Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/w36QVAbVpWgoX3RceMehCQ7PqZ8.roa
File: w36QVAbVpWgoX3RceMehCQ7PqZ8.roa (raw, json)
Hash identifier: ExSKRnYJCUVJz6AijfolB+dBvr7k64WyNYgvwiN2gNg=
Subject key identifier: C3:7E:90:54:06:D5:A5:68:28:5F:74:5C:78:C7:A1:09:0E:CF:A9:9F
Certificate issuer: /CN=0d3eba6873c5b5075b3c439f7feeb54af1f10da9
Certificate serial: 01828D829AEA3E89C934FC7B8B7CEE29E481
Authority key identifier: 0D:3E:BA:68:73:C5:B5:07:5B:3C:43:9F:7F:EE:B5:4A:F1:F1:0D:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DT66aHPFtQdbPEOff-61SvHxDak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/w36QVAbVpWgoX3RceMehCQ7PqZ8.roa
Signing time: Thu 11 Aug 2022 15:25:22 +0000
ROA not before: Thu 11 Aug 2022 15:25:22 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59508
IP address blocks: 5.159.96.0/22 maxlen: 22
5.159.96.0/20 maxlen: 24
5.159.97.0/24 maxlen: 24
5.159.104.0/21 maxlen: 21
5.252.28.0/22 maxlen: 22
5.252.28.0/23 maxlen: 23
2a09:4140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:8d:82:9a:ea:3e:89:c9:34:fc:7b:8b:7c:ee:29:e4:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d3eba6873c5b5075b3c439f7feeb54af1f10da9
Validity
Not Before: Aug 11 15:25:22 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c37e905406d5a568285f745c78c7a1090ecfa99f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:61:c4:d8:8e:ec:4b:b7:ed:e1:f3:0e:2e:28:
d4:7e:a9:33:53:96:15:a6:45:db:bb:d4:4b:6d:38:
15:43:a8:3f:88:e7:15:ce:b1:3c:66:c9:d5:41:8e:
cb:c6:b2:5b:22:22:1f:1c:3f:a4:c8:2f:d4:f5:17:
0e:52:ae:3e:1c:17:0d:1e:ac:78:54:5b:bb:6e:2d:
fc:e1:a0:fd:50:25:69:79:b9:1e:72:fd:94:3b:6b:
ec:27:64:22:71:07:0d:a2:32:d4:41:2d:a7:62:b3:
4e:48:30:12:da:3f:81:0a:bd:be:1d:8c:06:1a:97:
e9:5e:26:8d:96:54:82:f9:37:41:76:47:66:ea:7e:
ff:7c:30:bb:df:00:3c:07:da:68:4c:02:16:da:8c:
19:eb:3b:cc:96:b9:9d:d5:af:87:0d:d6:74:56:bf:
11:35:8f:77:97:b7:76:77:1f:77:75:45:b5:1c:f1:
9a:87:f6:f6:1c:54:37:fa:01:82:ba:c3:8c:5d:da:
4c:12:c0:90:1e:47:f7:02:51:9d:6f:2d:1e:62:99:
9f:3b:f5:a2:67:1b:6f:08:83:bb:4c:79:3d:ee:3a:
ad:11:c5:81:99:6d:24:50:21:d3:2e:13:54:2f:3d:
04:76:68:9e:79:f5:7f:8a:58:81:58:8a:15:fd:d0:
08:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:7E:90:54:06:D5:A5:68:28:5F:74:5C:78:C7:A1:09:0E:CF:A9:9F
X509v3 Authority Key Identifier:
keyid:0D:3E:BA:68:73:C5:B5:07:5B:3C:43:9F:7F:EE:B5:4A:F1:F1:0D:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DT66aHPFtQdbPEOff-61SvHxDak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/w36QVAbVpWgoX3RceMehCQ7PqZ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3383f1-0428-464b-bd1e-27998bf17465/1/DT66aHPFtQdbPEOff-61SvHxDak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.96.0/20
5.252.28.0/22
IPv6:
2a09:4140::/29
Signature Algorithm: sha256WithRSAEncryption
a4:98:27:49:f0:72:f7:00:65:e4:ae:71:c6:74:63:b2:45:04:
fa:a7:a1:27:78:87:13:45:40:41:e4:b1:86:da:04:c5:f1:15:
4e:11:36:47:be:dd:0c:09:c0:66:0b:2d:53:4e:11:3f:fc:9c:
f7:49:60:10:e0:4f:b3:0a:f9:22:a7:84:eb:05:f2:6c:fc:10:
c5:f2:0e:14:b9:1b:f5:5b:56:34:11:74:82:46:ab:13:8a:a4:
f3:d2:88:80:86:b9:f9:c9:05:56:30:47:09:5c:64:f1:ba:3d:
91:bd:a9:a6:90:2b:31:01:0a:84:8a:4e:68:87:88:cb:87:ee:
5b:74:97:b2:a3:4c:39:60:6d:55:8c:ea:51:f9:06:ec:e3:d3:
f7:63:c3:f8:d5:37:f0:27:26:c3:38:67:1d:f2:54:72:ea:d7:
de:76:36:23:06:f3:df:a9:91:29:70:51:f2:23:6d:e9:f6:74:
72:55:a1:af:c4:89:69:43:0d:e9:aa:cf:85:4b:52:5c:6b:0b:
7b:b5:ae:0d:25:74:dc:ea:c0:09:b1:1a:43:62:8f:80:1b:26:
3d:ce:31:5d:cb:e8:19:a1:00:e8:81:e9:1c:e7:da:b4:ea:f2:
48:8c:9f:14:a4:33:5e:e9:59:b5:71:0a:80:52:fc:92:c1:bb:
3d:5c:ca:b0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYKNgprqPonJNPx7i3zuKeSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkM2ViYTY4NzNjNWI1MDc1YjNjNDM5ZjdmZWViNTRhZjFm
MTBkYTkwHhcNMjIwODExMTUyNTIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzdlOTA1NDA2ZDVhNTY4Mjg1Zjc0NWM3OGM3YTEwOTBlY2ZhOTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2HE2I7sS7ft4fMOLijUfqkzU5YV
pkXbu9RLbTgVQ6g/iOcVzrE8ZsnVQY7LxrJbIiIfHD+kyC/U9RcOUq4+HBcNHqx4
VFu7bi384aD9UCVpebkecv2UO2vsJ2QicQcNojLUQS2nYrNOSDAS2j+BCr2+HYwG
GpfpXiaNllSC+TdBdkdm6n7/fDC73wA8B9poTAIW2owZ6zvMlrmd1a+HDdZ0Vr8R
NY93l7d2dx93dUW1HPGah/b2HFQ3+gGCusOMXdpMEsCQHkf3AlGdby0eYpmfO/Wi
ZxtvCIO7THk97jqtEcWBmW0kUCHTLhNULz0EdmieefV/iliBWIoV/dAI9QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMN+kFQG1aVoKF90XHjHoQkOz6mfMB8GA1UdIwQY
MBaAFA0+umhzxbUHWzxDn3/utUrx8Q2pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFQ2NmFIUEZ0UWRiUEVPZmYtNjFTdkh4RGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8zMzgzZjEtMDQyOC00NjRiLWJkMWUt
Mjc5OThiZjE3NDY1LzEvdzM2UVZBYlZwV2dvWDNSY2VNZWhDUTdQcVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8zMzgzZjEtMDQyOC00NjRiLWJkMWUtMjc5OThiZjE3NDY1
LzEvRFQ2NmFIUEZ0UWRiUEVPZmYtNjFTdkh4RGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEBZ9gAwQC
BfwcMA0EAgACMAcDBQMqCUFAMA0GCSqGSIb3DQEBCwUAA4IBAQCkmCdJ8HL3AGXk
rnHGdGOyRQT6p6EneIcTRUBB5LGG2gTF8RVOETZHvt0MCcBmCy1TThE//Jz3SWAQ
4E+zCvkip4TrBfJs/BDF8g4UuRv1W1Y0EXSCRqsTiqTz0oiAhrn5yQVWMEcJXGTx
uj2RvammkCsxAQqEik5oh4jLh+5bdJeyo0w5YG1VjOpR+Qbs49P3Y8P41TfwJybD
OGcd8lRy6tfedjYjBvPfqZEpcFHyI23p9nRyVaGvxIlpQw3pqs+FS1Jcawt7ta4N
JXTc6sAJsRpDYo+AGyY9zjFdy+gZoQDogekc59q06vJIjJ8UpDNe6Vm1cQqAUvyS
wbs9XMqw
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:26:16 2025 by rpki-client