Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/eEg7-l9RURuEBQ-oDOMEOpHcp8w.roa
File: eEg7-l9RURuEBQ-oDOMEOpHcp8w.roa (raw, json)
Hash identifier: TYdnsxNhvVY6CGYljCdo1e2SjJmGUb9rOAbPT2cucp8=
Subject key identifier: 78:48:3B:FA:5F:51:51:1B:84:05:0F:A8:0C:E3:04:3A:91:DC:A7:CC
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018A65C73281F37F74E719645B83E94A9ADF
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/eEg7-l9RURuEBQ-oDOMEOpHcp8w.roa
Signing time: Tue 05 Sep 2023 14:37:47 +0000
ROA not before: Tue 05 Sep 2023 14:37:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204089
IP address blocks: 2a12:f8c1:70::/44 maxlen: 44
2a12:f8c7::/32 maxlen: 32
2a12:f8c1:f8c1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:65:c7:32:81:f3:7f:74:e7:19:64:5b:83:e9:4a:9a:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Sep 5 14:37:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=78483bfa5f51511b84050fa80ce3043a91dca7cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:81:35:9d:a9:ea:ea:83:13:7a:05:a5:49:04:
87:5d:b1:50:0c:d9:fd:bc:3f:87:7c:a9:33:8e:4a:
2e:48:0f:68:72:0f:eb:a0:0f:b3:91:e1:5a:ae:3b:
dd:13:bb:5d:36:10:f2:fb:e4:44:12:db:bf:d4:7e:
91:9e:14:93:36:a3:be:85:aa:f8:f5:0a:38:81:9f:
c4:3b:b8:05:23:a4:cf:5f:61:30:67:10:89:30:28:
e1:3a:5b:29:a7:20:e0:af:36:df:70:7d:7e:6f:55:
62:ad:ee:b9:fa:d1:4f:d2:da:18:f2:de:a8:50:b4:
9e:dd:28:d3:8e:64:fa:80:d0:04:f2:e7:e9:03:3d:
2c:66:93:75:41:d8:6d:52:e7:21:3a:52:28:14:2a:
c4:49:f1:a6:4f:ea:15:9a:81:9c:f6:f1:4b:cc:82:
9c:f4:db:c1:b6:4e:49:46:26:da:2e:72:ce:d5:a9:
f5:cd:1f:a5:52:ef:da:62:44:bf:6c:8c:a4:42:22:
9f:91:6e:fa:02:87:42:e4:92:3f:17:ae:3c:8d:e7:
b4:f4:f5:21:6e:8a:61:ae:dd:a9:fd:e8:74:1f:3d:
63:4c:85:77:0d:77:b1:ee:ab:11:96:cf:a6:11:3c:
4f:80:67:4e:e9:e2:69:57:0b:09:8e:24:76:af:fa:
ca:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:48:3B:FA:5F:51:51:1B:84:05:0F:A8:0C:E3:04:3A:91:DC:A7:CC
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/eEg7-l9RURuEBQ-oDOMEOpHcp8w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:70::/44
2a12:f8c1:f8c1::/48
2a12:f8c7::/32
Signature Algorithm: sha256WithRSAEncryption
14:86:07:a1:c4:28:4b:74:77:63:cb:6c:36:d2:de:52:e4:90:
b3:7c:79:45:c6:bd:8e:b8:7a:ec:56:9d:a0:f9:33:27:67:89:
68:09:3f:41:92:f4:86:78:a3:28:f7:7c:0b:18:85:df:6d:be:
51:e4:ad:63:4c:5c:3b:67:e6:79:6f:ce:ff:ff:44:7e:f8:41:
b1:69:3a:c5:7f:89:ef:e6:60:10:1b:42:af:ce:81:06:3f:61:
2c:bc:f8:d2:f5:3e:03:69:f0:72:c2:b3:ac:30:79:03:17:80:
97:6e:0b:75:9b:33:c4:f3:af:f8:26:29:9e:0a:6a:be:c2:4b:
50:d8:c8:42:69:ca:ab:56:80:bb:22:07:2c:5b:64:6c:80:23:
cc:61:48:69:dd:f1:31:a1:0a:4c:aa:3a:2f:95:5b:77:78:ed:
c2:f5:93:d9:a2:8f:43:6e:d3:49:3f:28:f9:41:95:24:aa:c4:
94:a6:52:71:0a:13:d7:85:4a:72:08:3d:27:44:4e:f7:67:4a:
b7:a3:a0:39:e3:5b:b8:bc:cb:3b:02:06:83:ee:c3:e9:01:f4:
95:6d:c3:eb:70:9a:69:8b:eb:83:73:f7:66:51:c6:6d:a3:87:
58:77:eb:c7:32:94:69:06:ad:56:dd:fa:f1:a6:9f:25:89:3b:
26:fb:18:85
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYplxzKB83905xlkW4PpSprfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwOTA1MTQzNzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODQ4M2JmYTVmNTE1MTFiODQwNTBmYTgwY2UzMDQzYTkxZGNhN2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIE1nanq6oMTegWlSQSHXbFQDNn9
vD+HfKkzjkouSA9ocg/roA+zkeFarjvdE7tdNhDy++REEtu/1H6RnhSTNqO+har4
9Qo4gZ/EO7gFI6TPX2EwZxCJMCjhOlsppyDgrzbfcH1+b1Vire65+tFP0toY8t6o
ULSe3SjTjmT6gNAE8ufpAz0sZpN1QdhtUuchOlIoFCrESfGmT+oVmoGc9vFLzIKc
9NvBtk5JRibaLnLO1an1zR+lUu/aYkS/bIykQiKfkW76AodC5JI/F648jee09PUh
bophrt2p/eh0Hz1jTIV3DXex7qsRls+mETxPgGdO6eJpVwsJjiR2r/rKnwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFHhIO/pfUVEbhAUPqAzjBDqR3KfMMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvZUVnNy1sOVJVUnVFQlEtb0RPTUVPcEhjcDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAAjAZAwcEKhL4wQBw
AwcAKhL4wfjBAwUAKhL4xzANBgkqhkiG9w0BAQsFAAOCAQEAFIYHocQoS3R3Y8ts
NtLeUuSQs3x5Rca9jrh67FadoPkzJ2eJaAk/QZL0hnijKPd8CxiF322+UeStY0xc
O2fmeW/O//9EfvhBsWk6xX+J7+ZgEBtCr86BBj9hLLz40vU+A2nwcsKzrDB5AxeA
l24LdZszxPOv+CYpngpqvsJLUNjIQmnKq1aAuyIHLFtkbIAjzGFIad3xMaEKTKo6
L5Vbd3jtwvWT2aKPQ27TST8o+UGVJKrElKZScQoT14VKcgg9J0RO92dKt6OgOeNb
uLzLOwIGg+7D6QH0lW3D63CaaYvrg3P3ZlHGbaOHWHfrxzKUaQatVt368aafJYk7
JvsYhQ==
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:29:49 2025 by rpki-client