Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/3yCg3Xd9zL1Km6H8L6J6P4ftL28.roa
File: 3yCg3Xd9zL1Km6H8L6J6P4ftL28.roa (raw, json)
Hash identifier: GurnGvCTHL2IghEYdeL4jw9j0jtZR1g/bYgr8S8cYS8=
Subject key identifier: DF:20:A0:DD:77:7D:CC:BD:4A:9B:A1:FC:2F:A2:7A:3F:87:ED:2F:6F
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 01850789DCBECC68D3A54BEF53B66402BE86
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/3yCg3Xd9zL1Km6H8L6J6P4ftL28.roa
Signing time: Mon 12 Dec 2022 18:12:33 +0000
ROA not before: Mon 12 Dec 2022 18:12:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60445
IP address blocks: 2a12:f8c3:1000::/36 maxlen: 36
2a12:f8c2:400::/40 maxlen: 40
2a12:f8c2:500::/40 maxlen: 40
2a12:f8c2:600::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:07:89:dc:be:cc:68:d3:a5:4b:ef:53:b6:64:02:be:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Dec 12 18:12:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=df20a0dd777dccbd4a9ba1fc2fa27a3f87ed2f6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:6b:27:a0:85:5b:b3:a2:c8:55:d5:51:52:fd:
fa:5a:5e:45:fa:96:ab:5b:15:e9:d0:c8:13:81:b6:
18:17:1a:dc:57:75:92:02:8b:af:8f:ab:ce:27:d2:
bb:23:00:7e:2e:b7:e7:4b:06:a7:31:db:18:c2:5c:
4e:7b:7a:51:a0:9a:96:7b:be:57:d5:c5:4d:80:2f:
5f:01:05:db:29:f3:ec:e2:a5:4f:bc:6b:f7:c7:44:
1e:3d:2c:f0:02:e8:1d:5b:bd:cb:d7:21:15:3e:e6:
7a:4c:a1:76:6a:db:ad:ad:12:b3:48:15:8e:d6:5e:
81:bf:d2:cb:98:5d:93:14:ed:20:1d:93:7f:b7:93:
c9:d7:0f:50:63:ab:c8:92:35:b3:2f:d8:c5:ad:39:
ef:d3:c7:f8:d2:75:94:ad:a0:ca:f4:74:af:ee:01:
10:a3:f8:e7:d9:6e:08:4e:a4:7a:17:44:b0:74:f2:
59:d2:76:e6:e4:10:32:a9:2f:6d:d0:ff:51:e4:44:
10:71:bd:72:71:f2:14:2f:41:80:8d:3c:3a:26:3f:
bc:9b:a2:ba:3b:c2:6e:be:93:b3:8b:fb:10:a4:e9:
b3:d5:86:76:95:d8:86:a0:83:9f:e7:d2:33:3c:21:
22:03:d0:2c:1c:c1:73:82:85:9d:be:3a:a7:18:32:
c6:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:20:A0:DD:77:7D:CC:BD:4A:9B:A1:FC:2F:A2:7A:3F:87:ED:2F:6F
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/3yCg3Xd9zL1Km6H8L6J6P4ftL28.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c2:400::-2a12:f8c2:6ff:ffff:ffff:ffff:ffff:ffff
2a12:f8c3:1000::/36
Signature Algorithm: sha256WithRSAEncryption
43:6d:70:4a:64:ac:03:e3:e2:1a:b2:ce:f6:7a:56:b8:85:ef:
ee:1c:f6:75:4c:44:d1:d5:23:db:1e:3d:7e:7c:40:27:65:d2:
b2:19:b0:6f:b9:6b:37:1a:c1:08:92:f6:4c:87:3a:71:bc:b0:
0a:fb:07:59:c6:a2:f8:1c:99:e8:7d:79:73:88:32:b3:7e:df:
49:a9:01:ae:53:b0:23:8c:16:dd:fb:88:5e:fb:db:1a:57:4e:
2b:3c:77:73:15:b3:88:dc:3f:f1:41:c0:db:c0:26:79:7c:ac:
48:bf:35:e3:a9:bf:3b:ca:d6:6d:ee:bc:b0:3b:cb:41:d0:8f:
e0:01:cf:b7:68:6b:90:5c:53:d8:1a:9a:63:ea:d3:fe:a0:6d:
69:e7:82:63:20:3a:8c:d6:5b:d2:6d:fd:95:f8:56:74:0d:4f:
42:c5:81:e2:20:22:b4:cc:8d:dc:8b:86:6a:af:a8:09:7f:2a:
bd:8f:bb:e7:e8:96:c7:a0:20:21:74:b2:b7:b9:62:aa:96:57:
fb:f4:af:71:62:49:0f:b9:75:34:f7:0d:98:8e:3b:33:10:48:
4c:25:88:9e:ec:9f:7d:97:f7:4b:32:f7:7c:84:0f:8f:8f:71:
17:14:53:51:fd:1a:de:1c:6e:75:d1:88:b8:64:ee:95:fc:8d:
e0:17:de:11
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYUHidy+zGjTpUvvU7ZkAr6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjIxMjEyMTgxMjMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjIwYTBkZDc3N2RjY2JkNGE5YmExZmMyZmEyN2EzZjg3ZWQyZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2snoIVbs6LIVdVRUv36Wl5F+par
WxXp0MgTgbYYFxrcV3WSAouvj6vOJ9K7IwB+LrfnSwanMdsYwlxOe3pRoJqWe75X
1cVNgC9fAQXbKfPs4qVPvGv3x0QePSzwAugdW73L1yEVPuZ6TKF2atutrRKzSBWO
1l6Bv9LLmF2TFO0gHZN/t5PJ1w9QY6vIkjWzL9jFrTnv08f40nWUraDK9HSv7gEQ
o/jn2W4ITqR6F0SwdPJZ0nbm5BAyqS9t0P9R5EQQcb1ycfIUL0GAjTw6Jj+8m6K6
O8JuvpOzi/sQpOmz1YZ2ldiGoIOf59IzPCEiA9AsHMFzgoWdvjqnGDLGwwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN8goN13fcy9Spuh/C+iej+H7S9vMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvM3lDZzNYZDl6TDFLbTZIOEw2SjZQNGZ0TDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaMBADBgIqEvjC
BAMGACoS+MIGAwYEKhL4wxAwDQYJKoZIhvcNAQELBQADggEBAENtcEpkrAPj4hqy
zvZ6VriF7+4c9nVMRNHVI9sePX58QCdl0rIZsG+5azcawQiS9kyHOnG8sAr7B1nG
ovgcmeh9eXOIMrN+30mpAa5TsCOMFt37iF772xpXTis8d3MVs4jcP/FBwNvAJnl8
rEi/NeOpvzvK1m3uvLA7y0HQj+ABz7doa5BcU9gammPq0/6gbWnngmMgOozWW9Jt
/ZX4VnQNT0LFgeIgIrTMjdyLhmqvqAl/Kr2Pu+folsegICF0sre5YqqWV/v0r3Fi
SQ+5dTT3DZiOOzMQSEwliJ7sn32X90sy93yED4+PcRcUU1H9Gt4cbnXRiLhk7pX8
jeAX3hE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:02 2024 by rpki-client on console-fra.rpki-client.org