Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/iqCU6jBc6wOTUXISk5SrsW1OgIY.roa
File: iqCU6jBc6wOTUXISk5SrsW1OgIY.roa (raw, json)
Hash identifier: Z2ZEc5rkgmehEYBvFVOCuUXVw+EG6fWkyE4pCYhxbJk=
Subject key identifier: 8A:A0:94:EA:30:5C:EB:03:93:51:72:12:93:94:AB:B1:6D:4E:80:86
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018CC64B2C809B20062EC7775D169FF6E2FE
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/iqCU6jBc6wOTUXISk5SrsW1OgIY.roa
Signing time: Mon 01 Jan 2024 18:31:04 +0000
ROA not before: Mon 01 Jan 2024 18:31:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 216414
IP address blocks: 2a12:f8c2:1000::/40 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:2c:80:9b:20:06:2e:c7:77:5d:16:9f:f6:e2:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 1 18:31:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8aa094ea305ceb03935172129394abb16d4e8086
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:95:63:a4:4c:1c:2e:61:92:c3:8a:e2:5e:3f:
a4:c4:25:4e:4c:36:38:40:fd:1b:60:5f:21:ae:0e:
8a:38:7d:cb:2d:54:5a:78:2c:4c:d9:df:2e:8a:26:
49:f8:52:6e:a1:68:0a:82:e7:cf:78:aa:1a:34:4f:
d5:1b:ca:03:61:71:c4:b6:a6:54:58:d9:94:35:29:
6c:a6:6d:f5:d0:72:e5:69:73:b6:e1:5c:71:4b:f7:
a6:3e:25:8d:84:92:2e:cf:43:2d:b3:39:db:c7:a3:
7e:07:6e:30:f2:63:26:3f:88:1e:e1:cd:09:08:02:
0a:66:3c:ab:e6:30:92:da:e4:08:56:aa:00:f2:59:
53:3f:50:ce:46:e0:0c:78:3d:40:e0:98:6c:9e:0b:
b3:53:fc:f9:dd:0f:8c:f1:3f:0e:11:66:62:47:3d:
ca:b8:94:20:91:39:cc:ea:94:3f:98:dd:07:a5:4e:
c3:37:a1:e4:06:f3:c3:aa:36:47:dd:34:3d:36:93:
2a:66:78:bc:f9:06:5a:05:7e:c8:46:8d:fc:d4:d9:
f0:0f:69:54:3e:34:0d:32:e9:f0:43:06:c0:b6:8c:
4a:50:c0:f2:c3:7b:b2:d8:a5:1c:d8:3c:1c:87:42:
f5:85:58:88:18:c5:f8:79:0b:c8:5d:df:b7:6f:0e:
5c:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:A0:94:EA:30:5C:EB:03:93:51:72:12:93:94:AB:B1:6D:4E:80:86
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/iqCU6jBc6wOTUXISk5SrsW1OgIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c2:1000::/40
Signature Algorithm: sha256WithRSAEncryption
97:f4:1d:0d:a0:79:78:47:eb:54:d5:8f:75:a1:00:93:f6:d4:
27:4c:b6:b5:aa:b7:a8:16:fa:e5:1b:9e:62:a2:65:d2:7e:f1:
32:43:21:de:59:5f:e9:4b:8a:bd:22:28:d5:cc:d9:5b:62:51:
ac:83:2f:c3:f6:38:63:ee:5c:69:70:94:99:a2:db:52:b9:ee:
c3:11:71:75:19:06:a9:ce:de:b5:39:65:3e:9e:b4:5f:e9:40:
e8:af:68:b2:78:9a:3b:dc:8e:c1:14:3b:75:ee:e8:d3:03:6f:
61:a3:0e:0b:6a:47:a4:3a:a4:cc:3f:2c:10:ad:97:78:52:bb:
a6:2a:c4:ca:de:d6:7d:1f:ed:14:ff:3e:dc:dd:60:e3:ff:a7:
0b:79:97:60:51:f8:84:34:a4:8a:01:2c:8b:f4:db:1d:fb:5d:
bf:ae:a5:26:2b:9d:cf:5a:48:45:8f:ee:04:b9:7f:0c:2d:78:
92:8c:06:7e:35:98:c1:86:67:b1:cb:46:df:86:2e:0b:70:f0:
f1:06:6d:d8:dd:57:ae:86:0d:28:57:e0:80:2e:e4:e4:21:99:
d2:37:20:a7:06:0d:59:4f:bb:41:12:db:dd:9d:fd:5c:cf:e1:
69:f4:e3:92:1b:2a:b7:ca:30:d5:5e:4f:66:9f:10:b7:f5:79:
60:11:a7:8f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSyyAmyAGLsd3XRaf9uL+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWEwOTRlYTMwNWNlYjAzOTM1MTcyMTI5Mzk0YWJiMTZkNGU4MDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25VjpEwcLmGSw4riXj+kxCVOTDY4
QP0bYF8hrg6KOH3LLVRaeCxM2d8uiiZJ+FJuoWgKgufPeKoaNE/VG8oDYXHEtqZU
WNmUNSlspm310HLlaXO24VxxS/emPiWNhJIuz0Mtsznbx6N+B24w8mMmP4ge4c0J
CAIKZjyr5jCS2uQIVqoA8llTP1DORuAMeD1A4JhsnguzU/z53Q+M8T8OEWZiRz3K
uJQgkTnM6pQ/mN0HpU7DN6HkBvPDqjZH3TQ9NpMqZni8+QZaBX7IRo381NnwD2lU
PjQNMunwQwbAtoxKUMDyw3uy2KUc2Dwch0L1hViIGMX4eQvIXd+3bw5cTQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIqglOowXOsDk1FyEpOUq7FtToCGMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvaXFDVTZqQmM2d09UVVhJU2s1U3JzVzFPZ0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhL4whAw
DQYJKoZIhvcNAQELBQADggEBAJf0HQ2geXhH61TVj3WhAJP21CdMtrWqt6gW+uUb
nmKiZdJ+8TJDId5ZX+lLir0iKNXM2VtiUayDL8P2OGPuXGlwlJmi21K57sMRcXUZ
BqnO3rU5ZT6etF/pQOivaLJ4mjvcjsEUO3Xu6NMDb2GjDgtqR6Q6pMw/LBCtl3hS
u6YqxMre1n0f7RT/PtzdYOP/pwt5l2BR+IQ0pIoBLIv02x37Xb+upSYrnc9aSEWP
7gS5fwwteJKMBn41mMGGZ7HLRt+GLgtw8PEGbdjdV66GDShX4IAu5OQhmdI3IKcG
DVlPu0ES292d/VzP4Wn045IbKrfKMNVeT2afELf1eWARp48=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:02 2024 by rpki-client on console-fra.rpki-client.org