Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/hkiTnUfSzIF_DdNRtD3z1dqJjMc.roa
File: hkiTnUfSzIF_DdNRtD3z1dqJjMc.roa (raw, json)
Hash identifier: udA/ivOykFYJZah7T7N+LQXq3TZ7BGsw8tyGQnI9fsM=
Subject key identifier: 86:48:93:9D:47:D2:CC:81:7F:0D:D3:51:B4:3D:F3:D5:DA:89:8C:C7
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 01857039A9F137087B2D162A51E72FF77888
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/hkiTnUfSzIF_DdNRtD3z1dqJjMc.roa
Signing time: Mon 02 Jan 2023 02:05:05 +0000
ROA not before: Mon 02 Jan 2023 02:05:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 10111
IP address blocks: 2a12:f8c3::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:39:a9:f1:37:08:7b:2d:16:2a:51:e7:2f:f7:78:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 2 02:05:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8648939d47d2cc817f0dd351b43df3d5da898cc7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:ac:da:a5:b1:68:76:6d:5b:4b:c1:c0:f2:3e:
7b:fc:25:04:20:34:d1:18:ff:74:d4:10:18:dc:a8:
74:ef:f8:e9:e1:2f:d6:ef:fa:af:ac:cb:00:36:64:
12:ed:99:af:8e:52:4a:fb:98:e2:e8:39:86:4c:27:
29:4e:bb:bc:9d:4c:6d:b1:de:df:b3:6e:33:1b:39:
8f:27:7d:dc:3d:b9:11:ba:04:68:c3:a9:e4:62:da:
dc:40:40:57:8f:25:41:ae:e9:df:07:30:ee:b0:ae:
b3:22:8f:d1:16:b7:da:ce:f6:83:b3:6a:99:c7:ea:
d6:ae:c7:c6:4f:71:90:3b:e3:78:f4:d6:26:1f:c0:
0e:6c:70:af:fa:87:05:c1:4b:ad:ab:f7:31:51:18:
99:bb:b4:f6:0f:20:76:68:9e:7c:2b:03:1a:fc:8d:
d7:a9:b6:e5:b6:7b:a0:59:61:26:c2:0e:44:19:31:
80:c6:6c:3d:97:55:75:70:de:64:86:5c:0f:9f:c2:
62:c0:a3:7f:5b:11:4c:fb:a6:9f:5b:c7:46:ff:6a:
99:20:d5:fc:aa:a7:f5:75:ba:55:3f:8d:5d:81:69:
e0:b7:68:e5:3d:b5:7b:9d:6d:17:50:94:08:90:6e:
c8:9b:80:f2:d8:7c:37:6b:e8:33:4d:70:e5:4b:94:
c9:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:48:93:9D:47:D2:CC:81:7F:0D:D3:51:B4:3D:F3:D5:DA:89:8C:C7
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/hkiTnUfSzIF_DdNRtD3z1dqJjMc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c3::/36
Signature Algorithm: sha256WithRSAEncryption
3c:53:cb:57:07:ea:46:65:cb:09:90:af:4a:54:c5:a1:34:9b:
cb:83:2d:9e:cc:86:81:eb:90:97:3c:c1:ab:a5:e1:d4:9e:44:
fd:12:f4:3b:3f:9f:cc:66:43:67:30:11:41:79:b5:c0:0a:5f:
77:46:75:a8:e7:85:21:2b:14:2b:27:44:af:32:a4:be:c3:70:
e2:b7:99:31:ae:50:02:9f:31:72:be:1c:e0:34:ad:a8:5a:82:
3b:1f:5d:19:3d:7e:ee:1d:ec:b3:f3:45:24:ba:0d:cc:0d:ac:
3e:d8:3a:af:b2:97:cb:c7:8c:d1:a8:3a:44:e1:12:3a:b0:7e:
a5:ef:f1:a6:20:6f:e5:69:20:91:5a:70:ea:1a:e0:32:f6:20:
a7:49:9a:d5:d1:bf:e0:1a:70:46:04:1b:55:b9:fd:87:e9:66:
57:f7:1d:d1:7a:ed:df:8b:06:0d:5f:cb:41:79:24:aa:eb:95:
72:d3:0d:2c:37:8e:ae:a7:70:25:02:bc:e4:a2:b5:b7:57:b2:
ae:69:ac:17:68:d6:2c:e0:46:f9:5c:89:84:66:ab:f6:cd:2a:
76:ca:6a:66:13:5f:97:3a:13:de:27:98:f2:1b:7b:f6:40:fc:
b5:45:2e:18:5b:1a:52:00:04:a9:29:0e:17:bb:30:ec:2e:37:
b8:5f:0e:2e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVwOanxNwh7LRYqUecv93iIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwMTAyMDIwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ4OTM5ZDQ3ZDJjYzgxN2YwZGQzNTFiNDNkZjNkNWRhODk4Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqazapbFodm1bS8HA8j57/CUEIDTR
GP901BAY3Kh07/jp4S/W7/qvrMsANmQS7ZmvjlJK+5ji6DmGTCcpTru8nUxtsd7f
s24zGzmPJ33cPbkRugRow6nkYtrcQEBXjyVBrunfBzDusK6zIo/RFrfazvaDs2qZ
x+rWrsfGT3GQO+N49NYmH8AObHCv+ocFwUutq/cxURiZu7T2DyB2aJ58KwMa/I3X
qbbltnugWWEmwg5EGTGAxmw9l1V1cN5khlwPn8JiwKN/WxFM+6afW8dG/2qZINX8
qqf1dbpVP41dgWngt2jlPbV7nW0XUJQIkG7Im4Dy2Hw3a+gzTXDlS5TJ1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIZIk51H0syBfw3TUbQ989XaiYzHMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvaGtpVG5VZlN6SUZfRGROUnREM3oxZHFKak1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhL4wwAw
DQYJKoZIhvcNAQELBQADggEBADxTy1cH6kZlywmQr0pUxaE0m8uDLZ7MhoHrkJc8
waul4dSeRP0S9Ds/n8xmQ2cwEUF5tcAKX3dGdajnhSErFCsnRK8ypL7DcOK3mTGu
UAKfMXK+HOA0rahagjsfXRk9fu4d7LPzRSS6DcwNrD7YOq+yl8vHjNGoOkThEjqw
fqXv8aYgb+VpIJFacOoa4DL2IKdJmtXRv+AacEYEG1W5/YfpZlf3HdF67d+LBg1f
y0F5JKrrlXLTDSw3jq6ncCUCvOSitbdXsq5prBdo1izgRvlciYRmq/bNKnbKamYT
X5c6E94nmPIbe/ZA/LVFLhhbGlIABKkpDhe7MOwuN7hfDi4=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:24:28 2025 by rpki-client