Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/1-pmtRrhZg_OwfITN43zoS4r0qQY.roa
File: 1-pmtRrhZg_OwfITN43zoS4r0qQY.roa (raw, json)
Hash identifier: H9yPVA4rfOOXUPUd+n/VmTcU0G0WjjVPBWbV6zedqGY=
Subject key identifier: FA:99:AD:46:B8:59:83:F3:B0:7C:84:CD:E3:7C:E8:4B:8A:F4:A9:06
Certificate issuer: /CN=0d3eba6873c5b5075b3c439f7feeb54af1f10da9
Certificate serial: 01829FF6BC9133E3D3C19022EA0CC2CBA56B
Authority key identifier: 0D:3E:BA:68:73:C5:B5:07:5B:3C:43:9F:7F:EE:B5:4A:F1:F1:0D:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DT66aHPFtQdbPEOff-61SvHxDak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/1-pmtRrhZg_OwfITN43zoS4r0qQY.roa
Signing time: Mon 15 Aug 2022 05:25:23 +0000
ROA not before: Mon 15 Aug 2022 05:25:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59508
IP address blocks: 5.159.96.0/22 maxlen: 22
5.159.104.0/21 maxlen: 21
5.252.28.0/22 maxlen: 22
2a09:4140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:9f:f6:bc:91:33:e3:d3:c1:90:22:ea:0c:c2:cb:a5:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d3eba6873c5b5075b3c439f7feeb54af1f10da9
Validity
Not Before: Aug 15 05:25:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fa99ad46b85983f3b07c84cde37ce84b8af4a906
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:a2:ba:8e:ab:34:58:78:da:68:2b:66:9e:c9:
cc:d6:b6:bd:1b:c5:07:d4:ac:1c:33:76:58:67:a6:
f9:c2:a9:1d:7d:17:46:95:ae:a5:b1:5d:6d:12:5b:
54:b9:a6:8f:8b:e4:6c:fe:f6:e6:a4:a0:ef:37:9c:
08:93:ba:87:64:58:ae:29:83:54:54:04:43:fd:0b:
d7:b6:04:f7:c8:d4:f6:a1:a2:22:72:b3:b1:1d:ab:
19:f8:16:33:17:97:30:fb:9f:1d:9d:43:c9:f5:d7:
90:13:f5:a6:61:52:50:fd:08:a0:bf:5d:d6:07:c3:
6b:18:6f:41:d4:db:63:84:ef:8e:4b:cc:f3:da:fa:
89:47:cb:22:fe:a9:61:87:b2:44:53:1c:e7:31:13:
9e:cf:54:bd:6e:1d:c8:44:b1:5a:a1:34:2f:af:9b:
75:09:41:ea:ac:6f:3d:25:e8:1c:3b:c6:ed:63:ad:
97:be:2c:9b:e1:fe:eb:1c:f8:3d:27:d8:bf:1a:c9:
52:d3:e8:f4:7a:8b:6e:c0:23:16:52:61:95:a1:57:
05:bc:d0:84:a7:38:b0:3e:73:43:2e:93:cd:4d:72:
b8:6f:d5:bc:04:c4:c6:ae:24:73:c5:0c:df:1f:59:
98:44:6c:d8:f1:2e:1f:de:4c:45:a5:9a:5b:44:e0:
2b:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:99:AD:46:B8:59:83:F3:B0:7C:84:CD:E3:7C:E8:4B:8A:F4:A9:06
X509v3 Authority Key Identifier:
keyid:0D:3E:BA:68:73:C5:B5:07:5B:3C:43:9F:7F:EE:B5:4A:F1:F1:0D:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DT66aHPFtQdbPEOff-61SvHxDak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/1-pmtRrhZg_OwfITN43zoS4r0qQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/DT66aHPFtQdbPEOff-61SvHxDak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.96.0/22
5.159.104.0/21
5.252.28.0/22
IPv6:
2a09:4140::/29
Signature Algorithm: sha256WithRSAEncryption
38:dc:99:6c:a4:a6:fd:85:b0:e2:85:dc:b0:b0:3c:9d:39:57:
52:1a:e7:12:6c:b9:00:24:e1:61:06:36:9e:3c:13:5c:06:47:
39:e5:37:08:c6:ce:ff:10:8c:6c:84:a6:1d:42:bd:83:93:f5:
f6:e3:fd:92:73:19:1c:61:d3:ce:b3:59:22:67:4c:66:22:e7:
31:52:fb:4e:29:15:c6:bc:09:d4:7c:f2:34:ef:e0:94:2c:2a:
d1:e0:38:42:81:2e:c2:9e:f7:e3:7d:27:72:57:e0:d8:75:49:
35:b8:cb:d2:ce:10:f4:39:c3:e1:7e:ae:b1:41:75:24:b3:9c:
07:78:4a:ab:83:ff:16:46:e1:7f:14:ce:97:a1:26:05:ea:c3:
84:d3:67:b5:d8:02:0f:02:5f:1e:b2:f6:06:20:0a:b0:cb:dd:
dc:db:07:96:39:bc:4c:6f:b3:af:47:f1:6c:c3:2a:69:a8:df:
bc:ee:65:30:c5:e7:50:3a:ac:22:b5:87:21:7f:53:07:8b:f8:
32:34:b5:22:59:b3:6f:48:25:f2:c6:d6:b0:2d:5e:1e:4d:4b:
27:98:c6:7d:70:8e:92:85:fd:8b:54:c8:bf:39:39:a2:ab:07:
74:13:2d:cb:2c:95:b1:62:f6:c5:7e:8b:71:cd:e9:94:76:3f:
6e:90:54:8e
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYKf9ryRM+PTwZAi6gzCy6VrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkM2ViYTY4NzNjNWI1MDc1YjNjNDM5ZjdmZWViNTRhZjFm
MTBkYTkwHhcNMjIwODE1MDUyNTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTk5YWQ0NmI4NTk4M2YzYjA3Yzg0Y2RlMzdjZTg0YjhhZjRhOTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqK6jqs0WHjaaCtmnsnM1ra9G8UH
1KwcM3ZYZ6b5wqkdfRdGla6lsV1tEltUuaaPi+Rs/vbmpKDvN5wIk7qHZFiuKYNU
VARD/QvXtgT3yNT2oaIicrOxHasZ+BYzF5cw+58dnUPJ9deQE/WmYVJQ/Qigv13W
B8NrGG9B1NtjhO+OS8zz2vqJR8si/qlhh7JEUxznMROez1S9bh3IRLFaoTQvr5t1
CUHqrG89JegcO8btY62Xviyb4f7rHPg9J9i/GslS0+j0eotuwCMWUmGVoVcFvNCE
pziwPnNDLpPNTXK4b9W8BMTGriRzxQzfH1mYRGzY8S4f3kxFpZpbROAreQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPqZrUa4WYPzsHyEzeN86EuK9KkGMB8GA1UdIwQY
MBaAFA0+umhzxbUHWzxDn3/utUrx8Q2pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFQ2NmFIUEZ0UWRiUEVPZmYtNjFTdkh4RGFrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8zMzgzZjEtMDQyOC00NjRiLWJkMWUt
Mjc5OThiZjE3NDY1LzEvMS1wbXRScmhaZ19Pd2ZJVE40M3pvUzRyMHFRWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjEvMzM4M2YxLTA0MjgtNDY0Yi1iZDFlLTI3OTk4YmYxNzQ2
NS8xL0RUNjZhSFBGdFFkYlBFT2ZmLTYxU3ZIeERhay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA6BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAgWfYAME
AwWfaAMEAgX8HDANBAIAAjAHAwUDKglBQDANBgkqhkiG9w0BAQsFAAOCAQEAONyZ
bKSm/YWw4oXcsLA8nTlXUhrnEmy5ACThYQY2njwTXAZHOeU3CMbO/xCMbISmHUK9
g5P19uP9knMZHGHTzrNZImdMZiLnMVL7TikVxrwJ1HzyNO/glCwq0eA4QoEuwp73
430nclfg2HVJNbjL0s4Q9DnD4X6usUF1JLOcB3hKq4P/FkbhfxTOl6EmBerDhNNn
tdgCDwJfHrL2BiAKsMvd3NsHljm8TG+zr0fxbMMqaajfvO5lMMXnUDqsIrWHIX9T
B4v4MjS1Ilmzb0gl8sbWsC1eHk1LJ5jGfXCOkoX9i1TIvzk5oqsHdBMtyyyVsWL2
xX6Lcc3plHY/bpBUjg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:22:28 2025 by rpki-client