Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/be0715-3bb2-44f4-bbf6-240698fbddff/1/uy0AR2b778WCjF5PQp0FvSlBtrM.roa
File: uy0AR2b778WCjF5PQp0FvSlBtrM.roa (raw, json)
Hash identifier: 6FjxJ5SbhKgZQ8rweI387eloTj+gkEobV11w61VI2U8=
Subject key identifier: BB:2D:00:47:66:FB:EF:C5:82:8C:5E:4F:42:9D:05:BD:29:41:B6:B3
Certificate issuer: /CN=5ac3e2bdb63296d5f0f3afe95bd1545117a5b149
Certificate serial: 01856D540436B25A3AA1CCCEBBA3BDE98E5D
Authority key identifier: 5A:C3:E2:BD:B6:32:96:D5:F0:F3:AF:E9:5B:D1:54:51:17:A5:B1:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WsPivbYyltXw86_pW9FUURelsUk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/be0715-3bb2-44f4-bbf6-240698fbddff/1/uy0AR2b778WCjF5PQp0FvSlBtrM.roa
Signing time: Sun 01 Jan 2023 12:35:00 +0000
ROA not before: Sun 01 Jan 2023 12:35:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5400
IP address blocks: 192.109.52.0/24 maxlen: 24
2a0c:8480::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:54:04:36:b2:5a:3a:a1:cc:ce:bb:a3:bd:e9:8e:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ac3e2bdb63296d5f0f3afe95bd1545117a5b149
Validity
Not Before: Jan 1 12:35:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bb2d004766fbefc5828c5e4f429d05bd2941b6b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:e2:47:13:0d:87:5f:de:1a:5d:b1:10:21:d1:
4d:7e:66:2d:ae:b4:ef:06:68:6d:1a:2c:52:99:aa:
52:6f:4a:6a:93:9b:fd:2a:61:f5:b6:4d:57:de:bd:
3d:a1:42:a0:01:03:cf:17:e8:2b:b6:ad:48:3e:41:
8a:b6:91:6a:fd:95:82:ec:7e:2c:27:16:89:ac:68:
af:a6:ea:0d:8f:e9:8f:07:4a:2a:62:42:7f:e5:7d:
b6:0f:73:d1:11:27:5d:7f:e5:08:9a:14:f9:5a:66:
18:c0:ce:93:c7:84:25:14:b4:62:a0:4b:0f:66:f8:
cc:8d:49:a8:3f:b2:f6:30:0d:cd:3c:24:88:0f:22:
69:38:c9:e9:5a:59:db:88:e3:90:ec:09:4e:7f:0f:
94:64:ea:96:73:48:23:8a:86:78:5d:68:35:91:10:
ce:43:95:39:fb:a1:be:92:bc:ef:05:9d:33:98:72:
3f:c5:c1:d8:14:c6:80:72:da:6a:0c:d7:0b:d5:de:
c4:e3:6e:cf:d3:1b:01:dd:86:12:57:fc:2d:1f:01:
80:48:97:61:fa:36:83:c3:72:7d:0f:f3:41:80:b7:
e4:27:1d:bd:ec:dd:99:02:25:10:0b:7a:60:b0:67:
7c:18:cf:18:7d:c5:f3:f7:3c:3d:08:d2:7a:98:49:
d0:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:2D:00:47:66:FB:EF:C5:82:8C:5E:4F:42:9D:05:BD:29:41:B6:B3
X509v3 Authority Key Identifier:
keyid:5A:C3:E2:BD:B6:32:96:D5:F0:F3:AF:E9:5B:D1:54:51:17:A5:B1:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WsPivbYyltXw86_pW9FUURelsUk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/be0715-3bb2-44f4-bbf6-240698fbddff/1/uy0AR2b778WCjF5PQp0FvSlBtrM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/be0715-3bb2-44f4-bbf6-240698fbddff/1/WsPivbYyltXw86_pW9FUURelsUk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.109.52.0/24
IPv6:
2a0c:8480::/30
Signature Algorithm: sha256WithRSAEncryption
01:ef:e9:0a:f0:b0:b9:a3:96:07:6d:9a:d6:6e:4d:cb:aa:4c:
4a:00:6a:22:50:c1:f7:6a:f4:e9:b7:6c:ab:d5:2b:67:e8:8e:
80:7b:90:41:6a:38:95:32:7b:04:ed:0e:87:49:9d:d4:87:a0:
89:0d:80:98:8b:a8:8c:bd:29:79:36:54:02:27:8e:d3:0a:b1:
ad:3b:89:7d:56:b4:b6:5d:1a:6c:db:06:88:8a:27:27:44:95:
a6:89:ed:c8:f9:f2:8d:2a:a9:de:2e:f1:10:31:ff:66:c8:f5:
dc:41:b3:19:4a:f7:1b:0b:ef:ea:2d:fc:0b:88:59:60:6a:11:
37:63:d5:5e:3e:ec:e1:be:f2:e8:0f:94:f1:8b:33:61:4f:41:
05:36:e5:04:aa:33:53:23:e6:b0:58:36:1b:5f:4c:c3:64:cf:
16:91:a6:de:a3:88:12:65:b1:bd:b1:76:8b:f8:4c:6a:f9:51:
74:93:32:0d:93:85:8b:8d:b6:80:3d:b3:5b:9b:91:12:0c:fe:
ee:6f:bd:19:c5:a4:06:d0:0f:27:1c:a9:d7:d0:19:46:aa:4f:
bc:78:f5:c4:07:7c:4e:3f:29:8a:40:d9:c4:81:0b:a3:ef:cc:
bb:12:52:16:89:a9:54:c3:24:94:55:e9:96:31:02:01:d8:cb:
ad:dc:94:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtVAQ2slo6oczOu6O96Y5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYzNlMmJkYjYzMjk2ZDVmMGYzYWZlOTViZDE1NDUxMTdh
NWIxNDkwHhcNMjMwMTAxMTIzNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjJkMDA0NzY2ZmJlZmM1ODI4YzVlNGY0MjlkMDViZDI5NDFiNmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuJHEw2HX94aXbEQIdFNfmYtrrTv
BmhtGixSmapSb0pqk5v9KmH1tk1X3r09oUKgAQPPF+grtq1IPkGKtpFq/ZWC7H4s
JxaJrGivpuoNj+mPB0oqYkJ/5X22D3PRESddf+UImhT5WmYYwM6Tx4QlFLRioEsP
ZvjMjUmoP7L2MA3NPCSIDyJpOMnpWlnbiOOQ7AlOfw+UZOqWc0gjioZ4XWg1kRDO
Q5U5+6G+krzvBZ0zmHI/xcHYFMaActpqDNcL1d7E427P0xsB3YYSV/wtHwGASJdh
+jaDw3J9D/NBgLfkJx297N2ZAiUQC3pgsGd8GM8YfcXz9zw9CNJ6mEnQKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLstAEdm++/FgoxeT0KdBb0pQbazMB8GA1UdIwQY
MBaAFFrD4r22MpbV8POv6VvRVFEXpbFJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3NQaXZiWXlsdFh3ODZfcFc5RlVVUmVsc1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iZTA3MTUtM2JiMi00NGY0LWJiZjYt
MjQwNjk4ZmJkZGZmLzEvdXkwQVIyYjc3OFdDakY1UFFwMEZ2U2xCdHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iZTA3MTUtM2JiMi00NGY0LWJiZjYtMjQwNjk4ZmJkZGZm
LzEvV3NQaXZiWXlsdFh3ODZfcFc5RlVVUmVsc1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwG00MA0E
AgACMAcDBQIqDISAMA0GCSqGSIb3DQEBCwUAA4IBAQAB7+kK8LC5o5YHbZrWbk3L
qkxKAGoiUMH3avTpt2yr1Stn6I6Ae5BBajiVMnsE7Q6HSZ3Uh6CJDYCYi6iMvSl5
NlQCJ47TCrGtO4l9VrS2XRps2waIiicnRJWmie3I+fKNKqneLvEQMf9myPXcQbMZ
SvcbC+/qLfwLiFlgahE3Y9VePuzhvvLoD5TxizNhT0EFNuUEqjNTI+awWDYbX0zD
ZM8Wkabeo4gSZbG9sXaL+Exq+VF0kzINk4WLjbaAPbNbm5ESDP7ub70ZxaQG0A8n
HKnX0BlGqk+8ePXEB3xOPymKQNnEgQuj78y7ElIWialUwySUVemWMQIB2Mut3JSV
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:12 2024 by rpki-client on console-ams.rpki-client.org