Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/5a7c57-2aef-4caa-94c5-f56865c56ba9/1/pMlgypg0IvZiIqnTu4AJ_bljYpk.roa
File: pMlgypg0IvZiIqnTu4AJ_bljYpk.roa (raw, json)
Hash identifier: ExDqmZzczNIhDlczjKdKZelzEMfh07NEDQPieePCfNs=
Subject key identifier: A4:C9:60:CA:98:34:22:F6:62:22:A9:D3:BB:80:09:FD:B9:63:62:99
Certificate issuer: /CN=bde74850b31f3ac2198bf85ffb5c50bc703cc8a6
Certificate serial: 01857142F3A528F75048A4B9B3533DF2780C
Authority key identifier: BD:E7:48:50:B3:1F:3A:C2:19:8B:F8:5F:FB:5C:50:BC:70:3C:C8:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vedIULMfOsIZi_hf-1xQvHA8yKY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/5a7c57-2aef-4caa-94c5-f56865c56ba9/1/pMlgypg0IvZiIqnTu4AJ_bljYpk.roa
Signing time: Mon 02 Jan 2023 06:54:51 +0000
ROA not before: Mon 02 Jan 2023 06:54:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204790
IP address blocks: 2a11:f0c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:42:f3:a5:28:f7:50:48:a4:b9:b3:53:3d:f2:78:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bde74850b31f3ac2198bf85ffb5c50bc703cc8a6
Validity
Not Before: Jan 2 06:54:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a4c960ca983422f66222a9d3bb8009fdb9636299
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:bb:bb:db:68:b8:04:c5:5f:05:13:65:c4:2b:
41:86:17:7f:0e:13:a4:0c:ff:ab:9b:3a:7b:db:ac:
5f:83:21:1b:dc:f7:ee:50:41:a5:55:d2:87:63:b3:
25:81:e9:87:e1:ab:41:19:09:82:38:12:8a:42:6c:
ec:b7:34:95:3b:26:8f:6e:42:24:42:d0:f2:d3:89:
b4:84:b5:9c:ed:ca:0d:69:5a:e9:ee:32:37:d4:4b:
42:da:8c:7a:82:b8:5b:a1:5d:7d:7f:e8:1b:cd:49:
cb:0f:e5:e8:b6:20:7b:65:6e:ad:d9:94:fa:09:40:
70:06:72:0f:ef:db:ec:0f:f4:18:42:31:71:dc:ed:
0a:4f:dc:e4:6a:7f:51:8f:67:12:79:d1:73:46:d3:
23:0b:47:f7:30:c7:f3:e3:7a:3b:6f:34:4a:0d:62:
fe:de:09:b1:64:b9:b1:e0:e5:b8:8e:db:b7:fe:be:
e0:e9:2f:5b:ee:9e:51:bc:ab:7d:9f:4d:9b:f8:79:
7d:ba:b4:df:b1:b3:af:c1:56:13:2e:c3:d9:b6:8d:
71:67:77:57:bd:56:80:e2:ae:26:dd:c3:21:61:46:
ac:b1:eb:7e:50:b9:a5:fe:52:40:fe:0e:9c:c7:2b:
c4:b2:82:dc:05:dc:35:48:cc:57:bd:a3:03:4e:bc:
44:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:C9:60:CA:98:34:22:F6:62:22:A9:D3:BB:80:09:FD:B9:63:62:99
X509v3 Authority Key Identifier:
keyid:BD:E7:48:50:B3:1F:3A:C2:19:8B:F8:5F:FB:5C:50:BC:70:3C:C8:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vedIULMfOsIZi_hf-1xQvHA8yKY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/5a7c57-2aef-4caa-94c5-f56865c56ba9/1/pMlgypg0IvZiIqnTu4AJ_bljYpk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/5a7c57-2aef-4caa-94c5-f56865c56ba9/1/vedIULMfOsIZi_hf-1xQvHA8yKY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:f0c0::/29
Signature Algorithm: sha256WithRSAEncryption
73:44:01:46:c3:db:8e:01:ec:03:9f:7e:1d:c3:5e:7b:ad:12:
72:7e:e9:b5:89:e5:64:eb:0b:0f:72:1a:5f:27:ff:72:6a:f0:
c4:ea:94:62:ac:88:b8:97:1d:40:63:76:21:46:4a:e3:2b:a2:
aa:2c:57:b6:aa:79:6d:a5:59:f4:e1:72:90:a5:dc:f9:41:2d:
2b:34:84:d8:4b:2c:b2:45:99:71:12:1a:3a:da:0f:05:06:f3:
35:8e:63:1f:6b:e3:80:6c:71:04:09:af:b0:80:78:e4:c8:ee:
ad:5b:45:03:3e:3f:77:43:85:c2:35:ce:01:29:77:d1:78:f9:
65:cf:75:be:d1:ad:c3:ad:36:b5:d8:6a:ec:1c:2e:c3:63:ec:
63:9a:5c:dc:4b:42:00:9d:da:4d:9a:5f:57:8a:8a:a3:3e:f6:
6e:b1:1a:16:dc:b3:c1:4d:a8:ee:ba:d4:f1:1b:13:26:5c:91:
d9:99:4a:d6:05:c1:7c:15:46:70:c8:38:d1:8e:99:50:9a:df:
a1:ac:2d:08:ef:df:b1:70:49:32:0e:39:ad:fe:e0:01:19:3b:
08:4f:0e:e0:73:89:27:dc:fd:86:24:37:b8:a3:6f:41:ee:00:
99:76:31:ee:3c:55:71:e0:9b:e1:de:93:66:18:f1:2f:69:e7:
42:6d:5f:5b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVxQvOlKPdQSKS5s1M98ngMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTc0ODUwYjMxZjNhYzIxOThiZjg1ZmZiNWM1MGJjNzAz
Y2M4YTYwHhcNMjMwMTAyMDY1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGM5NjBjYTk4MzQyMmY2NjIyMmE5ZDNiYjgwMDlmZGI5NjM2Mjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7u722i4BMVfBRNlxCtBhhd/DhOk
DP+rmzp726xfgyEb3PfuUEGlVdKHY7MlgemH4atBGQmCOBKKQmzstzSVOyaPbkIk
QtDy04m0hLWc7coNaVrp7jI31EtC2ox6grhboV19f+gbzUnLD+XotiB7ZW6t2ZT6
CUBwBnIP79vsD/QYQjFx3O0KT9zkan9Rj2cSedFzRtMjC0f3MMfz43o7bzRKDWL+
3gmxZLmx4OW4jtu3/r7g6S9b7p5RvKt9n02b+Hl9urTfsbOvwVYTLsPZto1xZ3dX
vVaA4q4m3cMhYUasset+ULml/lJA/g6cxyvEsoLcBdw1SMxXvaMDTrxEQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKTJYMqYNCL2YiKp07uACf25Y2KZMB8GA1UdIwQY
MBaAFL3nSFCzHzrCGYv4X/tcULxwPMimMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVkSVVMTWZPc0laaV9oZi0xeFF2SEE4eUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy81YTdjNTctMmFlZi00Y2FhLTk0YzUt
ZjU2ODY1YzU2YmE5LzEvcE1sZ3lwZzBJdlppSXFuVHU0QUpfYmxqWXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy81YTdjNTctMmFlZi00Y2FhLTk0YzUtZjU2ODY1YzU2YmE5
LzEvdmVkSVVMTWZPc0laaV9oZi0xeFF2SEE4eUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhHwwDAN
BgkqhkiG9w0BAQsFAAOCAQEAc0QBRsPbjgHsA59+HcNee60Scn7ptYnlZOsLD3Ia
Xyf/cmrwxOqUYqyIuJcdQGN2IUZK4yuiqixXtqp5baVZ9OFykKXc+UEtKzSE2Ess
skWZcRIaOtoPBQbzNY5jH2vjgGxxBAmvsIB45MjurVtFAz4/d0OFwjXOASl30Xj5
Zc91vtGtw602tdhq7Bwuw2PsY5pc3EtCAJ3aTZpfV4qKoz72brEaFtyzwU2o7rrU
8RsTJlyR2ZlK1gXBfBVGcMg40Y6ZUJrfoawtCO/fsXBJMg45rf7gARk7CE8O4HOJ
J9z9hiQ3uKNvQe4AmXYx7jxVceCb4d6TZhjxL2nnQm1fWw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:41 2023 by rpki-client on console-fra.rpki-client.org