Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/lg2I33SRt8z6iE9fzn0aaDC9yvw.roa
File: lg2I33SRt8z6iE9fzn0aaDC9yvw.roa (raw, json)
Hash identifier: rTBivmKmFQXQA+mnxNJtgvcB2yMjz3vazFQq8+zYPO0=
Subject key identifier: 96:0D:88:DF:74:91:B7:CC:FA:88:4F:5F:CE:7D:1A:68:30:BD:CA:FC
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018CC64B269CCD015476BFC4C943646B8C7A
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/lg2I33SRt8z6iE9fzn0aaDC9yvw.roa
Signing time: Mon 01 Jan 2024 18:31:02 +0000
ROA not before: Mon 01 Jan 2024 18:31:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 148996
IP address blocks: 2a12:f8c2:200::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:26:9c:cd:01:54:76:bf:c4:c9:43:64:6b:8c:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 1 18:31:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=960d88df7491b7ccfa884f5fce7d1a6830bdcafc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:2c:a0:25:f0:fa:eb:99:6f:2f:04:7d:18:20:
d7:02:a7:45:68:9c:28:bd:9a:93:fe:4c:ed:ac:14:
15:ce:bd:b7:3f:d6:9d:50:21:88:7f:e2:df:03:91:
a4:87:aa:2e:8a:a1:02:e7:c5:61:0d:b8:c8:72:3d:
cf:3e:0f:43:05:93:38:b3:9c:21:ab:fb:91:f5:1c:
32:23:d3:a7:e1:f0:c3:0e:5e:12:c7:03:f3:e4:e6:
81:f2:81:94:b0:0e:99:5b:fd:17:4e:73:59:f4:ad:
c3:8f:d8:25:09:3e:0a:c8:23:8e:0a:9f:c5:c3:28:
01:23:1c:14:ba:f5:a5:5c:1d:65:bf:c5:c7:8b:e5:
87:4f:b4:03:b0:f6:d5:00:88:11:93:36:6f:f8:7d:
21:5d:43:13:6a:61:99:7d:ac:35:ce:14:5a:df:98:
66:d9:59:ad:48:68:d3:a4:9f:dd:42:05:00:c2:77:
fd:7b:18:d0:ae:9a:ef:ae:5a:b6:31:14:ad:69:88:
8c:c0:1a:ad:fc:6e:91:3f:5b:1c:bc:2f:32:03:d3:
19:bf:75:fe:a5:30:9e:f1:ca:ce:18:ae:d0:5f:58:
7c:d3:63:86:2e:51:6d:2c:05:85:6e:1e:bf:44:e8:
ce:41:d5:59:dd:19:a0:7a:2f:34:20:76:62:25:4d:
92:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:0D:88:DF:74:91:B7:CC:FA:88:4F:5F:CE:7D:1A:68:30:BD:CA:FC
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/lg2I33SRt8z6iE9fzn0aaDC9yvw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c2:200::/40
Signature Algorithm: sha256WithRSAEncryption
17:fe:71:18:f6:2d:f8:67:2d:20:89:81:74:15:d0:ae:29:77:
4c:b6:74:fe:7a:de:e2:7e:1f:1d:c5:d7:29:9f:ad:f7:ff:d8:
65:1d:22:4a:09:bf:2a:a1:58:0e:00:53:85:b8:7d:06:4a:28:
50:d7:1f:f4:5b:38:02:ef:00:cc:94:9c:92:dd:1f:dd:c6:3d:
c3:7d:c3:f8:a4:ac:73:ab:51:91:7d:ad:50:a6:cf:7b:9f:9e:
dd:69:07:bd:3f:b4:19:29:c5:eb:a6:ed:b5:b3:d6:59:1f:c5:
f4:70:f3:c8:72:44:c0:e9:d4:ef:a2:4e:de:57:a5:92:1d:c5:
c0:f2:f8:c9:7f:b3:e3:de:e0:2f:b4:cc:1a:c0:44:23:5d:81:
1b:45:20:40:24:a8:15:34:0b:fb:3a:5f:1e:4b:52:f1:3c:c5:
1e:80:d3:7f:67:1a:3b:1a:d2:d6:63:b7:66:85:68:8d:16:33:
90:2d:34:f2:74:26:95:dd:af:36:bd:33:27:71:ff:34:1a:15:
c7:14:3c:5f:a5:bc:9c:98:a6:15:d3:f5:fd:62:02:d8:dd:9e:
8f:ea:f7:a4:d1:5f:98:2c:14:d5:5a:1d:20:5f:86:4f:5a:df:
d0:0d:59:bc:d3:11:28:53:ec:1b:dc:86:1c:40:f8:e0:a0:ad:
6c:a8:23:fe
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGSyaczQFUdr/EyUNka4x6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjBkODhkZjc0OTFiN2NjZmE4ODRmNWZjZTdkMWE2ODMwYmRjYWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCygJfD665lvLwR9GCDXAqdFaJwo
vZqT/kztrBQVzr23P9adUCGIf+LfA5Gkh6ouiqEC58VhDbjIcj3PPg9DBZM4s5wh
q/uR9RwyI9On4fDDDl4SxwPz5OaB8oGUsA6ZW/0XTnNZ9K3Dj9glCT4KyCOOCp/F
wygBIxwUuvWlXB1lv8XHi+WHT7QDsPbVAIgRkzZv+H0hXUMTamGZfaw1zhRa35hm
2VmtSGjTpJ/dQgUAwnf9exjQrprvrlq2MRStaYiMwBqt/G6RP1scvC8yA9MZv3X+
pTCe8crOGK7QX1h802OGLlFtLAWFbh6/ROjOQdVZ3Rmgei80IHZiJU2SYwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJYNiN90kbfM+ohPX859Gmgwvcr8MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvbGcySTMzU1J0OHo2aUU5ZnpuMGFhREM5eXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhL4wgIw
DQYJKoZIhvcNAQELBQADggEBABf+cRj2LfhnLSCJgXQV0K4pd0y2dP563uJ+Hx3F
1ymfrff/2GUdIkoJvyqhWA4AU4W4fQZKKFDXH/RbOALvAMyUnJLdH93GPcN9w/ik
rHOrUZF9rVCmz3ufnt1pB70/tBkpxeum7bWz1lkfxfRw88hyRMDp1O+iTt5XpZId
xcDy+Ml/s+Pe4C+0zBrARCNdgRtFIEAkqBU0C/s6Xx5LUvE8xR6A039nGjsa0tZj
t2aFaI0WM5AtNPJ0JpXdrza9Mydx/zQaFccUPF+lvJyYphXT9f1iAtjdno/q96TR
X5gsFNVaHSBfhk9a39ANWbzTEShT7BvchhxA+OCgrWyoI/4=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:40:16 2025 by rpki-client