Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/pGGmSGo6Lvo4GXT-2axvLacpG-0.roa
File: pGGmSGo6Lvo4GXT-2axvLacpG-0.roa (raw, json)
Hash identifier: DTifHeJDIdc2rpph5ueQNDxWQIgKus7eJb6MOYOinzs=
Subject key identifier: A4:61:A6:48:6A:3A:2E:FA:38:19:74:FE:D9:AC:6F:2D:A7:29:1B:ED
Certificate issuer: /CN=0d3eba6873c5b5075b3c439f7feeb54af1f10da9
Certificate serial: 018281FD12E5026D9A03CBD622A3860EBC31
Authority key identifier: 0D:3E:BA:68:73:C5:B5:07:5B:3C:43:9F:7F:EE:B5:4A:F1:F1:0D:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DT66aHPFtQdbPEOff-61SvHxDak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/pGGmSGo6Lvo4GXT-2axvLacpG-0.roa
Signing time: Tue 09 Aug 2022 09:43:42 +0000
ROA not before: Tue 09 Aug 2022 09:43:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59508
IP address blocks: 5.159.96.0/22 maxlen: 22
5.159.96.0/20 maxlen: 24
5.159.97.0/24 maxlen: 24
5.159.104.0/21 maxlen: 21
5.252.28.0/22 maxlen: 22
5.252.28.0/23 maxlen: 23
178.213.16.0/21 maxlen: 21
91.236.196.0/22 maxlen: 22
91.236.197.0/24 maxlen: 24
91.236.198.0/24 maxlen: 24
91.236.199.0/24 maxlen: 24
185.42.164.0/22 maxlen: 22
2a09:4140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:81:fd:12:e5:02:6d:9a:03:cb:d6:22:a3:86:0e:bc:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d3eba6873c5b5075b3c439f7feeb54af1f10da9
Validity
Not Before: Aug 9 09:43:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a461a6486a3a2efa381974fed9ac6f2da7291bed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:f3:c9:ba:d8:08:6b:5e:58:7d:93:04:dc:10:
98:ee:07:7f:81:94:3d:de:8a:34:fb:c3:6b:bf:a9:
1b:b4:47:39:2a:c2:29:3b:3d:9a:c2:a7:90:8f:e7:
8e:bf:bc:0a:71:c7:39:d9:28:0c:3c:ce:7d:a4:9e:
f8:b8:38:95:3e:b8:fa:d1:16:19:d0:68:c1:de:ed:
99:7c:c9:52:4e:af:50:40:b2:42:cf:b6:e3:d8:56:
e5:29:ce:8b:44:74:ff:4f:db:09:bd:87:e3:59:2c:
ba:f2:8f:9c:8b:c6:80:5e:4b:27:74:40:aa:07:34:
e9:ff:5c:e7:a3:be:62:e5:e0:ca:61:bc:f4:47:8d:
bd:09:80:c6:ce:95:05:08:43:ea:5f:d3:fd:94:c7:
38:cf:4b:4a:2a:d0:1b:83:0b:2a:30:72:6b:04:4f:
30:6d:4f:8f:39:f2:90:54:59:a2:58:25:c1:99:4c:
16:3d:c3:12:4f:24:7c:c6:e1:16:4e:4b:72:db:4a:
0a:b9:6b:8c:de:63:50:bf:dc:f8:0c:2d:7f:d8:f0:
4f:60:a1:7f:44:db:7e:18:60:35:50:3e:c4:14:b7:
b9:de:54:e3:da:0e:bf:ee:60:af:9c:8c:f8:9b:94:
83:02:7d:2a:39:00:7f:ef:b9:4a:27:86:1a:e5:51:
b2:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:61:A6:48:6A:3A:2E:FA:38:19:74:FE:D9:AC:6F:2D:A7:29:1B:ED
X509v3 Authority Key Identifier:
keyid:0D:3E:BA:68:73:C5:B5:07:5B:3C:43:9F:7F:EE:B5:4A:F1:F1:0D:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DT66aHPFtQdbPEOff-61SvHxDak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/pGGmSGo6Lvo4GXT-2axvLacpG-0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/DT66aHPFtQdbPEOff-61SvHxDak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.96.0/20
5.252.28.0/22
91.236.196.0/22
178.213.16.0/21
185.42.164.0/22
IPv6:
2a09:4140::/29
Signature Algorithm: sha256WithRSAEncryption
bb:6e:c1:df:1d:6f:0b:7a:8d:c2:f5:b4:d2:e8:c3:ef:07:1b:
89:38:45:2d:c4:32:cc:92:ee:be:0a:31:b3:dc:b4:bb:03:b9:
37:fc:f3:97:04:2c:d0:8d:62:d7:29:9a:5f:48:95:5b:52:50:
a9:4a:ca:e1:b7:12:ef:0d:6c:ac:7e:0b:95:ad:83:24:d4:02:
66:15:75:1e:4c:e2:22:72:eb:f4:0c:aa:ff:44:c4:d7:2c:ba:
09:98:3c:e2:75:1e:2c:c9:4b:16:cc:87:25:f2:9f:8f:26:32:
99:a4:41:e9:d7:cc:98:04:9c:29:14:a8:a1:ec:30:1d:43:b9:
dd:1b:0c:39:b4:27:b5:82:e3:c3:8e:40:11:a9:0b:71:d6:b9:
4e:df:c4:fa:1e:65:9b:50:37:02:67:b3:f9:3b:a5:31:17:ca:
94:83:b9:bb:a6:a0:08:20:76:ab:41:6a:5d:4e:c7:91:f2:4d:
6b:91:27:4e:53:76:1f:27:4f:1b:9e:e8:ea:f3:2e:8e:36:cc:
df:f5:0a:80:f2:e7:48:f4:b8:b7:58:cd:85:1c:96:cf:c6:52:
b4:ae:a6:e3:7b:e1:49:70:3e:64:68:70:ab:44:6c:a0:76:e1:
27:8b:74:f8:0f:22:b0:7a:e0:2a:3e:52:af:59:d6:79:f3:88:
66:3a:06:ed
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYKB/RLlAm2aA8vWIqOGDrwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkM2ViYTY4NzNjNWI1MDc1YjNjNDM5ZjdmZWViNTRhZjFm
MTBkYTkwHhcNMjIwODA5MDk0MzQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDYxYTY0ODZhM2EyZWZhMzgxOTc0ZmVkOWFjNmYyZGE3MjkxYmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfPJutgIa15YfZME3BCY7gd/gZQ9
3oo0+8Nrv6kbtEc5KsIpOz2awqeQj+eOv7wKccc52SgMPM59pJ74uDiVPrj60RYZ
0GjB3u2ZfMlSTq9QQLJCz7bj2FblKc6LRHT/T9sJvYfjWSy68o+ci8aAXksndECq
BzTp/1zno75i5eDKYbz0R429CYDGzpUFCEPqX9P9lMc4z0tKKtAbgwsqMHJrBE8w
bU+POfKQVFmiWCXBmUwWPcMSTyR8xuEWTkty20oKuWuM3mNQv9z4DC1/2PBPYKF/
RNt+GGA1UD7EFLe53lTj2g6/7mCvnIz4m5SDAn0qOQB/77lKJ4Ya5VGyAwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKRhpkhqOi76OBl0/tmsby2nKRvtMB8GA1UdIwQY
MBaAFA0+umhzxbUHWzxDn3/utUrx8Q2pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFQ2NmFIUEZ0UWRiUEVPZmYtNjFTdkh4RGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8zMzgzZjEtMDQyOC00NjRiLWJkMWUt
Mjc5OThiZjE3NDY1LzEvcEdHbVNHbzZMdm80R1hULTJheHZMYWNwRy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8zMzgzZjEtMDQyOC00NjRiLWJkMWUtMjc5OThiZjE3NDY1
LzEvRFQ2NmFIUEZ0UWRiUEVPZmYtNjFTdkh4RGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQEBZ9gAwQC
BfwcAwQCW+zEAwQDstUQAwQCuSqkMA0EAgACMAcDBQMqCUFAMA0GCSqGSIb3DQEB
CwUAA4IBAQC7bsHfHW8Leo3C9bTS6MPvBxuJOEUtxDLMku6+CjGz3LS7A7k3/POX
BCzQjWLXKZpfSJVbUlCpSsrhtxLvDWysfguVrYMk1AJmFXUeTOIicuv0DKr/RMTX
LLoJmDzidR4syUsWzIcl8p+PJjKZpEHp18yYBJwpFKih7DAdQ7ndGww5tCe1guPD
jkARqQtx1rlO38T6HmWbUDcCZ7P5O6UxF8qUg7m7pqAIIHarQWpdTseR8k1rkSdO
U3YfJ08bnujq8y6ONszf9QqA8udI9Li3WM2FHJbPxlK0rqbje+FJcD5kaHCrRGyg
duEni3T4DyKweuAqPlKvWdZ584hmOgbt
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:10 2024 by rpki-client on console-fra.rpki-client.org