Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/_vAfq7um7yAh0bu80lMzRcit6-I.roa
File: _vAfq7um7yAh0bu80lMzRcit6-I.roa (raw, json)
Hash identifier: T5b/0bopnglCN2N2X1em16Emta/Eq78tkDap2kqBBHE=
Subject key identifier: FE:F0:1F:AB:BB:A6:EF:20:21:D1:BB:BC:D2:53:33:45:C8:AD:EB:E2
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018B8E71217624E2793C9FB6620086ED7A3A
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/_vAfq7um7yAh0bu80lMzRcit6-I.roa
Signing time: Thu 02 Nov 2023 05:11:00 +0000
ROA not before: Thu 02 Nov 2023 05:11:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 150325
IP address blocks: 2a12:f8c1:10::/44 maxlen: 44
2a12:f8c1:7::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:8e:71:21:76:24:e2:79:3c:9f:b6:62:00:86:ed:7a:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Nov 2 05:11:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fef01fabbba6ef2021d1bbbcd2533345c8adebe2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:a2:d1:4d:06:bf:e9:c2:b8:3c:4e:5b:29:fb:
ff:9a:ce:bc:fe:77:0d:a8:ca:36:9f:c4:d2:23:be:
6b:b2:8c:1f:58:f3:5e:90:7d:58:01:ae:2b:a8:94:
6f:9b:75:87:3c:50:2d:00:38:b1:a4:ed:25:12:e5:
2d:ce:3b:68:66:86:ca:42:03:66:51:dc:e9:d7:8a:
c0:94:f4:1e:a5:99:7d:28:ea:1c:9d:ba:bc:ea:c5:
92:65:fc:4a:e7:d1:16:6c:2d:a1:6e:1c:64:07:5e:
83:86:3d:4b:9e:b1:03:3d:9f:76:a2:1a:38:a7:91:
28:96:ae:fa:69:5d:51:1e:d6:73:dd:ee:4a:21:ad:
3e:8e:4f:d2:88:6d:6f:5d:60:98:95:be:bc:16:dc:
b5:fc:c5:58:42:78:12:93:23:01:d0:1a:7e:d1:23:
ef:4b:5e:ae:76:29:14:4c:e2:cd:e3:0b:5c:ed:b8:
8b:51:d0:f9:fb:11:a9:84:bb:d3:d6:a2:a6:14:71:
fb:0c:19:83:09:f3:e8:87:11:29:6b:ad:26:59:41:
ee:5d:cb:50:23:b1:cf:4d:5e:5b:59:ae:83:12:66:
18:74:bc:f1:ff:1a:0e:a7:b9:21:f9:7b:81:d5:d5:
77:7d:e0:d4:e7:b1:91:5b:22:5c:ff:93:94:1b:3d:
ea:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:F0:1F:AB:BB:A6:EF:20:21:D1:BB:BC:D2:53:33:45:C8:AD:EB:E2
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/_vAfq7um7yAh0bu80lMzRcit6-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:7::/48
2a12:f8c1:10::/44
Signature Algorithm: sha256WithRSAEncryption
01:1e:94:1c:bb:17:b1:f5:d6:2d:17:bb:3a:f0:3c:77:02:94:
ca:5a:48:02:39:07:52:cf:78:b5:a8:4e:e4:f9:fc:75:db:f6:
32:04:83:6c:ff:4c:2c:af:a8:53:e6:82:e2:ba:ee:68:76:cf:
b8:80:38:d0:ff:21:eb:2a:0e:e8:2c:c3:a7:75:5a:9c:33:c2:
7b:a0:6f:08:0f:fc:65:81:9d:da:e1:df:63:88:ab:07:2b:a7:
9c:91:1a:df:80:a8:f7:bb:a3:0a:98:89:d4:8f:88:fe:81:98:
f5:62:32:4a:7b:1e:a2:e8:ea:18:9a:26:0b:84:71:20:02:ab:
0e:0a:60:ff:2b:e8:87:3b:16:19:61:f7:94:f6:d2:e7:39:a0:
e6:47:45:5b:d6:cd:6c:fa:6f:cf:dc:be:00:5a:7c:b8:5f:63:
07:03:88:82:f5:c5:f9:e0:00:83:e9:75:44:88:b6:5c:e8:60:
65:59:ef:d4:e3:0d:89:de:51:fa:6d:14:81:fb:3f:ca:6b:e1:
7c:58:ce:ed:81:76:0b:89:3e:81:f9:d9:1d:d5:87:5f:5a:e3:
f5:9d:20:d0:6e:0c:50:06:14:18:3a:58:a9:dc:04:bc:dd:a6:
11:8a:16:58:bd:31:a9:8b:3c:9d:51:84:0c:db:d7:fa:c2:41:
32:95:93:3f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYuOcSF2JOJ5PJ+2YgCG7Xo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMxMTAyMDUxMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWYwMWZhYmJiYTZlZjIwMjFkMWJiYmNkMjUzMzM0NWM4YWRlYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6LRTQa/6cK4PE5bKfv/ms68/ncN
qMo2n8TSI75rsowfWPNekH1YAa4rqJRvm3WHPFAtADixpO0lEuUtzjtoZobKQgNm
Udzp14rAlPQepZl9KOocnbq86sWSZfxK59EWbC2hbhxkB16Dhj1LnrEDPZ92oho4
p5Eolq76aV1RHtZz3e5KIa0+jk/SiG1vXWCYlb68Fty1/MVYQngSkyMB0Bp+0SPv
S16udikUTOLN4wtc7biLUdD5+xGphLvT1qKmFHH7DBmDCfPohxEpa60mWUHuXctQ
I7HPTV5bWa6DEmYYdLzx/xoOp7kh+XuB1dV3feDU57GRWyJc/5OUGz3q3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP7wH6u7pu8gIdG7vNJTM0XIreviMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvX3ZBZnE3dW03eUFoMGJ1ODBsTXpSY2l0Ni1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhL4wQAH
AwcEKhL4wQAQMA0GCSqGSIb3DQEBCwUAA4IBAQABHpQcuxex9dYtF7s68Dx3ApTK
WkgCOQdSz3i1qE7k+fx12/YyBINs/0wsr6hT5oLiuu5ods+4gDjQ/yHrKg7oLMOn
dVqcM8J7oG8ID/xlgZ3a4d9jiKsHK6eckRrfgKj3u6MKmInUj4j+gZj1YjJKex6i
6OoYmiYLhHEgAqsOCmD/K+iHOxYZYfeU9tLnOaDmR0Vb1s1s+m/P3L4AWny4X2MH
A4iC9cX54ACD6XVEiLZc6GBlWe/U4w2J3lH6bRSB+z/Ka+F8WM7tgXYLiT6B+dkd
1YdfWuP1nSDQbgxQBhQYOlip3AS83aYRihZYvTGpizydUYQM29f6wkEylZM/
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:28:49 2025 by rpki-client