Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/QIyg7SkqKySXNbkRiqy1ClZKkQo.roa
File: QIyg7SkqKySXNbkRiqy1ClZKkQo.roa (raw, json)
Hash identifier: +s7nxG/E7jxd8VLm7zAAPQLficMNql5E8w6dpEx65Bs=
Subject key identifier: 40:8C:A0:ED:29:2A:2B:24:97:35:B9:11:8A:AC:B5:0A:56:4A:91:0A
Certificate issuer: /CN=bde75079618691bae1f47bcbed52314496963891
Certificate serial: 02E3C00F
Authority key identifier: BD:E7:50:79:61:86:91:BA:E1:F4:7B:CB:ED:52:31:44:96:96:38:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vedQeWGGkbrh9HvL7VIxRJaWOJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/QIyg7SkqKySXNbkRiqy1ClZKkQo.roa
Signing time: Sat 01 Jan 2022 10:01:49 +0000
ROA not before: Sat 01 Jan 2022 10:01:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212660
IP address blocks: 2a0d:dbc0::/29 maxlen: 29
2a0c:4880::/29 maxlen: 29
2a09:a400::/29 maxlen: 29
2a0e:5800::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 48480271 (0x2e3c00f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bde75079618691bae1f47bcbed52314496963891
Validity
Not Before: Jan 1 10:01:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=408ca0ed292a2b249735b9118aacb50a564a910a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:76:7e:73:6a:34:39:46:89:a4:22:2e:a7:05:
8f:57:ff:89:35:5d:06:40:89:1b:ce:28:a8:31:6e:
d9:74:2b:2d:88:ea:72:c8:be:42:dd:54:54:e7:4b:
19:18:ab:f9:91:eb:5a:a1:4f:66:ca:b7:3d:9f:3c:
4f:cc:70:cf:af:e5:d3:43:34:ee:59:80:20:4f:1b:
cc:8b:12:dc:46:aa:2c:ce:c2:84:0c:9e:4f:4e:e3:
2f:f9:d7:58:32:41:04:88:57:de:ce:72:c3:61:f2:
f9:26:32:fe:4b:83:c5:16:ca:95:8b:53:7a:33:f2:
70:47:78:de:66:dc:2b:a6:83:ba:f5:e1:7d:00:51:
38:3c:21:fb:0e:a5:ca:b7:69:90:03:0d:e2:5a:bc:
e7:2c:24:ce:3a:f5:09:b3:26:34:39:c6:29:8f:bb:
f1:81:f2:f0:4e:27:2f:e4:8b:03:77:68:df:e0:ff:
18:de:82:df:15:cd:ef:46:3c:c0:3d:01:fc:28:66:
02:1f:0d:a7:01:1f:9b:7a:34:30:75:66:db:86:b0:
a2:e3:5d:22:3d:8d:e6:85:d9:19:70:1c:2e:b1:d7:
a3:6f:7b:62:18:9a:24:e3:92:67:b9:4e:c7:03:29:
4e:6c:e9:89:9b:bd:64:bc:8b:e2:14:b5:00:ee:0c:
10:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:8C:A0:ED:29:2A:2B:24:97:35:B9:11:8A:AC:B5:0A:56:4A:91:0A
X509v3 Authority Key Identifier:
keyid:BD:E7:50:79:61:86:91:BA:E1:F4:7B:CB:ED:52:31:44:96:96:38:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vedQeWGGkbrh9HvL7VIxRJaWOJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/QIyg7SkqKySXNbkRiqy1ClZKkQo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/8f2093-0318-476c-9e9c-53fc4905629b/1/vedQeWGGkbrh9HvL7VIxRJaWOJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:a400::/29
2a0c:4880::/29
2a0d:dbc0::/29
2a0e:5800::/29
Signature Algorithm: sha256WithRSAEncryption
6c:af:a1:90:89:7a:e1:e1:d5:25:e6:6d:79:fe:54:07:01:fe:
f0:19:5c:87:6a:b3:5c:b5:45:4a:aa:59:71:f9:16:b3:c4:39:
61:46:cf:7d:2c:81:24:5f:71:91:2d:75:31:b4:78:41:53:af:
fe:34:9f:58:2c:9d:24:7e:43:02:e2:5d:b8:e1:ef:4e:99:83:
37:e9:74:cd:25:4a:d2:d3:5a:21:3f:67:63:56:5a:a6:3d:6d:
a9:3d:09:c5:a0:fe:ca:50:da:3d:71:d5:ce:98:21:e5:53:40:
29:5d:cc:82:7d:c4:b4:87:3c:a7:1a:77:a9:91:ec:d2:3f:05:
3c:ec:6f:ab:65:33:e2:53:4a:86:8b:7a:fc:83:d1:de:82:74:
b2:eb:96:c7:8f:5b:c7:5c:4a:88:32:ba:20:79:c6:40:3d:a3:
61:00:bc:a9:a0:b5:f7:6a:be:4d:e2:82:8c:46:5e:ee:04:69:
12:00:af:ca:8d:36:29:58:8a:49:0e:81:f1:0c:09:06:0f:13:
83:3d:7f:96:2d:91:8e:55:e0:63:f4:7d:b2:34:15:5c:a6:ac:
28:3e:a6:58:c2:f8:35:81:a1:49:a6:8e:53:78:85:dc:ea:c6:
5d:1c:48:7c:1e:bf:f9:34:76:1a:f9:f4:b0:68:8f:57:8d:85:
8b:d7:ab:82
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIEAuPADzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZGU3NTA3OTYxODY5MWJhZTFmNDdiY2JlZDUyMzE0NDk2OTYzODkxMB4XDTIyMDEw
MTEwMDE0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDA4Y2EwZWQyOTJh
MmIyNDk3MzViOTExOGFhY2I1MGE1NjRhOTEwYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKR2fnNqNDlGiaQiLqcFj1f/iTVdBkCJG84oqDFu2XQrLYjq
csi+Qt1UVOdLGRir+ZHrWqFPZsq3PZ88T8xwz6/l00M07lmAIE8bzIsS3EaqLM7C
hAyeT07jL/nXWDJBBIhX3s5yw2Hy+SYy/kuDxRbKlYtTejPycEd43mbcK6aDuvXh
fQBRODwh+w6lyrdpkAMN4lq85ywkzjr1CbMmNDnGKY+78YHy8E4nL+SLA3do3+D/
GN6C3xXN70Y8wD0B/ChmAh8NpwEfm3o0MHVm24awouNdIj2N5oXZGXAcLrHXo297
YhiaJOOSZ7lOxwMpTmzpiZu9ZLyL4hS1AO4MEEkCAwEAAaOCAh8wggIbMB0GA1Ud
DgQWBBRAjKDtKSorJJc1uRGKrLUKVkqRCjAfBgNVHSMEGDAWgBS951B5YYaRuuH0
e8vtUjFElpY4kTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3ZlZFFlV0dHa2JyaDlIdkw3Vkl4UkphV09KRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGIvOGYyMDkzLTAzMTgtNDc2Yy05ZTljLTUzZmM0OTA1NjI5Yi8x
L1FJeWc3U2txS3lTWE5ia1JpcXkxQ2xaS2tRby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGIv
OGYyMDkzLTAzMTgtNDc2Yy05ZTljLTUzZmM0OTA1NjI5Yi8xL3ZlZFFlV0dHa2Jy
aDlIdkw3Vkl4UkphV09KRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA1
BggrBgEFBQcBBwEB/wQmMCQwIgQCAAIwHAMFAyoJpAADBQMqDEiAAwUDKg3bwAMF
AyoOWAAwDQYJKoZIhvcNAQELBQADggEBAGyvoZCJeuHh1SXmbXn+VAcB/vAZXIdq
s1y1RUqqWXH5FrPEOWFGz30sgSRfcZEtdTG0eEFTr/40n1gsnSR+QwLiXbjh706Z
gzfpdM0lStLTWiE/Z2NWWqY9bak9CcWg/spQ2j1x1c6YIeVTQCldzIJ9xLSHPKca
d6mR7NI/BTzsb6tlM+JTSoaLevyD0d6CdLLrlsePW8dcSogyuiB5xkA9o2EAvKmg
tfdqvk3igoxGXu4EaRIAr8qNNilYikkOgfEMCQYPE4M9f5YtkY5V4GP0fbI0FVym
rCg+pljC+DWBoUmmjlN4hdzqxl0cSHwev/k0dhr59LBoj1eNhYvXq4I=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:46 2024 by rpki-client on console-ams.rpki-client.org