Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/tw_XtYwBgqjPfmUOOgEBzZdCqeQ.roa
File: tw_XtYwBgqjPfmUOOgEBzZdCqeQ.roa (raw, json)
Hash identifier: Vsr0vlBov95EKreCX7hxnf4hxk44br0gr3bJ+pQDyQE=
Subject key identifier: B7:0F:D7:B5:8C:01:82:A8:CF:7E:65:0E:3A:01:01:CD:97:42:A9:E4
Certificate issuer: /CN=eefbe8369a7bbc03a86fbe639b7efaa02b717287
Certificate serial: 018CC5DC0B3D178DD87CF4BF82299940C0C7
Authority key identifier: EE:FB:E8:36:9A:7B:BC:03:A8:6F:BE:63:9B:7E:FA:A0:2B:71:72:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7vvoNpp7vAOob75jm376oCtxcoc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/tw_XtYwBgqjPfmUOOgEBzZdCqeQ.roa
Signing time: Mon 01 Jan 2024 16:29:41 +0000
ROA not before: Mon 01 Jan 2024 16:29:41 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204363
IP address blocks: 2a0f:6287::/44 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:0b:3d:17:8d:d8:7c:f4:bf:82:29:99:40:c0:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eefbe8369a7bbc03a86fbe639b7efaa02b717287
Validity
Not Before: Jan 1 16:29:41 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b70fd7b58c0182a8cf7e650e3a0101cd9742a9e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:26:b8:a7:56:f2:02:ec:b7:39:de:44:b6:9a:
b9:1e:c5:87:d4:fb:98:f4:90:42:1a:ce:25:89:c7:
6d:19:c8:ad:7a:c9:5d:38:6d:2c:3c:97:7e:86:30:
86:f8:b6:63:a7:1d:7b:46:6c:8f:c3:95:a8:22:f8:
69:f2:f4:9f:40:10:a4:70:32:de:30:36:cc:4b:70:
f9:5c:c6:d4:e3:23:10:3f:71:5d:bd:29:22:d1:43:
d7:05:5c:8b:6f:da:d9:c4:a6:a5:f4:90:f4:79:cb:
9e:19:2f:7d:7a:b7:76:af:6e:88:46:bc:9f:d1:2c:
23:aa:af:71:2f:57:55:42:fe:9b:15:29:53:7a:be:
3d:2f:5d:23:3e:8c:ec:17:92:ac:84:bc:b4:3a:23:
68:62:10:2e:1f:73:ac:03:55:f0:af:12:aa:8b:2e:
21:03:4a:8e:f7:fe:19:e9:cd:46:05:6e:be:be:db:
2b:6d:9a:dc:9b:6c:db:93:f2:a8:3f:a5:1d:61:a4:
5b:00:25:b2:1e:ef:23:15:0e:16:97:04:8b:e2:79:
ab:c9:36:5f:08:aa:eb:06:bb:a9:fc:91:7a:dd:c2:
65:bb:6a:91:e2:2b:c9:57:e6:cc:e8:93:5b:3c:cb:
77:42:82:fb:31:13:41:a8:93:c9:0f:d8:a3:76:00:
97:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:0F:D7:B5:8C:01:82:A8:CF:7E:65:0E:3A:01:01:CD:97:42:A9:E4
X509v3 Authority Key Identifier:
keyid:EE:FB:E8:36:9A:7B:BC:03:A8:6F:BE:63:9B:7E:FA:A0:2B:71:72:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7vvoNpp7vAOob75jm376oCtxcoc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/tw_XtYwBgqjPfmUOOgEBzZdCqeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/7vvoNpp7vAOob75jm376oCtxcoc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:6287::/44
Signature Algorithm: sha256WithRSAEncryption
07:e2:52:52:92:d8:0a:a6:38:4b:55:94:4a:a3:2c:ad:19:96:
b0:ab:55:27:1e:ca:4f:b3:82:1f:68:6c:e4:d6:12:49:9a:11:
62:0a:76:1a:4b:b4:1e:50:f2:7b:83:fb:63:ab:49:f8:ee:7a:
9b:b2:2b:51:04:28:47:1b:69:f5:c8:db:8b:57:4c:84:a4:ac:
df:61:de:15:bd:ff:49:9c:0e:21:4f:a1:57:42:ef:c0:1d:80:
56:2d:f5:27:e4:d3:49:2c:d0:93:c4:c6:7c:89:ac:a0:e4:53:
9c:cf:c5:c3:ae:a2:4b:94:e6:70:44:82:79:e7:8e:53:22:d0:
67:c6:9c:24:43:23:4f:8a:01:4e:ce:38:1b:1e:23:69:9e:32:
b9:d1:d8:07:78:dc:c6:07:cc:a4:45:46:b1:82:43:d1:8e:06:
06:06:42:18:e9:fb:24:f3:d5:2b:8e:3a:53:78:ba:7d:11:97:
d0:1a:5c:2b:e6:3b:61:cc:e3:72:40:01:a8:4b:df:7d:0c:bd:
fa:7b:fd:39:50:26:20:64:34:2c:f2:cf:d7:96:9b:c1:6b:b2:
79:9d:82:ea:df:e9:99:8c:06:5e:7b:44:8b:e1:fb:09:ae:5b:
c4:c7:f1:6c:7c:dc:21:03:fb:fc:3c:cf:d5:2c:34:0d:70:03:
21:6d:85:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3As9F43YfPS/gimZQMDHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZmJlODM2OWE3YmJjMDNhODZmYmU2MzliN2VmYWEwMmI3
MTcyODcwHhcNMjQwMTAxMTYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzBmZDdiNThjMDE4MmE4Y2Y3ZTY1MGUzYTAxMDFjZDk3NDJhOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkia4p1byAuy3Od5Etpq5HsWH1PuY
9JBCGs4licdtGcitesldOG0sPJd+hjCG+LZjpx17RmyPw5WoIvhp8vSfQBCkcDLe
MDbMS3D5XMbU4yMQP3FdvSki0UPXBVyLb9rZxKal9JD0ecueGS99erd2r26IRryf
0Swjqq9xL1dVQv6bFSlTer49L10jPozsF5KshLy0OiNoYhAuH3OsA1XwrxKqiy4h
A0qO9/4Z6c1GBW6+vtsrbZrcm2zbk/KoP6UdYaRbACWyHu8jFQ4WlwSL4nmryTZf
CKrrBrup/JF63cJlu2qR4ivJV+bM6JNbPMt3QoL7MRNBqJPJD9ijdgCXGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLcP17WMAYKoz35lDjoBAc2XQqnkMB8GA1UdIwQY
MBaAFO776Daae7wDqG++Y5t++qArcXKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3Z2b05wcDd2QU9vYjc1am0zNzZvQ3R4Y29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xYmU5OTktNWE1OS00YzEwLTkyZmYt
ZGExYjU4NjE4ODQxLzEvdHdfWHRZd0JncWpQZm1VT09nRUJ6WmRDcWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xYmU5OTktNWE1OS00YzEwLTkyZmYtZGExYjU4NjE4ODQx
LzEvN3Z2b05wcDd2QU9vYjc1am0zNzZvQ3R4Y29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9ihwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAH4lJSktgKpjhLVZRKoyytGZawq1UnHspPs4If
aGzk1hJJmhFiCnYaS7QeUPJ7g/tjq0n47nqbsitRBChHG2n1yNuLV0yEpKzfYd4V
vf9JnA4hT6FXQu/AHYBWLfUn5NNJLNCTxMZ8iayg5FOcz8XDrqJLlOZwRIJ5545T
ItBnxpwkQyNPigFOzjgbHiNpnjK50dgHeNzGB8ykRUaxgkPRjgYGBkIY6fsk89Ur
jjpTeLp9EZfQGlwr5jthzONyQAGoS999DL36e/05UCYgZDQs8s/XlpvBa7J5nYLq
3+mZjAZee0SL4fsJrlvEx/FsfNwhA/v8PM/VLDQNcAMhbYUA
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:26:06 2025 by rpki-client