Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/kEiMo5CZ7ikIr08quGrY4k_uruY.roa
File: kEiMo5CZ7ikIr08quGrY4k_uruY.roa (raw, json)
Hash identifier: oopW+SUEiz7jq0ZBQCVAAHoDrumm4kr6IfewUWCeMjc=
Subject key identifier: 90:48:8C:A3:90:99:EE:29:08:AF:4F:2A:B8:6A:D8:E2:4F:EE:AE:E6
Certificate issuer: /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial: 019362BA8133363430557F4D011BD88B9A2F
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/kEiMo5CZ7ikIr08quGrY4k_uruY.roa
Signing time: Mon 25 Nov 2024 09:50:10 +0000
ROA not before: Mon 25 Nov 2024 09:50:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198154
IP address blocks: 5.160.135.0/24 maxlen: 24
5.160.144.0/24 maxlen: 24
5.160.145.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:62:ba:81:33:36:34:30:55:7f:4d:01:1b:d8:8b:9a:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Validity
Not Before: Nov 25 09:50:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=90488ca39099ee2908af4f2ab86ad8e24feeaee6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:f5:e0:62:00:e4:0d:67:95:d2:9f:09:08:fc:
7d:19:ac:d8:9d:58:09:f0:05:68:39:1d:b6:b2:b2:
85:23:0f:a3:b2:ad:b3:45:93:e0:d9:72:61:d7:71:
a4:f1:1b:1b:b0:7f:12:9f:d9:25:61:f2:52:6d:b5:
10:81:e4:8c:e0:b2:36:88:75:df:87:43:ab:87:fc:
fb:df:e6:4c:7c:44:35:50:2e:65:12:75:26:a2:9e:
c8:f5:9e:d9:92:f7:1f:9b:b9:ba:9f:54:f0:7d:e0:
2d:fe:cc:f7:0a:4c:ce:46:b6:72:09:69:b8:3a:4f:
0a:20:5f:ee:51:94:f1:1c:b1:44:2b:a7:b1:b3:04:
bc:0a:b2:1f:58:50:1b:b5:5a:72:71:d6:2d:dd:11:
bb:d1:3e:9b:66:10:41:91:cd:0a:59:6c:1e:61:38:
9f:43:30:78:8f:1b:bb:84:50:6b:a1:93:34:5e:ce:
5c:13:10:12:f4:3a:ed:63:60:10:df:ff:a0:12:ec:
bc:8a:47:a3:27:ca:4f:03:6b:22:98:3e:77:25:18:
d5:5d:1e:05:a6:23:a3:38:34:6f:cf:22:e6:c5:59:
c8:19:85:fc:ab:db:04:b9:aa:ed:b4:5a:3a:31:11:
d3:ec:28:86:8b:8f:a2:f6:a2:91:67:f8:85:31:af:
55:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:48:8C:A3:90:99:EE:29:08:AF:4F:2A:B8:6A:D8:E2:4F:EE:AE:E6
X509v3 Authority Key Identifier:
keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/kEiMo5CZ7ikIr08quGrY4k_uruY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.160.135.0/24
5.160.144.0/23
Signature Algorithm: sha256WithRSAEncryption
87:05:26:31:8f:07:67:cf:21:28:ba:9f:96:ee:64:70:31:5d:
3c:57:38:f8:82:c1:18:81:50:6b:8e:81:39:6a:00:d0:65:07:
02:a6:b8:48:1f:75:0e:5b:3a:ef:aa:38:0a:5e:56:80:80:4a:
fe:06:05:e1:70:0c:24:3b:ec:d6:ff:39:39:a4:06:e1:9b:49:
27:28:19:ea:fd:39:c3:84:06:db:1e:d3:fe:95:67:ba:c1:f7:
a6:ee:e3:27:5b:50:e9:7a:49:c6:f7:ca:bf:11:ff:a6:26:82:
f2:42:8d:81:4e:2d:5f:77:65:c0:42:75:e1:9a:04:c5:11:56:
49:6f:43:e6:59:de:f4:e2:cb:64:c8:2a:35:b4:c6:89:e8:61:
e2:21:9a:5d:3f:17:ec:a1:72:a7:52:9a:6b:f8:74:fc:95:71:
90:1c:63:d9:35:e5:6f:0c:79:85:3f:e5:cf:3f:e3:41:7d:24:
1d:0d:d5:73:a1:18:7b:fe:65:f8:05:70:a3:ca:79:92:92:c0:
c1:58:44:b6:ac:b0:53:ab:09:9b:9d:bb:53:18:b4:74:30:25:
46:1d:87:e9:51:6d:13:8d:03:91:fd:18:e2:10:28:4b:e4:44:
5b:7e:03:ad:61:54:fc:6d:af:a4:41:f0:bf:3f:c1:65:01:bc:
25:3b:91:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNiuoEzNjQwVX9NARvYi5ovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQxMTI1MDk1MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQ4OGNhMzkwOTllZTI5MDhhZjRmMmFiODZhZDhlMjRmZWVhZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfXgYgDkDWeV0p8JCPx9GazYnVgJ
8AVoOR22srKFIw+jsq2zRZPg2XJh13Gk8RsbsH8Sn9klYfJSbbUQgeSM4LI2iHXf
h0Orh/z73+ZMfEQ1UC5lEnUmop7I9Z7Zkvcfm7m6n1TwfeAt/sz3CkzORrZyCWm4
Ok8KIF/uUZTxHLFEK6exswS8CrIfWFAbtVpycdYt3RG70T6bZhBBkc0KWWweYTif
QzB4jxu7hFBroZM0Xs5cExAS9DrtY2AQ3/+gEuy8ikejJ8pPA2simD53JRjVXR4F
piOjODRvzyLmxVnIGYX8q9sEuarttFo6MRHT7CiGi4+i9qKRZ/iFMa9VrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJBIjKOQme4pCK9PKrhq2OJP7q7mMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEva0VpTW81Q1o3aWtJcjA4cXVHclk0a191cnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABaCHAwQB
BaCQMA0GCSqGSIb3DQEBCwUAA4IBAQCHBSYxjwdnzyEoup+W7mRwMV08Vzj4gsEY
gVBrjoE5agDQZQcCprhIH3UOWzrvqjgKXlaAgEr+BgXhcAwkO+zW/zk5pAbhm0kn
KBnq/TnDhAbbHtP+lWe6wfem7uMnW1DpeknG98q/Ef+mJoLyQo2BTi1fd2XAQnXh
mgTFEVZJb0PmWd704stkyCo1tMaJ6GHiIZpdPxfsoXKnUppr+HT8lXGQHGPZNeVv
DHmFP+XPP+NBfSQdDdVzoRh7/mX4BXCjynmSksDBWES2rLBTqwmbnbtTGLR0MCVG
HYfpUW0TjQOR/RjiEChL5ERbfgOtYVT8ba+kQfC/P8FlAbwlO5EV
-----END CERTIFICATE-----
Generated at Sun Apr 20 18:12:25 2025 by rpki-client