Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/DK2LQd9XZCA5iLohEcxN33hIgt4.roa
File: DK2LQd9XZCA5iLohEcxN33hIgt4.roa (raw, json)
Hash identifier: skrSTeArklHT8L/lmjBr8Qu85HesAE5IIx6i+YPBaE0=
Subject key identifier: 0C:AD:8B:41:DF:57:64:20:39:88:BA:21:11:CC:4D:DF:78:48:82:DE
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 01857039AC3646DB7BC152C1EBAA0DBBDD2F
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/DK2LQd9XZCA5iLohEcxN33hIgt4.roa
Signing time: Mon 02 Jan 2023 02:05:05 +0000
ROA not before: Mon 02 Jan 2023 02:05:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 142418
IP address blocks: 2a12:f8c0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:39:ac:36:46:db:7b:c1:52:c1:eb:aa:0d:bb:dd:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 2 02:05:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0cad8b41df5764203988ba2111cc4ddf784882de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:66:a0:7e:b0:6c:fd:6e:c3:0e:84:a6:96:49:
dc:ec:bb:fe:36:88:86:7f:67:8f:ec:ab:33:9c:5c:
e6:fe:04:14:6f:ba:f6:5e:01:51:09:e4:56:9a:51:
27:52:5f:6e:7a:94:25:a4:20:41:3e:f7:81:21:42:
14:f8:ea:56:95:af:e0:5d:f0:54:fe:6b:4c:76:c3:
bb:89:64:96:96:99:ca:37:be:8f:29:44:b3:9d:65:
a6:5b:29:16:3d:ec:d5:e0:d6:8c:c0:d4:6e:d2:1a:
fc:e3:86:7f:48:32:38:18:80:bd:89:f1:98:ff:40:
5c:10:1d:05:d2:ea:ed:57:28:72:11:b2:a7:34:45:
af:3d:16:44:a2:ec:0c:f4:76:0d:47:49:dc:8c:2e:
9f:dc:62:62:50:2b:3c:8b:f3:52:7b:0d:da:5d:3a:
e6:6b:55:90:55:14:e6:4d:c3:8d:3f:3a:bc:53:69:
81:b1:13:74:4d:44:0f:c8:18:37:f9:26:20:37:8c:
47:2a:18:f1:a3:58:7e:70:9b:ef:e7:e2:b2:eb:77:
57:e5:2d:12:bb:8e:ca:24:6e:6b:6e:cc:92:35:a3:
f2:6d:df:69:40:a3:67:f5:07:9b:6a:6f:21:e1:3e:
5c:62:13:bb:7e:ea:ab:ce:ca:5b:8e:47:85:42:53:
2b:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:AD:8B:41:DF:57:64:20:39:88:BA:21:11:CC:4D:DF:78:48:82:DE
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/DK2LQd9XZCA5iLohEcxN33hIgt4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c0::/32
Signature Algorithm: sha256WithRSAEncryption
4a:fd:df:08:23:ff:9e:c1:92:21:b9:7e:53:e6:9f:5f:c8:85:
0b:5e:bf:5f:24:cb:24:d7:0e:c9:18:27:0b:8e:1e:3c:4d:fe:
32:d9:d7:8c:e9:c8:d7:14:7c:2e:12:c3:9c:b7:ce:46:4a:d5:
82:7a:69:af:78:fc:6e:84:f8:7a:77:ee:1e:2a:da:1b:6b:f5:
1a:9f:c1:bb:2c:25:d5:85:26:95:5e:cd:cb:5a:cf:52:11:17:
38:1f:84:69:7c:58:46:ba:4b:78:ce:4a:bb:0c:a7:82:d0:2f:
ed:3e:e0:50:41:0b:f0:df:38:41:eb:66:52:a2:75:42:90:ac:
3f:78:08:77:fa:19:cf:60:df:42:e1:bc:21:df:5c:2e:83:1a:
a9:33:5f:5c:8b:3a:7a:cd:50:75:2e:39:88:bc:a2:5c:af:3c:
24:05:83:07:34:05:a7:cf:a6:ce:1a:13:d1:d8:a4:ee:91:f3:
2d:d3:9e:ee:24:dc:11:88:3b:30:8b:3b:d9:05:4c:33:2f:cd:
ce:72:2c:d3:af:1b:ad:57:6a:1f:cc:06:7b:66:a8:b9:8e:a7:
26:0d:3d:91:28:24:e9:aa:e1:cd:5b:b0:e5:dc:3a:28:3f:9d:
f8:f8:92:df:2e:1f:92:78:ff:eb:3e:3b:4a:f5:5e:bc:64:4b:
a5:8e:0f:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVwOaw2Rtt7wVLB66oNu90vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwMTAyMDIwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FkOGI0MWRmNTc2NDIwMzk4OGJhMjExMWNjNGRkZjc4NDg4MmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmagfrBs/W7DDoSmlknc7Lv+NoiG
f2eP7KsznFzm/gQUb7r2XgFRCeRWmlEnUl9uepQlpCBBPveBIUIU+OpWla/gXfBU
/mtMdsO7iWSWlpnKN76PKUSznWWmWykWPezV4NaMwNRu0hr844Z/SDI4GIC9ifGY
/0BcEB0F0urtVyhyEbKnNEWvPRZEouwM9HYNR0ncjC6f3GJiUCs8i/NSew3aXTrm
a1WQVRTmTcONPzq8U2mBsRN0TUQPyBg3+SYgN4xHKhjxo1h+cJvv5+Ky63dX5S0S
u47KJG5rbsySNaPybd9pQKNn9Qebam8h4T5cYhO7fuqrzspbjkeFQlMrMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAyti0HfV2QgOYi6IRHMTd94SILeMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvREsyTFFkOVhaQ0E1aUxvaEVjeE4zM2hJZ3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4wDAN
BgkqhkiG9w0BAQsFAAOCAQEASv3fCCP/nsGSIbl+U+afX8iFC16/XyTLJNcOyRgn
C44ePE3+MtnXjOnI1xR8LhLDnLfORkrVgnppr3j8boT4enfuHiraG2v1Gp/Buywl
1YUmlV7Ny1rPUhEXOB+EaXxYRrpLeM5KuwyngtAv7T7gUEEL8N84QetmUqJ1QpCs
P3gId/oZz2DfQuG8Id9cLoMaqTNfXIs6es1QdS45iLyiXK88JAWDBzQFp8+mzhoT
0dik7pHzLdOe7iTcEYg7MIs72QVMMy/NznIs068brVdqH8wGe2aouY6nJg09kSgk
6arhzVuw5dw6KD+d+PiS3y4fknj/6z47SvVevGRLpY4P8g==
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:29:45 2025 by rpki-client