Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/5kv4cTiiKL-14habxPVB_jxAG64.roa
File: 5kv4cTiiKL-14habxPVB_jxAG64.roa (raw, json)
Hash identifier: XntCi/zXUpl9m2spZHsuWDKddIDEruTGmO7sDFKnw34=
Subject key identifier: E6:4B:F8:71:38:A2:28:BF:B5:E2:16:9B:C4:F5:41:FE:3C:40:1B:AE
Certificate issuer: /CN=2841262acd62c90e68081a6f777375df2c3713c2
Certificate serial: 3845117D
Authority key identifier: 28:41:26:2A:CD:62:C9:0E:68:08:1A:6F:77:73:75:DF:2C:37:13:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/5kv4cTiiKL-14habxPVB_jxAG64.roa
Signing time: Sat 01 Jan 2022 03:59:16 +0000
ROA not before: Sat 01 Jan 2022 03:59:16 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44514
IP address blocks: 46.228.224.0/20 maxlen: 20
217.170.160.0/20 maxlen: 20
212.67.128.0/19 maxlen: 19
91.192.250.0/23 maxlen: 23
2a02:78::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 944050557 (0x3845117d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2841262acd62c90e68081a6f777375df2c3713c2
Validity
Not Before: Jan 1 03:59:16 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e64bf87138a228bfb5e2169bc4f541fe3c401bae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:52:a5:22:e4:46:f5:d1:0a:d7:b7:8e:fa:ff:
3c:ff:ce:b1:c8:13:dc:41:f6:64:54:f0:60:5c:df:
f4:94:1e:86:4e:25:cc:ec:b5:3d:cf:8c:ec:43:bd:
40:a7:14:a1:89:b0:33:9d:f9:e7:d4:5b:e6:73:28:
c5:b0:d4:e8:c4:14:ec:f6:a1:46:0f:a1:4b:c3:04:
3c:89:d7:6c:2e:eb:cb:af:51:a0:b9:01:b2:ae:61:
36:da:27:01:6c:db:63:69:0f:df:e1:8f:7b:98:28:
20:7d:41:8a:4a:57:56:f8:0b:62:9d:0f:3e:ae:7a:
df:d8:bc:a5:56:7a:08:ce:4c:b6:bd:fa:4f:cc:e6:
e4:7a:94:3b:e2:72:53:af:76:ef:69:e9:df:a4:cd:
ab:17:62:f5:85:0e:cb:31:b2:fb:19:ab:63:37:4e:
48:80:9d:5d:9d:c3:a9:46:97:73:10:94:c2:e1:58:
13:ba:8e:da:92:5b:e1:08:27:a1:0a:2f:61:50:c2:
90:d6:11:34:7b:61:38:cf:1d:28:1d:e9:62:60:83:
4c:b7:13:b2:be:aa:ff:e2:64:c5:12:fc:a5:ea:50:
e4:18:80:44:4f:55:56:0b:cc:6a:44:b3:7a:48:ee:
0f:c7:69:0d:ba:ad:3a:b4:5f:af:eb:c3:80:fa:6f:
d8:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:4B:F8:71:38:A2:28:BF:B5:E2:16:9B:C4:F5:41:FE:3C:40:1B:AE
X509v3 Authority Key Identifier:
keyid:28:41:26:2A:CD:62:C9:0E:68:08:1A:6F:77:73:75:DF:2C:37:13:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/5kv4cTiiKL-14habxPVB_jxAG64.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/KEEmKs1iyQ5oCBpvd3N13yw3E8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.228.224.0/20
91.192.250.0/23
212.67.128.0/19
217.170.160.0/20
IPv6:
2a02:78::/32
Signature Algorithm: sha256WithRSAEncryption
5b:61:2c:bc:12:4e:11:7c:07:68:4b:c1:c1:71:95:05:01:78:
2c:49:c8:f9:ae:49:3f:a2:33:f4:cf:63:3c:93:85:c7:f7:25:
48:23:de:f6:69:6c:e6:01:d3:0f:5b:51:ee:32:bc:cd:b1:30:
e3:15:13:45:9c:4c:65:6a:2e:51:61:52:de:d2:46:08:fe:76:
bc:e2:08:64:4d:c1:26:e1:2c:7a:df:b6:b1:ff:6e:d1:f5:03:
6c:f3:9a:71:f3:cd:ba:74:bb:c8:76:c0:9a:9a:c2:b1:a5:b9:
8f:c4:fd:e0:ae:ee:85:cb:2a:50:ae:7c:e7:b1:20:df:e0:eb:
95:81:77:22:0d:76:21:31:38:e7:32:d1:6b:af:fc:79:5c:c0:
b2:eb:77:6a:82:47:f9:21:b9:a3:16:70:58:85:4e:bb:6c:43:
23:16:f7:5f:1d:b1:5d:3d:99:14:40:a8:3b:bf:cb:6d:4b:19:
ba:e0:cc:1f:80:cc:91:fb:4e:3c:db:7d:e5:06:2f:eb:96:df:
eb:8a:68:b3:1a:b1:ec:1d:a2:d6:d9:14:61:73:8d:d7:df:ea:
08:f4:31:6b:87:26:9f:7d:eb:6c:80:8e:65:3f:14:87:96:cd:
0f:39:ec:ef:27:91:f0:e5:43:95:c7:47:bd:71:79:04:36:9a:
36:97:36:a5
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEOEURfTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ODQxMjYyYWNkNjJjOTBlNjgwODFhNmY3NzczNzVkZjJjMzcxM2MyMB4XDTIyMDEw
MTAzNTkxNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTY0YmY4NzEzOGEy
MjhiZmI1ZTIxNjliYzRmNTQxZmUzYzQwMWJhZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMJSpSLkRvXRCte3jvr/PP/OscgT3EH2ZFTwYFzf9JQehk4l
zOy1Pc+M7EO9QKcUoYmwM53559Rb5nMoxbDU6MQU7PahRg+hS8MEPInXbC7ry69R
oLkBsq5hNtonAWzbY2kP3+GPe5goIH1BikpXVvgLYp0PPq5639i8pVZ6CM5Mtr36
T8zm5HqUO+JyU69272np36TNqxdi9YUOyzGy+xmrYzdOSICdXZ3DqUaXcxCUwuFY
E7qO2pJb4QgnoQovYVDCkNYRNHthOM8dKB3pYmCDTLcTsr6q/+JkxRL8pepQ5BiA
RE9VVgvMakSzekjuD8dpDbqtOrRfr+vDgPpv2BkCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBTmS/hxOKIov7XiFpvE9UH+PEAbrjAfBgNVHSMEGDAWgBQoQSYqzWLJDmgI
Gm93c3XfLDcTwjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tFRW1LczFpeVE1b0NCcHZkM04xM3l3M0U4SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDYvMDMyMjc2LTI1ZGMtNGMzMC04YTdiLTk1YTMzZTEyYTNhZC8x
LzVrdjRjVGlpS0wtMTRoYWJ4UFZCX2p4QUc2NC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDYv
MDMyMjc2LTI1ZGMtNGMzMC04YTdiLTk1YTMzZTEyYTNhZC8xL0tFRW1LczFpeVE1
b0NCcHZkM04xM3l3M0U4SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEBC7k4AMEAVvA+gMEBdRDgAMEBNmq
oDANBAIAAjAHAwUAKgIAeDANBgkqhkiG9w0BAQsFAAOCAQEAW2EsvBJOEXwHaEvB
wXGVBQF4LEnI+a5JP6Iz9M9jPJOFx/clSCPe9mls5gHTD1tR7jK8zbEw4xUTRZxM
ZWouUWFS3tJGCP52vOIIZE3BJuEset+2sf9u0fUDbPOacfPNunS7yHbAmprCsaW5
j8T94K7uhcsqUK5857Eg3+DrlYF3Ig12ITE45zLRa6/8eVzAsut3aoJH+SG5oxZw
WIVOu2xDIxb3Xx2xXT2ZFECoO7/LbUsZuuDMH4DMkftOPNt95QYv65bf64posxqx
7B2i1tkUYXON19/qCPQxa4cmn33rbICOZT8Uh5bNDzns7yeR8OVDlcdHvXF5BDaa
Npc2pQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:11 2025 by rpki-client