Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/1eWHxkmQ1IHnH-SFGKhfBIjeqYo.roa
File: 1eWHxkmQ1IHnH-SFGKhfBIjeqYo.roa (raw, json)
Hash identifier: 2jk3StHkM2fUqMWxegphvkkoLumnTv8n+nTABOzFoDs=
Subject key identifier: D5:E5:87:C6:49:90:D4:81:E7:1F:E4:85:18:A8:5F:04:88:DE:A9:8A
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 01880AE5C1E0C458E71864FBE686A80A1341
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/1eWHxkmQ1IHnH-SFGKhfBIjeqYo.roa
Signing time: Thu 11 May 2023 13:00:09 +0000
ROA not before: Thu 11 May 2023 13:00:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198924
IP address blocks: 2a12:f8c3:3000::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:0a:e5:c1:e0:c4:58:e7:18:64:fb:e6:86:a8:0a:13:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: May 11 13:00:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d5e587c64990d481e71fe48518a85f0488dea98a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:79:7e:84:4c:8d:8f:66:eb:63:08:0f:82:fa:
2c:ef:bf:be:f3:fc:97:f1:b5:f9:a0:5d:ff:23:ec:
b8:f6:e4:82:29:ea:62:b5:b6:76:20:e0:92:ae:c4:
02:37:fb:8e:a1:58:24:8d:92:a0:3e:e1:2b:46:36:
84:ec:37:b0:ff:69:95:a5:78:6b:92:00:6c:67:f2:
07:a1:78:ba:09:13:49:9d:d4:e8:15:ee:d8:f5:cf:
58:d0:d2:70:51:bb:dd:bf:dd:8c:93:28:35:31:2f:
70:09:b6:82:be:74:99:e5:03:3a:c8:40:0f:66:88:
c3:9d:e3:e5:90:1d:5a:b3:64:d7:e1:40:2c:90:2d:
d7:4b:44:ec:14:c2:c6:fb:e2:0e:02:75:5d:87:b6:
73:8a:74:41:e2:51:69:37:cb:c4:2e:ae:c6:51:45:
37:1c:41:a7:6b:d1:88:f5:92:f1:5f:7f:f3:8a:38:
4e:c7:4a:49:ed:10:62:27:7c:ba:3a:49:3a:ad:5c:
29:89:40:71:55:1c:5b:1b:a2:bc:03:3f:44:f1:29:
0a:ce:25:2b:9d:50:dd:1e:90:43:bb:f8:b0:b1:13:
c6:f0:44:a0:30:4e:d2:83:83:e3:c6:7f:2f:e3:08:
b3:10:44:25:aa:63:52:d2:b3:94:0a:ec:4b:cb:5d:
6e:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:E5:87:C6:49:90:D4:81:E7:1F:E4:85:18:A8:5F:04:88:DE:A9:8A
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/1eWHxkmQ1IHnH-SFGKhfBIjeqYo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c3:3000::/36
Signature Algorithm: sha256WithRSAEncryption
60:ac:20:aa:70:7e:fa:49:d1:4a:c6:c8:7b:42:42:a5:66:48:
1b:d5:fd:44:ad:81:b0:99:0c:5c:36:dd:2f:c3:f5:80:98:9d:
3c:71:91:8b:05:57:22:66:f0:38:49:1f:02:d0:af:47:02:96:
c4:fb:08:1a:05:fe:08:5c:c4:bb:d3:2c:74:5d:35:93:61:79:
5c:58:78:10:78:ed:34:58:41:e3:23:ad:c2:92:74:fe:d9:dd:
2e:3f:80:ff:1e:5b:45:08:a3:61:00:29:d2:aa:9a:91:e7:66:
bc:4a:34:71:70:55:02:01:6a:fc:3d:3e:4d:88:c6:dd:7f:87:
a1:43:5a:4e:87:52:d4:10:59:ba:5a:d1:e3:a9:ac:8d:90:1a:
81:77:15:7c:00:4c:0c:a3:1c:b8:21:b5:ff:a3:46:5d:1d:ea:
59:7f:ad:95:54:93:b1:ec:64:5c:04:0d:06:22:2b:cf:14:7d:
a8:2f:01:7e:c1:cd:be:05:0e:d7:08:b0:e7:51:95:c0:08:61:
fd:e3:13:7c:c7:5c:71:9b:d5:d2:d3:42:ff:99:09:30:4e:80:
5a:70:3c:12:c0:d5:92:8b:3c:73:41:41:3a:ae:92:34:a0:44:
5e:07:2b:d1:7f:ee:fd:15:d5:ef:52:c0:b8:58:7f:e9:3b:5a:
fb:98:90:c8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYgK5cHgxFjnGGT75oaoChNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwNTExMTMwMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWU1ODdjNjQ5OTBkNDgxZTcxZmU0ODUxOGE4NWYwNDg4ZGVhOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3l+hEyNj2brYwgPgvos77++8/yX
8bX5oF3/I+y49uSCKepitbZ2IOCSrsQCN/uOoVgkjZKgPuErRjaE7Dew/2mVpXhr
kgBsZ/IHoXi6CRNJndToFe7Y9c9Y0NJwUbvdv92Mkyg1MS9wCbaCvnSZ5QM6yEAP
ZojDnePlkB1as2TX4UAskC3XS0TsFMLG++IOAnVdh7ZzinRB4lFpN8vELq7GUUU3
HEGna9GI9ZLxX3/zijhOx0pJ7RBiJ3y6Okk6rVwpiUBxVRxbG6K8Az9E8SkKziUr
nVDdHpBDu/iwsRPG8ESgME7Sg4Pjxn8v4wizEEQlqmNS0rOUCuxLy11u3QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNXlh8ZJkNSB5x/khRioXwSI3qmKMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvMWVXSHhrbVExSUhuSC1TRkdLaGZCSWplcVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4wzAw
DQYJKoZIhvcNAQELBQADggEBAGCsIKpwfvpJ0UrGyHtCQqVmSBvV/UStgbCZDFw2
3S/D9YCYnTxxkYsFVyJm8DhJHwLQr0cClsT7CBoF/ghcxLvTLHRdNZNheVxYeBB4
7TRYQeMjrcKSdP7Z3S4/gP8eW0UIo2EAKdKqmpHnZrxKNHFwVQIBavw9Pk2Ixt1/
h6FDWk6HUtQQWbpa0eOprI2QGoF3FXwATAyjHLghtf+jRl0d6ll/rZVUk7HsZFwE
DQYiK88UfagvAX7Bzb4FDtcIsOdRlcAIYf3jE3zHXHGb1dLTQv+ZCTBOgFpwPBLA
1ZKLPHNBQTqukjSgRF4HK9F/7v0V1e9SwLhYf+k7WvuYkMg=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:43:35 2025 by rpki-client