjOGNlNWM5MDM3ZTZkMjYzNjVl
ODU3YmMwHhcNMjIxMDA2MTI1ODUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTkwMjk5OTU0MjExMjFkNWQ1ZDk1ZDk4ZTQ5MDQ4ZmM3YTAyOWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtivRSMly8sjRhLsiCFVwf+7pxTjD
yeXQmnB2Cczk6yjHIspA1iEvsHshmIyNqg7iNKBsvd+4xqZ2Ys+wMQTuKlBRsfJQ
mJLwWQRrSpfuwrBJC+oHTZkXlHSCmxJ9Ya0qQ37szYOOaBeq2kTom7iud5uged17
MUdvvLqslkoXloKzWJiRujyCK6K2xrGNXqXWOXVJ0QgRsIg+sM4ryPZCE9XfhHTB
f+bqBEL+67nd1+p++ypOogQ39BScSuLWWmF5W7sKomyv5GbdSFHFDUDxfZYhTcVI
UkmARDTRd83mRfZ08NL/zfO8SukKlWq/CV4Ls/J5iiEJE4nf9l3RysAsQwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFB6QKZlUIRIdXV2V2Y5JBI/HoCngMB8GA1UdIwQY
MBaAFPldOeW2iQpGyM5ckDfm0mNl6Fe8MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1WMDU1YmFKQ2tiSXpseVFOLWJTWTJYb1Y3dy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTcvYzMyMDZhLTljMTYtNDUyNy04Yjg5
LTZlOGRjYmFlYWY3Zi8xL0hwQXBtVlFoRWgxZFhaWFpqa2tFajhlZ0tlQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTcvYzMyMDZhLTljMTYtNDUyNy04Yjg5LTZlOGRjYmFlYWY3
Zi8xLzEtVjA1NWJhSkNrYkl6bHlRTi1iU1kyWG9WN3cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwRAYIKwYBBQUHAQcBAf8ENTAzMDEEAgACMCsDBwAgAQZ4
D3ADBwAgAQZ4D3QDBwAgAQZ4D3gDBwAgAQZ4D3wDBQMqEQoAMA0GCSqGSIb3DQEB
CwUAA4IBAQA2rUO5qUgSPuIsGO9BrR1e+N3N08Nx8OGkTrSIq/aVGRXBcTyLmjEB
jgsWxtzFUfKTl64cLHizMI6rUJzk3KEfgfJXPXKv2A4tw5wtrjlFkWCk3c9iNXFB
/joRlMF9AHvgWrP3cHqSDrh7abepLf9UndSlEcLlgnsq83ULBlK7cxNWwJ/GSZzU
AIm/7rJZyY5Z9A8aRP5HokDJi33ePKqsryXEUsvt53MXuxs8XvwTlbLE0y/JKJso
EpyZOc0YLuIWfCeGW4rKo879Sqn9uuGTkq/yAz5/2wJ3EJvH9h5spUOoIOGRig2V
ge7Ynj4kyImx/q+aD+XUsa6BtlSl2o5O
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:40 2023 by rpki-client on console-fra.rpki-client.org