Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/5c4QQrMJk6GZunEJs2XFmGL49Uo.roa
File: 5c4QQrMJk6GZunEJs2XFmGL49Uo.roa (raw, json)
Hash identifier: dZZXeNBQkHTRnI+nmcrHedbvZR/PKQ86/MpRvAlRYJk=
Subject key identifier: E5:CE:10:42:B3:09:93:A1:99:BA:71:09:B3:65:C5:98:62:F8:F5:4A
Certificate issuer: /CN=5ad943a41ce27e7b7bcfdff69a89c3e337ea63b5
Certificate serial: 0190110B56FC069C6F02EF761BC8CBACFEB5
Authority key identifier: 5A:D9:43:A4:1C:E2:7E:7B:7B:CF:DF:F6:9A:89:C3:E3:37:EA:63:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WtlDpBzifnt7z9_2monD4zfqY7U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/5c4QQrMJk6GZunEJs2XFmGL49Uo.roa
Signing time: Thu 13 Jun 2024 10:01:14 +0000
ROA not before: Thu 13 Jun 2024 10:01:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51306
IP address blocks: 151.216.45.0/24 maxlen: 24
194.127.244.0/22 maxlen: 24
2a07:cf80::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:11:0b:56:fc:06:9c:6f:02:ef:76:1b:c8:cb:ac:fe:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ad943a41ce27e7b7bcfdff69a89c3e337ea63b5
Validity
Not Before: Jun 13 10:01:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e5ce1042b30993a199ba7109b365c59862f8f54a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:72:84:c4:3d:a1:62:f9:9b:98:b7:61:09:c6:
66:4d:6a:b5:70:9e:4e:8a:e3:3d:ec:90:a5:8b:a8:
1a:0c:a4:24:6c:31:77:a3:81:97:0d:9a:02:dd:4a:
60:ba:97:e9:a9:eb:4d:42:c4:1e:26:53:00:de:c1:
1d:31:2e:ab:20:87:a9:28:53:f5:5d:04:e6:ad:1f:
47:90:5b:a9:75:fa:d5:11:53:6a:85:6a:3c:1f:e6:
6c:26:63:e0:cd:d2:d8:f5:92:79:cc:c7:a2:86:46:
60:01:b1:59:3e:4b:83:61:e2:c9:cb:b3:99:78:6e:
aa:ca:4b:0e:3a:77:15:ce:b5:2d:58:5b:ca:c7:f0:
d7:12:f0:3c:56:0f:83:53:55:b8:b1:17:6e:c0:f0:
ef:72:43:10:5c:91:83:40:db:cf:3a:e9:f8:c3:f2:
19:29:39:fe:1c:be:07:f9:55:70:d0:e1:43:fe:11:
ab:61:12:c3:09:c3:24:3d:bd:12:3e:ec:54:36:fd:
e3:43:f1:fc:5b:2a:c0:ba:1a:88:4f:57:5d:9e:3c:
0e:c4:ed:dc:75:ab:8f:cd:dc:56:ad:fc:9b:8c:0d:
ad:20:61:ad:2e:02:7b:31:fb:72:02:a4:a8:f5:83:
23:ff:b6:33:39:55:3b:cf:60:42:76:88:f1:88:c9:
fc:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:CE:10:42:B3:09:93:A1:99:BA:71:09:B3:65:C5:98:62:F8:F5:4A
X509v3 Authority Key Identifier:
keyid:5A:D9:43:A4:1C:E2:7E:7B:7B:CF:DF:F6:9A:89:C3:E3:37:EA:63:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtlDpBzifnt7z9_2monD4zfqY7U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/5c4QQrMJk6GZunEJs2XFmGL49Uo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/WtlDpBzifnt7z9_2monD4zfqY7U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.216.45.0/24
194.127.244.0/22
IPv6:
2a07:cf80::/32
Signature Algorithm: sha256WithRSAEncryption
8e:de:b7:3f:8e:1a:63:39:9f:9b:95:36:a7:cf:c0:b4:a6:a7:
d5:82:0d:28:e0:d1:ae:15:5d:b1:10:7a:6d:56:ff:60:c1:10:
dc:4e:45:65:ef:50:79:30:1d:d1:f9:58:26:49:fb:58:43:ec:
fe:8f:23:ef:9b:b8:44:25:b9:48:8b:f4:20:21:83:f2:76:48:
a5:19:7c:99:30:85:aa:c7:f8:5e:7f:84:26:b8:37:af:f2:9b:
00:be:d8:4c:fb:e5:51:ea:31:b7:1d:b2:63:e3:d1:ce:8e:0e:
a0:3e:a4:da:43:81:07:20:c1:a0:4e:ce:b6:f7:29:65:6d:1c:
e0:e1:39:a8:e6:ee:48:18:5e:0c:7e:02:92:d4:fa:bc:84:33:
f6:e2:0a:18:ad:7f:00:48:81:f3:f9:38:f5:be:d7:9a:51:66:
f8:e6:1f:07:fb:b7:5c:30:07:5e:fb:8c:a1:05:36:b8:2e:81:
65:ac:af:10:15:f7:68:d7:17:f1:62:3e:a5:c4:d4:f7:ac:f9:
88:80:5d:73:65:4a:58:99:dd:ac:04:3a:6b:29:6f:ba:8f:13:
ad:07:ab:bf:19:8f:2c:37:6f:20:60:fc:ec:88:9a:5c:d6:45:
53:4b:67:c0:5d:e7:a7:87:19:3a:ec:e7:69:2c:fd:23:4c:d8:
07:8b:5a:de
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZARC1b8BpxvAu92G8jLrP61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZDk0M2E0MWNlMjdlN2I3YmNmZGZmNjlhODljM2UzMzdl
YTYzYjUwHhcNMjQwNjEzMTAwMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWNlMTA0MmIzMDk5M2ExOTliYTcxMDliMzY1YzU5ODYyZjhmNTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8nKExD2hYvmbmLdhCcZmTWq1cJ5O
iuM97JCli6gaDKQkbDF3o4GXDZoC3UpgupfpqetNQsQeJlMA3sEdMS6rIIepKFP1
XQTmrR9HkFupdfrVEVNqhWo8H+ZsJmPgzdLY9ZJ5zMeihkZgAbFZPkuDYeLJy7OZ
eG6qyksOOncVzrUtWFvKx/DXEvA8Vg+DU1W4sRduwPDvckMQXJGDQNvPOun4w/IZ
KTn+HL4H+VVw0OFD/hGrYRLDCcMkPb0SPuxUNv3jQ/H8WyrAuhqIT1ddnjwOxO3c
dauPzdxWrfybjA2tIGGtLgJ7MftyAqSo9YMj/7YzOVU7z2BCdojxiMn8hQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOXOEEKzCZOhmbpxCbNlxZhi+PVKMB8GA1UdIwQY
MBaAFFrZQ6Qc4n57e8/f9pqJw+M36mO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3RsRHBCemlmbnQ3ejlfMm1vbkQ0emZxWTdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8yMWI3Y2UtMmVjNi00NzllLThhNGQt
ODRmOTA1OTM5MTNjLzEvNWM0UVFyTUprNkdadW5FSnMyWEZtR0w0OVVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8yMWI3Y2UtMmVjNi00NzllLThhNGQtODRmOTA1OTM5MTNj
LzEvV3RsRHBCemlmbnQ3ejlfMm1vbkQ0emZxWTdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAl9gtAwQC
wn/0MA0EAgACMAcDBQAqB8+AMA0GCSqGSIb3DQEBCwUAA4IBAQCO3rc/jhpjOZ+b
lTanz8C0pqfVgg0o4NGuFV2xEHptVv9gwRDcTkVl71B5MB3R+VgmSftYQ+z+jyPv
m7hEJblIi/QgIYPydkilGXyZMIWqx/hef4QmuDev8psAvthM++VR6jG3HbJj49HO
jg6gPqTaQ4EHIMGgTs629yllbRzg4Tmo5u5IGF4MfgKS1Pq8hDP24goYrX8ASIHz
+Tj1vteaUWb45h8H+7dcMAde+4yhBTa4LoFlrK8QFfdo1xfxYj6lxNT3rPmIgF1z
ZUpYmd2sBDprKW+6jxOtB6u/GY8sN28gYPzsiJpc1kVTS2fAXeenhxk67OdpLP0j
TNgHi1re
-----END CERTIFICATE-----
Generated at Fri Jun 21 14:52:30 2024 by rpki-client on console-ams.rpki-client.org