Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/EbHbnqXRq6F-x-V8i5MkeSQsTwY.roa
File: EbHbnqXRq6F-x-V8i5MkeSQsTwY.roa (raw, json)
Hash identifier: ay9mwm/WH4DIhtGEqW5Ie/c2acTJKB1xZxNr7tu38NI=
Subject key identifier: 11:B1:DB:9E:A5:D1:AB:A1:7E:C7:E5:7C:8B:93:24:79:24:2C:4F:06
Certificate issuer: /CN=279159ef22f82b936731664ee67c3b6ea96ef443
Certificate serial: 018CC3B72F42C3A269376176738482E17512
Authority key identifier: 27:91:59:EF:22:F8:2B:93:67:31:66:4E:E6:7C:3B:6E:A9:6E:F4:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/EbHbnqXRq6F-x-V8i5MkeSQsTwY.roa
Signing time: Mon 01 Jan 2024 06:30:11 +0000
ROA not before: Mon 01 Jan 2024 06:30:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48289
IP address blocks: 5.22.192.0/21 maxlen: 21
5.22.200.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b7:2f:42:c3:a2:69:37:61:76:73:84:82:e1:75:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279159ef22f82b936731664ee67c3b6ea96ef443
Validity
Not Before: Jan 1 06:30:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=11b1db9ea5d1aba17ec7e57c8b932479242c4f06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:e7:cd:93:0c:85:42:b3:45:d5:14:c1:89:70:
d0:ee:bf:6b:81:71:45:91:4a:6a:3d:3b:9c:f0:08:
40:ee:f2:8c:1b:33:3a:cb:b9:9d:e8:5e:1c:65:ef:
71:9e:5e:27:44:08:1a:29:9f:f9:a5:0c:ff:57:dd:
70:7c:94:f9:1b:f7:0a:30:e2:d9:73:92:02:36:51:
8a:73:ef:07:5e:5e:26:d5:8f:75:59:12:e5:4e:c0:
a8:90:63:04:03:ec:f2:64:fa:38:2a:5c:7f:ac:fa:
1a:51:ae:40:d9:72:64:48:e5:ec:e8:e7:11:94:80:
36:f2:ea:a5:d2:2b:8f:24:16:03:62:ee:e3:35:0d:
cc:07:e4:63:cf:b8:be:65:cf:d7:a7:55:ee:ae:c4:
9c:e9:83:ba:1b:dd:f5:39:dd:5c:12:4c:95:5e:6d:
5a:9b:a8:a0:62:f3:f6:27:eb:11:f7:d2:d1:b4:d8:
f9:53:ce:fa:75:6b:24:a4:0d:d2:f2:5b:51:29:e6:
07:07:0b:31:38:90:66:52:f5:3e:26:80:94:7a:48:
e2:55:d0:be:de:dc:22:07:82:af:88:4e:4c:3b:43:
dd:46:0b:b7:f6:82:3c:98:ef:e6:23:17:f0:e6:36:
5a:f7:39:51:a9:b7:54:69:b7:dd:df:66:49:56:72:
d2:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:B1:DB:9E:A5:D1:AB:A1:7E:C7:E5:7C:8B:93:24:79:24:2C:4F:06
X509v3 Authority Key Identifier:
keyid:27:91:59:EF:22:F8:2B:93:67:31:66:4E:E6:7C:3B:6E:A9:6E:F4:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/EbHbnqXRq6F-x-V8i5MkeSQsTwY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.192.0-5.22.203.255
Signature Algorithm: sha256WithRSAEncryption
7c:a8:7f:39:77:10:da:f4:48:31:b4:ad:99:ff:13:0d:79:cc:
8e:cd:91:01:29:65:00:53:b6:b9:80:59:d9:61:2e:77:64:c4:
17:c9:ad:6f:b8:7b:c5:fb:79:fe:bd:00:bf:73:98:3f:f2:42:
ef:4c:83:a0:3b:05:52:83:f6:ec:2c:a2:7a:1e:58:2d:83:c0:
f9:ca:a8:f5:72:6f:f7:d4:69:38:56:d1:dd:65:42:71:74:09:
60:48:f4:7e:12:68:d4:fd:44:2e:af:1f:2c:b7:71:13:86:47:
75:2b:d6:9d:b3:2a:b7:45:68:37:36:97:49:65:27:ee:04:9e:
56:fb:8d:2a:4d:32:a0:b1:3e:f5:4a:44:55:65:cb:45:60:b3:
b5:55:5e:96:27:e1:57:94:61:3d:c0:a6:00:8b:5e:28:a3:4f:
a0:f8:c6:5d:88:e8:40:4e:63:c0:6f:ba:af:e9:96:71:13:db:
9c:b8:25:cb:63:66:17:44:c8:4c:b9:bc:9d:88:12:10:b0:b0:
bb:a5:34:52:51:87:a1:e3:25:02:c4:ce:82:a6:0b:30:5a:7e:
96:7d:ce:be:75:41:56:a7:66:78:d9:3b:78:33:19:58:9c:03:
2d:bd:d6:25:f1:99:ac:1b:7e:83:cb:be:cb:b8:25:45:0f:0e:
b5:5b:32:54
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDty9Cw6JpN2F2c4SC4XUSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTE1OWVmMjJmODJiOTM2NzMxNjY0ZWU2N2MzYjZlYTk2
ZWY0NDMwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWIxZGI5ZWE1ZDFhYmExN2VjN2U1N2M4YjkzMjQ3OTI0MmM0ZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OfNkwyFQrNF1RTBiXDQ7r9rgXFF
kUpqPTuc8AhA7vKMGzM6y7md6F4cZe9xnl4nRAgaKZ/5pQz/V91wfJT5G/cKMOLZ
c5ICNlGKc+8HXl4m1Y91WRLlTsCokGMEA+zyZPo4Klx/rPoaUa5A2XJkSOXs6OcR
lIA28uql0iuPJBYDYu7jNQ3MB+Rjz7i+Zc/Xp1XursSc6YO6G931Od1cEkyVXm1a
m6igYvP2J+sR99LRtNj5U876dWskpA3S8ltRKeYHBwsxOJBmUvU+JoCUekjiVdC+
3twiB4KviE5MO0PdRgu39oI8mO/mIxfw5jZa9zlRqbdUabfd32ZJVnLSLQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBGx256l0auhfsflfIuTJHkkLE8GMB8GA1UdIwQY
MBaAFCeRWe8i+CuTZzFmTuZ8O26pbvRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVGWjd5TDRLNU5uTVdaTzVudzdicWx1OUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS81YzE1YmUtYWVmMi00YzMxLWJmYjQt
MzFiYWY2ZWVkZThhLzEvRWJIYm5xWFJxNkYteC1WOGk1TWtlU1FzVHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS81YzE1YmUtYWVmMi00YzMxLWJmYjQtMzFiYWY2ZWVkZThh
LzEvSjVGWjd5TDRLNU5uTVdaTzVudzdicWx1OUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAYFFsAD
BAIFFsgwDQYJKoZIhvcNAQELBQADggEBAHyofzl3ENr0SDG0rZn/Ew15zI7NkQEp
ZQBTtrmAWdlhLndkxBfJrW+4e8X7ef69AL9zmD/yQu9Mg6A7BVKD9uwsonoeWC2D
wPnKqPVyb/fUaThW0d1lQnF0CWBI9H4SaNT9RC6vHyy3cROGR3Ur1p2zKrdFaDc2
l0llJ+4Enlb7jSpNMqCxPvVKRFVly0Vgs7VVXpYn4VeUYT3ApgCLXiijT6D4xl2I
6EBOY8Bvuq/plnET25y4JctjZhdEyEy5vJ2IEhCwsLulNFJRh6HjJQLEzoKmCzBa
fpZ9zr51QVanZnjZO3gzGVicAy291iXxmawbfoPLvsu4JUUPDrVbMlQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:16 2024 by rpki-client on console-fra.rpki-client.org