Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/U-uNf4_P_Dcgn29OkB5PJRilcR0.roa
File: U-uNf4_P_Dcgn29OkB5PJRilcR0.roa (raw, json)
Hash identifier: v8wxx4kdjdqNQzExrhr8J+o8aG1Hwuo9U4XBGYrkrBM=
Subject key identifier: 53:EB:8D:7F:8F:CF:FC:37:20:9F:6F:4E:90:1E:4F:25:18:A5:71:1D
Certificate issuer: /CN=279159ef22f82b936731664ee67c3b6ea96ef443
Certificate serial: 018CC3B72F1C874F94EEBC849BC3AA2CB81E
Authority key identifier: 27:91:59:EF:22:F8:2B:93:67:31:66:4E:E6:7C:3B:6E:A9:6E:F4:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/U-uNf4_P_Dcgn29OkB5PJRilcR0.roa
Signing time: Mon 01 Jan 2024 06:30:11 +0000
ROA not before: Mon 01 Jan 2024 06:30:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43754
IP address blocks: 5.22.192.0/21 maxlen: 21
5.22.200.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b7:2f:1c:87:4f:94:ee:bc:84:9b:c3:aa:2c:b8:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=279159ef22f82b936731664ee67c3b6ea96ef443
Validity
Not Before: Jan 1 06:30:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=53eb8d7f8fcffc37209f6f4e901e4f2518a5711d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:7b:36:38:bf:2e:7a:a5:b6:48:86:33:f4:58:
dd:9b:b1:d5:d3:8f:67:8c:f0:b1:26:62:f7:3f:26:
9d:07:02:b8:63:90:61:1f:c3:f6:f6:b6:49:81:87:
b0:3d:b5:f2:ae:cd:b1:83:b0:64:9a:33:d4:84:5a:
f1:d4:9f:81:39:e0:44:88:17:d6:d1:2a:e5:2a:e7:
6e:00:4d:0b:99:bb:03:48:2d:f9:5f:e5:c6:26:1c:
2f:7e:7b:6c:ae:b5:4a:3b:88:c2:0e:01:ac:a1:fd:
69:c6:5b:23:d5:8e:13:ea:fb:65:a0:44:55:02:66:
93:2a:97:3d:31:3c:80:35:1e:3a:fb:6f:b6:62:14:
cf:ef:56:fe:a5:b6:a5:70:3e:1b:a9:e7:cf:28:90:
9c:f3:b7:a3:6f:62:a7:60:3e:f0:ad:a7:26:94:e1:
46:50:c1:43:33:4a:59:66:b1:d1:90:c3:21:78:26:
22:7c:1b:7a:d2:99:21:7c:a5:12:c6:9e:9b:be:e9:
3d:40:c0:70:1f:ff:f1:1e:4d:fa:cb:48:17:e5:12:
13:86:a8:18:0e:e4:0e:e3:87:00:df:d6:b2:a5:e9:
60:7b:9c:45:cf:94:28:58:08:c6:58:26:bd:34:29:
29:22:9c:26:b0:1c:85:d6:7a:09:13:c5:ad:ff:a7:
e0:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:EB:8D:7F:8F:CF:FC:37:20:9F:6F:4E:90:1E:4F:25:18:A5:71:1D
X509v3 Authority Key Identifier:
keyid:27:91:59:EF:22:F8:2B:93:67:31:66:4E:E6:7C:3B:6E:A9:6E:F4:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/U-uNf4_P_Dcgn29OkB5PJRilcR0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.192.0-5.22.203.255
Signature Algorithm: sha256WithRSAEncryption
73:55:f3:58:3f:e3:44:1f:65:45:12:53:87:d4:96:31:a0:8c:
75:f0:85:c2:45:84:4f:24:8f:40:f3:56:aa:9c:cc:27:b7:ea:
f1:55:cf:84:8d:13:2b:80:a5:d0:31:59:3f:5b:ef:a4:68:9c:
b7:99:bc:72:07:54:c6:51:77:bc:2d:5e:83:5a:bc:60:72:49:
94:3a:cf:35:ba:5c:96:43:43:1d:2f:d4:84:2d:89:c1:46:4a:
99:aa:bf:00:3a:e6:94:88:61:85:f9:5e:87:17:8f:7c:e4:89:
af:53:2e:03:07:f1:be:68:de:b5:0f:5c:f2:6a:c6:72:cc:86:
e2:d4:c8:c6:c7:fd:15:5c:6b:7b:fe:c3:84:bf:47:bb:79:92:
13:bd:7a:4d:5e:32:04:2b:fa:be:ee:30:52:1a:c1:8b:00:9d:
54:b4:4d:12:83:15:04:d3:8e:c3:45:9b:2b:22:f1:6b:38:13:
e1:12:c6:e9:ce:61:de:b2:8c:e4:ce:ee:04:ca:38:dd:fe:9e:
db:2c:7c:69:ec:96:1e:c0:02:25:5c:35:80:35:23:37:3f:7a:
f8:9d:bf:da:fc:d3:82:62:cc:08:2a:4c:94:15:c3:5f:51:59:
4e:1f:89:30:51:6c:2e:e3:ba:af:de:31:08:1a:c8:8d:63:85:
4f:d7:80:87
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDty8ch0+U7ryEm8OqLLgeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTE1OWVmMjJmODJiOTM2NzMxNjY0ZWU2N2MzYjZlYTk2
ZWY0NDMwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ViOGQ3ZjhmY2ZmYzM3MjA5ZjZmNGU5MDFlNGYyNTE4YTU3MTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApns2OL8ueqW2SIYz9Fjdm7HV049n
jPCxJmL3PyadBwK4Y5BhH8P29rZJgYewPbXyrs2xg7BkmjPUhFrx1J+BOeBEiBfW
0SrlKuduAE0LmbsDSC35X+XGJhwvfntsrrVKO4jCDgGsof1pxlsj1Y4T6vtloERV
AmaTKpc9MTyANR46+2+2YhTP71b+pbalcD4bqefPKJCc87ejb2KnYD7wracmlOFG
UMFDM0pZZrHRkMMheCYifBt60pkhfKUSxp6bvuk9QMBwH//xHk36y0gX5RIThqgY
DuQO44cA39aypelge5xFz5QoWAjGWCa9NCkpIpwmsByF1noJE8Wt/6fgAwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFPrjX+Pz/w3IJ9vTpAeTyUYpXEdMB8GA1UdIwQY
MBaAFCeRWe8i+CuTZzFmTuZ8O26pbvRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVGWjd5TDRLNU5uTVdaTzVudzdicWx1OUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS81YzE1YmUtYWVmMi00YzMxLWJmYjQt
MzFiYWY2ZWVkZThhLzEvVS11TmY0X1BfRGNnbjI5T2tCNVBKUmlsY1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS81YzE1YmUtYWVmMi00YzMxLWJmYjQtMzFiYWY2ZWVkZThh
LzEvSjVGWjd5TDRLNU5uTVdaTzVudzdicWx1OUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAYFFsAD
BAIFFsgwDQYJKoZIhvcNAQELBQADggEBAHNV81g/40QfZUUSU4fUljGgjHXwhcJF
hE8kj0DzVqqczCe36vFVz4SNEyuApdAxWT9b76RonLeZvHIHVMZRd7wtXoNavGBy
SZQ6zzW6XJZDQx0v1IQticFGSpmqvwA65pSIYYX5XocXj3zkia9TLgMH8b5o3rUP
XPJqxnLMhuLUyMbH/RVca3v+w4S/R7t5khO9ek1eMgQr+r7uMFIawYsAnVS0TRKD
FQTTjsNFmysi8Ws4E+ESxunOYd6yjOTO7gTKON3+ntssfGnslh7AAiVcNYA1Izc/
evidv9r804JizAgqTJQVw19RWU4fiTBRbC7juq/eMQgayI1jhU/XgIc=
-----END CERTIFICATE-----
Generated at Fri Feb 2 12:00:00 2024 by rpki-client on console-fra.rpki-client.org