Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/4As-BJRSqkcOiY7PKW6I7lYyi3c.roa
File: 4As-BJRSqkcOiY7PKW6I7lYyi3c.roa (raw, json)
Hash identifier: LuVXkdzS+wdOUJmnrMj1SfEXTdpfbYf4Ys/JpdXfHW4=
Subject key identifier: E0:0B:3E:04:94:52:AA:47:0E:89:8E:CF:29:6E:88:EE:56:32:8B:77
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 01857039AB7F4C4332D3F9C45211726D0689
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/4As-BJRSqkcOiY7PKW6I7lYyi3c.roa
Signing time: Mon 02 Jan 2023 02:05:05 +0000
ROA not before: Mon 02 Jan 2023 02:05:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60445
IP address blocks: 2a12:f8c3:1000::/36 maxlen: 36
2a12:f8c2:600::/40 maxlen: 40
2a12:f8c2:500::/40 maxlen: 40
2a12:f8c2:400::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:39:ab:7f:4c:43:32:d3:f9:c4:52:11:72:6d:06:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 2 02:05:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e00b3e049452aa470e898ecf296e88ee56328b77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:bf:ce:83:0d:48:cb:9a:e7:c2:e9:75:0e:c0:
49:fc:a4:9e:14:7b:6c:28:ae:47:41:c6:a9:24:96:
df:b0:c2:fe:e4:ba:a2:58:b2:76:57:10:f8:69:b9:
13:67:e7:54:49:4e:89:c5:a7:2b:79:54:e9:6c:24:
ca:cc:f3:ac:6b:ac:38:ad:bc:7d:7e:d2:df:6f:53:
13:59:b2:9a:f1:01:af:e0:df:b2:73:1e:b0:1c:6f:
ac:be:35:37:cd:88:72:77:52:7f:d3:42:7b:49:c3:
ff:05:34:55:3b:50:26:bd:b7:89:66:13:80:10:88:
87:1e:32:ef:c1:c5:26:64:80:6f:a9:75:b8:8b:9e:
14:71:bb:5b:80:ad:8a:6f:60:b4:67:2e:c0:19:b4:
01:24:95:05:e5:d2:e7:8d:5d:fd:a8:df:2a:2b:98:
49:a6:eb:69:5b:2c:a0:3a:9e:48:65:2c:89:1f:09:
b3:b2:c6:cc:67:6c:b9:63:6d:11:88:d2:8f:26:87:
94:88:9c:26:75:3f:52:87:6a:d0:e7:96:79:6e:77:
df:93:18:3a:8a:a8:65:dc:cc:6a:2c:e5:78:c8:aa:
e8:09:16:c3:f7:c7:5c:71:58:a3:42:51:06:92:64:
ba:cb:ec:3c:33:4e:e4:c9:e5:0f:7c:db:20:0d:f7:
b0:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:0B:3E:04:94:52:AA:47:0E:89:8E:CF:29:6E:88:EE:56:32:8B:77
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/4As-BJRSqkcOiY7PKW6I7lYyi3c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c2:400::-2a12:f8c2:6ff:ffff:ffff:ffff:ffff:ffff
2a12:f8c3:1000::/36
Signature Algorithm: sha256WithRSAEncryption
ab:72:f1:a8:c1:19:3b:cb:ad:55:5d:ec:00:f1:74:2d:d6:a6:
84:00:f6:75:f5:03:1e:4e:9a:76:70:c2:a1:cd:f0:a4:dc:48:
87:8d:89:b9:57:e8:71:8e:6a:7b:48:81:45:5c:71:d5:23:1d:
5b:e5:ef:29:65:3b:b4:e7:96:33:b2:35:25:d9:95:28:30:11:
8c:27:95:a7:fe:92:ce:58:20:e3:90:ed:74:26:77:99:7f:b3:
e6:21:10:0a:e3:ad:0b:e8:69:5a:fd:38:30:39:e0:16:f4:6e:
69:3c:a6:96:6c:e6:e4:af:c1:13:2f:55:ac:fa:53:cf:3b:2b:
20:3a:0d:a3:be:ac:ed:17:5c:f9:1a:01:66:9a:c0:9c:fb:dd:
26:10:11:e0:f5:11:43:6d:4d:7e:6d:53:5e:55:f6:ee:af:e8:
3d:3c:04:72:ac:82:87:8e:63:c5:cf:34:cf:d1:d3:86:b9:eb:
4b:a9:55:86:a9:85:c5:08:91:b5:d1:c5:5e:0c:98:2f:f3:d3:
1d:71:e8:a1:fc:92:c2:89:29:2c:ae:32:53:03:de:bd:fe:c8:
6a:4c:de:30:09:76:f2:5d:58:a9:11:5c:e6:6e:cc:21:4d:35:
c0:cd:50:35:92:5b:31:a4:fc:b0:63:91:71:c2:24:95:c4:21:
a3:6f:77:6f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVwOat/TEMy0/nEUhFybQaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwMTAyMDIwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDBiM2UwNDk0NTJhYTQ3MGU4OThlY2YyOTZlODhlZTU2MzI4Yjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0r/Ogw1Iy5rnwul1DsBJ/KSeFHts
KK5HQcapJJbfsML+5LqiWLJ2VxD4abkTZ+dUSU6JxacreVTpbCTKzPOsa6w4rbx9
ftLfb1MTWbKa8QGv4N+ycx6wHG+svjU3zYhyd1J/00J7ScP/BTRVO1AmvbeJZhOA
EIiHHjLvwcUmZIBvqXW4i54UcbtbgK2Kb2C0Zy7AGbQBJJUF5dLnjV39qN8qK5hJ
putpWyygOp5IZSyJHwmzssbMZ2y5Y20RiNKPJoeUiJwmdT9Sh2rQ55Z5bnffkxg6
iqhl3MxqLOV4yKroCRbD98dccVijQlEGkmS6y+w8M07kyeUPfNsgDfeweQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFOALPgSUUqpHDomOzyluiO5WMot3MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvNEFzLUJKUlNxa2NPaVk3UEtXNkk3bFl5aTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaMBADBgIqEvjC
BAMGACoS+MIGAwYEKhL4wxAwDQYJKoZIhvcNAQELBQADggEBAKty8ajBGTvLrVVd
7ADxdC3WpoQA9nX1Ax5OmnZwwqHN8KTcSIeNiblX6HGOantIgUVccdUjHVvl7yll
O7TnljOyNSXZlSgwEYwnlaf+ks5YIOOQ7XQmd5l/s+YhEArjrQvoaVr9ODA54Bb0
bmk8ppZs5uSvwRMvVaz6U887KyA6DaO+rO0XXPkaAWaawJz73SYQEeD1EUNtTX5t
U15V9u6v6D08BHKsgoeOY8XPNM/R04a560upVYaphcUIkbXRxV4MmC/z0x1x6KH8
ksKJKSyuMlMD3r3+yGpM3jAJdvJdWKkRXOZuzCFNNcDNUDWSWzGk/LBjkXHCJJXE
IaNvd28=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:23:28 2025 by rpki-client