Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/CJWGPr673f9sZ8LCnAZ_gdxhg3k.roa
File: CJWGPr673f9sZ8LCnAZ_gdxhg3k.roa (raw, json)
Hash identifier: MduRcxV3saSFBgHEbZYeBsRvl3Id+yhkvY8AEtY3gxc=
Subject key identifier: 08:95:86:3E:BE:BB:DD:FF:6C:67:C2:C2:9C:06:7F:81:DC:61:83:79
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 0185763067311B68503ACB1E29F10B68F561
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/CJWGPr673f9sZ8LCnAZ_gdxhg3k.roa
Signing time: Tue 03 Jan 2023 05:52:41 +0000
ROA not before: Tue 03 Jan 2023 05:52:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60445
IP address blocks: 2a12:f8c3:1000::/36 maxlen: 36
2a12:f8c3:2000::/36 maxlen: 36
2a12:f8c2:400::/40 maxlen: 40
2a12:f8c2:500::/40 maxlen: 40
2a12:f8c2:600::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:76:30:67:31:1b:68:50:3a:cb:1e:29:f1:0b:68:f5:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 3 05:52:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0895863ebebbddff6c67c2c29c067f81dc618379
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:b9:5a:35:17:33:c4:af:d7:d9:c4:59:c3:be:
53:5b:24:b8:cd:02:d6:3f:03:57:88:f0:26:d3:a6:
37:e4:d8:16:98:67:af:31:b9:f1:ba:3c:3d:cf:e6:
fa:3f:e0:1c:e9:eb:df:3e:dd:c7:37:92:b6:61:9f:
9d:20:ff:f1:32:27:5f:30:d0:0d:5a:a0:73:70:3e:
48:7b:ad:44:2e:96:37:7b:0a:bc:8f:56:ad:a9:a3:
c9:8a:91:44:09:cf:71:b1:b2:26:93:6a:36:82:0d:
63:c9:e8:a8:60:fe:58:ce:70:d9:ff:7c:0c:7b:20:
83:8f:e8:97:32:98:25:76:f5:c8:4f:a4:7e:2c:48:
89:fe:fa:e1:52:32:66:e6:c7:92:64:c1:71:d7:27:
3d:86:44:a8:21:d1:6f:f8:0f:14:a6:39:bf:fa:38:
f1:97:72:b4:f5:9e:66:a6:a5:96:af:36:94:95:85:
31:54:6a:0a:47:10:41:cd:d5:22:5a:f8:cc:3a:eb:
57:69:3b:67:5a:d4:a2:74:90:28:8e:1b:ae:61:5c:
c8:bd:63:1a:bb:68:ea:5d:16:05:59:71:13:03:de:
05:16:ed:56:64:7f:c0:e0:5a:aa:87:7e:4a:6c:07:
51:db:94:f1:b0:a8:d4:24:c0:3e:67:81:37:2d:1b:
71:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:95:86:3E:BE:BB:DD:FF:6C:67:C2:C2:9C:06:7F:81:DC:61:83:79
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/CJWGPr673f9sZ8LCnAZ_gdxhg3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c2:400::-2a12:f8c2:6ff:ffff:ffff:ffff:ffff:ffff
2a12:f8c3:1000::-2a12:f8c3:2fff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
70:71:dc:6a:be:a6:5a:6d:27:a1:97:44:d2:c2:f1:b1:e9:96:
09:fe:11:73:88:ed:a7:5a:88:3b:0b:c5:3e:00:7d:c6:49:c4:
26:72:50:30:f8:42:e0:8a:9c:f3:5b:29:f2:a1:ef:dc:7b:aa:
36:25:23:c8:9d:af:c1:6e:bd:aa:ac:1e:7d:56:c6:13:cc:1b:
2f:d8:73:d9:13:99:29:e3:21:67:b6:b4:ce:50:80:d5:24:c4:
2f:67:41:73:3e:b9:30:dd:9d:bc:b7:46:1c:ef:f8:cd:3d:9f:
a3:66:4b:91:c2:97:be:a0:d9:4b:22:fd:6b:de:60:6a:ad:9c:
1f:47:9e:e4:12:c4:32:79:39:4e:2b:a7:43:54:c0:3c:49:5b:
70:11:eb:47:8b:1c:cc:1d:2b:d9:2f:31:69:be:0b:f5:33:47:
36:4f:7e:6c:65:47:24:a4:76:7f:33:72:f5:45:a1:32:6b:5e:
b5:df:1b:3d:a7:e1:19:ad:11:f8:e1:78:20:a3:07:79:4b:a0:
ac:42:14:6d:74:eb:be:17:29:bf:6a:8a:d6:6e:0f:0a:0d:bc:
86:16:ab:22:2e:9d:e5:79:8c:f2:0a:16:07:93:6f:6c:8b:ee:
e9:1f:b7:f0:84:24:16:eb:44:df:78:e6:b8:de:fc:e9:cf:ae:
c6:5b:90:f2
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYV2MGcxG2hQOsseKfELaPVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwMTAzMDU1MjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODk1ODYzZWJlYmJkZGZmNmM2N2MyYzI5YzA2N2Y4MWRjNjE4Mzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlblaNRczxK/X2cRZw75TWyS4zQLW
PwNXiPAm06Y35NgWmGevMbnxujw9z+b6P+Ac6evfPt3HN5K2YZ+dIP/xMidfMNAN
WqBzcD5Ie61ELpY3ewq8j1atqaPJipFECc9xsbImk2o2gg1jyeioYP5YznDZ/3wM
eyCDj+iXMpgldvXIT6R+LEiJ/vrhUjJm5seSZMFx1yc9hkSoIdFv+A8Upjm/+jjx
l3K09Z5mpqWWrzaUlYUxVGoKRxBBzdUiWvjMOutXaTtnWtSidJAojhuuYVzIvWMa
u2jqXRYFWXETA94FFu1WZH/A4Fqqh35KbAdR25TxsKjUJMA+Z4E3LRtxHQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFAiVhj6+u93/bGfCwpwGf4HcYYN5MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvQ0pXR1ByNjczZjlzWjhMQ25BWl9nZHhoZzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkMBADBgIqEvjC
BAMGACoS+MIGMBADBgQqEvjDEAMGBCoS+MMgMA0GCSqGSIb3DQEBCwUAA4IBAQBw
cdxqvqZabSehl0TSwvGx6ZYJ/hFziO2nWog7C8U+AH3GScQmclAw+ELgipzzWyny
oe/ce6o2JSPIna/Bbr2qrB59VsYTzBsv2HPZE5kp4yFntrTOUIDVJMQvZ0FzPrkw
3Z28t0Yc7/jNPZ+jZkuRwpe+oNlLIv1r3mBqrZwfR57kEsQyeTlOK6dDVMA8SVtw
EetHixzMHSvZLzFpvgv1M0c2T35sZUckpHZ/M3L1RaEya1613xs9p+EZrRH44Xgg
owd5S6CsQhRtdOu+Fym/aorWbg8KDbyGFqsiLp3leYzyChYHk29si+7pH7fwhCQW
60TfeOa43vzpz67GW5Dy
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:26:22 2025 by rpki-client