Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/CP_gwrWl8UDQCtFsODTUNRVZQ6s.roa
File: CP_gwrWl8UDQCtFsODTUNRVZQ6s.roa (raw, json)
Hash identifier: w/53/sVmicEAEair/15Du+2mMxQxI35b+BQMKNZyVxg=
Subject key identifier: 08:FF:E0:C2:B5:A5:F1:40:D0:0A:D1:6C:38:34:D4:35:15:59:43:AB
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 01880AE5C18B5021D07F2D19F3DD90F5E366
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/CP_gwrWl8UDQCtFsODTUNRVZQ6s.roa
Signing time: Thu 11 May 2023 13:00:09 +0000
ROA not before: Thu 11 May 2023 13:00:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 63800
IP address blocks: 2a12:f8c3:3000::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:0a:e5:c1:8b:50:21:d0:7f:2d:19:f3:dd:90:f5:e3:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: May 11 13:00:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=08ffe0c2b5a5f140d00ad16c3834d435155943ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:6d:6b:02:ee:ec:b7:9b:96:97:a7:f9:07:56:
a3:4b:cb:0f:30:86:da:58:b1:62:42:fc:1b:34:e3:
48:a1:ff:83:7e:f2:12:74:87:d9:ee:9a:05:39:8c:
a6:3c:c4:f3:33:22:07:6d:61:88:c4:f4:a2:74:9c:
c4:27:86:cd:fe:20:50:38:f9:c2:b2:19:73:a4:08:
ce:3f:34:22:88:b5:7d:dd:5a:5c:92:89:97:4b:86:
2b:d8:5e:10:bf:2e:55:ed:3e:4e:72:04:b0:52:49:
9b:21:c0:55:3a:bc:d5:9f:02:5b:55:21:55:21:32:
11:46:97:05:e4:83:06:06:3f:dd:bf:c5:3d:bf:04:
c5:f5:b7:9c:14:ab:f1:57:c4:d7:6e:e4:5b:de:12:
1a:db:71:f2:ad:ef:07:59:cc:f4:b0:f8:a4:05:cf:
56:71:39:25:66:bb:f3:d8:46:e6:0e:7d:f6:b4:06:
42:75:46:62:a5:05:45:d4:ec:0b:e6:c2:71:61:11:
cf:b5:88:5b:b9:36:21:c7:36:20:6a:3d:7c:77:45:
fe:ff:f5:0a:cb:e9:a8:db:56:69:1c:16:1c:99:fe:
79:e8:66:2c:bd:a1:63:df:76:eb:4d:d8:44:82:7a:
bc:f6:ca:b5:ab:dc:c9:39:d4:cc:9b:49:61:c5:cb:
27:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:FF:E0:C2:B5:A5:F1:40:D0:0A:D1:6C:38:34:D4:35:15:59:43:AB
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/CP_gwrWl8UDQCtFsODTUNRVZQ6s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c3:3000::/36
Signature Algorithm: sha256WithRSAEncryption
09:96:af:3e:fb:73:8b:f5:a8:44:1a:22:7b:70:68:d5:2d:69:
38:da:75:10:37:95:d2:07:5d:49:58:bd:37:05:9e:ef:eb:3d:
63:08:af:fd:dd:1c:e2:b5:c5:4d:3a:8d:63:99:98:7f:45:f0:
62:2a:b7:ed:be:0c:1a:48:a2:88:e2:dd:aa:6b:99:af:89:be:
8a:37:37:47:b8:35:f5:21:65:b1:bc:65:82:97:2c:2f:86:ff:
97:05:98:4e:35:79:7e:81:06:7a:58:1e:05:96:6f:81:20:6d:
a7:cd:81:18:15:51:71:5c:09:f4:82:02:07:cb:6f:80:5e:dd:
14:8e:5d:6b:d9:d3:28:4f:75:5c:5a:81:43:ff:45:b1:87:b9:
88:36:07:1d:6c:3c:79:2d:3b:f4:00:7e:1d:8a:33:f1:40:6b:
f5:be:c3:06:22:f2:de:3c:f0:3c:85:63:38:0e:2c:13:c8:da:
f4:b6:a8:62:7e:b0:75:86:8c:e1:3c:65:4b:69:12:f8:9e:4e:
06:ec:38:a3:f2:7f:d6:c8:47:59:06:05:36:01:70:1f:dd:8e:
47:f5:6d:dc:cd:db:0a:b5:14:0b:81:b7:b2:0c:e0:77:a0:21:
7b:2f:3c:51:76:e2:c3:26:3d:c3:e9:88:b6:06:56:b3:72:d6:
26:a2:f7:92
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYgK5cGLUCHQfy0Z892Q9eNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwNTExMTMwMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGZmZTBjMmI1YTVmMTQwZDAwYWQxNmMzODM0ZDQzNTE1NTk0M2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW1rAu7st5uWl6f5B1ajS8sPMIba
WLFiQvwbNONIof+DfvISdIfZ7poFOYymPMTzMyIHbWGIxPSidJzEJ4bN/iBQOPnC
shlzpAjOPzQiiLV93VpckomXS4Yr2F4Qvy5V7T5OcgSwUkmbIcBVOrzVnwJbVSFV
ITIRRpcF5IMGBj/dv8U9vwTF9becFKvxV8TXbuRb3hIa23Hyre8HWcz0sPikBc9W
cTklZrvz2EbmDn32tAZCdUZipQVF1OwL5sJxYRHPtYhbuTYhxzYgaj18d0X+//UK
y+mo21ZpHBYcmf556GYsvaFj33brTdhEgnq89sq1q9zJOdTMm0lhxcsnvQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAj/4MK1pfFA0ArRbDg01DUVWUOrMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvQ1BfZ3dyV2w4VURRQ3RGc09EVFVOUlZaUTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4wzAw
DQYJKoZIhvcNAQELBQADggEBAAmWrz77c4v1qEQaIntwaNUtaTjadRA3ldIHXUlY
vTcFnu/rPWMIr/3dHOK1xU06jWOZmH9F8GIqt+2+DBpIooji3aprma+Jvoo3N0e4
NfUhZbG8ZYKXLC+G/5cFmE41eX6BBnpYHgWWb4EgbafNgRgVUXFcCfSCAgfLb4Be
3RSOXWvZ0yhPdVxagUP/RbGHuYg2Bx1sPHktO/QAfh2KM/FAa/W+wwYi8t488DyF
YzgOLBPI2vS2qGJ+sHWGjOE8ZUtpEvieTgbsOKPyf9bIR1kGBTYBcB/djkf1bdzN
2wq1FAuBt7IM4HegIXsvPFF24sMmPcPpiLYGVrNy1iai95I=
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:30:26 2025 by rpki-client