Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/zCkrMzyAUmwF_w6glEPF_ovCXfU.roa
File: zCkrMzyAUmwF_w6glEPF_ovCXfU.roa (raw, json)
Hash identifier: BB/+0LIFEOER5NXX9kw4BFEVISqsp2/4dQS5h4nGjFQ=
Subject key identifier: CC:29:2B:33:3C:80:52:6C:05:FF:0E:A0:94:43:C5:FE:8B:C2:5D:F5
Certificate issuer: /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial: 018CC64B24CEC7F33B7434780187069E8D75
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/zCkrMzyAUmwF_w6glEPF_ovCXfU.roa
Signing time: Mon 01 Jan 2024 18:31:02 +0000
ROA not before: Mon 01 Jan 2024 18:31:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60445
IP address blocks: 2a12:f8c1:100::/40 maxlen: 40
2a12:f8c3:2000::/36 maxlen: 36
2a12:f8c2:600::/40 maxlen: 40
2a12:f8c2:500::/40 maxlen: 40
2a12:f8c2:400::/40 maxlen: 40
2a12:f8c2:300::/40 maxlen: 40
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:24:ce:c7:f3:3b:74:34:78:01:87:06:9e:8d:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Validity
Not Before: Jan 1 18:31:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cc292b333c80526c05ff0ea09443c5fe8bc25df5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:25:a5:e4:46:43:31:fe:70:dd:a2:86:5d:82:
70:02:9f:fa:90:dc:bc:0d:aa:a7:35:6e:6b:9b:52:
dc:74:4b:6c:e1:20:0a:e2:14:d0:d9:fe:90:80:e0:
0b:52:27:31:df:5d:ed:a6:10:9e:25:fb:9c:bd:73:
39:57:84:49:95:af:78:4e:f0:3c:30:6d:55:e7:8b:
c5:d8:9f:76:b7:cd:8a:7e:7c:53:6e:08:3b:af:de:
ce:92:ed:35:8b:ab:f1:33:ff:3d:2e:56:3f:8c:a7:
a3:a8:c3:06:a9:7d:33:b4:17:24:e0:f8:1c:7a:ea:
a9:f8:7d:a1:df:ab:f6:e6:d7:c8:be:a5:cf:a3:52:
39:b3:21:70:eb:93:1d:3e:5a:9b:9f:ed:a2:dd:f1:
6e:fd:2f:cc:cb:c0:3e:f7:97:91:f1:94:bf:1d:87:
c9:1f:c6:08:d3:37:48:fb:b7:e3:18:0b:be:a3:fc:
17:4f:2b:d2:45:f7:5c:11:a5:44:4b:26:fd:4f:82:
fe:5b:04:88:a7:44:e4:65:d7:02:20:59:32:65:5b:
f9:c0:2c:14:cc:fe:a6:2c:b0:ba:3b:29:c5:6b:5a:
15:87:a0:83:f9:02:95:8d:2c:2d:19:9b:19:49:94:
bd:75:3c:30:86:81:c2:42:a1:c9:df:cc:af:82:58:
26:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:29:2B:33:3C:80:52:6C:05:FF:0E:A0:94:43:C5:FE:8B:C2:5D:F5
X509v3 Authority Key Identifier:
keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/zCkrMzyAUmwF_w6glEPF_ovCXfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f8c1:100::/40
2a12:f8c2:300::-2a12:f8c2:6ff:ffff:ffff:ffff:ffff:ffff
2a12:f8c3:2000::/36
Signature Algorithm: sha256WithRSAEncryption
2d:b6:b7:49:f0:be:09:6e:67:bf:3d:5f:f8:c6:87:c0:77:77:
14:31:7d:ae:5f:f8:40:ba:9d:98:f9:7e:50:2e:5b:2b:a5:3f:
43:23:42:b9:3d:be:e4:45:cd:80:98:d2:c7:55:11:bd:50:a2:
6f:47:9a:cf:70:70:c6:60:95:d8:52:98:09:d0:4d:3e:79:27:
9b:8c:27:df:6a:fa:7f:e1:4d:f5:e8:83:c6:08:5a:cd:d4:cf:
ef:ff:d6:6c:96:6a:1a:e4:c0:5f:92:c8:f8:61:98:88:0b:71:
27:d7:8e:fe:c2:ee:db:19:9c:13:b1:31:c4:21:db:e2:16:5e:
1f:76:aa:34:bd:13:d1:da:45:ac:b0:99:e8:f5:96:60:9d:ca:
c5:f3:58:0f:a5:40:53:a7:cf:0c:03:ae:80:16:47:b2:08:bc:
c7:bb:19:89:e0:44:82:5b:fb:4e:10:53:a4:b3:e3:7c:52:d8:
a1:fe:fe:0e:46:c8:d3:56:e9:4b:43:d5:a1:7a:a4:b4:71:d8:
cd:fa:7e:2a:11:db:f3:38:1c:7c:1c:70:96:64:a1:8f:ef:3c:
55:bf:25:c8:5c:6b:0c:6a:fc:0a:a5:75:c8:91:bf:fa:03:4b:
c5:6b:99:32:4f:27:ea:68:a3:40:2b:c9:fc:64:4a:19:db:f3:
61:31:04:a6
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzGSyTOx/M7dDR4AYcGno11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzI5MmIzMzNjODA1MjZjMDVmZjBlYTA5NDQzYzVmZThiYzI1ZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSWl5EZDMf5w3aKGXYJwAp/6kNy8
DaqnNW5rm1LcdEts4SAK4hTQ2f6QgOALUicx313tphCeJfucvXM5V4RJla94TvA8
MG1V54vF2J92t82KfnxTbgg7r97Oku01i6vxM/89LlY/jKejqMMGqX0ztBck4Pgc
euqp+H2h36v25tfIvqXPo1I5syFw65MdPlqbn+2i3fFu/S/My8A+95eR8ZS/HYfJ
H8YI0zdI+7fjGAu+o/wXTyvSRfdcEaVESyb9T4L+WwSIp0TkZdcCIFkyZVv5wCwU
zP6mLLC6OynFa1oVh6CD+QKVjSwtGZsZSZS9dTwwhoHCQqHJ38yvglgm/wIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFMwpKzM8gFJsBf8OoJRDxf6Lwl31MB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvekNrck16eUFVbXdGX3c2Z2xFUEZfb3ZDWGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAAjAiAwYAKhL4wQEw
EAMGACoS+MIDAwYAKhL4wgYDBgQqEvjDIDANBgkqhkiG9w0BAQsFAAOCAQEALba3
SfC+CW5nvz1f+MaHwHd3FDF9rl/4QLqdmPl+UC5bK6U/QyNCuT2+5EXNgJjSx1UR
vVCib0eaz3BwxmCV2FKYCdBNPnknm4wn32r6f+FN9eiDxghazdTP7//WbJZqGuTA
X5LI+GGYiAtxJ9eO/sLu2xmcE7ExxCHb4hZeH3aqNL0T0dpFrLCZ6PWWYJ3KxfNY
D6VAU6fPDAOugBZHsgi8x7sZieBEglv7ThBTpLPjfFLYof7+DkbI01bpS0PVoXqk
tHHYzfp+KhHb8zgcfBxwlmShj+88Vb8lyFxrDGr8CqV1yJG/+gNLxWuZMk8n6mij
QCvJ/GRKGdvzYTEEpg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:55 2024 by rpki-client on console-ams.rpki-client.org