Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/3yqx6NeMyBoBbHmnn-8WGn2t9wU.roa
File: 3yqx6NeMyBoBbHmnn-8WGn2t9wU.roa (raw, json)
Hash identifier: gr57lXTyltaZLjUKA05d18e7ZYGpCmAekG5axWRfCF8=
Subject key identifier: DF:2A:B1:E8:D7:8C:C8:1A:01:6C:79:A7:9F:EF:16:1A:7D:AD:F7:05
Certificate issuer: /CN=4196230e58decc0cbcfb15f56aa64dedd1f389f5
Certificate serial: 0182E7FD97774E4DD04C48E6942543FEB487
Authority key identifier: 41:96:23:0E:58:DE:CC:0C:BC:FB:15:F5:6A:A6:4D:ED:D1:F3:89:F5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/3yqx6NeMyBoBbHmnn-8WGn2t9wU.roa
Signing time: Mon 29 Aug 2022 05:05:32 +0000
ROA not before: Mon 29 Aug 2022 05:05:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 22773
IP address blocks: 2a10:6a80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:e7:fd:97:77:4e:4d:d0:4c:48:e6:94:25:43:fe:b4:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4196230e58decc0cbcfb15f56aa64dedd1f389f5
Validity
Not Before: Aug 29 05:05:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=df2ab1e8d78cc81a016c79a79fef161a7dadf705
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:89:10:3e:73:43:f2:f9:1b:eb:34:bf:2b:e1:
fb:c4:63:99:f6:46:b8:2a:3e:84:de:9c:4f:20:d2:
e8:73:22:65:3a:5b:ab:7f:fe:d9:f8:51:cd:61:73:
5f:6a:85:a9:c5:56:02:b1:7a:46:a0:4d:c1:2b:2e:
9b:9b:1c:66:51:e0:d0:d9:75:bc:46:30:a6:dc:1a:
98:6a:ad:7c:f5:2a:10:1d:64:73:0f:3e:b0:30:44:
76:9f:f7:8c:5d:76:a6:97:c5:8a:66:a3:40:cd:7b:
b4:a3:34:8f:b4:ce:d7:26:0f:4c:5b:a6:5c:48:83:
e8:49:32:13:8e:f8:92:2b:da:0a:c1:be:b6:d7:ca:
3d:39:16:8a:34:04:01:fb:a3:b4:eb:be:86:91:ab:
93:86:63:ac:4e:7c:1d:9d:1a:a8:1a:3e:64:30:03:
89:e7:b2:4b:ab:b7:1e:8e:bb:e8:a3:49:35:d7:9b:
c1:16:00:03:e5:1c:78:c4:17:ad:7f:71:ce:aa:db:
6d:23:63:67:17:8f:74:90:68:0c:06:61:eb:a9:53:
86:29:48:cf:f4:f4:d8:b1:73:f9:dc:53:6c:11:fa:
09:70:0c:4c:35:ba:e8:6f:3f:d9:a3:d3:74:a8:a1:
0e:b9:6e:6d:b5:5d:ff:4b:d6:17:c0:15:81:be:fa:
77:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:2A:B1:E8:D7:8C:C8:1A:01:6C:79:A7:9F:EF:16:1A:7D:AD:F7:05
X509v3 Authority Key Identifier:
keyid:41:96:23:0E:58:DE:CC:0C:BC:FB:15:F5:6A:A6:4D:ED:D1:F3:89:F5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/3yqx6NeMyBoBbHmnn-8WGn2t9wU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a10:6a80::/29
Signature Algorithm: sha256WithRSAEncryption
b9:fb:5b:9c:67:f9:11:5b:0c:09:b7:2b:15:91:c4:8b:3b:22:
e4:06:26:73:03:63:4e:e3:0c:31:b0:3b:c9:a4:52:e8:f6:99:
5e:e0:13:49:c4:5a:68:cb:5b:f0:6a:f2:6f:fa:f9:51:cb:1a:
47:c9:b9:11:f4:10:f3:92:12:74:b8:4b:d9:d3:4f:52:6a:49:
27:cc:60:47:ae:2e:99:0d:d1:67:cb:ee:a7:f4:81:9b:fc:78:
98:b5:52:45:53:6e:d7:68:0d:4a:d8:7e:d2:cd:71:b2:b6:58:
fd:d2:24:e6:bb:08:b7:85:12:99:a1:89:85:4c:58:c8:40:d3:
cf:0c:2a:31:58:aa:9e:7f:3c:56:47:c6:fe:2d:a2:de:15:6b:
1f:af:b7:bb:9b:a4:05:5c:28:8a:a7:fe:c4:64:0c:58:16:16:
fb:93:09:d1:f1:7c:3d:5f:d0:60:9b:db:77:e5:1a:ce:40:58:
a6:42:1c:67:07:b7:f5:f4:a4:3f:27:ed:4f:80:65:c9:21:48:
26:32:aa:1e:a5:1b:3c:49:f6:b8:20:42:d4:0a:49:85:57:97:
11:56:5f:05:67:25:c0:9c:4d:48:41:79:69:da:45:13:dc:2a:
94:93:ae:ee:61:2c:f6:f3:25:49:45:a7:56:dd:bd:37:08:d3:
ab:27:86:93
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYLn/Zd3Tk3QTEjmlCVD/rSHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOTYyMzBlNThkZWNjMGNiY2ZiMTVmNTZhYTY0ZGVkZDFm
Mzg5ZjUwHhcNMjIwODI5MDUwNTMyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJhYjFlOGQ3OGNjODFhMDE2Yzc5YTc5ZmVmMTYxYTdkYWRmNzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYkQPnND8vkb6zS/K+H7xGOZ9ka4
Kj6E3pxPINLocyJlOlurf/7Z+FHNYXNfaoWpxVYCsXpGoE3BKy6bmxxmUeDQ2XW8
RjCm3BqYaq189SoQHWRzDz6wMER2n/eMXXaml8WKZqNAzXu0ozSPtM7XJg9MW6Zc
SIPoSTITjviSK9oKwb6218o9ORaKNAQB+6O0676GkauThmOsTnwdnRqoGj5kMAOJ
57JLq7cejrvoo0k115vBFgAD5Rx4xBetf3HOqtttI2NnF490kGgMBmHrqVOGKUjP
9PTYsXP53FNsEfoJcAxMNbrobz/Zo9N0qKEOuW5ttV3/S9YXwBWBvvp3BwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN8qsejXjMgaAWx5p5/vFhp9rfcFMB8GA1UdIwQY
MBaAFEGWIw5Y3swMvPsV9WqmTe3R84n1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVpZakRsamV6QXk4LXhYMWFxWk43ZEh6aWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kYTk2ZjUtM2YzMy00NmY5LWE1MTQt
MmJlZmZmZDU3ZmI3LzEvM3lxeDZOZU15Qm9CYkhtbm4tOFdHbjJ0OXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kYTk2ZjUtM2YzMy00NmY5LWE1MTQtMmJlZmZmZDU3ZmI3
LzEvUVpZakRsamV6QXk4LXhYMWFxWk43ZEh6aWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhBqgDAN
BgkqhkiG9w0BAQsFAAOCAQEAuftbnGf5EVsMCbcrFZHEizsi5AYmcwNjTuMMMbA7
yaRS6PaZXuATScRaaMtb8Gryb/r5UcsaR8m5EfQQ85ISdLhL2dNPUmpJJ8xgR64u
mQ3RZ8vup/SBm/x4mLVSRVNu12gNSth+0s1xsrZY/dIk5rsIt4USmaGJhUxYyEDT
zwwqMViqnn88VkfG/i2i3hVrH6+3u5ukBVwoiqf+xGQMWBYW+5MJ0fF8PV/QYJvb
d+UazkBYpkIcZwe39fSkPyftT4BlySFIJjKqHqUbPEn2uCBC1ApJhVeXEVZfBWcl
wJxNSEF5adpFE9wqlJOu7mEs9vMlSUWnVt29NwjTqyeGkw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:54:41 2025 by rpki-client