Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/Sg3jPkmC-2NZ1DY1t0_lMx1QqYU.roa
File: Sg3jPkmC-2NZ1DY1t0_lMx1QqYU.roa (raw, json)
Hash identifier: EHMZpnmAjQtZBGAFHvrPtgp3UDHEHb3z8iaciilhBiw=
Subject key identifier: 4A:0D:E3:3E:49:82:FB:63:59:D4:36:35:B7:4F:E5:33:1D:50:A9:85
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018CC64B277840D1DE9AF93F17206A060D40
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/Sg3jPkmC-2NZ1DY1t0_lMx1QqYU.roa
Signing time: Mon 01 Jan 2024 18:31:03 +0000
ROA not before: Mon 01 Jan 2024 18:31:03 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 150296
IP address blocks: 2a12:f8c1:30::/44 maxlen: 44
2a12:f8c1:100::/40 maxlen: 40
2a12:f8c3:3000::/36 maxlen: 36
2a12:f8c2:800::/40 maxlen: 48
2a12:f8c2::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:27:78:40:d1:de:9a:f9:3f:17:20:6a:06:0d:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 1 18:31:03 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4a0de33e4982fb6359d43635b74fe5331d50a985
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:28:bf:ac:2f:d8:9d:48:82:f6:67:8e:4c:65:
d1:e4:28:8d:89:a4:5d:08:db:3d:64:d9:7f:ba:8e:
6f:75:90:e1:ef:c8:98:60:40:b2:23:4f:63:0c:35:
5e:74:6e:d8:71:9a:f8:c0:40:64:ca:03:f0:a7:31:
c1:92:0b:f1:9c:35:2a:a4:ad:fb:b7:2f:7b:56:e5:
04:4c:f9:45:7c:6a:7f:65:33:56:3a:0e:52:17:af:
b3:9f:b4:42:21:e7:3d:b4:92:03:60:be:43:fc:44:
e9:f9:ea:d3:de:87:d2:9f:3e:e0:7d:95:8a:b5:e3:
ab:af:8d:34:31:ed:60:22:ea:e1:cf:35:1b:0c:d4:
a5:23:16:a0:6c:bb:75:f8:9e:33:53:b5:ec:d7:44:
5a:21:ff:70:20:ec:f6:36:b6:43:6c:21:d1:f3:9d:
48:5d:6b:95:66:ad:f3:f1:ba:7d:3b:64:61:32:b7:
72:94:28:de:33:15:ab:44:23:48:c9:7f:83:d9:1f:
73:bc:6f:07:1f:72:6f:1c:81:61:70:10:ea:71:82:
c6:48:44:28:34:df:57:a6:64:4f:77:6d:2d:f6:0f:
e6:64:f6:d6:1e:c5:4e:c5:f3:49:cf:03:a1:ed:10:
88:44:b3:34:c8:a2:00:d8:bf:73:fb:a0:bc:42:5f:
9e:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:0D:E3:3E:49:82:FB:63:59:D4:36:35:B7:4F:E5:33:1D:50:A9:85
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/Sg3jPkmC-2NZ1DY1t0_lMx1QqYU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:30::/44
2a12:f8c1:100::/40
2a12:f8c2::/40
2a12:f8c2:800::/40
2a12:f8c3:3000::/36
Signature Algorithm: sha256WithRSAEncryption
37:fa:e8:15:fb:06:b8:bf:50:3b:59:6c:c6:e8:3d:b8:14:2d:
8c:a6:95:40:22:4a:9c:8a:7e:47:e0:12:c7:0f:7d:71:7c:da:
1f:2f:97:37:59:68:83:33:dd:dc:a6:5e:ca:f8:a9:24:b1:77:
3d:a2:a7:e8:84:94:82:e4:83:6b:38:63:de:5e:a0:a5:16:01:
bf:22:20:58:e5:83:28:cf:67:c5:f8:d8:80:b0:6e:9d:fd:ad:
aa:e0:a8:16:8c:ff:47:df:60:26:c3:6b:13:99:3e:72:b7:a2:
e4:1b:09:1d:35:21:ab:48:32:6b:ab:da:de:ef:a2:1c:2f:f9:
3e:9f:f7:e4:46:e0:58:9d:95:43:ef:d0:41:27:56:be:93:47:
05:cf:42:dd:22:ec:43:5e:68:8e:8f:f4:ee:e9:f2:03:63:61:
09:10:a1:8b:76:e1:6d:8e:b8:d2:f2:23:9c:bf:d3:dc:57:80:
c7:09:bf:8d:81:c7:49:1e:b6:32:5b:2d:aa:e4:53:02:52:b4:
3d:6b:aa:0e:1d:97:b2:df:77:8c:5e:1f:53:8d:c4:69:53:80:
6f:6d:cf:47:7a:29:fa:f5:45:25:79:ed:dd:13:19:e5:75:11:
46:9c:35:cd:68:32:52:61:0b:ed:22:3e:e5:57:0e:81:f1:57:
91:a7:c8:6a
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzGSyd4QNHemvk/FyBqBg1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTBkZTMzZTQ5ODJmYjYzNTlkNDM2MzViNzRmZTUzMzFkNTBhOTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSi/rC/YnUiC9meOTGXR5CiNiaRd
CNs9ZNl/uo5vdZDh78iYYECyI09jDDVedG7YcZr4wEBkygPwpzHBkgvxnDUqpK37
ty97VuUETPlFfGp/ZTNWOg5SF6+zn7RCIec9tJIDYL5D/ETp+erT3ofSnz7gfZWK
teOrr400Me1gIurhzzUbDNSlIxagbLt1+J4zU7Xs10RaIf9wIOz2NrZDbCHR851I
XWuVZq3z8bp9O2RhMrdylCjeMxWrRCNIyX+D2R9zvG8HH3JvHIFhcBDqcYLGSEQo
NN9XpmRPd20t9g/mZPbWHsVOxfNJzwOh7RCIRLM0yKIA2L9z+6C8Ql+eBQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFEoN4z5JgvtjWdQ2NbdP5TMdUKmFMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvU2czalBrbUMtMk5aMURZMXQwX2xNeDFRcVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAvBAIAAjApAwcEKhL4wQAw
AwYAKhL4wQEDBgAqEvjCAAMGACoS+MIIAwYEKhL4wzAwDQYJKoZIhvcNAQELBQAD
ggEBADf66BX7Bri/UDtZbMboPbgULYymlUAiSpyKfkfgEscPfXF82h8vlzdZaIMz
3dymXsr4qSSxdz2ip+iElILkg2s4Y95eoKUWAb8iIFjlgyjPZ8X42ICwbp39rarg
qBaM/0ffYCbDaxOZPnK3ouQbCR01IatIMmur2t7vohwv+T6f9+RG4FidlUPv0EEn
Vr6TRwXPQt0i7ENeaI6P9O7p8gNjYQkQoYt24W2OuNLyI5y/09xXgMcJv42Bx0ke
tjJbLarkUwJStD1rqg4dl7Lfd4xeH1ONxGlTgG9tz0d6Kfr1RSV57d0TGeV1EUac
Nc1oMlJhC+0iPuVXDoHxV5GnyGo=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:46:52 2025 by rpki-client