Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5_rLmvwTJ-hjIYUCBkQHogXamm4.roa
File: 5_rLmvwTJ-hjIYUCBkQHogXamm4.roa (raw, json)
Hash identifier: GXn+hHONe0+QtpXPK7nNfoHn1il1cDOWniTRE42+hY0=
Subject key identifier: E7:FA:CB:9A:FC:13:27:E8:63:21:85:02:06:44:07:A2:05:DA:9A:6E
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 0184E5CE891F7D1B39B1FCF4E463E5B593B4
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5_rLmvwTJ-hjIYUCBkQHogXamm4.roa
Signing time: Tue 06 Dec 2022 05:00:28 +0000
ROA not before: Tue 06 Dec 2022 05:00:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 23470
IP address blocks: 2a12:f8c2:200::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e5:ce:89:1f:7d:1b:39:b1:fc:f4:e4:63:e5:b5:93:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Dec 6 05:00:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e7facb9afc1327e863218502064407a205da9a6e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:a3:e6:0a:54:9f:4d:48:62:db:49:25:4c:f7:
d0:53:33:27:33:c4:f5:59:5f:29:cf:e4:49:d7:76:
d1:f3:02:5d:29:69:d5:1e:e5:fa:80:7e:e4:51:7a:
21:fb:12:0f:16:1b:5d:90:ab:dd:e0:a6:bc:6b:cc:
c5:f8:d3:a6:0d:33:51:27:c1:c7:a4:9b:86:32:42:
24:94:32:80:77:15:f0:5a:a4:47:1e:64:b6:49:a4:
10:34:49:ad:57:50:71:72:ef:39:05:e2:9f:3d:77:
07:ef:7f:56:3c:bc:c5:b7:0a:ee:f3:94:30:8b:47:
91:4c:48:d1:98:55:5d:ed:5b:8d:9a:67:ba:a2:8a:
9b:15:99:6a:41:1f:ca:ad:86:f0:fa:a2:84:43:c3:
1b:31:c9:ef:5f:70:2e:4c:ae:fb:d7:98:41:24:51:
8a:dc:95:aa:44:b3:9e:e3:30:52:ce:a8:cb:d5:49:
d0:29:a2:63:3d:12:d6:99:39:48:97:a3:2b:16:bc:
2b:0a:6e:52:05:de:31:99:88:45:af:b7:07:e0:cf:
70:5f:ca:d2:d3:56:19:a5:92:55:10:ae:d0:59:1c:
8a:43:1a:20:76:a9:76:97:2f:ad:46:be:fb:36:3a:
81:39:0b:6f:15:a4:22:ef:57:78:ff:bc:26:cd:ed:
d2:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:FA:CB:9A:FC:13:27:E8:63:21:85:02:06:44:07:A2:05:DA:9A:6E
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5_rLmvwTJ-hjIYUCBkQHogXamm4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c2:200::/40
Signature Algorithm: sha256WithRSAEncryption
23:cb:80:a4:c1:76:fd:d8:11:92:f2:f7:c8:ae:e8:a4:0e:35:
3c:6e:30:2f:0f:38:d0:db:18:ca:6a:98:f9:d0:95:13:c3:6f:
75:57:1e:dd:9a:b0:4a:4b:25:07:23:84:48:59:7b:39:c9:4c:
6c:7d:66:14:65:6d:c3:97:34:fa:98:b0:6b:e4:c4:b2:7a:f9:
e8:10:51:02:42:35:99:11:b7:22:33:e6:e5:39:7e:e4:d1:1e:
d8:c8:5e:d8:0e:df:fc:31:d4:d9:99:ba:62:a8:f8:d0:12:ab:
b4:34:e7:7d:63:9a:1a:a9:50:ea:80:8d:45:30:8e:c8:cf:be:
9f:49:e6:2b:0f:e0:87:f7:e6:9d:86:bb:86:d0:fb:ff:aa:db:
a3:37:1d:b3:f5:80:12:a0:df:94:e0:d2:af:8a:64:67:a5:f1:
7e:07:3c:e6:7f:a4:a3:e0:82:94:8b:c2:e2:c1:d4:33:c1:32:
f5:71:c5:7b:63:c9:7b:ed:60:67:e1:55:9a:d3:ed:18:79:89:
c4:24:f5:83:79:46:7f:9f:bd:4f:e7:27:c2:6c:cf:7d:16:e7:
f9:eb:82:b5:e6:65:ae:9d:9b:48:22:f5:72:28:49:24:bd:cd:
12:a0:91:c4:ab:0e:d6:eb:48:3a:22:2b:25:2c:88:03:83:55:
f8:f0:81:21
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYTlzokffRs5sfz05GPltZO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjIxMjA2MDUwMDI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2ZhY2I5YWZjMTMyN2U4NjMyMTg1MDIwNjQ0MDdhMjA1ZGE5YTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKPmClSfTUhi20klTPfQUzMnM8T1
WV8pz+RJ13bR8wJdKWnVHuX6gH7kUXoh+xIPFhtdkKvd4Ka8a8zF+NOmDTNRJ8HH
pJuGMkIklDKAdxXwWqRHHmS2SaQQNEmtV1Bxcu85BeKfPXcH739WPLzFtwru85Qw
i0eRTEjRmFVd7VuNmme6ooqbFZlqQR/KrYbw+qKEQ8MbMcnvX3AuTK7715hBJFGK
3JWqRLOe4zBSzqjL1UnQKaJjPRLWmTlIl6MrFrwrCm5SBd4xmYhFr7cH4M9wX8rS
01YZpZJVEK7QWRyKQxogdql2ly+tRr77NjqBOQtvFaQi71d4/7wmze3SLwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOf6y5r8EyfoYyGFAgZEB6IF2ppuMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvNV9yTG12d1RKLWhqSVlVQ0JrUUhvZ1hhbW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhL4wgIw
DQYJKoZIhvcNAQELBQADggEBACPLgKTBdv3YEZLy98iu6KQONTxuMC8PONDbGMpq
mPnQlRPDb3VXHt2asEpLJQcjhEhZeznJTGx9ZhRlbcOXNPqYsGvkxLJ6+egQUQJC
NZkRtyIz5uU5fuTRHtjIXtgO3/wx1NmZumKo+NASq7Q0531jmhqpUOqAjUUwjsjP
vp9J5isP4If35p2Gu4bQ+/+q26M3HbP1gBKg35Tg0q+KZGel8X4HPOZ/pKPggpSL
wuLB1DPBMvVxxXtjyXvtYGfhVZrT7Rh5icQk9YN5Rn+fvU/nJ8Jsz30W5/nrgrXm
Za6dm0gi9XIoSSS9zRKgkcSrDtbrSDoiKyUsiAODVfjwgSE=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:25:41 2025 by rpki-client