Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/faLVLuN2l4yFhaKnl14AoeJzMMc.roa
File: faLVLuN2l4yFhaKnl14AoeJzMMc.roa (raw, json)
Hash identifier: a1z8WSPDcXn1t9HMSNdXvOry+LIajMMlJ8MIYld0NA0=
Subject key identifier: 7D:A2:D5:2E:E3:76:97:8C:85:85:A2:A7:97:5E:00:A1:E2:73:30:C7
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018CC64B286F7C1947B76AD40D6B72D82210
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/faLVLuN2l4yFhaKnl14AoeJzMMc.roa
Signing time: Mon 01 Jan 2024 18:31:03 +0000
ROA not before: Mon 01 Jan 2024 18:31:03 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 151338
IP address blocks: 2a12:f8c1:40::/44 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:28:6f:7c:19:47:b7:6a:d4:0d:6b:72:d8:22:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 1 18:31:03 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7da2d52ee376978c8585a2a7975e00a1e27330c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:03:bb:e0:93:3b:ed:be:0e:70:53:3d:35:76:
70:94:0b:a8:26:89:36:6e:3c:25:09:d6:f5:60:4b:
1f:cc:7f:a8:9f:2f:18:d1:3c:5b:58:3a:a0:00:8b:
fe:8e:15:8a:0d:07:da:83:75:7a:07:49:e3:44:28:
24:54:d8:f7:78:3a:f1:11:33:72:72:6e:59:a4:b9:
43:2d:3a:0c:50:f2:e2:15:e9:84:0c:b8:d1:12:f1:
b0:31:df:18:5f:db:40:ba:73:18:b3:44:11:5b:91:
9a:08:9a:9c:6e:c5:0a:30:19:35:3c:0f:e8:67:91:
13:d0:95:2e:38:c1:b1:82:77:70:92:03:18:20:bc:
d4:90:e8:67:4d:73:de:a6:87:37:85:8a:94:e6:8a:
0f:ef:da:67:5f:10:ce:4c:88:7a:e1:44:13:97:a0:
0a:eb:02:a8:b5:1e:a9:cb:8f:70:22:3f:4a:27:3b:
de:13:da:37:f3:3d:37:a2:02:5c:22:7e:35:9a:ee:
40:ba:32:4b:80:05:58:2d:72:03:53:0e:10:dd:af:
09:7b:73:ad:a0:fb:e5:61:36:28:8a:0c:21:e1:c8:
af:3d:b7:4e:ab:80:ab:2a:b0:4c:de:49:c2:df:42:
08:3d:7d:f3:29:db:4e:fd:bc:01:44:53:f6:80:b2:
85:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:A2:D5:2E:E3:76:97:8C:85:85:A2:A7:97:5E:00:A1:E2:73:30:C7
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/faLVLuN2l4yFhaKnl14AoeJzMMc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:40::/44
Signature Algorithm: sha256WithRSAEncryption
22:8e:71:90:31:c7:f8:ed:74:32:8d:b5:a6:cd:9f:8c:e6:79:
7a:af:64:af:65:56:c9:f6:de:3c:f3:45:fa:64:64:52:10:14:
d1:b3:db:d8:01:2e:fb:c7:19:28:52:70:fb:bd:e8:db:c1:c6:
6b:35:01:e3:7b:35:33:fb:b0:28:30:0f:a1:64:53:86:a0:69:
8f:bf:bb:08:45:e4:9f:4a:81:66:29:37:39:6a:31:8e:6d:b8:
d0:63:22:e0:e8:21:2d:07:3e:12:0f:e7:46:40:8e:54:41:7e:
02:e5:92:a3:0c:d2:a6:29:b4:2f:48:7a:de:f3:33:96:4e:80:
2b:0f:2c:6e:ea:80:8b:97:4f:83:ae:be:77:cb:97:e1:79:71:
b3:5f:11:55:36:be:3b:d6:0d:32:58:92:c5:91:e9:7e:6d:63:
75:10:41:cb:ba:14:b5:aa:93:56:37:9d:fa:2b:9f:41:fd:24:
41:14:6d:14:28:30:3d:09:f4:93:47:a3:b4:da:8f:75:60:73:
48:d8:d9:d1:69:9a:97:df:e1:d3:ce:ce:cd:3e:45:e7:e6:45:
19:7e:e5:9b:23:8c:7c:38:35:e7:d3:3c:ce:01:83:bb:01:e6:
5d:15:9f:81:14:c8:c7:84:d4:df:31:b2:cf:f9:20:e8:1e:34:
e4:05:f4:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSyhvfBlHt2rUDWty2CIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGEyZDUyZWUzNzY5NzhjODU4NWEyYTc5NzVlMDBhMWUyNzMzMGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwO74JM77b4OcFM9NXZwlAuoJok2
bjwlCdb1YEsfzH+ony8Y0TxbWDqgAIv+jhWKDQfag3V6B0njRCgkVNj3eDrxETNy
cm5ZpLlDLToMUPLiFemEDLjREvGwMd8YX9tAunMYs0QRW5GaCJqcbsUKMBk1PA/o
Z5ET0JUuOMGxgndwkgMYILzUkOhnTXPepoc3hYqU5ooP79pnXxDOTIh64UQTl6AK
6wKotR6py49wIj9KJzveE9o38z03ogJcIn41mu5AujJLgAVYLXIDUw4Q3a8Je3Ot
oPvlYTYoigwh4civPbdOq4CrKrBM3knC30IIPX3zKdtO/bwBRFP2gLKF7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH2i1S7jdpeMhYWip5deAKHiczDHMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvZmFMVkx1TjJsNHlGaGFLbmwxNEFvZUp6TU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhL4wQBA
MA0GCSqGSIb3DQEBCwUAA4IBAQAijnGQMcf47XQyjbWmzZ+M5nl6r2SvZVbJ9t48
80X6ZGRSEBTRs9vYAS77xxkoUnD7vejbwcZrNQHjezUz+7AoMA+hZFOGoGmPv7sI
ReSfSoFmKTc5ajGObbjQYyLg6CEtBz4SD+dGQI5UQX4C5ZKjDNKmKbQvSHre8zOW
ToArDyxu6oCLl0+Drr53y5fheXGzXxFVNr471g0yWJLFkel+bWN1EEHLuhS1qpNW
N536K59B/SRBFG0UKDA9CfSTR6O02o91YHNI2NnRaZqX3+HTzs7NPkXn5kUZfuWb
I4x8ODXn0zzOAYO7AeZdFZ+BFMjHhNTfMbLP+SDoHjTkBfQ4
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:32:17 2025 by rpki-client