Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/dbf772-9396-4101-b3e8-43f9ab6734ec/1/JN1_lHM65jQjRAyxiQZpjhkJlKY.roa
File: JN1_lHM65jQjRAyxiQZpjhkJlKY.roa (raw, json)
Hash identifier: Bg8ffRtP4/xwiqWbMcOJyRE8JAzs0jbDodSY88bmGB0=
Subject key identifier: 24:DD:7F:94:73:3A:E6:34:23:44:0C:B1:89:06:69:8E:19:09:94:A6
Certificate issuer: /CN=b538c7295bcd474b829e4e47eebcb0e093ce523a
Certificate serial: 0185709513F36A6C65C4E417059E51316B4A
Authority key identifier: B5:38:C7:29:5B:CD:47:4B:82:9E:4E:47:EE:BC:B0:E0:93:CE:52:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tTjHKVvNR0uCnk5H7ryw4JPOUjo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/dbf772-9396-4101-b3e8-43f9ab6734ec/1/JN1_lHM65jQjRAyxiQZpjhkJlKY.roa
Signing time: Mon 02 Jan 2023 03:44:56 +0000
ROA not before: Mon 02 Jan 2023 03:44:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 133944
IP address blocks: 2a12:f180::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:95:13:f3:6a:6c:65:c4:e4:17:05:9e:51:31:6b:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b538c7295bcd474b829e4e47eebcb0e093ce523a
Validity
Not Before: Jan 2 03:44:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=24dd7f94733ae63423440cb18906698e190994a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:09:f9:27:ee:98:f1:03:b3:8a:c1:7c:7d:7a:
39:fa:fc:48:66:7d:7a:85:cc:7f:3c:84:0f:38:eb:
5f:79:33:86:f3:25:52:58:5f:64:83:96:b4:18:12:
d8:98:d6:6a:88:28:c1:37:ca:ba:29:16:5d:97:f7:
18:08:b2:a3:ea:68:3c:d9:5b:9a:3c:1b:97:48:a0:
57:5a:e5:77:f1:4d:15:14:f6:b5:8c:d8:29:49:3e:
19:b5:83:3b:86:40:87:4e:c7:55:d7:b7:9e:cd:9c:
4a:b2:3b:86:a1:3c:c0:3d:27:fc:a5:fa:2b:0b:2b:
6f:64:4f:f2:13:f2:ec:fe:75:88:85:9f:b1:3a:3d:
11:86:34:02:90:77:82:36:2e:fd:b2:5f:6c:46:8b:
46:ce:bb:e0:13:74:9d:bf:1c:62:77:3a:62:a3:e5:
df:d1:11:89:8b:4c:c3:e4:12:99:46:f5:13:75:00:
71:06:da:e2:90:87:70:a7:50:40:d3:4c:16:a1:70:
75:6b:3c:6a:68:0d:85:7f:c5:bd:53:4a:b0:eb:43:
3b:cb:dd:14:46:fe:6f:ec:18:75:95:79:74:85:9d:
44:7a:7c:8c:b3:4e:26:6c:73:86:41:92:96:81:05:
fe:4f:48:6b:3f:1c:b2:8f:56:60:b9:8c:1a:05:a6:
b6:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:DD:7F:94:73:3A:E6:34:23:44:0C:B1:89:06:69:8E:19:09:94:A6
X509v3 Authority Key Identifier:
keyid:B5:38:C7:29:5B:CD:47:4B:82:9E:4E:47:EE:BC:B0:E0:93:CE:52:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tTjHKVvNR0uCnk5H7ryw4JPOUjo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/dbf772-9396-4101-b3e8-43f9ab6734ec/1/JN1_lHM65jQjRAyxiQZpjhkJlKY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/dbf772-9396-4101-b3e8-43f9ab6734ec/1/tTjHKVvNR0uCnk5H7ryw4JPOUjo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:f180::/29
Signature Algorithm: sha256WithRSAEncryption
af:db:32:bf:59:57:3c:85:35:5a:26:00:1f:0d:89:72:75:bb:
7e:3f:b3:ce:d7:4f:39:ac:be:58:61:d9:41:fa:2b:49:fa:7c:
20:2d:e1:46:19:dc:f9:e5:54:e1:3e:7c:27:15:12:ec:22:08:
3f:d0:96:74:fb:a5:0b:d5:cd:20:83:0e:ad:c7:e1:c6:2c:f0:
91:cc:fa:0c:12:19:a7:6b:49:96:b6:b3:ba:75:92:55:10:d8:
e3:6f:45:38:df:31:4f:4d:36:d4:50:9e:bb:c4:49:5a:32:3f:
0a:cc:a5:42:11:a8:c0:53:89:94:76:f6:1d:59:4d:32:c6:ea:
e0:e0:bd:86:ad:5d:5d:7a:b3:21:8e:a0:c8:c0:73:65:5a:ac:
2a:c3:08:77:ff:07:15:89:ed:e3:47:d8:e7:aa:7e:04:7d:12:
3a:9f:f4:15:1a:4e:ed:f2:e0:97:9f:90:30:f7:65:46:76:65:
0c:75:fe:6f:fa:46:f1:74:ca:a5:63:d5:d5:2b:2d:7f:f6:a7:
ca:b7:4d:db:8a:b3:da:e5:30:f8:9b:e7:1f:e5:ee:cb:ac:33:
bc:64:d3:4b:32:62:d5:2e:12:a8:4e:d1:cc:c3:67:6a:82:41:
7d:43:43:fe:7e:07:0d:b1:99:03:ef:a1:56:a8:6b:7a:ca:31:
dd:c1:e5:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYVwlRPzamxlxOQXBZ5RMWtKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MzhjNzI5NWJjZDQ3NGI4MjllNGU0N2VlYmNiMGUwOTNj
ZTUyM2EwHhcNMjMwMTAyMDM0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGRkN2Y5NDczM2FlNjM0MjM0NDBjYjE4OTA2Njk4ZTE5MDk5NGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgn5J+6Y8QOzisF8fXo5+vxIZn16
hcx/PIQPOOtfeTOG8yVSWF9kg5a0GBLYmNZqiCjBN8q6KRZdl/cYCLKj6mg82Vua
PBuXSKBXWuV38U0VFPa1jNgpST4ZtYM7hkCHTsdV17eezZxKsjuGoTzAPSf8pfor
CytvZE/yE/Ls/nWIhZ+xOj0RhjQCkHeCNi79sl9sRotGzrvgE3Sdvxxidzpio+Xf
0RGJi0zD5BKZRvUTdQBxBtrikIdwp1BA00wWoXB1azxqaA2Ff8W9U0qw60M7y90U
Rv5v7Bh1lXl0hZ1EenyMs04mbHOGQZKWgQX+T0hrPxyyj1ZguYwaBaa2uQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCTdf5RzOuY0I0QMsYkGaY4ZCZSmMB8GA1UdIwQY
MBaAFLU4xylbzUdLgp5OR+68sOCTzlI6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFRqSEtWdk5SMHVDbms1SDdyeXc0SlBPVWpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9kYmY3NzItOTM5Ni00MTAxLWIzZTgt
NDNmOWFiNjczNGVjLzEvSk4xX2xITTY1alFqUkF5eGlRWnBqaGtKbEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9kYmY3NzItOTM5Ni00MTAxLWIzZTgtNDNmOWFiNjczNGVj
LzEvdFRqSEtWdk5SMHVDbms1SDdyeXc0SlBPVWpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLxgDAN
BgkqhkiG9w0BAQsFAAOCAQEAr9syv1lXPIU1WiYAHw2JcnW7fj+zztdPOay+WGHZ
QforSfp8IC3hRhnc+eVU4T58JxUS7CIIP9CWdPulC9XNIIMOrcfhxizwkcz6DBIZ
p2tJlrazunWSVRDY429FON8xT0021FCeu8RJWjI/CsylQhGowFOJlHb2HVlNMsbq
4OC9hq1dXXqzIY6gyMBzZVqsKsMId/8HFYnt40fY56p+BH0SOp/0FRpO7fLgl5+Q
MPdlRnZlDHX+b/pG8XTKpWPV1Sstf/anyrdN24qz2uUw+JvnH+Xuy6wzvGTTSzJi
1S4SqE7RzMNnaoJBfUND/n4HDbGZA++hVqhresox3cHlEQ==
-----END CERTIFICATE-----
Generated at Wed Dec 6 09:30:04 2023 by rpki-client on console-ams.rpki-client.org