Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/ICD2sRlccVabIHhGSp8PG_czH_Q.roa
File: ICD2sRlccVabIHhGSp8PG_czH_Q.roa (raw, json)
Hash identifier: tDxrTElHe2UfndQnX7P31Gy44cFhA73do+o+/Hsi0VU=
Subject key identifier: 20:20:F6:B1:19:5C:71:56:9B:20:78:46:4A:9F:0F:1B:F7:33:1F:F4
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 0188E326931F83E6EDFEDCEA5CC7AF0C48D6
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/ICD2sRlccVabIHhGSp8PG_czH_Q.roa
Signing time: Thu 22 Jun 2023 12:48:56 +0000
ROA not before: Thu 22 Jun 2023 12:48:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 142418
IP address blocks: 2a12:f8c1::/32 maxlen: 48
2a12:f8c0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:e3:26:93:1f:83:e6:ed:fe:dc:ea:5c:c7:af:0c:48:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jun 22 12:48:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2020f6b1195c71569b2078464a9f0f1bf7331ff4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:89:dd:dd:0c:a7:77:08:ce:26:10:03:93:bf:
0c:00:2b:a4:3a:8d:79:8b:34:42:0a:2a:63:8a:42:
42:54:92:91:05:c2:4b:d8:7a:37:52:f2:11:8c:fe:
1d:43:df:0c:89:ae:3a:e0:b5:b8:86:38:9f:88:c6:
64:10:9a:43:b3:01:26:5b:23:d1:8c:ca:9d:0a:2b:
1c:61:02:94:00:04:2d:6b:01:83:b2:c1:c9:58:fc:
13:4a:c6:30:77:fa:68:e5:f5:cf:4c:ed:07:67:3e:
5b:d5:66:45:94:4c:dd:ed:11:2f:8d:f2:52:c1:7b:
c7:74:74:5d:d0:88:c5:11:aa:dc:e4:e4:f2:fa:b3:
7c:dc:10:56:eb:8c:d1:96:53:f5:b4:b1:77:eb:f0:
ba:d8:8d:58:93:77:bc:a7:9d:c3:7b:30:61:2f:a9:
88:da:c2:ab:15:29:d1:e2:91:66:2e:be:71:38:85:
1d:ef:83:cb:f9:2d:a6:11:cb:fa:15:a8:2c:71:0f:
1f:08:8d:02:bf:ec:43:0c:0f:5b:63:03:f9:e8:d8:
d8:3f:74:e5:49:43:98:90:51:1e:6e:7f:f2:f2:8c:
10:e2:94:de:ea:34:8e:9d:40:a2:d7:14:f3:04:27:
04:49:83:93:93:d0:d7:a0:45:19:e5:7a:77:c0:e3:
29:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:20:F6:B1:19:5C:71:56:9B:20:78:46:4A:9F:0F:1B:F7:33:1F:F4
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/ICD2sRlccVabIHhGSp8PG_czH_Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c0::/31
Signature Algorithm: sha256WithRSAEncryption
af:be:08:33:82:ae:7a:10:28:cc:5d:87:51:2e:a8:a0:f9:88:
ef:75:c3:59:89:73:ea:64:60:bb:30:29:d5:d5:73:4b:90:f9:
1d:95:95:9e:88:70:e5:b0:a5:97:ca:13:41:8f:ad:c9:fc:27:
f6:a6:54:9b:99:3d:50:b2:dd:41:d3:ee:b6:9f:99:9e:13:57:
86:ff:51:6e:37:9a:1a:1d:5f:00:f1:71:ec:46:3f:47:ef:4f:
06:07:d1:59:56:84:fb:a9:31:39:4d:95:47:13:a2:10:00:2a:
a6:c8:80:18:cd:2f:d0:f9:1d:a7:36:17:bb:ee:02:2c:3e:bc:
07:c5:f3:81:e3:ef:4c:de:30:7b:4c:00:1a:35:0b:88:82:6e:
58:73:3c:79:7c:9a:0e:85:19:aa:40:14:31:e6:45:d3:a7:ae:
84:45:bd:81:6e:9a:d6:9f:14:05:15:e6:18:36:0b:39:d0:fa:
84:0a:a7:73:c7:12:da:67:7c:05:04:13:a9:1d:e7:3d:d0:8b:
c7:c3:b7:aa:0f:e3:d3:63:eb:a5:d3:9e:8f:d2:e2:cf:60:96:
83:02:dd:ed:ed:55:fd:ce:0b:22:55:83:8f:84:86:5e:a3:09:
e2:23:aa:34:b9:d5:27:e6:94:72:a8:c2:7e:74:d8:74:ef:bd:
90:60:5b:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYjjJpMfg+bt/tzqXMevDEjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwNjIyMTI0ODU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDIwZjZiMTE5NWM3MTU2OWIyMDc4NDY0YTlmMGYxYmY3MzMxZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4nd3QyndwjOJhADk78MACukOo15
izRCCipjikJCVJKRBcJL2Ho3UvIRjP4dQ98Mia464LW4hjifiMZkEJpDswEmWyPR
jMqdCiscYQKUAAQtawGDssHJWPwTSsYwd/po5fXPTO0HZz5b1WZFlEzd7REvjfJS
wXvHdHRd0IjFEarc5OTy+rN83BBW64zRllP1tLF36/C62I1Yk3e8p53DezBhL6mI
2sKrFSnR4pFmLr5xOIUd74PL+S2mEcv6FagscQ8fCI0Cv+xDDA9bYwP56NjYP3Tl
SUOYkFEebn/y8owQ4pTe6jSOnUCi1xTzBCcESYOTk9DXoEUZ5Xp3wOMp5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCAg9rEZXHFWmyB4RkqfDxv3Mx/0MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvSUNEMnNSbGNjVmFiSUhoR1NwOFBHX2N6SF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAr74IM4KuehAozF2HUS6ooPmI73XDWYlz6mRguzAp
1dVzS5D5HZWVnohw5bCll8oTQY+tyfwn9qZUm5k9ULLdQdPutp+ZnhNXhv9Rbjea
Gh1fAPFx7EY/R+9PBgfRWVaE+6kxOU2VRxOiEAAqpsiAGM0v0PkdpzYXu+4CLD68
B8XzgePvTN4we0wAGjULiIJuWHM8eXyaDoUZqkAUMeZF06euhEW9gW6a1p8UBRXm
GDYLOdD6hAqnc8cS2md8BQQTqR3nPdCLx8O3qg/j02PrpdOej9Liz2CWgwLd7e1V
/c4LIlWDj4SGXqMJ4iOqNLnVJ+aUcqjCfnTYdO+9kGBbwA==
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:27:19 2025 by rpki-client