Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/qNbrMe-7pXJBkhq5vbc0jZm9cRI.roa
File: qNbrMe-7pXJBkhq5vbc0jZm9cRI.roa (raw, json)
Hash identifier: iw2V8/xzTLeyMYN4RgP11lJO6ros8L2AdACx00hWmoc=
Subject key identifier: A8:D6:EB:31:EF:BB:A5:72:41:92:1A:B9:BD:B7:34:8D:99:BD:71:12
Certificate issuer: /CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Certificate serial: 071A8CD4
Authority key identifier: 9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/qNbrMe-7pXJBkhq5vbc0jZm9cRI.roa
Signing time: Sat 01 Jan 2022 08:03:01 +0000
ROA not before: Sat 01 Jan 2022 08:03:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61439
IP address blocks: 2a0d:8041::/32 maxlen: 32
2a0f:a1c1::/32 maxlen: 32
2a0d:8044::/32 maxlen: 32
2a0f:a1c4::/32 maxlen: 32
2a0d:8045::/32 maxlen: 32
2a0f:a1c5::/32 maxlen: 32
2a0f:a1c2::/32 maxlen: 32
2a0d:8042::/32 maxlen: 32
2a0d:8043::/32 maxlen: 32
2a0f:a1c3::/32 maxlen: 32
2a0f:a1c7::/32 maxlen: 32
2a0d:8047::/32 maxlen: 32
2a0d:8040::/32 maxlen: 32
2a0f:a1c0::/32 maxlen: 32
2a0d:8046::/32 maxlen: 32
2a0f:a1c6::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 119180500 (0x71a8cd4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Validity
Not Before: Jan 1 08:03:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a8d6eb31efbba57241921ab9bdb7348d99bd7112
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:f9:a8:7c:a1:d2:b5:69:94:ff:3e:c4:27:84:
cf:93:f8:30:68:2d:0d:14:e0:ba:37:a3:9d:71:5c:
ab:a6:f1:cb:8e:2e:ba:e8:14:3e:8c:f5:9c:ff:e8:
fb:bc:be:f1:06:db:5d:e9:4f:27:3d:32:03:07:53:
cc:9b:7d:00:e3:bc:67:64:36:c5:fd:8c:c8:32:02:
23:a8:83:39:66:d0:4d:29:54:f4:03:ef:9a:88:c4:
21:cb:36:41:9e:7e:6d:1c:51:b6:4f:ef:98:92:99:
49:73:88:ff:6d:a5:70:e1:d7:41:84:30:39:8f:97:
5d:bc:4c:f8:ad:4b:f3:24:af:51:84:76:24:0e:50:
3e:86:a8:83:cb:ec:cb:73:e9:fb:fb:c3:72:a4:a7:
2b:2c:12:07:49:a8:33:bb:40:12:5a:5a:bd:43:0a:
44:02:ee:eb:31:47:74:47:15:49:b7:79:18:01:e3:
d8:d9:d8:d5:32:1a:69:89:bd:fe:1c:1e:b3:74:10:
a4:7c:17:cd:ea:6e:1e:f5:45:ff:7b:ac:43:51:86:
fd:f0:a6:cc:8d:8b:ab:59:47:35:13:7d:70:7f:68:
13:24:49:22:b7:91:b5:7e:f5:22:82:db:fc:02:97:
7e:0b:67:de:6a:99:43:9c:c7:09:61:e9:b3:1d:0a:
31:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:D6:EB:31:EF:BB:A5:72:41:92:1A:B9:BD:B7:34:8D:99:BD:71:12
X509v3 Authority Key Identifier:
keyid:9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/qNbrMe-7pXJBkhq5vbc0jZm9cRI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:8040::/29
2a0f:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
40:1b:e0:f8:29:de:67:9b:fb:3a:5f:94:21:54:e0:7a:31:7a:
a7:05:90:0d:ff:94:65:aa:6e:ef:1a:6c:be:5e:5d:fe:ea:95:
5c:e4:39:68:32:4a:d7:08:84:a0:e6:e2:54:53:b7:0c:d8:d9:
69:56:f2:a3:35:a8:63:ad:3b:b4:05:b1:96:43:3a:84:dc:06:
04:03:9f:48:00:9c:ee:f1:dd:c8:d0:f7:1a:04:94:62:78:b7:
43:2f:41:c1:be:62:20:58:67:cd:a5:f9:3d:2f:9b:2c:83:43:
4a:17:ed:94:af:7e:54:a3:49:56:4e:bf:1a:9f:25:af:03:e1:
09:19:40:9f:b6:f5:75:27:98:43:89:2c:aa:af:a6:be:7c:63:
68:28:ca:4d:15:7f:76:c6:ce:bb:9d:15:e8:ed:75:80:9f:32:
ad:86:3c:ad:06:a4:b4:20:84:a7:d9:f9:11:4e:51:4f:68:9f:
91:e5:90:d1:f9:4b:c6:94:35:60:83:37:46:d6:bb:f1:66:22:
10:c6:38:16:1e:ba:bb:4d:83:37:21:34:e7:47:b7:97:15:d3:
4f:9e:6d:1b:43:a8:c9:1e:e7:c9:b9:6b:ed:48:5a:41:d7:d4:
c9:cf:60:1c:32:81:e3:c6:32:c2:b7:59:3c:50:07:3b:e7:32:
8d:ab:54:52
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIEBxqM1DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YzFhZWQ5OTEzZjg4ODBhZjc1NTdlZWYzZWYwMmQ2ZTBmZjNmZDQ5MB4XDTIyMDEw
MTA4MDMwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYThkNmViMzFlZmJi
YTU3MjQxOTIxYWI5YmRiNzM0OGQ5OWJkNzExMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJr5qHyh0rVplP8+xCeEz5P4MGgtDRTgujejnXFcq6bxy44u
uugUPoz1nP/o+7y+8QbbXelPJz0yAwdTzJt9AOO8Z2Q2xf2MyDICI6iDOWbQTSlU
9APvmojEIcs2QZ5+bRxRtk/vmJKZSXOI/22lcOHXQYQwOY+XXbxM+K1L8ySvUYR2
JA5QPoaog8vsy3Pp+/vDcqSnKywSB0moM7tAElpavUMKRALu6zFHdEcVSbd5GAHj
2NnY1TIaaYm9/hwes3QQpHwXzepuHvVF/3usQ1GG/fCmzI2Lq1lHNRN9cH9oEyRJ
IreRtX71IoLb/AKXfgtn3mqZQ5zHCWHpsx0KMcMCAwEAAaOCAhEwggINMB0GA1Ud
DgQWBBSo1usx77ulckGSGrm9tzSNmb1xEjAfBgNVHSMEGDAWgBScGu2ZE/iICvdV
fu8+8C1uD/P9STAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L25CcnRtUlA0aUFyM1ZYN3ZQdkF0Ymdfel9Vay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGYvZmY5NGYxLWJhNjMtNDBkNi1iZWNhLTVlNjI0YTMwMzhjZi8x
L3FOYnJNZS03cFhKQmtocTV2YmMwalptOWNSSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYv
ZmY5NGYxLWJhNjMtNDBkNi1iZWNhLTVlNjI0YTMwMzhjZi8xL25CcnRtUlA0aUFy
M1ZYN3ZQdkF0Ymdfel9Vay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAn
BggrBgEFBQcBBwEB/wQYMBYwFAQCAAIwDgMFAyoNgEADBQMqD6HAMA0GCSqGSIb3
DQEBCwUAA4IBAQBAG+D4Kd5nm/s6X5QhVOB6MXqnBZAN/5Rlqm7vGmy+Xl3+6pVc
5DloMkrXCISg5uJUU7cM2NlpVvKjNahjrTu0BbGWQzqE3AYEA59IAJzu8d3I0Pca
BJRieLdDL0HBvmIgWGfNpfk9L5ssg0NKF+2Ur35Uo0lWTr8anyWvA+EJGUCftvV1
J5hDiSyqr6a+fGNoKMpNFX92xs67nRXo7XWAnzKthjytBqS0IISn2fkRTlFPaJ+R
5ZDR+UvGlDVggzdG1rvxZiIQxjgWHrq7TYM3ITTnR7eXFdNPnm0bQ6jJHufJuWvt
SFpB19TJz2AcMoHjxjLCt1k8UAc75zKNq1RS
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:59:22 2023 by rpki-client on console-fra.rpki-client.org