Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/b30fdb-32e3-4eb2-841f-8b20aa3baae9/1/TgHhSe-WQipteztG-uoRvlO5dog.roa
File: TgHhSe-WQipteztG-uoRvlO5dog.roa (raw, json)
Hash identifier: 7vpb9B1at6O+qHFjKjvEijLc2xT6e2PoM7AGmHVr0zc=
Subject key identifier: 4E:01:E1:49:EF:96:42:2A:6D:7B:3B:46:FA:EA:11:BE:53:B9:76:88
Certificate issuer: /CN=0d03df51f0818531d8ade8208eb8225354116e80
Certificate serial: 01856F9DBE87389F17CA7C1E601CCB28557D
Authority key identifier: 0D:03:DF:51:F0:81:85:31:D8:AD:E8:20:8E:B8:22:53:54:11:6E:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DQPfUfCBhTHYreggjrgiU1QRboA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/b30fdb-32e3-4eb2-841f-8b20aa3baae9/1/TgHhSe-WQipteztG-uoRvlO5dog.roa
Signing time: Sun 01 Jan 2023 23:14:46 +0000
ROA not before: Sun 01 Jan 2023 23:14:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47251
IP address blocks: 2001:678:254::/48 maxlen: 48
2a10:9980::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:9d:be:87:38:9f:17:ca:7c:1e:60:1c:cb:28:55:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d03df51f0818531d8ade8208eb8225354116e80
Validity
Not Before: Jan 1 23:14:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4e01e149ef96422a6d7b3b46faea11be53b97688
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:d4:19:45:2f:9a:17:f9:54:55:1d:f7:d5:61:
6d:9c:ee:35:2d:a5:69:ee:fd:9d:75:ce:66:32:99:
3b:b6:0c:b2:7e:25:09:d5:3d:bb:41:5b:55:c2:e2:
1b:d9:24:19:2b:ad:ea:89:57:b9:5e:ba:e1:97:3c:
9b:f7:c0:72:c5:9e:1e:9b:89:07:05:43:81:89:7b:
18:a2:d0:46:34:64:6f:ae:d9:fc:0b:36:f7:99:0c:
d2:64:ef:cd:93:66:9a:ca:b9:5e:3f:72:65:ed:b3:
6e:2c:dd:1a:84:90:72:7a:fe:fd:cd:67:69:c3:1e:
66:b1:2f:50:df:51:4d:57:86:ba:f9:8a:7b:ff:df:
0d:89:2a:9f:eb:eb:d2:f4:15:10:e8:4a:32:9d:a5:
1e:df:43:c4:de:e5:ac:51:14:08:dc:75:9b:38:b5:
4e:d3:d9:b4:be:2d:48:f0:52:bc:60:1b:08:9f:7e:
ad:b3:e2:4f:d8:46:82:97:61:99:2c:36:0f:a0:61:
ee:c6:9b:de:c3:ac:7d:1a:48:52:91:de:7a:90:ef:
f4:41:69:7b:6a:c6:6d:23:8d:ff:df:7b:75:54:dc:
d3:43:4c:80:af:51:b0:1b:98:a5:6d:dc:db:6e:99:
c4:df:59:a0:a7:11:b8:41:95:10:fd:ea:1e:1c:b8:
c9:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:01:E1:49:EF:96:42:2A:6D:7B:3B:46:FA:EA:11:BE:53:B9:76:88
X509v3 Authority Key Identifier:
keyid:0D:03:DF:51:F0:81:85:31:D8:AD:E8:20:8E:B8:22:53:54:11:6E:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQPfUfCBhTHYreggjrgiU1QRboA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/b30fdb-32e3-4eb2-841f-8b20aa3baae9/1/TgHhSe-WQipteztG-uoRvlO5dog.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/b30fdb-32e3-4eb2-841f-8b20aa3baae9/1/DQPfUfCBhTHYreggjrgiU1QRboA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:254::/48
2a10:9980::/29
Signature Algorithm: sha256WithRSAEncryption
d3:86:2c:cc:e1:e0:4a:75:78:23:34:46:d5:61:4a:87:54:9c:
50:a8:4f:90:0b:fd:7c:93:f5:7c:a2:e4:d4:4c:56:a6:d0:68:
dc:aa:a3:c6:07:18:f5:c9:a9:d2:94:5f:f7:1e:bc:6c:e9:4c:
ca:96:cd:6f:4d:7b:8c:d4:e2:03:e7:06:60:32:a9:3e:2b:06:
78:a2:8d:32:1d:36:02:e4:53:1a:70:84:07:2b:38:7a:4f:87:
11:92:32:aa:9f:30:cf:77:78:2e:6e:59:6f:42:9b:f1:74:59:
3e:50:88:bb:f8:49:d6:aa:23:d5:f0:78:c9:77:cf:f7:89:8a:
5a:4b:b2:a7:93:72:28:4f:b2:42:4a:a4:d3:32:fe:d4:71:79:
15:20:06:cb:4a:e5:87:d4:9c:57:5d:0f:40:34:14:d9:97:2d:
f2:e3:6e:27:f7:1a:30:62:bf:6d:7f:90:49:14:79:49:8d:69:
ca:c3:a5:bb:31:a2:34:3a:ef:1c:57:5c:38:ce:85:bc:89:06:
c1:22:c6:64:3a:28:22:8e:19:20:b0:49:b8:d3:1d:b0:98:c1:
ad:fa:14:d6:7f:59:fb:bc:f4:70:80:5a:da:e2:fb:71:42:03:
27:aa:20:24:8e:5b:ca:38:d2:b0:88:17:16:fb:b8:d1:e2:fc:
da:bf:52:9b
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYVvnb6HOJ8XynweYBzLKFV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMDNkZjUxZjA4MTg1MzFkOGFkZTgyMDhlYjgyMjUzNTQx
MTZlODAwHhcNMjMwMTAxMjMxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTAxZTE0OWVmOTY0MjJhNmQ3YjNiNDZmYWVhMTFiZTUzYjk3Njg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9tQZRS+aF/lUVR331WFtnO41LaVp
7v2ddc5mMpk7tgyyfiUJ1T27QVtVwuIb2SQZK63qiVe5Xrrhlzyb98ByxZ4em4kH
BUOBiXsYotBGNGRvrtn8Czb3mQzSZO/Nk2aayrleP3Jl7bNuLN0ahJByev79zWdp
wx5msS9Q31FNV4a6+Yp7/98NiSqf6+vS9BUQ6EoynaUe30PE3uWsURQI3HWbOLVO
09m0vi1I8FK8YBsIn36ts+JP2EaCl2GZLDYPoGHuxpvew6x9GkhSkd56kO/0QWl7
asZtI43/33t1VNzTQ0yAr1GwG5ilbdzbbpnE31mgpxG4QZUQ/eoeHLjJ4wIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFE4B4UnvlkIqbXs7RvrqEb5TuXaIMB8GA1UdIwQY
MBaAFA0D31HwgYUx2K3oII64IlNUEW6AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFFQZlVmQ0JoVEhZcmVnZ2pyZ2lVMVFSYm9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iMzBmZGItMzJlMy00ZWIyLTg0MWYt
OGIyMGFhM2JhYWU5LzEvVGdIaFNlLVdRaXB0ZXp0Ry11b1J2bE81ZG9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iMzBmZGItMzJlMy00ZWIyLTg0MWYtOGIyMGFhM2JhYWU5
LzEvRFFQZlVmQ0JoVEhZcmVnZ2pyZ2lVMVFSYm9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAIAEGeAJU
AwUDKhCZgDANBgkqhkiG9w0BAQsFAAOCAQEA04YszOHgSnV4IzRG1WFKh1ScUKhP
kAv9fJP1fKLk1ExWptBo3KqjxgcY9cmp0pRf9x68bOlMypbNb017jNTiA+cGYDKp
PisGeKKNMh02AuRTGnCEBys4ek+HEZIyqp8wz3d4Lm5Zb0Kb8XRZPlCIu/hJ1qoj
1fB4yXfP94mKWkuyp5NyKE+yQkqk0zL+1HF5FSAGy0rlh9ScV10PQDQU2Zct8uNu
J/caMGK/bX+QSRR5SY1pysOluzGiNDrvHFdcOM6FvIkGwSLGZDooIo4ZILBJuNMd
sJjBrfoU1n9Z+7z0cIBa2uL7cUIDJ6ogJI5byjjSsIgXFvu40eL82r9Smw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:39 2023 by rpki-client on console-ams.rpki-client.org