Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/Tf7m3POnEl2qgI27iC6N4BvY2_U.roa
File: Tf7m3POnEl2qgI27iC6N4BvY2_U.roa (raw, json)
Hash identifier: 2UULvh177fQPwRnbgzdKqUU13PCxSak0nbsZ8DRMtVQ=
Subject key identifier: 4D:FE:E6:DC:F3:A7:12:5D:AA:80:8D:BB:88:2E:8D:E0:1B:D8:DB:F5
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018CC64B28F52FE5E73D434C1C94954F720B
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/Tf7m3POnEl2qgI27iC6N4BvY2_U.roa
Signing time: Mon 01 Jan 2024 18:31:03 +0000
ROA not before: Mon 01 Jan 2024 18:31:03 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199108
IP address blocks: 2a12:f8c1:70::/44 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:28:f5:2f:e5:e7:3d:43:4c:1c:94:95:4f:72:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 1 18:31:03 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4dfee6dcf3a7125daa808dbb882e8de01bd8dbf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:8a:f9:5b:83:09:90:c6:eb:54:33:7d:38:26:
b8:cc:ab:09:24:f4:0d:7a:36:b9:4e:88:ae:73:5d:
6c:6f:1c:f7:01:88:56:2a:ff:4b:7b:a5:17:1e:df:
e9:b0:a6:66:de:a4:3d:22:8c:35:58:77:72:cc:0f:
79:16:57:7d:24:0b:3f:1f:76:40:73:8e:5d:7e:c1:
6c:95:3f:8b:a5:e5:33:95:8a:2a:74:c3:42:bd:76:
5b:ca:c5:76:79:f5:ad:85:b0:98:71:e6:29:80:d8:
c8:af:82:52:5d:f3:f2:d7:46:44:c2:6e:cc:f4:4b:
9a:7c:79:47:a7:d5:8b:21:fd:0c:27:9b:45:7a:a9:
78:75:39:0a:0c:77:19:64:d1:1f:d3:2e:90:c3:43:
0a:78:f0:8a:4b:1c:22:70:d5:4c:04:fa:cb:3a:a8:
22:ac:28:1e:2a:93:a8:4d:19:55:36:d5:cb:85:df:
25:cf:6f:65:fd:18:25:14:7c:8b:32:8b:7a:60:12:
0d:01:de:02:13:10:9d:ea:16:be:19:78:72:30:b4:
f8:8d:fe:d1:c2:aa:2f:01:a5:27:41:a5:1c:d9:a9:
63:3d:c6:ba:82:b6:c8:a3:7a:5f:41:4a:82:d6:87:
eb:49:77:d5:3e:4b:ce:89:f3:1d:cf:b1:1f:b3:e8:
9b:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:FE:E6:DC:F3:A7:12:5D:AA:80:8D:BB:88:2E:8D:E0:1B:D8:DB:F5
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/Tf7m3POnEl2qgI27iC6N4BvY2_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:70::/44
Signature Algorithm: sha256WithRSAEncryption
5a:14:3a:e3:f1:ff:2c:50:6e:9d:db:fa:7d:7a:44:68:c6:e4:
58:34:82:63:4b:2f:0e:f5:0e:fd:c1:58:1b:71:2f:79:0e:be:
71:d0:64:fa:bb:3b:15:d0:ce:55:df:95:ce:01:e1:4c:4c:b1:
4a:f2:7a:bd:5a:79:03:16:a3:fc:a2:13:4d:b8:37:88:1c:59:
36:36:c5:ba:b7:b8:39:00:23:5f:86:bd:c9:b5:c1:95:64:de:
57:e0:16:24:1f:fd:00:11:7c:a5:07:d3:c9:b2:9b:49:e0:07:
7a:57:8f:59:1f:d7:d3:2c:f6:42:b9:29:f0:c0:28:bd:6e:e2:
20:b0:5a:c4:99:87:34:4e:af:84:18:0d:fb:21:5a:d3:56:c8:
1f:0a:90:76:2c:9d:67:4e:6c:1c:ad:45:e9:62:8b:b3:a6:9b:
40:1b:d8:69:1b:3d:08:e8:c5:03:ad:6e:28:c0:7f:87:0c:69:
a7:2a:fd:5b:38:ac:5c:93:e3:94:20:d3:79:01:9e:e4:01:d3:
bf:f2:25:6c:4e:eb:16:a6:47:82:2d:7f:70:3d:fb:7f:9b:ed:
f7:9a:93:c0:1d:38:a3:a0:92:df:2b:2d:c2:0a:00:f9:3c:82:
f1:ff:8b:f9:43:53:3d:ca:6a:c9:ed:af:59:32:0a:46:4c:8f:
67:66:8d:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSyj1L+XnPUNMHJSVT3ILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGZlZTZkY2YzYTcxMjVkYWE4MDhkYmI4ODJlOGRlMDFiZDhkYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Yr5W4MJkMbrVDN9OCa4zKsJJPQN
eja5Toiuc11sbxz3AYhWKv9Le6UXHt/psKZm3qQ9Iow1WHdyzA95Fld9JAs/H3ZA
c45dfsFslT+LpeUzlYoqdMNCvXZbysV2efWthbCYceYpgNjIr4JSXfPy10ZEwm7M
9EuafHlHp9WLIf0MJ5tFeql4dTkKDHcZZNEf0y6Qw0MKePCKSxwicNVMBPrLOqgi
rCgeKpOoTRlVNtXLhd8lz29l/RglFHyLMot6YBINAd4CExCd6ha+GXhyMLT4jf7R
wqovAaUnQaUc2aljPca6grbIo3pfQUqC1ofrSXfVPkvOifMdz7Efs+ibaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE3+5tzzpxJdqoCNu4gujeAb2Nv1MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvVGY3bTNQT25FbDJxZ0kyN2lDNk40QnZZMl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhL4wQBw
MA0GCSqGSIb3DQEBCwUAA4IBAQBaFDrj8f8sUG6d2/p9ekRoxuRYNIJjSy8O9Q79
wVgbcS95Dr5x0GT6uzsV0M5V35XOAeFMTLFK8nq9WnkDFqP8ohNNuDeIHFk2NsW6
t7g5ACNfhr3JtcGVZN5X4BYkH/0AEXylB9PJsptJ4Ad6V49ZH9fTLPZCuSnwwCi9
buIgsFrEmYc0Tq+EGA37IVrTVsgfCpB2LJ1nTmwcrUXpYouzpptAG9hpGz0I6MUD
rW4owH+HDGmnKv1bOKxck+OUINN5AZ7kAdO/8iVsTusWpkeCLX9wPft/m+33mpPA
HTijoJLfKy3CCgD5PILx/4v5Q1M9ymrJ7a9ZMgpGTI9nZo1q
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:18:03 2025 by rpki-client