Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/XJ5HmXKWy6-DrPdHzAroteuehSM.roa
File: XJ5HmXKWy6-DrPdHzAroteuehSM.roa (raw, json)
Hash identifier: eml8p+dK+r+tHux3nNGDY0e2C4nUTo2WtSlbzEfmQ0E=
Subject key identifier: 5C:9E:47:99:72:96:CB:AF:83:AC:F7:47:CC:0A:E8:B5:EB:9E:85:23
Certificate issuer: /CN=aa8093354e565ac4838a51f47d2769769c66944e
Certificate serial: 01856D53E420B1AB02F8B1124FEAA363F0FE
Authority key identifier: AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qoCTNU5WWsSDilH0fSdpdpxmlE4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/XJ5HmXKWy6-DrPdHzAroteuehSM.roa
Signing time: Sun 01 Jan 2023 12:34:52 +0000
ROA not before: Sun 01 Jan 2023 12:34:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 174
IP address blocks: 2a12:b3c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:53:e4:20:b1:ab:02:f8:b1:12:4f:ea:a3:63:f0:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa8093354e565ac4838a51f47d2769769c66944e
Validity
Not Before: Jan 1 12:34:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5c9e47997296cbaf83acf747cc0ae8b5eb9e8523
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:97:14:7d:2f:55:36:79:bb:fb:87:46:a6:f6:
99:5f:08:5d:ab:27:e2:e7:a0:ea:f9:0d:7a:f1:01:
c2:c1:0c:2e:9f:41:b7:f0:32:f0:55:55:0b:48:1f:
1f:e7:26:0e:b8:56:e5:13:43:ed:ee:ec:61:dc:0e:
ab:93:cc:e2:3f:67:07:1c:27:86:4c:62:ba:d8:6b:
b8:1d:93:ac:3a:8b:76:0d:ab:31:38:a1:0b:d6:06:
95:13:d9:9d:9e:2c:b0:7d:88:c5:67:57:a7:52:77:
d0:80:f1:19:c7:de:47:7e:76:96:0d:65:af:05:0a:
35:83:80:f0:5f:94:b6:cf:0d:bf:bd:8b:3e:77:11:
9b:52:dc:fb:2d:b4:58:e7:f0:05:04:ab:cb:6a:12:
fb:80:a9:70:ac:53:52:1f:7a:c4:e6:53:be:c8:a6:
13:98:92:e1:e9:82:44:b5:4c:11:88:16:6f:87:56:
cb:61:34:01:db:41:e0:aa:19:03:b4:57:e3:dd:bb:
cb:5d:d6:11:19:12:19:7a:d2:89:e2:85:df:c9:d0:
5d:98:f2:2c:1b:08:fa:37:19:3d:98:2f:63:69:35:
54:84:f7:ad:90:28:ab:43:11:d3:77:74:c0:fb:23:
79:1d:c5:5c:44:d9:1b:c7:e7:43:c9:15:b5:f0:8f:
82:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:9E:47:99:72:96:CB:AF:83:AC:F7:47:CC:0A:E8:B5:EB:9E:85:23
X509v3 Authority Key Identifier:
keyid:AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qoCTNU5WWsSDilH0fSdpdpxmlE4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/XJ5HmXKWy6-DrPdHzAroteuehSM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/qoCTNU5WWsSDilH0fSdpdpxmlE4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:b3c0::/29
Signature Algorithm: sha256WithRSAEncryption
82:4e:8d:fd:30:71:41:2a:4c:ac:4e:4d:c0:4a:ac:4d:2a:14:
8b:5b:69:05:5b:05:06:8e:c2:9d:41:a7:eb:5f:78:59:00:ff:
3c:3c:10:1c:e8:6e:32:2a:cb:e9:c0:e6:a0:25:85:00:61:ba:
10:b4:eb:2a:9c:3e:03:e2:92:bd:2a:51:8a:17:54:f9:dd:30:
65:72:d9:b7:51:d1:93:66:48:7d:bf:a2:39:14:aa:55:a8:b9:
ea:9c:a5:c7:17:0e:91:84:7f:6e:fe:39:30:aa:68:a6:68:b2:
73:17:db:4c:11:35:c4:36:3f:ca:15:0c:04:8f:9f:6c:ea:cb:
91:25:26:bd:cc:07:c8:d8:a6:4e:39:71:f8:e4:a8:e0:28:01:
77:78:61:71:54:59:49:6d:47:53:9b:08:e2:66:25:35:34:1f:
80:b7:b0:b4:fe:40:78:4c:85:2c:8d:60:f5:2b:4e:0d:33:b4:
8f:da:91:d4:46:9b:4f:01:28:d8:97:94:db:88:fb:15:c2:64:
a8:6e:bb:04:36:a1:ba:4f:7e:82:07:b6:08:cb:7b:17:96:49:
c9:af:04:93:1e:19:87:2a:2d:6c:1d:7f:a2:b0:ce:7e:54:17:
2d:5a:7e:15:ed:7f:af:39:ac:dd:3e:69:13:6a:38:d1:9d:92:
e1:24:ab:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVtU+QgsasC+LEST+qjY/D+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhODA5MzM1NGU1NjVhYzQ4MzhhNTFmNDdkMjc2OTc2OWM2
Njk0NGUwHhcNMjMwMTAxMTIzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzllNDc5OTcyOTZjYmFmODNhY2Y3NDdjYzBhZThiNWViOWU4NTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJcUfS9VNnm7+4dGpvaZXwhdqyfi
56Dq+Q168QHCwQwun0G38DLwVVULSB8f5yYOuFblE0Pt7uxh3A6rk8ziP2cHHCeG
TGK62Gu4HZOsOot2DasxOKEL1gaVE9mdniywfYjFZ1enUnfQgPEZx95HfnaWDWWv
BQo1g4DwX5S2zw2/vYs+dxGbUtz7LbRY5/AFBKvLahL7gKlwrFNSH3rE5lO+yKYT
mJLh6YJEtUwRiBZvh1bLYTQB20HgqhkDtFfj3bvLXdYRGRIZetKJ4oXfydBdmPIs
Gwj6Nxk9mC9jaTVUhPetkCirQxHTd3TA+yN5HcVcRNkbx+dDyRW18I+C8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFyeR5lylsuvg6z3R8wK6LXrnoUjMB8GA1UdIwQY
MBaAFKqAkzVOVlrEg4pR9H0naXacZpROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW9DVE5VNVdXc1NEaWxIMGZTZHBkcHhtbEU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lZTlkZGMtYWNkMC00ODFkLThjMGIt
Nzg4YjQ2ZTEwNDk3LzEvWEo1SG1YS1d5Ni1EclBkSHpBcm90ZXVlaFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lZTlkZGMtYWNkMC00ODFkLThjMGItNzg4YjQ2ZTEwNDk3
LzEvcW9DVE5VNVdXc1NEaWxIMGZTZHBkcHhtbEU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhKzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAgk6N/TBxQSpMrE5NwEqsTSoUi1tpBVsFBo7CnUGn
6194WQD/PDwQHOhuMirL6cDmoCWFAGG6ELTrKpw+A+KSvSpRihdU+d0wZXLZt1HR
k2ZIfb+iORSqVai56pylxxcOkYR/bv45MKpopmiycxfbTBE1xDY/yhUMBI+fbOrL
kSUmvcwHyNimTjlx+OSo4CgBd3hhcVRZSW1HU5sI4mYlNTQfgLewtP5AeEyFLI1g
9StODTO0j9qR1EabTwEo2JeU24j7FcJkqG67BDahuk9+gge2CMt7F5ZJya8Ekx4Z
hyotbB1/orDOflQXLVp+Fe1/rzms3T5pE2o40Z2S4SSrWA==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:30:26 2025 by rpki-client