Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/yiRuh3zQ7HFqiSr6UxI5w_I8tEQ.roa
File: yiRuh3zQ7HFqiSr6UxI5w_I8tEQ.roa (raw, json)
Hash identifier: LnXkdRy/GOUTNBVokARKmuhD+mraOlR5KIwj5oL9EwA=
Subject key identifier: CA:24:6E:87:7C:D0:EC:71:6A:89:2A:FA:53:12:39:C3:F2:3C:B4:44
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 0188A3ED35D954072BCCFC4F3B29C22A0E9A
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/yiRuh3zQ7HFqiSr6UxI5w_I8tEQ.roa
Signing time: Sat 10 Jun 2023 06:10:11 +0000
ROA not before: Sat 10 Jun 2023 06:10:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 150298
IP address blocks: 2a12:f8c1:200::/40 maxlen: 40
2a12:f8c3:3000::/36 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:a3:ed:35:d9:54:07:2b:cc:fc:4f:3b:29:c2:2a:0e:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jun 10 06:10:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ca246e877cd0ec716a892afa531239c3f23cb444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:e2:53:e2:3c:61:bf:ef:56:cd:9c:47:d7:df:
23:47:07:b4:c0:3d:77:7b:58:5e:5b:da:9c:9e:c8:
16:98:36:ac:8b:94:ab:3f:d5:c9:1f:92:70:1c:f5:
14:94:b8:c0:9e:e4:12:34:07:24:d7:3b:6b:f8:d6:
e1:8c:c8:15:3a:f0:c9:33:d0:35:5e:54:be:d2:16:
14:1c:63:86:3e:4b:ee:00:fa:96:ae:cb:9f:b5:e4:
14:ea:41:dc:4b:15:7a:8b:74:3a:c0:aa:35:4d:fc:
e7:2b:47:1e:be:05:a9:7c:cf:63:4f:db:19:36:d7:
23:69:7f:20:03:4f:aa:31:b7:91:90:53:50:ae:7a:
3a:39:d0:6f:a2:98:97:7b:96:8e:4f:f9:34:70:40:
76:24:90:5b:2a:c9:28:ea:5e:61:c1:94:05:df:a2:
8e:a4:46:06:1d:c6:5b:50:9e:9e:9a:3c:00:e7:04:
5e:2a:b7:93:37:64:1a:23:d9:cc:1f:6e:97:5d:74:
86:65:25:f0:5a:00:34:bf:8f:12:9d:62:64:d3:08:
d7:b0:cd:95:f4:59:91:23:41:2a:b1:b2:a3:e8:c3:
21:73:45:aa:a8:e3:8b:f5:b6:ad:41:d7:fd:8a:19:
a0:23:e5:8f:36:e7:21:cf:21:bd:0e:b3:f1:cd:4e:
db:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:24:6E:87:7C:D0:EC:71:6A:89:2A:FA:53:12:39:C3:F2:3C:B4:44
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/yiRuh3zQ7HFqiSr6UxI5w_I8tEQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:200::/40
2a12:f8c3:3000::/36
Signature Algorithm: sha256WithRSAEncryption
57:64:b2:21:2f:ad:7b:bf:f8:bf:1b:c3:8d:46:1a:b6:c0:4b:
c9:f7:84:46:15:09:89:40:64:1e:20:70:2a:63:94:55:a0:f2:
06:c0:29:ac:1b:80:8d:9e:4f:84:ad:a1:43:48:3b:d1:32:c8:
b4:13:67:44:cb:13:74:d0:63:df:80:10:f3:dd:ee:33:67:85:
7e:d2:b6:fc:b3:67:26:4c:c2:a9:e4:1f:cd:73:72:3d:f3:c5:
19:15:a2:05:df:10:18:82:db:04:45:fe:87:98:69:0c:5a:7f:
00:c9:12:4d:b9:4e:a6:bf:9c:0e:50:ad:c5:cc:77:99:40:c6:
80:4c:c4:41:f4:be:09:20:5e:4f:32:63:be:11:77:c9:d7:a2:
e6:73:25:34:c9:27:95:70:23:5a:0f:7d:28:5e:40:70:cc:30:
56:5a:d3:2a:1a:c2:8a:00:78:6a:d2:8c:e3:42:b3:d0:d4:93:
2b:e2:30:c5:f8:e2:55:17:20:5f:18:48:6b:ce:d7:57:fb:b7:
0a:7f:42:4f:b4:1e:de:cf:cf:a5:d0:0c:26:a9:3f:38:8a:16:
67:49:7d:8e:8c:b1:4d:56:c0:dd:15:69:9e:9c:96:67:fe:cf:
67:a8:95:8c:d8:09:f1:8b:85:3c:68:37:1c:65:a1:5d:fc:dc:
e5:3f:9d:8b
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYij7TXZVAcrzPxPOynCKg6aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjMwNjEwMDYxMDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTI0NmU4NzdjZDBlYzcxNmE4OTJhZmE1MzEyMzljM2YyM2NiNDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+JT4jxhv+9WzZxH198jRwe0wD13
e1heW9qcnsgWmDasi5SrP9XJH5JwHPUUlLjAnuQSNAck1ztr+NbhjMgVOvDJM9A1
XlS+0hYUHGOGPkvuAPqWrsufteQU6kHcSxV6i3Q6wKo1TfznK0cevgWpfM9jT9sZ
NtcjaX8gA0+qMbeRkFNQrno6OdBvopiXe5aOT/k0cEB2JJBbKsko6l5hwZQF36KO
pEYGHcZbUJ6emjwA5wReKreTN2QaI9nMH26XXXSGZSXwWgA0v48SnWJk0wjXsM2V
9FmRI0EqsbKj6MMhc0WqqOOL9batQdf9ihmgI+WPNuchzyG9DrPxzU7b4wIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFMokbod80Oxxaokq+lMSOcPyPLREMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEveWlSdWgzelE3SEZxaVNyNlV4STV3X0k4dEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhL4wQID
BgQqEvjDMDANBgkqhkiG9w0BAQsFAAOCAQEAV2SyIS+te7/4vxvDjUYatsBLyfeE
RhUJiUBkHiBwKmOUVaDyBsAprBuAjZ5PhK2hQ0g70TLItBNnRMsTdNBj34AQ893u
M2eFftK2/LNnJkzCqeQfzXNyPfPFGRWiBd8QGILbBEX+h5hpDFp/AMkSTblOpr+c
DlCtxcx3mUDGgEzEQfS+CSBeTzJjvhF3ydei5nMlNMknlXAjWg99KF5AcMwwVlrT
KhrCigB4atKM40Kz0NSTK+IwxfjiVRcgXxhIa87XV/u3Cn9CT7Qe3s/PpdAMJqk/
OIoWZ0l9joyxTVbA3RVpnpyWZ/7PZ6iVjNgJ8YuFPGg3HGWhXfzc5T+diw==
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:10:11 2025 by rpki-client