Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/5a7c57-2aef-4caa-94c5-f56865c56ba9/1/VGqRva9SMpXrAQjSiXd3b1iqid0.roa
File: VGqRva9SMpXrAQjSiXd3b1iqid0.roa (raw, json)
Hash identifier: fq0mVgAQsmpopx+KiRdaBT0bTFmzXcmjLiz/1JQeSaQ=
Subject key identifier: 54:6A:91:BD:AF:52:32:95:EB:01:08:D2:89:77:77:6F:58:AA:89:DD
Certificate issuer: /CN=bde74850b31f3ac2198bf85ffb5c50bc703cc8a6
Certificate serial: 95F2AA
Authority key identifier: BD:E7:48:50:B3:1F:3A:C2:19:8B:F8:5F:FB:5C:50:BC:70:3C:C8:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vedIULMfOsIZi_hf-1xQvHA8yKY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/5a7c57-2aef-4caa-94c5-f56865c56ba9/1/VGqRva9SMpXrAQjSiXd3b1iqid0.roa
Signing time: Sat 01 Jan 2022 02:58:13 +0000
ROA not before: Sat 01 Jan 2022 02:58:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 204790
IP address blocks: 2a11:f0c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9826986 (0x95f2aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bde74850b31f3ac2198bf85ffb5c50bc703cc8a6
Validity
Not Before: Jan 1 02:58:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=546a91bdaf523295eb0108d28977776f58aa89dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:23:e8:d8:0f:b9:67:7e:80:02:8c:ce:5e:9b:
eb:e9:5a:75:65:19:14:bf:69:d3:88:10:2e:f0:a8:
dc:d1:a0:d8:c5:67:ed:d7:bb:48:91:8f:ce:bf:87:
a3:5d:3b:bd:15:dd:a5:0a:45:ac:de:de:85:dd:90:
0a:9f:93:f2:aa:e5:74:d3:e7:d3:d5:a2:1e:50:82:
32:cf:fc:38:32:fb:40:75:b1:b3:d9:be:58:98:d5:
8f:2b:12:3b:dc:f5:20:78:4b:68:21:f7:8d:62:c1:
9b:99:c3:32:5b:18:0f:cf:05:66:c0:1f:0f:81:65:
3c:c7:d6:e8:7b:83:c8:cf:f3:be:30:81:57:a7:b6:
67:a2:60:89:cf:cf:4c:cc:90:da:7d:97:af:96:3b:
95:91:2d:2e:f5:31:6d:f5:00:72:0b:18:4e:53:cd:
bc:c4:a3:10:12:a9:10:e2:47:a0:df:1a:f4:a9:de:
fe:d1:bf:f4:e7:c9:80:e6:5a:66:f8:09:0f:80:98:
90:f2:d5:05:d6:b0:f1:e8:82:20:66:8a:5b:66:f6:
20:c2:d6:2f:a5:c5:a5:df:49:d7:00:2f:93:68:e6:
d6:4b:5a:c2:cb:9c:00:ac:68:d0:85:f4:cb:6a:05:
e6:1d:b0:7b:0d:b9:84:21:af:a7:30:9a:72:40:e3:
70:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:6A:91:BD:AF:52:32:95:EB:01:08:D2:89:77:77:6F:58:AA:89:DD
X509v3 Authority Key Identifier:
keyid:BD:E7:48:50:B3:1F:3A:C2:19:8B:F8:5F:FB:5C:50:BC:70:3C:C8:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vedIULMfOsIZi_hf-1xQvHA8yKY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/5a7c57-2aef-4caa-94c5-f56865c56ba9/1/VGqRva9SMpXrAQjSiXd3b1iqid0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/5a7c57-2aef-4caa-94c5-f56865c56ba9/1/vedIULMfOsIZi_hf-1xQvHA8yKY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:f0c0::/29
Signature Algorithm: sha256WithRSAEncryption
a9:45:3c:82:dc:dd:1a:70:a3:a6:3d:d3:b3:e6:8e:c5:55:53:
f0:3a:9c:a3:db:86:55:01:26:2a:3b:69:04:e9:d0:fc:a7:3d:
ff:a8:6f:9a:b7:a3:09:5e:8d:df:e9:7f:cd:f2:8b:22:41:d8:
b3:fb:8f:74:3c:2e:97:11:4d:3c:82:c2:ee:50:f6:80:6c:c5:
49:d0:c6:65:32:c9:ed:88:7d:7f:37:66:dd:d0:59:c9:7f:57:
3c:ff:d9:2e:95:bc:0f:a7:02:33:3a:97:9d:3b:9b:15:72:86:
c5:5f:d8:92:f5:4c:3e:2a:95:c7:5c:3f:bd:ef:a7:9f:fc:72:
cd:05:b7:a8:bb:2c:bb:77:68:f1:ba:dd:52:a3:6e:76:a0:01:
03:88:35:5a:4b:5a:d8:29:3e:08:25:8d:30:ba:97:c2:5d:d6:
75:f7:b9:21:5e:01:96:55:d2:db:ec:61:9a:94:59:05:22:48:
99:68:29:26:ee:af:72:1d:9a:44:5c:eb:72:d3:65:6f:08:e9:
8f:8e:9d:c5:54:de:f3:6e:1b:71:18:ad:69:88:6d:e3:34:f1:
1b:3d:4f:f3:5d:d6:33:14:b0:50:94:ba:90:41:3e:83:3d:87:
60:9c:98:2f:4f:13:3a:9a:5f:f6:19:c3:12:f3:da:90:43:fa:
42:1d:34:61
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIEAJXyqjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
ZGU3NDg1MGIzMWYzYWMyMTk4YmY4NWZmYjVjNTBiYzcwM2NjOGE2MB4XDTIyMDEw
MTAyNTgxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTQ2YTkxYmRhZjUy
MzI5NWViMDEwOGQyODk3Nzc3NmY1OGFhODlkZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKgj6NgPuWd+gAKMzl6b6+ladWUZFL9p04gQLvCo3NGg2MVn
7de7SJGPzr+Ho107vRXdpQpFrN7ehd2QCp+T8qrldNPn09WiHlCCMs/8ODL7QHWx
s9m+WJjVjysSO9z1IHhLaCH3jWLBm5nDMlsYD88FZsAfD4FlPMfW6HuDyM/zvjCB
V6e2Z6Jgic/PTMyQ2n2Xr5Y7lZEtLvUxbfUAcgsYTlPNvMSjEBKpEOJHoN8a9Kne
/tG/9OfJgOZaZvgJD4CYkPLVBdaw8eiCIGaKW2b2IMLWL6XFpd9J1wAvk2jm1kta
wsucAKxo0IX0y2oF5h2wew25hCGvpzCackDjcBUCAwEAAaOCAgowggIGMB0GA1Ud
DgQWBBRUapG9r1IylesBCNKJd3dvWKqJ3TAfBgNVHSMEGDAWgBS950hQsx86whmL
+F/7XFC8cDzIpjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3ZlZElVTE1mT3NJWmlfaGYtMXhRdkhBOHlLWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjcvNWE3YzU3LTJhZWYtNGNhYS05NGM1LWY1Njg2NWM1NmJhOS8x
L1ZHcVJ2YTlTTXBYckFRalNpWGQzYjFpcWlkMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjcv
NWE3YzU3LTJhZWYtNGNhYS05NGM1LWY1Njg2NWM1NmJhOS8xL3ZlZElVTE1mT3NJ
WmlfaGYtMXhRdkhBOHlLWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAg
BggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoR8MAwDQYJKoZIhvcNAQELBQAD
ggEBAKlFPILc3Rpwo6Y907PmjsVVU/A6nKPbhlUBJio7aQTp0PynPf+ob5q3owle
jd/pf83yiyJB2LP7j3Q8LpcRTTyCwu5Q9oBsxUnQxmUyye2IfX83Zt3QWcl/Vzz/
2S6VvA+nAjM6l507mxVyhsVf2JL1TD4qlcdcP73vp5/8cs0Ft6i7LLt3aPG63VKj
bnagAQOINVpLWtgpPggljTC6l8Jd1nX3uSFeAZZV0tvsYZqUWQUiSJloKSbur3Id
mkRc63LTZW8I6Y+OncVU3vNuG3EYrWmIbeM08Rs9T/Nd1jMUsFCUupBBPoM9h2Cc
mC9PEzqaX/YZwxLz2pBD+kIdNGE=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:35 2023 by rpki-client on console-ams.rpki-client.org