Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/ZI5_auORi1G32xiLxyvu5mxmWYk.roa
File: ZI5_auORi1G32xiLxyvu5mxmWYk.roa (raw, json)
Hash identifier: cfAe0bE0PYpQ3PiluavqluO2E5I78t1oHpm5MHocbYY=
Subject key identifier: 64:8E:7F:6A:E3:91:8B:51:B7:DB:18:8B:C7:2B:EE:E6:6C:66:59:89
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 0184E5BD23FCD54D128BB5FD824E7F4D02C0
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/ZI5_auORi1G32xiLxyvu5mxmWYk.roa
Signing time: Tue 06 Dec 2022 04:41:28 +0000
ROA not before: Tue 06 Dec 2022 04:41:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60445
IP address blocks: 2a12:f8c2:600::/40 maxlen: 40
2a12:f8c2:500::/40 maxlen: 40
2a12:f8c2:400::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e5:bd:23:fc:d5:4d:12:8b:b5:fd:82:4e:7f:4d:02:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Dec 6 04:41:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=648e7f6ae3918b51b7db188bc72beee66c665989
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:8c:9b:f7:c6:ac:e8:8a:ba:6b:2d:54:0d:eb:
71:f5:0a:5d:f0:c0:db:75:40:5c:ce:55:2d:a2:d4:
45:d7:a6:1f:b2:24:ce:d3:d8:71:82:b5:f0:3b:20:
b4:f5:c2:e5:d8:79:5a:af:a3:f0:75:b5:c2:c7:bb:
c8:5f:d8:6a:d0:54:47:24:7b:58:01:6b:7a:d7:39:
32:cc:fd:06:28:1c:d2:82:42:e2:d4:ae:33:9f:6d:
f3:07:04:ce:88:f8:1e:81:3d:9a:b8:3d:4b:56:26:
9e:99:3e:19:c1:d4:39:f1:09:75:42:c5:d5:98:a9:
45:c9:82:f5:f4:3f:37:0f:52:40:dc:9d:85:ff:1c:
71:01:f3:4d:87:a8:7c:be:72:ac:29:00:6f:fa:6a:
02:c8:9c:fe:ea:0a:0b:8a:34:f1:70:34:85:2f:66:
6d:59:e7:1c:80:65:8e:bd:0d:b3:a1:ba:05:54:21:
38:9f:34:6f:71:9f:cb:51:a6:3d:35:ae:c0:c8:37:
91:6e:e1:3b:2a:8a:77:08:16:2f:69:70:7c:91:fc:
09:f5:61:8e:88:a6:0b:c8:88:fa:8b:d2:0d:ba:e2:
fd:2f:f4:b3:c3:67:60:86:ad:d1:f7:43:bd:c7:c8:
3a:91:4a:6b:43:14:c1:a3:7a:1c:15:6e:b7:25:85:
43:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:8E:7F:6A:E3:91:8B:51:B7:DB:18:8B:C7:2B:EE:E6:6C:66:59:89
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/ZI5_auORi1G32xiLxyvu5mxmWYk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c2:400::-2a12:f8c2:6ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
2e:e5:a3:8c:18:86:a1:e4:4b:bb:48:13:3c:7d:0d:47:94:51:
02:f4:b5:2f:75:10:67:e2:cf:8b:0d:a9:8d:98:9c:a1:2d:90:
0d:9d:99:36:44:27:db:d2:85:a0:2b:df:88:38:b8:0f:66:08:
11:2b:d3:18:7a:00:d0:4a:4f:a2:22:43:c4:cd:3e:ee:49:89:
b5:26:6e:b7:5b:ee:1c:d5:5d:e1:c8:5d:9a:89:8a:65:aa:d4:
3f:18:e5:44:32:47:c1:92:61:d6:be:61:39:8e:b1:7c:8a:33:
90:1a:90:8f:48:86:16:a9:af:ef:9e:10:e3:c2:52:b4:7b:33:
86:ea:49:91:46:02:02:1a:22:97:f5:e1:0d:62:f9:40:f3:85:
95:5e:12:65:2c:5f:7a:30:ed:2d:58:82:89:99:fd:c7:a6:73:
f7:7c:09:f8:a6:a2:00:4f:dd:70:ff:89:d5:ec:f8:2a:37:a6:
eb:a4:2e:d6:bb:e8:1d:36:57:7f:dd:b6:f4:89:f3:62:e0:bf:
93:57:e5:b8:62:fc:b0:34:f7:15:50:31:c0:7a:0b:b9:fd:fe:
fb:43:6e:0a:0d:75:96:4a:de:17:a4:3f:aa:fa:94:e9:8f:e9:
dd:28:0e:87:90:b9:44:c9:5a:95:89:85:25:c1:6d:af:8f:3d:
d6:4b:70:e9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYTlvSP81U0Si7X9gk5/TQLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjIxMjA2MDQ0MTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDhlN2Y2YWUzOTE4YjUxYjdkYjE4OGJjNzJiZWVlNjZjNjY1OTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooyb98as6Iq6ay1UDetx9Qpd8MDb
dUBczlUtotRF16YfsiTO09hxgrXwOyC09cLl2Hlar6PwdbXCx7vIX9hq0FRHJHtY
AWt61zkyzP0GKBzSgkLi1K4zn23zBwTOiPgegT2auD1LViaemT4ZwdQ58Ql1QsXV
mKlFyYL19D83D1JA3J2F/xxxAfNNh6h8vnKsKQBv+moCyJz+6goLijTxcDSFL2Zt
WeccgGWOvQ2zoboFVCE4nzRvcZ/LUaY9Na7AyDeRbuE7Kop3CBYvaXB8kfwJ9WGO
iKYLyIj6i9INuuL9L/Szw2dghq3R90O9x8g6kUprQxTBo3ocFW63JYVDJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGSOf2rjkYtRt9sYi8cr7uZsZlmJMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvWkk1X2F1T1JpMUczMnhpTHh5dnU1bXhtV1lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgIqEvjC
BAMGACoS+MIGMA0GCSqGSIb3DQEBCwUAA4IBAQAu5aOMGIah5Eu7SBM8fQ1HlFEC
9LUvdRBn4s+LDamNmJyhLZANnZk2RCfb0oWgK9+IOLgPZggRK9MYegDQSk+iIkPE
zT7uSYm1Jm63W+4c1V3hyF2aiYplqtQ/GOVEMkfBkmHWvmE5jrF8ijOQGpCPSIYW
qa/vnhDjwlK0ezOG6kmRRgICGiKX9eENYvlA84WVXhJlLF96MO0tWIKJmf3HpnP3
fAn4pqIAT91w/4nV7PgqN6brpC7Wu+gdNld/3bb0ifNi4L+TV+W4YvywNPcVUDHA
egu5/f77Q24KDXWWSt4XpD+q+pTpj+ndKA6HkLlEyVqViYUlwW2vjz3WS3Dp
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:27:50 2025 by rpki-client