Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/ARZl9tToKrAdsOMjVqhrPoAL2QA.roa
File: ARZl9tToKrAdsOMjVqhrPoAL2QA.roa (raw, json)
Hash identifier: 6iYvpWu3G0oKxQZJGIX10sqv0tCtLCkuKGg4V1dUFVA=
Subject key identifier: 01:16:65:F6:D4:E8:2A:B0:1D:B0:E3:23:56:A8:6B:3E:80:0B:D9:00
Certificate issuer: /CN=0d3eba6873c5b5075b3c439f7feeb54af1f10da9
Certificate serial: 082CE201
Authority key identifier: 0D:3E:BA:68:73:C5:B5:07:5B:3C:43:9F:7F:EE:B5:4A:F1:F1:0D:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DT66aHPFtQdbPEOff-61SvHxDak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/ARZl9tToKrAdsOMjVqhrPoAL2QA.roa
Signing time: Sat 01 Jan 2022 06:58:36 +0000
ROA not before: Sat 01 Jan 2022 06:58:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59508
IP address blocks: 5.159.96.0/20 maxlen: 24
5.159.97.0/24 maxlen: 24
5.252.28.0/22 maxlen: 22
5.252.28.0/23 maxlen: 23
178.213.16.0/21 maxlen: 21
185.42.164.0/22 maxlen: 22
91.236.196.0/22 maxlen: 22
91.236.197.0/24 maxlen: 24
91.236.198.0/24 maxlen: 24
91.236.199.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 137159169 (0x82ce201)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d3eba6873c5b5075b3c439f7feeb54af1f10da9
Validity
Not Before: Jan 1 06:58:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=011665f6d4e82ab01db0e32356a86b3e800bd900
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:0c:2d:91:8e:8b:1c:b9:75:54:ae:c3:bf:62:
8d:33:9b:a1:26:26:3a:02:32:3f:48:c5:cd:dc:f3:
9a:a4:f0:84:5f:b2:e4:da:11:53:82:3f:96:fc:5c:
ed:4b:78:4a:2d:b8:5a:1d:b5:ff:96:23:0d:b4:34:
61:38:d2:ca:6d:ee:d0:74:ed:91:e7:7c:e8:69:6d:
28:25:c9:81:ad:22:c8:de:6f:00:cf:6d:4d:4c:d8:
48:e8:16:fc:15:46:2d:cf:4f:53:38:aa:89:ed:4a:
a1:33:43:78:70:37:3e:c9:d2:39:ca:c1:a0:77:49:
ca:0c:a6:e8:21:c1:32:a4:b5:04:ba:88:e5:2b:08:
30:a9:04:b8:92:8d:05:b0:a6:71:5c:db:3d:55:2a:
09:79:7f:48:5f:65:0c:ba:0e:dd:ec:ed:95:86:f5:
81:9f:0d:eb:a2:18:1b:11:13:0f:3a:6b:41:fc:92:
d7:87:db:7e:9d:7c:a7:1b:e2:53:a4:fc:70:e1:44:
61:6f:bb:d8:ad:ce:87:76:67:aa:d9:f8:3d:3a:4e:
72:9a:d7:12:1b:7c:05:0f:f4:92:b2:8f:fb:dc:35:
d5:ad:cb:63:45:02:78:bd:78:a1:97:87:29:ad:0b:
94:49:5a:3b:ce:16:f5:9d:94:af:c2:a8:ac:26:3a:
69:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:16:65:F6:D4:E8:2A:B0:1D:B0:E3:23:56:A8:6B:3E:80:0B:D9:00
X509v3 Authority Key Identifier:
keyid:0D:3E:BA:68:73:C5:B5:07:5B:3C:43:9F:7F:EE:B5:4A:F1:F1:0D:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DT66aHPFtQdbPEOff-61SvHxDak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/ARZl9tToKrAdsOMjVqhrPoAL2QA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/DT66aHPFtQdbPEOff-61SvHxDak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.96.0/20
5.252.28.0/22
91.236.196.0/22
178.213.16.0/21
185.42.164.0/22
Signature Algorithm: sha256WithRSAEncryption
74:11:a5:1d:b5:59:28:f9:84:49:27:c5:d0:ee:1b:3f:fe:52:
cc:28:45:21:d1:0e:e7:01:ef:77:e6:6d:c8:56:f0:eb:9a:b9:
13:46:8c:6c:9d:00:c8:a8:c0:a9:4d:59:25:1f:c3:aa:ac:cf:
c8:bf:db:4d:2c:40:16:16:3d:d8:af:d9:12:4b:38:eb:00:4f:
25:da:64:80:61:1b:24:9b:b4:c3:d7:3e:22:29:a5:a5:d8:d4:
51:33:a5:33:6a:f3:ce:45:46:d0:aa:23:c2:df:53:ba:1e:2f:
de:39:9c:48:29:13:f2:ba:87:73:5b:16:d1:93:8c:22:0b:46:
3d:67:36:d6:df:70:62:a1:2e:5d:75:52:43:9f:41:7f:e3:c6:
ea:c9:81:52:df:e6:a5:cd:81:4c:31:c0:f2:3c:de:f3:09:5e:
e7:f9:a0:66:c3:96:82:9a:5f:b1:f5:74:7a:07:62:d3:e6:5e:
f5:7c:ef:f8:ea:e3:60:75:20:da:4d:0a:53:0d:a9:71:30:7f:
52:ff:81:70:f6:8a:d8:68:22:19:58:fd:fa:76:5a:00:75:89:
43:2c:ba:f1:3d:a3:8c:d8:2f:c5:30:56:70:96:e4:4f:d8:69:
c0:92:69:0c:42:77:98:ac:ec:df:11:ad:d1:d8:6f:f7:05:c2:
5c:c0:1f:a8
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIECCziATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ZDNlYmE2ODczYzViNTA3NWIzYzQzOWY3ZmVlYjU0YWYxZjEwZGE5MB4XDTIyMDEw
MTA2NTgzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDExNjY1ZjZkNGU4
MmFiMDFkYjBlMzIzNTZhODZiM2U4MDBiZDkwMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALMMLZGOixy5dVSuw79ijTOboSYmOgIyP0jFzdzzmqTwhF+y
5NoRU4I/lvxc7Ut4Si24Wh21/5YjDbQ0YTjSym3u0HTtked86GltKCXJga0iyN5v
AM9tTUzYSOgW/BVGLc9PUziqie1KoTNDeHA3PsnSOcrBoHdJygym6CHBMqS1BLqI
5SsIMKkEuJKNBbCmcVzbPVUqCXl/SF9lDLoO3eztlYb1gZ8N66IYGxETDzprQfyS
14fbfp18pxviU6T8cOFEYW+72K3Oh3Znqtn4PTpOcprXEht8BQ/0krKP+9w11a3L
Y0UCeL14oZeHKa0LlElaO84W9Z2Ur8KorCY6ae8CAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBQBFmX21OgqsB2w4yNWqGs+gAvZADAfBgNVHSMEGDAWgBQNPrpoc8W1B1s8
Q59/7rVK8fENqTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0RUNjZhSFBGdFFkYlBFT2ZmLTYxU3ZIeERhay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjEvMzM4M2YxLTA0MjgtNDY0Yi1iZDFlLTI3OTk4YmYxNzQ2NS8x
L0FSWmw5dFRvS3JBZHNPTWpWcWhyUG9BTDJRQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjEv
MzM4M2YxLTA0MjgtNDY0Yi1iZDFlLTI3OTk4YmYxNzQ2NS8xL0RUNjZhSFBGdFFk
YlBFT2ZmLTYxU3ZIeERhay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEBAWfYAMEAgX8HAMEAlvsxAMEA7LV
EAMEArkqpDANBgkqhkiG9w0BAQsFAAOCAQEAdBGlHbVZKPmESSfF0O4bP/5SzChF
IdEO5wHvd+ZtyFbw65q5E0aMbJ0AyKjAqU1ZJR/DqqzPyL/bTSxAFhY92K/ZEks4
6wBPJdpkgGEbJJu0w9c+IimlpdjUUTOlM2rzzkVG0Kojwt9Tuh4v3jmcSCkT8rqH
c1sW0ZOMIgtGPWc21t9wYqEuXXVSQ59Bf+PG6smBUt/mpc2BTDHA8jze8wle5/mg
ZsOWgppfsfV0egdi0+Ze9Xzv+OrjYHUg2k0KUw2pcTB/Uv+BcPaK2GgiGVj9+nZa
AHWJQyy68T2jjNgvxTBWcJbkT9hpwJJpDEJ3mKzs3xGt0dhv9wXCXMAfqA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:10 2024 by rpki-client on console-fra.rpki-client.org