Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/rwHoQGT2u28XmhPIQdt5_57QSHY.roa
File: rwHoQGT2u28XmhPIQdt5_57QSHY.roa (raw, json)
Hash identifier: NW/uNZCBpBGytKY99ecSfpOfyDh2yTgY2nd3k25A9iQ=
Subject key identifier: AF:01:E8:40:64:F6:BB:6F:17:9A:13:C8:41:DB:79:FF:9E:D0:48:76
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018B094D9F403D4F4AEE218B5C84C007FA49
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/rwHoQGT2u28XmhPIQdt5_57QSHY.roa
Signing time: Sat 07 Oct 2023 08:42:43 +0000
ROA not before: Sat 07 Oct 2023 08:42:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60445
IP address blocks: 2a12:f8c1:100::/40 maxlen: 40
2a12:f8c3:2000::/36 maxlen: 36
2a12:f8c2:300::/40 maxlen: 40
2a12:f8c2:400::/40 maxlen: 40
2a12:f8c2:500::/40 maxlen: 40
2a12:f8c2:600::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:09:4d:9f:40:3d:4f:4a:ee:21:8b:5c:84:c0:07:fa:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Oct 7 08:42:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=af01e84064f6bb6f179a13c841db79ff9ed04876
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:fc:7d:b5:13:a0:bf:36:8b:34:a5:79:47:6c:
ec:16:56:c6:b7:e6:53:75:b5:0d:ad:bb:e6:85:4d:
f9:bd:8d:3a:09:d7:c4:8a:ea:98:a3:79:72:62:59:
22:00:d2:a9:34:94:41:e6:16:31:83:47:80:b4:a7:
f9:71:11:f6:3c:66:3d:cd:20:51:00:e5:00:76:9a:
d4:71:a3:5f:3d:ea:af:46:5e:f5:e4:d8:4c:45:57:
21:9b:a0:62:d7:f1:1b:ae:4c:b9:fd:63:fc:84:c1:
f3:67:ee:95:43:d2:4e:15:cc:1c:eb:ca:a3:3a:39:
b3:93:f5:fc:d8:a4:21:3e:8c:54:0b:75:85:03:a7:
e7:81:8b:69:47:e1:86:c5:4d:b8:c3:60:9f:d9:7a:
71:cd:3a:89:69:fe:57:6b:9a:0b:07:15:2e:d3:a5:
37:c6:6f:f7:41:45:14:4f:91:11:70:d8:55:7f:aa:
7c:0b:21:95:09:c0:a5:26:28:0e:f4:f1:4c:78:35:
eb:26:ed:6d:05:af:1c:42:3b:f0:03:aa:2c:1c:12:
27:a6:8e:6e:ec:be:cc:4f:1a:ce:8e:ff:bd:ae:25:
ba:a8:ef:bc:ca:72:ad:ed:92:f1:dd:2e:39:05:26:
06:c6:90:20:7b:de:b0:56:51:2c:1e:6a:54:1f:1f:
93:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:01:E8:40:64:F6:BB:6F:17:9A:13:C8:41:DB:79:FF:9E:D0:48:76
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/rwHoQGT2u28XmhPIQdt5_57QSHY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:100::/40
2a12:f8c2:300::-2a12:f8c2:6ff:ffff:ffff:ffff:ffff:ffff
2a12:f8c3:2000::/36
Signature Algorithm: sha256WithRSAEncryption
0f:89:46:ea:b2:52:34:db:48:c1:59:b0:9e:53:fa:71:b0:0d:
79:d8:21:29:87:6d:a6:2f:b0:67:fa:df:67:7c:26:86:4d:51:
0a:f2:a7:a7:86:0d:ca:98:7d:9f:fd:35:95:ea:f4:00:71:30:
14:28:e0:5f:ce:26:50:96:6d:84:20:90:29:ae:b1:94:7e:15:
fb:2d:38:6a:3a:5b:e7:d9:74:a0:16:06:62:28:35:a6:c3:38:
da:92:02:5b:5e:bb:aa:86:5c:1e:f2:32:66:ce:24:fd:15:1b:
08:3e:c7:33:00:a6:cc:13:ce:28:fc:26:b9:12:52:3c:b6:d8:
8e:a0:c2:83:59:29:b9:bc:b2:70:6d:41:d2:54:2f:0d:0f:c2:
dd:19:18:ec:8a:94:40:38:53:52:47:ec:84:3c:e6:0b:b0:e0:
0a:42:63:c9:cd:d9:af:13:1f:1d:4d:ee:b9:54:0b:61:76:9c:
6d:c4:77:b8:57:8b:53:1b:81:96:e9:73:67:69:a6:68:2c:c5:
25:eb:b6:f5:32:69:e7:83:04:c6:5d:45:57:2d:03:50:b7:7a:
a3:cd:62:92:00:9b:55:eb:75:ef:e6:37:4a:90:a7:60:3a:6e:
05:88:55:cd:f2:7c:2c:5f:cc:ae:6e:09:e0:97:a5:c6:53:e9:
f1:14:95:6c
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYsJTZ9APU9K7iGLXITAB/pJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMxMDA3MDg0MjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjAxZTg0MDY0ZjZiYjZmMTc5YTEzYzg0MWRiNzlmZjllZDA0ODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPx9tROgvzaLNKV5R2zsFlbGt+ZT
dbUNrbvmhU35vY06CdfEiuqYo3lyYlkiANKpNJRB5hYxg0eAtKf5cRH2PGY9zSBR
AOUAdprUcaNfPeqvRl715NhMRVchm6Bi1/Ebrky5/WP8hMHzZ+6VQ9JOFcwc68qj
Ojmzk/X82KQhPoxUC3WFA6fngYtpR+GGxU24w2Cf2XpxzTqJaf5Xa5oLBxUu06U3
xm/3QUUUT5ERcNhVf6p8CyGVCcClJigO9PFMeDXrJu1tBa8cQjvwA6osHBInpo5u
7L7MTxrOjv+9riW6qO+8ynKt7ZLx3S45BSYGxpAge96wVlEsHmpUHx+TvQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFK8B6EBk9rtvF5oTyEHbef+e0Eh2MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvcndIb1FHVDJ1MjhYbWhQSVFkdDVfNTdRU0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAAjAiAwYAKhL4wQEw
EAMGACoS+MIDAwYAKhL4wgYDBgQqEvjDIDANBgkqhkiG9w0BAQsFAAOCAQEAD4lG
6rJSNNtIwVmwnlP6cbANedghKYdtpi+wZ/rfZ3wmhk1RCvKnp4YNyph9n/01ler0
AHEwFCjgX84mUJZthCCQKa6xlH4V+y04ajpb59l0oBYGYig1psM42pICW167qoZc
HvIyZs4k/RUbCD7HMwCmzBPOKPwmuRJSPLbYjqDCg1kpubyycG1B0lQvDQ/C3RkY
7IqUQDhTUkfshDzmC7DgCkJjyc3ZrxMfHU3uuVQLYXacbcR3uFeLUxuBlulzZ2mm
aCzFJeu29TJp54MExl1FVy0DULd6o81ikgCbVet17+Y3SpCnYDpuBYhVzfJ8LF/M
rm4J4JelxlPp8RSVbA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:55 2024 by rpki-client on console-ams.rpki-client.org