Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5lUDLn9IyyZ2q7kI2pecb7rD4qk.roa
File: 5lUDLn9IyyZ2q7kI2pecb7rD4qk.roa (raw, json)
Hash identifier: 5jGwZp9H2nOz6n57RcNVN1NPXj7ipId6p8kcN+RV3QA=
Subject key identifier: E6:55:03:2E:7F:48:CB:26:76:AB:B9:08:DA:97:9C:6F:BA:C3:E2:A9
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018CC64B23EB7D5145AE1B4CF615BD73E4A6
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5lUDLn9IyyZ2q7kI2pecb7rD4qk.roa
Signing time: Mon 01 Jan 2024 18:31:02 +0000
ROA not before: Mon 01 Jan 2024 18:31:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 10111
IP address blocks: 2a12:f8c3::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:23:eb:7d:51:45:ae:1b:4c:f6:15:bd:73:e4:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 1 18:31:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e655032e7f48cb2676abb908da979c6fbac3e2a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:70:db:3d:91:1f:1e:32:11:8c:f1:29:6d:ce:
7f:b7:8e:b7:4d:d4:70:03:b2:ad:bf:10:54:29:11:
2f:04:b4:59:04:05:ea:2f:aa:dc:c4:b6:05:c7:0a:
03:2b:96:14:fc:c1:b7:81:1a:bc:37:c3:39:c0:46:
88:96:91:ff:37:83:22:98:8a:b9:3a:05:a6:9e:cf:
25:70:75:5a:a7:fa:3e:e3:65:71:a0:44:ad:a7:2b:
c3:fe:f6:05:34:04:3b:88:81:c1:65:0f:66:27:95:
91:1f:b9:eb:28:64:c4:46:6e:76:19:cb:3b:64:86:
8a:57:7c:20:27:c9:ee:0e:b0:c7:e8:46:77:31:26:
ac:8b:48:8f:19:b2:21:ac:b2:de:c1:61:d2:d5:db:
77:fb:36:4f:8a:f5:68:76:81:fb:a5:fe:17:02:ad:
c2:55:b6:2d:da:50:55:68:a3:f6:33:23:62:a1:5f:
a8:30:a0:23:e5:f2:1f:28:09:a5:7c:cf:d0:b1:e3:
92:ca:b5:b7:d9:9e:6f:fe:6b:2c:0a:8b:1e:64:3f:
10:38:83:27:e2:5d:19:75:0a:ab:9c:86:19:7a:97:
3b:40:37:55:9e:2d:7d:97:e9:20:4e:a9:44:08:55:
b8:19:51:89:15:66:4d:e5:f7:3c:30:66:af:fe:87:
a2:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:55:03:2E:7F:48:CB:26:76:AB:B9:08:DA:97:9C:6F:BA:C3:E2:A9
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/5lUDLn9IyyZ2q7kI2pecb7rD4qk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c3::/36
Signature Algorithm: sha256WithRSAEncryption
89:7d:47:e1:70:02:15:b6:31:4d:ce:15:3a:98:47:41:62:a8:
82:13:cd:77:58:b4:c0:02:b2:f3:ce:89:69:bc:16:57:3e:f9:
4d:77:03:4c:b5:a2:88:74:6b:02:63:a9:7b:a0:88:44:a3:0e:
3e:b0:3c:29:b9:4e:a2:83:ee:f7:e8:13:c4:e9:44:af:c0:92:
fb:9c:a6:4e:38:ab:d4:e5:a7:86:fe:0b:3d:bd:f2:cf:ca:72:
6a:8e:56:ca:ba:58:80:05:bb:6f:e9:a1:c3:b9:6e:29:49:31:
83:7d:c3:bc:9a:81:8d:67:79:7d:8d:88:9f:a0:74:0e:27:78:
7a:cd:e5:1d:c8:34:b4:5a:af:39:bd:99:26:c9:9f:26:a0:89:
9e:d1:5f:78:c9:e7:e3:56:24:4f:08:91:ab:7d:49:5d:46:01:
09:ba:33:6a:61:cf:14:53:9c:aa:20:42:91:7b:77:be:29:ee:
d5:d3:23:c9:f0:76:a7:d8:05:aa:3c:1f:39:ea:e0:ac:66:c4:
f0:8b:d6:de:6e:30:4d:5b:3a:4a:40:ff:4f:80:b3:f5:29:17:
3d:bf:ce:44:03:7c:23:24:b0:da:30:3b:e8:f2:9e:b6:ee:a2:
06:db:e6:27:99:86:1e:ec:07:64:f5:52:96:63:23:2a:bb:ae:
b3:89:b0:4e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSyPrfVFFrhtM9hW9c+SmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjU1MDMyZTdmNDhjYjI2NzZhYmI5MDhkYTk3OWM2ZmJhYzNlMmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXDbPZEfHjIRjPEpbc5/t463TdRw
A7KtvxBUKREvBLRZBAXqL6rcxLYFxwoDK5YU/MG3gRq8N8M5wEaIlpH/N4MimIq5
OgWmns8lcHVap/o+42VxoEStpyvD/vYFNAQ7iIHBZQ9mJ5WRH7nrKGTERm52Gcs7
ZIaKV3wgJ8nuDrDH6EZ3MSasi0iPGbIhrLLewWHS1dt3+zZPivVodoH7pf4XAq3C
VbYt2lBVaKP2MyNioV+oMKAj5fIfKAmlfM/QseOSyrW32Z5v/mssCoseZD8QOIMn
4l0ZdQqrnIYZepc7QDdVni19l+kgTqlECFW4GVGJFWZN5fc8MGav/oei9wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOZVAy5/SMsmdqu5CNqXnG+6w+KpMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvNWxVRExuOUl5eVoycTdrSTJwZWNiN3JENHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4wwAw
DQYJKoZIhvcNAQELBQADggEBAIl9R+FwAhW2MU3OFTqYR0FiqIITzXdYtMACsvPO
iWm8Flc++U13A0y1ooh0awJjqXugiESjDj6wPCm5TqKD7vfoE8TpRK/Akvucpk44
q9Tlp4b+Cz298s/KcmqOVsq6WIAFu2/pocO5bilJMYN9w7yagY1neX2NiJ+gdA4n
eHrN5R3INLRarzm9mSbJnyagiZ7RX3jJ5+NWJE8Ikat9SV1GAQm6M2phzxRTnKog
QpF7d74p7tXTI8nwdqfYBao8Hznq4KxmxPCL1t5uME1bOkpA/0+As/UpFz2/zkQD
fCMksNowO+jynrbuogbb5ieZhh7sB2T1UpZjIyq7rrOJsE4=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:30:10 2025 by rpki-client