Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vqVQXn9kL2zukXKigIn_jR5HvF4.roa
File: vqVQXn9kL2zukXKigIn_jR5HvF4.roa (raw, json)
Hash identifier: cm6miMslwdApJPvxP/c5Suv3Z82/MExQfQLXuVaBhNw=
Subject key identifier: BE:A5:50:5E:7F:64:2F:6C:EE:91:72:A2:80:89:FF:8D:1E:47:BC:5E
Certificate issuer: /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial: 0184A8BA131BD34E715033033CEB112697A3
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vqVQXn9kL2zukXKigIn_jR5HvF4.roa
Signing time: Thu 24 Nov 2022 08:21:17 +0000
ROA not before: Thu 24 Nov 2022 08:21:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 201217
IP address blocks: 2a12:3fc2:ab70::/44 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:a8:ba:13:1b:d3:4e:71:50:33:03:3c:eb:11:26:97:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Validity
Not Before: Nov 24 08:21:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bea5505e7f642f6cee9172a28089ff8d1e47bc5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:29:93:fb:a6:17:8a:a8:7b:07:1f:00:d9:f9:
fa:8d:b5:bf:cd:31:6a:2f:8c:de:70:57:13:61:23:
01:c0:93:b3:4b:ad:e1:77:f9:27:2d:08:f3:fd:56:
aa:6c:85:f2:3e:35:a3:a7:09:1f:34:11:97:44:3a:
69:56:ed:24:37:7f:01:c3:6a:1d:96:87:24:5b:02:
09:32:3f:f8:17:a4:73:33:2b:6a:2a:ca:51:7c:08:
a9:dc:81:12:52:36:30:ac:3f:a4:f1:0b:74:93:b6:
cf:b0:e7:1d:de:40:58:bd:53:04:ca:aa:40:79:19:
cf:8b:20:fd:09:27:d2:19:32:da:af:47:64:ab:c3:
d8:6e:fc:25:eb:a7:d1:90:10:ba:e8:02:37:2c:a5:
75:ac:70:08:6f:4c:ba:13:cd:cd:dd:b1:1a:09:b0:
10:f5:bf:77:20:43:2c:b0:f9:ec:ad:31:15:c1:01:
48:a1:6c:26:f1:b7:82:cf:84:84:01:8d:7b:0e:94:
e3:27:7b:3a:b5:6e:8e:7d:57:cc:1e:b9:ef:98:0c:
72:53:0e:b2:84:8e:9d:9a:03:4a:8c:10:3f:6c:fa:
24:2c:c5:d3:bb:7b:44:a0:ba:11:90:7b:5d:e2:10:
a2:95:b0:dc:fa:d3:9a:89:c0:fa:ef:26:b6:3d:9d:
ef:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:A5:50:5E:7F:64:2F:6C:EE:91:72:A2:80:89:FF:8D:1E:47:BC:5E
X509v3 Authority Key Identifier:
keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/vqVQXn9kL2zukXKigIn_jR5HvF4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:3fc2:ab70::/44
Signature Algorithm: sha256WithRSAEncryption
8c:56:c0:16:06:b0:c3:d5:4b:6c:b1:e6:bb:8f:40:a1:96:a0:
ab:d7:05:d9:3e:80:19:2a:43:06:9c:a6:01:37:3d:85:78:77:
b3:fc:9f:6d:94:af:b9:4a:63:5e:3c:16:e2:9c:b6:4b:90:94:
01:76:35:26:c0:7a:7e:df:80:05:c1:ab:bc:99:0c:6c:56:9f:
2d:b3:cd:51:70:52:7d:19:be:ff:6e:c9:3b:59:55:a4:8d:13:
83:f5:69:da:32:a5:b7:78:dd:6a:b6:6d:29:5c:77:13:71:ad:
6e:6a:c0:c8:d1:ab:4e:0b:3d:db:cf:10:4c:4b:76:1a:d6:ac:
ae:a5:3c:9e:f7:1f:26:c5:e6:ed:a4:ea:a5:96:08:6a:d3:7b:
d6:a6:72:2b:5b:ce:ef:b1:29:6e:48:cd:85:77:d6:65:b3:e4:
b9:a2:8b:bf:e8:b9:7c:0d:30:17:05:f2:30:6b:27:c9:eb:bc:
9c:11:7d:75:8e:44:2e:df:67:01:ad:2d:bb:20:b4:5d:89:59:
e3:7c:c0:99:df:2c:0f:de:0b:24:2d:0a:1c:1f:64:1e:9b:e6:
c1:ef:a9:f1:e9:54:eb:f1:26:c0:1f:ac:eb:c5:3f:9d:9f:0b:
9c:3c:b3:60:31:08:96:45:87:ce:6c:3d:f5:ca:1b:5f:b4:af:
8b:30:b2:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYSouhMb005xUDMDPOsRJpejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjIxMTI0MDgyMTE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWE1NTA1ZTdmNjQyZjZjZWU5MTcyYTI4MDg5ZmY4ZDFlNDdiYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSmT+6YXiqh7Bx8A2fn6jbW/zTFq
L4zecFcTYSMBwJOzS63hd/knLQjz/VaqbIXyPjWjpwkfNBGXRDppVu0kN38Bw2od
lockWwIJMj/4F6RzMytqKspRfAip3IESUjYwrD+k8Qt0k7bPsOcd3kBYvVMEyqpA
eRnPiyD9CSfSGTLar0dkq8PYbvwl66fRkBC66AI3LKV1rHAIb0y6E83N3bEaCbAQ
9b93IEMssPnsrTEVwQFIoWwm8beCz4SEAY17DpTjJ3s6tW6OfVfMHrnvmAxyUw6y
hI6dmgNKjBA/bPokLMXTu3tEoLoRkHtd4hCilbDc+tOaicD67ya2PZ3vsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL6lUF5/ZC9s7pFyooCJ/40eR7xeMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvdnFWUVhuOWtMMnp1a1hLaWdJbl9qUjVIdkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhI/wqtw
MA0GCSqGSIb3DQEBCwUAA4IBAQCMVsAWBrDD1Utssea7j0ChlqCr1wXZPoAZKkMG
nKYBNz2FeHez/J9tlK+5SmNePBbinLZLkJQBdjUmwHp+34AFwau8mQxsVp8ts81R
cFJ9Gb7/bsk7WVWkjROD9WnaMqW3eN1qtm0pXHcTca1uasDI0atOCz3bzxBMS3Ya
1qyupTye9x8mxebtpOqllghq03vWpnIrW87vsSluSM2Fd9Zls+S5oou/6Ll8DTAX
BfIwayfJ67ycEX11jkQu32cBrS27ILRdiVnjfMCZ3ywP3gskLQocH2Qem+bB76nx
6VTr8SbAH6zrxT+dnwucPLNgMQiWRYfObD31yhtftK+LMLL8
-----END CERTIFICATE-----
Generated at Mon Apr 21 06:14:51 2025 by rpki-client