Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/3Fy-dEPOxNod46Ac4KuN8OtxDnw.roa
File: 3Fy-dEPOxNod46Ac4KuN8OtxDnw.roa (raw, json)
Hash identifier: ZQ/pyWybaWPVtUqMYzBoy5WFHfC+v4lBQWXU4EDZh/A=
Subject key identifier: DC:5C:BE:74:43:CE:C4:DA:1D:E3:A0:1C:E0:AB:8D:F0:EB:71:0E:7C
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018CC64B2B2679EACD32EE323D1C6F2CCA9B
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/3Fy-dEPOxNod46Ac4KuN8OtxDnw.roa
Signing time: Mon 01 Jan 2024 18:31:04 +0000
ROA not before: Mon 01 Jan 2024 18:31:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204214
IP address blocks: 2a12:f8c1::/32 maxlen: 48
2a12:f8c1:300::/40 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:2b:26:79:ea:cd:32:ee:32:3d:1c:6f:2c:ca:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 1 18:31:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dc5cbe7443cec4da1de3a01ce0ab8df0eb710e7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:c0:0e:ef:5c:ec:47:14:4a:03:ff:70:8c:ea:
da:86:d7:06:24:d1:16:8e:57:a3:10:2f:17:ad:92:
23:f2:06:f7:36:8e:90:2a:ef:d1:45:da:34:f6:e6:
d2:7c:43:2b:ee:52:4d:a6:e3:74:79:8a:c9:c1:9c:
05:f4:04:c1:c0:d7:43:4c:5b:0c:f3:87:d7:ae:bf:
e7:64:18:8d:54:dd:66:b0:cc:9b:b6:93:af:39:b2:
2b:30:1e:90:39:50:f4:eb:bf:6f:fb:57:d8:cf:99:
f1:5c:aa:18:5d:8c:29:54:e3:b7:77:48:d6:8b:af:
2d:1a:8a:88:14:04:e1:57:9e:e4:64:c5:98:1d:f5:
76:5b:ec:8e:9f:20:aa:25:55:4f:65:1f:b2:14:10:
56:42:fd:fa:5f:da:3a:a9:2e:df:d8:2e:49:12:13:
fb:e0:e9:17:22:42:d0:01:84:be:fb:64:38:20:04:
f9:3f:64:af:a6:5b:e9:be:ec:60:03:75:57:23:f4:
1a:7c:be:1d:bf:d3:8e:28:a7:b3:b7:4b:42:e2:89:
ba:e5:68:f8:78:c0:c8:35:17:23:4c:8e:79:cb:36:
ae:b7:f7:dc:3c:9f:5b:ba:cc:09:be:5c:47:97:bc:
7f:f3:d6:9b:e8:be:9d:5e:46:90:42:55:d3:10:e3:
f2:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:5C:BE:74:43:CE:C4:DA:1D:E3:A0:1C:E0:AB:8D:F0:EB:71:0E:7C
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/3Fy-dEPOxNod46Ac4KuN8OtxDnw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1::/32
Signature Algorithm: sha256WithRSAEncryption
68:92:47:c5:b3:a6:06:04:08:ae:17:bb:9a:b5:7d:77:d9:94:
1e:98:80:78:9d:d5:13:e8:57:09:98:0c:16:b4:ee:ef:4b:06:
a9:05:87:00:46:fc:67:49:7c:f5:ef:fd:d0:f8:5f:8b:71:d7:
49:67:93:db:db:f9:22:e8:84:00:e6:81:e5:20:5c:1c:d0:26:
64:77:0b:53:c6:1a:a7:5d:73:a5:a0:11:ee:c0:ee:25:2b:1a:
20:d4:5b:d6:15:02:0c:2b:47:a0:f4:2a:29:ca:3c:af:fc:88:
af:26:b9:04:2c:f0:20:45:30:ca:0d:b6:38:fb:d1:01:e2:18:
2c:ef:53:dc:d1:17:60:e9:07:bc:4f:9b:16:ec:d6:99:f3:6d:
32:9b:47:7e:7b:c3:92:3b:7b:7d:e9:a7:ae:51:90:df:19:91:
7e:38:1e:64:de:1c:60:4d:73:70:2b:e3:b7:21:e6:3d:9a:c1:
71:61:8e:9f:3c:59:c5:ad:5a:28:e7:e8:d3:0f:63:90:a8:7a:
f7:66:56:84:18:ae:27:df:d4:c2:bc:1c:55:9c:34:fe:c6:38:
70:2e:50:75:6f:04:73:9b:ae:80:9b:ba:9b:11:3a:8a:5e:59:
a4:fa:86:cb:6f:bc:b2:8e:4e:29:b8:a1:8e:33:52:f5:33:da:
44:f6:7e:24
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSysmeerNMu4yPRxvLMqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzVjYmU3NDQzY2VjNGRhMWRlM2EwMWNlMGFiOGRmMGViNzEwZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcAO71zsRxRKA/9wjOrahtcGJNEW
jlejEC8XrZIj8gb3No6QKu/RRdo09ubSfEMr7lJNpuN0eYrJwZwF9ATBwNdDTFsM
84fXrr/nZBiNVN1msMybtpOvObIrMB6QOVD0679v+1fYz5nxXKoYXYwpVOO3d0jW
i68tGoqIFAThV57kZMWYHfV2W+yOnyCqJVVPZR+yFBBWQv36X9o6qS7f2C5JEhP7
4OkXIkLQAYS++2Q4IAT5P2SvplvpvuxgA3VXI/QafL4dv9OOKKezt0tC4om65Wj4
eMDINRcjTI55yzaut/fcPJ9buswJvlxHl7x/89ab6L6dXkaQQlXTEOPyAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNxcvnRDzsTaHeOgHOCrjfDrcQ58MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvM0Z5LWRFUE94Tm9kNDZBYzRLdU44T3R4RG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4wTAN
BgkqhkiG9w0BAQsFAAOCAQEAaJJHxbOmBgQIrhe7mrV9d9mUHpiAeJ3VE+hXCZgM
FrTu70sGqQWHAEb8Z0l89e/90Phfi3HXSWeT29v5IuiEAOaB5SBcHNAmZHcLU8Ya
p11zpaAR7sDuJSsaINRb1hUCDCtHoPQqKco8r/yIrya5BCzwIEUwyg22OPvRAeIY
LO9T3NEXYOkHvE+bFuzWmfNtMptHfnvDkjt7femnrlGQ3xmRfjgeZN4cYE1zcCvj
tyHmPZrBcWGOnzxZxa1aKOfo0w9jkKh692ZWhBiuJ9/UwrwcVZw0/sY4cC5QdW8E
c5uugJu6mxE6il5ZpPqGy2+8so5OKbihjjNS9TPaRPZ+JA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:14:52 2025 by rpki-client