Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/RBLA51X9HkgM9D3hZk51WlKht9c.roa
File: RBLA51X9HkgM9D3hZk51WlKht9c.roa (raw, json)
Hash identifier: UqmnW5kra6fP0mybxcToYNM5wPjGJMidmvoY/d2drHI=
Subject key identifier: 44:12:C0:E7:55:FD:1E:48:0C:F4:3D:E1:66:4E:75:5A:52:A1:B7:D7
Certificate issuer: /CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
Certificate serial: 0184F740F8BED005811524A6C1EEE6617432
Authority key identifier: 84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/RBLA51X9HkgM9D3hZk51WlKht9c.roa
Signing time: Fri 09 Dec 2022 14:19:01 +0000
ROA not before: Fri 09 Dec 2022 14:19:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50627
IP address blocks: 46.227.152.0/21 maxlen: 22
178.20.32.0/21 maxlen: 22
5.42.144.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:f7:40:f8:be:d0:05:81:15:24:a6:c1:ee:e6:61:74:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
Validity
Not Before: Dec 9 14:19:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4412c0e755fd1e480cf43de1664e755a52a1b7d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:e4:0d:d6:95:43:1d:6c:3b:84:96:0c:26:ce:
8e:f6:60:6e:2f:b7:cf:07:37:81:c1:ff:9f:86:2d:
ca:21:04:5a:bf:f4:84:f0:7b:e1:fb:26:6d:04:94:
a7:38:41:fe:a6:93:07:e9:d7:86:76:73:51:c3:08:
e9:1a:20:2d:2b:d4:7a:76:a0:ff:df:9d:bc:0c:4e:
61:aa:7a:20:b2:4f:52:05:9e:0b:1b:45:58:b7:c5:
b1:0d:d6:09:73:81:3e:8e:91:2c:b7:f7:00:fd:b0:
fc:e3:ce:1a:49:5c:1c:5d:20:d8:42:47:2c:f5:3e:
de:6b:76:79:a5:b0:a4:6b:ae:b8:9a:d6:f6:b8:83:
6a:26:25:24:4f:77:43:81:cd:f9:8b:dc:26:65:2e:
e7:2a:af:d0:86:cf:ad:f9:7f:de:9f:c6:0b:18:3d:
ed:88:cf:cc:aa:63:bf:45:03:b6:01:1b:39:18:a6:
40:f6:a7:31:6a:23:67:96:20:1b:c0:07:80:ea:5b:
5a:a8:a0:38:29:09:8a:7b:cb:4e:b5:28:c6:32:85:
61:ba:56:0e:dd:83:5d:30:20:e9:0f:14:95:d5:b7:
83:cf:46:28:d3:e5:3c:db:b5:2a:d3:8a:1b:25:ee:
d5:e3:28:58:3d:64:a4:2c:9d:27:9b:5a:de:0f:2d:
96:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:12:C0:E7:55:FD:1E:48:0C:F4:3D:E1:66:4E:75:5A:52:A1:B7:D7
X509v3 Authority Key Identifier:
keyid:84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/RBLA51X9HkgM9D3hZk51WlKht9c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.144.0/21
46.227.152.0/21
178.20.32.0/21
Signature Algorithm: sha256WithRSAEncryption
45:6f:8e:e3:a8:57:64:03:c1:15:6b:7d:e5:ae:11:aa:28:76:
1f:2d:ba:36:fb:fb:04:f3:54:8f:11:72:43:48:be:10:a0:d7:
72:07:bd:40:c3:cb:f4:01:ef:03:aa:54:30:4b:e5:80:ec:2e:
04:cf:9b:0a:c3:17:e2:39:ae:cb:f0:6b:0d:e9:7c:c5:d0:90:
46:74:0d:00:25:83:fb:84:ca:bd:8f:84:02:bf:5c:f5:a6:f9:
5b:66:bc:e5:f0:98:2c:05:f5:3e:f1:04:95:23:90:b0:27:e5:
b0:a0:e4:3c:12:a8:fd:47:50:06:e4:5d:19:1f:fe:b9:4d:95:
bb:a0:64:06:57:a0:c2:d5:90:5c:69:58:aa:fb:a0:08:43:55:
9e:00:2a:14:b6:a0:98:b5:3f:c2:4a:7c:39:39:04:c1:90:9f:
ee:46:27:03:10:65:38:43:00:de:3c:3a:84:8d:aa:bd:2f:da:
e3:d2:c2:4a:f6:db:7f:67:ff:06:bf:84:b8:ea:4c:0c:a7:c2:
40:f0:5a:19:02:ee:e3:41:f8:8e:49:bc:5a:a8:e2:4a:f1:fb:
df:c7:43:2a:f0:68:1c:d6:72:1e:55:69:ef:59:94:99:85:58:
5f:1b:44:70:03:5c:70:f9:85:8b:a4:31:9d:ca:d8:e7:5d:08:
1c:db:94:1d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYT3QPi+0AWBFSSmwe7mYXQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTRhY2EwMjBmYjJiZGM5M2E0NzI2NmU4N2VjNjdjZGM4
ODU3YzUwHhcNMjIxMjA5MTQxOTAxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDEyYzBlNzU1ZmQxZTQ4MGNmNDNkZTE2NjRlNzU1YTUyYTFiN2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOQN1pVDHWw7hJYMJs6O9mBuL7fP
BzeBwf+fhi3KIQRav/SE8Hvh+yZtBJSnOEH+ppMH6deGdnNRwwjpGiAtK9R6dqD/
3528DE5hqnogsk9SBZ4LG0VYt8WxDdYJc4E+jpEst/cA/bD8484aSVwcXSDYQkcs
9T7ea3Z5pbCka664mtb2uINqJiUkT3dDgc35i9wmZS7nKq/Qhs+t+X/en8YLGD3t
iM/MqmO/RQO2ARs5GKZA9qcxaiNnliAbwAeA6ltaqKA4KQmKe8tOtSjGMoVhulYO
3YNdMCDpDxSV1beDz0Yo0+U827Uq04obJe7V4yhYPWSkLJ0nm1reDy2WswIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEQSwOdV/R5IDPQ94WZOdVpSobfXMB8GA1UdIwQY
MBaAFISkrKAg+yvck6RyZuh+xnzciFfFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUt
OWVmMzZkMjUxNTE3LzEvUkJMQTUxWDlIa2dNOUQzaFprNTFXbEtodDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUtOWVmMzZkMjUxNTE3
LzEvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBSqQAwQD
LuOYAwQDshQgMA0GCSqGSIb3DQEBCwUAA4IBAQBFb47jqFdkA8EVa33lrhGqKHYf
Lbo2+/sE81SPEXJDSL4QoNdyB71Aw8v0Ae8DqlQwS+WA7C4Ez5sKwxfiOa7L8GsN
6XzF0JBGdA0AJYP7hMq9j4QCv1z1pvlbZrzl8JgsBfU+8QSVI5CwJ+WwoOQ8Eqj9
R1AG5F0ZH/65TZW7oGQGV6DC1ZBcaViq+6AIQ1WeACoUtqCYtT/CSnw5OQTBkJ/u
RicDEGU4QwDePDqEjaq9L9rj0sJK9tt/Z/8Gv4S46kwMp8JA8FoZAu7jQfiOSbxa
qOJK8fvfx0Mq8Ggc1nIeVWnvWZSZhVhfG0RwA1xw+YWLpDGdytjnXQgc25Qd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:31 2024 by rpki-client on console-ams.rpki-client.org