Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/g8XTeSduoPeyGOXDExs_LdHtnOA.roa
File: g8XTeSduoPeyGOXDExs_LdHtnOA.roa (raw, json)
Hash identifier: /HIZgKiQIEouJWd2eDGD1C+gPPnsA105LxlK45iJ1KQ=
Subject key identifier: 83:C5:D3:79:27:6E:A0:F7:B2:18:E5:C3:13:1B:3F:2D:D1:ED:9C:E0
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018803A8B9FFBF647CB56039F54614ACC817
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/g8XTeSduoPeyGOXDExs_LdHtnOA.roa
Signing time: Wed 10 May 2023 03:16:09 +0000
ROA not before: Wed 10 May 2023 03:16:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 63800
IP address blocks: 2a12:f8c3:3000::/36 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:03:a8:b9:ff:bf:64:7c:b5:60:39:f5:46:14:ac:c8:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: May 10 03:16:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=83c5d379276ea0f7b218e5c3131b3f2dd1ed9ce0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:89:be:3e:ea:bc:08:51:2e:14:47:b7:bb:42:
13:4e:6e:23:b4:d2:aa:0a:2c:16:c3:e8:c0:0e:bb:
d1:6d:0a:82:ab:b8:8e:5e:bc:bc:09:25:bb:d1:6d:
fc:79:a0:f8:9a:02:21:7b:41:4f:ae:ab:86:81:ab:
d3:a2:5b:fc:8d:a0:e5:44:a2:3e:60:e4:c8:20:ec:
28:d7:fd:4c:47:7f:8d:6f:37:19:eb:a6:19:5d:1a:
e5:6c:48:1f:a1:f3:65:6f:6d:63:8c:79:f0:b3:16:
37:2b:b2:ac:c2:6e:1a:24:23:23:03:b6:6f:33:34:
cb:7d:a2:ad:3b:8c:fe:85:5b:3d:94:2b:76:4f:c9:
66:c0:43:06:ca:b4:bb:af:d6:af:ee:d3:5d:6c:5a:
d1:c5:11:83:66:92:dc:ac:cc:15:72:c0:79:03:80:
a5:05:f5:90:68:59:4f:e5:0f:c0:0a:6b:28:bd:f1:
7b:f0:c4:e0:20:df:94:4a:67:c0:5c:15:15:69:76:
10:c6:31:a4:0e:8e:1b:c9:53:69:8b:d5:25:31:b2:
86:32:b1:c9:d1:00:9f:7f:46:cc:86:b8:48:9d:64:
f8:fa:79:4e:b2:11:23:39:67:ac:de:60:66:d9:9d:
85:9f:db:bc:3e:07:51:fd:da:ed:b5:4d:be:66:fc:
b6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:C5:D3:79:27:6E:A0:F7:B2:18:E5:C3:13:1B:3F:2D:D1:ED:9C:E0
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/g8XTeSduoPeyGOXDExs_LdHtnOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c3:3000::/36
Signature Algorithm: sha256WithRSAEncryption
20:e9:77:30:58:ab:a1:6d:d0:9a:c7:e5:c8:d6:e8:c5:9b:97:
62:2f:cb:16:3b:c8:87:a2:ec:5d:1a:7b:c7:f9:50:c0:42:18:
c7:6a:d4:26:74:10:6a:cd:5c:35:cb:9c:4c:a4:28:19:ce:65:
93:5d:b3:b8:16:f0:b3:98:55:07:5a:a1:37:4f:d0:9b:e0:76:
8e:99:7c:08:45:e8:53:b3:1c:16:17:0f:e2:0b:44:d6:76:44:
e4:17:b6:fd:1b:8c:cb:99:22:42:c6:14:d9:85:a0:07:a1:0a:
66:5d:24:9c:dd:21:d4:93:93:a7:10:62:c2:4e:bb:0e:0d:2f:
42:8f:e1:b2:1f:35:81:62:0f:f6:49:51:70:16:2c:fe:8e:11:
e7:c1:c0:db:84:14:ad:ee:d1:57:ee:fc:65:6b:55:3c:25:58:
4f:e5:84:88:d4:cf:b4:de:f7:9f:38:c5:0c:d3:c6:6e:de:f7:
ac:c5:2b:80:44:46:6d:7a:d7:92:23:30:9b:c5:99:db:80:9e:
47:1d:da:c7:01:9a:c5:fc:ca:ed:17:93:ea:40:ad:0e:55:a6:
be:04:b2:56:ab:d6:30:76:a2:c0:01:d7:32:a1:62:1f:00:f8:
92:9d:68:01:bf:2d:65:5b:fd:40:26:fe:e3:dd:13:fd:d9:45:
39:b0:9d:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYgDqLn/v2R8tWA59UYUrMgXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwNTEwMDMxNjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2M1ZDM3OTI3NmVhMGY3YjIxOGU1YzMxMzFiM2YyZGQxZWQ5Y2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0om+Puq8CFEuFEe3u0ITTm4jtNKq
CiwWw+jADrvRbQqCq7iOXry8CSW70W38eaD4mgIhe0FPrquGgavTolv8jaDlRKI+
YOTIIOwo1/1MR3+NbzcZ66YZXRrlbEgfofNlb21jjHnwsxY3K7Kswm4aJCMjA7Zv
MzTLfaKtO4z+hVs9lCt2T8lmwEMGyrS7r9av7tNdbFrRxRGDZpLcrMwVcsB5A4Cl
BfWQaFlP5Q/ACmsovfF78MTgIN+USmfAXBUVaXYQxjGkDo4byVNpi9UlMbKGMrHJ
0QCff0bMhrhInWT4+nlOshEjOWes3mBm2Z2Fn9u8PgdR/drttU2+Zvy2sQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIPF03knbqD3shjlwxMbPy3R7ZzgMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvZzhYVGVTZHVvUGV5R09YREV4c19MZEh0bk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4wzAw
DQYJKoZIhvcNAQELBQADggEBACDpdzBYq6Ft0JrH5cjW6MWbl2IvyxY7yIei7F0a
e8f5UMBCGMdq1CZ0EGrNXDXLnEykKBnOZZNds7gW8LOYVQdaoTdP0Jvgdo6ZfAhF
6FOzHBYXD+ILRNZ2ROQXtv0bjMuZIkLGFNmFoAehCmZdJJzdIdSTk6cQYsJOuw4N
L0KP4bIfNYFiD/ZJUXAWLP6OEefBwNuEFK3u0Vfu/GVrVTwlWE/lhIjUz7Te9584
xQzTxm7e96zFK4BERm1615IjMJvFmduAnkcd2scBmsX8yu0Xk+pArQ5Vpr4Eslar
1jB2osAB1zKhYh8A+JKdaAG/LWVb/UAm/uPdE/3ZRTmwnYI=
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:29:48 2025 by rpki-client