Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/f4FH_U4S9KK8pFDPuVGXagCCRnI.roa
File: f4FH_U4S9KK8pFDPuVGXagCCRnI.roa (raw, json)
Hash identifier: Z9iIRB5pxnsU1Hb1J92WC7DRfs9oAZBruEyLviqS5UU=
Subject key identifier: 7F:81:47:FD:4E:12:F4:A2:BC:A4:50:CF:B9:51:97:6A:00:82:46:72
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 0188A988C361C2C5DB864874AD1B5DC4C1D9
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/f4FH_U4S9KK8pFDPuVGXagCCRnI.roa
Signing time: Sun 11 Jun 2023 08:18:12 +0000
ROA not before: Sun 11 Jun 2023 08:18:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 150296
IP address blocks: 2a12:f8c1:30::/44 maxlen: 44
2a12:f8c1:100::/40 maxlen: 40
2a12:f8c3:3000::/36 maxlen: 36
2a12:f8c2:800::/40 maxlen: 48
2a12:f8c2::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:a9:88:c3:61:c2:c5:db:86:48:74:ad:1b:5d:c4:c1:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jun 11 08:18:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7f8147fd4e12f4a2bca450cfb951976a00824672
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:19:9e:c3:df:9e:53:86:b1:94:df:12:c2:fd:
89:a8:eb:c3:7d:97:a5:2a:d9:9b:e7:d2:0d:41:98:
2f:f4:7b:83:04:04:72:0a:b8:bb:b2:6b:b4:d4:a2:
3a:a2:fe:5d:ab:72:90:42:33:a1:00:7c:56:4c:18:
f4:8a:39:6b:59:b2:9b:0d:85:14:d4:2e:ab:1c:73:
cf:9a:14:d8:e3:ce:21:29:0e:ba:48:60:e1:fc:0b:
91:c9:60:49:09:5b:d7:62:fd:9f:fc:d5:d1:73:0f:
7f:7e:0f:49:a3:59:55:8d:76:46:dd:27:2b:9f:a2:
23:bd:ba:8a:56:6d:ff:9c:35:ff:64:a8:28:71:6d:
55:33:60:06:a3:84:00:5e:a8:7c:b4:dd:0c:20:d8:
34:49:fe:be:70:1b:be:1f:46:48:1e:a3:ad:7f:dd:
55:42:0b:91:99:34:23:74:2d:ca:d4:e1:3f:df:fd:
1c:b0:fd:5e:1e:68:b8:aa:af:09:e9:35:3b:cf:91:
a4:ff:15:bc:4b:a3:94:2c:07:e9:2b:7a:30:71:29:
be:db:94:67:b3:e7:38:02:1d:dc:5e:b9:b5:94:6b:
02:44:78:19:83:29:d9:9a:67:87:17:59:70:d0:1a:
a7:e1:47:fa:69:0c:bf:e8:c9:95:f3:cf:6b:64:6f:
ab:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:81:47:FD:4E:12:F4:A2:BC:A4:50:CF:B9:51:97:6A:00:82:46:72
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/f4FH_U4S9KK8pFDPuVGXagCCRnI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:30::/44
2a12:f8c1:100::/40
2a12:f8c2::/40
2a12:f8c2:800::/40
2a12:f8c3:3000::/36
Signature Algorithm: sha256WithRSAEncryption
62:bd:62:a1:68:8e:8d:e6:78:fc:83:97:b0:95:b0:42:e6:04:
e4:bc:e1:70:5c:1f:2c:4c:52:25:eb:fa:50:4e:af:bd:6c:4e:
cb:b5:82:d5:38:ca:3a:13:49:0f:74:76:04:a8:9b:98:4f:b8:
4c:7a:69:ad:65:46:73:6e:6c:7d:4e:73:92:ec:c4:94:a8:11:
95:6d:f5:f2:c2:c0:06:b5:96:96:37:d8:3b:17:f6:40:d9:1b:
35:c1:f2:3d:4a:0f:af:fb:a4:f6:ca:a1:0e:a0:65:6a:db:8e:
f1:7f:67:61:a1:6d:91:4c:04:b6:1d:40:96:36:2f:b9:e8:61:
0a:a4:5e:a2:3a:fa:3c:2c:71:06:39:9c:83:09:5f:de:b2:80:
53:dd:24:72:5b:e4:e0:fc:f6:c3:65:89:97:ab:51:9b:34:58:
27:d3:5f:bc:56:7f:f1:d7:57:03:3a:5d:5b:5c:8f:f5:6d:5d:
c7:e6:e2:4d:07:f5:c8:88:df:ae:0a:36:cb:93:6f:d6:c0:60:
6a:3c:e3:21:bc:d0:bd:8e:87:bb:e0:54:13:44:af:d8:84:6f:
41:0b:ff:c8:6a:e4:b4:2f:84:5c:10:53:4e:58:3f:c7:f9:43:
fb:13:b3:a0:37:a1:10:58:59:0b:cf:40:c9:0d:a4:01:69:c3:
36:d3:6b:17
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYipiMNhwsXbhkh0rRtdxMHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwNjExMDgxODEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjgxNDdmZDRlMTJmNGEyYmNhNDUwY2ZiOTUxOTc2YTAwODI0NjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhmew9+eU4axlN8Swv2JqOvDfZel
Ktmb59INQZgv9HuDBARyCri7smu01KI6ov5dq3KQQjOhAHxWTBj0ijlrWbKbDYUU
1C6rHHPPmhTY484hKQ66SGDh/AuRyWBJCVvXYv2f/NXRcw9/fg9Jo1lVjXZG3Scr
n6IjvbqKVm3/nDX/ZKgocW1VM2AGo4QAXqh8tN0MINg0Sf6+cBu+H0ZIHqOtf91V
QguRmTQjdC3K1OE/3/0csP1eHmi4qq8J6TU7z5Gk/xW8S6OULAfpK3owcSm+25Rn
s+c4Ah3cXrm1lGsCRHgZgynZmmeHF1lw0Bqn4Uf6aQy/6MmV889rZG+rswIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFH+BR/1OEvSivKRQz7lRl2oAgkZyMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvZjRGSF9VNFM5S0s4cEZEUHVWR1hhZ0NDUm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAvBAIAAjApAwcEKhL4wQAw
AwYAKhL4wQEDBgAqEvjCAAMGACoS+MIIAwYEKhL4wzAwDQYJKoZIhvcNAQELBQAD
ggEBAGK9YqFojo3mePyDl7CVsELmBOS84XBcHyxMUiXr+lBOr71sTsu1gtU4yjoT
SQ90dgSom5hPuEx6aa1lRnNubH1Oc5LsxJSoEZVt9fLCwAa1lpY32DsX9kDZGzXB
8j1KD6/7pPbKoQ6gZWrbjvF/Z2GhbZFMBLYdQJY2L7noYQqkXqI6+jwscQY5nIMJ
X96ygFPdJHJb5OD89sNliZerUZs0WCfTX7xWf/HXVwM6XVtcj/VtXcfm4k0H9ciI
364KNsuTb9bAYGo84yG80L2Oh7vgVBNEr9iEb0EL/8hq5LQvhFwQU05YP8f5Q/sT
s6A3oRBYWQvPQMkNpAFpwzbTaxc=
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:15:43 2025 by rpki-client