Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/AJMBWPZ4b0xQrgjamwo40M-SQjA.roa
File: AJMBWPZ4b0xQrgjamwo40M-SQjA.roa (raw, json)
Hash identifier: pCyNRdvYQAHCd4AFHeJg1QppCaahuUA/DT0SQoWghSQ=
Subject key identifier: 00:93:01:58:F6:78:6F:4C:50:AE:08:DA:9B:0A:38:D0:CF:92:42:30
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 0187B44483BFDE4692B8F7E4ED398DA68732
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/AJMBWPZ4b0xQrgjamwo40M-SQjA.roa
Signing time: Mon 24 Apr 2023 17:16:41 +0000
ROA not before: Mon 24 Apr 2023 17:16:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60445
IP address blocks: 2a12:f8c1:100::/40 maxlen: 40
2a12:f8c3:1000::/36 maxlen: 36
2a12:f8c3:2000::/36 maxlen: 36
2a12:f8c2:300::/40 maxlen: 40
2a12:f8c2:400::/40 maxlen: 40
2a12:f8c2:500::/40 maxlen: 40
2a12:f8c2:600::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:b4:44:83:bf:de:46:92:b8:f7:e4:ed:39:8d:a6:87:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Apr 24 17:16:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=00930158f6786f4c50ae08da9b0a38d0cf924230
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:eb:e5:2b:75:71:d1:dd:d8:9d:c1:59:35:df:
d0:e6:7f:c7:ee:41:34:5b:79:d5:2f:2e:d6:a5:6f:
9a:31:82:6b:86:13:27:09:72:ee:e3:57:86:23:fa:
1f:80:bb:b1:ca:f0:ba:1d:8f:31:04:66:0d:84:92:
11:f7:96:4c:a9:fb:ba:68:56:31:c2:51:fb:20:72:
85:a9:44:91:68:d2:cf:9c:db:d6:8c:a2:6a:8a:97:
02:66:08:85:ea:78:96:6a:fc:20:f8:2d:f3:d2:2f:
9d:39:b6:7c:c6:f7:54:5b:39:69:e3:23:fa:59:b3:
54:60:c0:e8:d7:27:d4:ae:dd:38:db:76:43:57:3e:
84:2f:a7:14:9b:ec:c2:34:76:c6:f3:73:41:96:08:
b3:66:a2:47:63:ad:d6:f9:5c:88:5b:3a:f8:fa:93:
0d:62:b4:91:6c:92:ec:54:af:41:60:f3:ef:b7:28:
98:28:1e:81:28:95:f7:cd:1a:6c:8d:e5:61:bd:ae:
d2:13:9c:01:7a:79:71:b4:84:7f:d0:70:39:4b:df:
37:c0:46:04:1c:42:c7:f2:7a:8a:b7:5a:6c:48:dd:
a3:50:eb:0e:73:21:de:0a:f9:16:93:b2:a2:9c:2e:
f3:20:83:47:18:ea:b1:c9:cd:ec:c0:ad:6f:32:91:
78:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:93:01:58:F6:78:6F:4C:50:AE:08:DA:9B:0A:38:D0:CF:92:42:30
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/AJMBWPZ4b0xQrgjamwo40M-SQjA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:100::/40
2a12:f8c2:300::-2a12:f8c2:6ff:ffff:ffff:ffff:ffff:ffff
2a12:f8c3:1000::-2a12:f8c3:2fff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
b3:74:6a:65:3c:96:5f:f8:16:54:03:ed:63:7b:bf:8c:26:f3:
de:a0:5b:a9:20:01:4b:17:54:6b:cb:e1:a0:f6:55:9d:37:25:
6f:5c:13:73:7a:dd:56:72:32:3f:69:2c:1f:8f:54:f8:41:d8:
c9:93:4b:84:ea:c0:24:78:84:39:3f:78:a7:74:2d:f6:0e:ba:
89:f2:b7:9d:4b:81:7b:da:c7:9d:db:28:71:3e:42:40:86:6d:
8f:22:9e:fd:6f:fd:a4:18:c5:ad:e3:01:8a:3c:1e:3c:ce:c3:
a6:1b:84:3f:48:17:5e:69:df:ab:de:b2:74:8c:ba:be:0b:63:
d2:0a:a9:63:71:bb:30:6e:29:14:cc:45:91:ce:88:43:c6:c7:
11:ee:eb:67:49:96:92:21:41:48:03:72:b1:db:84:cc:bf:57:
af:cc:47:9e:9a:f8:49:f0:d3:28:80:3e:eb:0d:ab:ff:7a:f0:
f5:5c:f2:33:86:4e:ce:b6:b1:3c:70:d9:7a:f2:52:33:b2:5f:
f9:69:2d:13:05:bc:31:8a:e0:50:bc:d5:16:de:d1:ce:08:89:
a5:d0:7b:8f:46:7c:74:d2:f8:c2:9e:0f:30:53:6a:98:7e:b2:
92:ac:d0:53:31:b3:93:46:e8:8f:2a:e3:c2:9e:59:5e:39:f1:
b6:b7:8a:85
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYe0RIO/3kaSuPfk7TmNpocyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwNDI0MTcxNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDkzMDE1OGY2Nzg2ZjRjNTBhZTA4ZGE5YjBhMzhkMGNmOTI0MjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOvlK3Vx0d3YncFZNd/Q5n/H7kE0
W3nVLy7WpW+aMYJrhhMnCXLu41eGI/ofgLuxyvC6HY8xBGYNhJIR95ZMqfu6aFYx
wlH7IHKFqUSRaNLPnNvWjKJqipcCZgiF6niWavwg+C3z0i+dObZ8xvdUWzlp4yP6
WbNUYMDo1yfUrt0423ZDVz6EL6cUm+zCNHbG83NBlgizZqJHY63W+VyIWzr4+pMN
YrSRbJLsVK9BYPPvtyiYKB6BKJX3zRpsjeVhva7SE5wBenlxtIR/0HA5S983wEYE
HELH8nqKt1psSN2jUOsOcyHeCvkWk7KinC7zIINHGOqxyc3swK1vMpF47wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFACTAVj2eG9MUK4I2psKONDPkkIwMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvQUpNQldQWjRiMHhRcmdqYW13bzQwTS1TUWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAAjAsAwYAKhL4wQEw
EAMGACoS+MIDAwYAKhL4wgYwEAMGBCoS+MMQAwYEKhL4wyAwDQYJKoZIhvcNAQEL
BQADggEBALN0amU8ll/4FlQD7WN7v4wm896gW6kgAUsXVGvL4aD2VZ03JW9cE3N6
3VZyMj9pLB+PVPhB2MmTS4TqwCR4hDk/eKd0LfYOuonyt51LgXvax53bKHE+QkCG
bY8inv1v/aQYxa3jAYo8HjzOw6YbhD9IF15p36vesnSMur4LY9IKqWNxuzBuKRTM
RZHOiEPGxxHu62dJlpIhQUgDcrHbhMy/V6/MR56a+Enw0yiAPusNq/968PVc8jOG
Ts62sTxw2XryUjOyX/lpLRMFvDGK4FC81Rbe0c4IiaXQe49GfHTS+MKeDzBTaph+
spKs0FMxs5NG6I8q48KeWV458ba3ioU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:02 2024 by rpki-client on console-fra.rpki-client.org