Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/PA4LDnzHC-ShGCJF43lEDjgvFQE.roa
File: PA4LDnzHC-ShGCJF43lEDjgvFQE.roa (raw, json)
Hash identifier: 8lNC+A62/YaFBxIzvp3ILCxJjlA4/3oU7Gn8k3zoAR0=
Subject key identifier: 3C:0E:0B:0E:7C:C7:0B:E4:A1:18:22:45:E3:79:44:0E:38:2F:15:01
Certificate issuer: /CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Certificate serial: 0182352FD4A91199949ED18E573AF88A70CC
Authority key identifier: E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/PA4LDnzHC-ShGCJF43lEDjgvFQE.roa
Signing time: Mon 25 Jul 2022 11:48:23 +0000
ROA not before: Mon 25 Jul 2022 11:48:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 196977
IP address blocks: 5.153.184.0/21 maxlen: 21
5.153.190.0/24 maxlen: 24
5.153.190.0/23 maxlen: 24
5.153.191.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:35:2f:d4:a9:11:99:94:9e:d1:8e:57:3a:f8:8a:70:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Validity
Not Before: Jul 25 11:48:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3c0e0b0e7cc70be4a1182245e379440e382f1501
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:8a:78:cb:b0:90:85:12:fb:cf:7c:0a:65:d0:
a0:de:b6:1b:33:56:dc:26:d1:29:d3:1d:be:75:9e:
97:53:4b:2b:e3:4a:e2:84:51:48:b8:ee:23:85:b5:
50:e1:96:1c:52:00:31:43:24:e2:27:bb:4c:15:e1:
e7:d0:2a:02:78:f9:47:a3:cc:c3:ec:23:80:8c:b0:
d1:5c:5b:e1:4e:d7:d1:2f:90:b3:04:e9:2f:ee:86:
55:1a:b1:45:d1:40:2a:ce:ea:95:e9:28:e7:a4:4c:
62:da:e4:3d:33:84:82:7a:18:02:6d:1b:cb:c2:ae:
f0:8c:21:35:46:ae:de:c2:6c:e1:1b:9c:44:89:9b:
c0:35:5f:87:c2:6a:b7:40:57:4c:e2:48:7a:91:74:
2a:bc:e3:86:38:63:b5:d9:32:9c:11:fb:0f:ae:0a:
35:ad:c6:50:8a:92:0f:e9:28:bf:6e:c9:cb:d2:7d:
4c:1b:1a:1e:37:6d:c6:b9:2b:80:1c:a6:d2:7b:ed:
ef:e5:e8:5f:70:12:b0:23:b3:76:ae:d5:a6:bb:3c:
cf:26:69:fe:79:8b:9e:3f:4f:98:17:42:73:0f:20:
36:b7:58:c6:e5:49:99:9c:3d:e1:a9:19:6c:55:54:
6c:fb:bc:15:58:89:e6:25:92:4a:34:49:0f:de:f0:
39:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:0E:0B:0E:7C:C7:0B:E4:A1:18:22:45:E3:79:44:0E:38:2F:15:01
X509v3 Authority Key Identifier:
keyid:E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/PA4LDnzHC-ShGCJF43lEDjgvFQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.153.184.0/21
Signature Algorithm: sha256WithRSAEncryption
00:9b:b4:52:b7:fd:61:54:74:1d:42:fa:18:ac:12:ef:6b:18:
c3:e6:07:0c:84:f4:14:49:03:18:67:cc:be:de:50:0d:21:6b:
04:a5:82:ee:d3:5a:e7:62:d0:55:e7:d3:1d:68:af:13:f2:79:
f8:87:60:8a:4a:2e:47:ab:d4:0f:07:b8:f5:8a:79:e5:cc:f7:
9a:73:b6:ac:53:86:23:c4:37:e0:31:31:30:da:3a:51:95:49:
b6:a3:04:5e:18:34:a8:81:5c:fd:9d:49:17:c3:dc:7f:46:b9:
24:bf:98:8c:b1:ae:ad:64:18:4d:c0:a0:ba:ba:dc:c7:49:56:
1e:c5:f0:f5:f7:6d:77:4c:b5:00:b8:a4:b5:bc:eb:ba:0a:b7:
c9:76:cc:14:6b:12:a4:9c:5d:b5:88:ea:94:63:b0:17:cc:92:
fe:91:d1:08:6b:a6:04:09:b9:b0:98:a1:5d:ef:01:3b:54:a9:
fd:8c:ed:a6:b8:87:93:eb:f6:3f:62:52:63:d1:e1:09:9d:3f:
b7:27:82:d3:79:3e:7b:6a:59:69:2e:08:cc:48:4d:9c:97:f1:
96:5c:34:ba:b8:0a:d9:bd:12:a1:eb:42:19:9e:ae:2a:36:fa:
8e:47:95:c4:e2:ee:65:95:fa:19:c2:05:65:63:28:e0:51:a5:
08:be:3b:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYI1L9SpEZmUntGOVzr4inDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDc5OWFlMGVmZGQ5ODZkZGU3N2ZiMzVhZDBhMTA4MjNj
Yjk3MmYwHhcNMjIwNzI1MTE0ODIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzBlMGIwZTdjYzcwYmU0YTExODIyNDVlMzc5NDQwZTM4MmYxNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYp4y7CQhRL7z3wKZdCg3rYbM1bc
JtEp0x2+dZ6XU0sr40rihFFIuO4jhbVQ4ZYcUgAxQyTiJ7tMFeHn0CoCePlHo8zD
7COAjLDRXFvhTtfRL5CzBOkv7oZVGrFF0UAqzuqV6SjnpExi2uQ9M4SCehgCbRvL
wq7wjCE1Rq7ewmzhG5xEiZvANV+Hwmq3QFdM4kh6kXQqvOOGOGO12TKcEfsPrgo1
rcZQipIP6Si/bsnL0n1MGxoeN23GuSuAHKbSe+3v5ehfcBKwI7N2rtWmuzzPJmn+
eYueP0+YF0JzDyA2t1jG5UmZnD3hqRlsVVRs+7wVWInmJZJKNEkP3vA5fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwOCw58xwvkoRgiReN5RA44LxUBMB8GA1UdIwQY
MBaAFOfXma4O/dmG3ed/s1rQoQgjy5cvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMt
Mjg3OTM3OTQwZDdiLzEvUEE0TERuekhDLVNoR0NKRjQzbEVEamd2RlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMtMjg3OTM3OTQwZDdi
LzEvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBZm4MA0G
CSqGSIb3DQEBCwUAA4IBAQAAm7RSt/1hVHQdQvoYrBLvaxjD5gcMhPQUSQMYZ8y+
3lANIWsEpYLu01rnYtBV59MdaK8T8nn4h2CKSi5Hq9QPB7j1innlzPeac7asU4Yj
xDfgMTEw2jpRlUm2owReGDSogVz9nUkXw9x/Rrkkv5iMsa6tZBhNwKC6utzHSVYe
xfD19213TLUAuKS1vOu6CrfJdswUaxKknF21iOqUY7AXzJL+kdEIa6YECbmwmKFd
7wE7VKn9jO2muIeT6/Y/YlJj0eEJnT+3J4LTeT57allpLgjMSE2cl/GWXDS6uArZ
vRKh60IZnq4qNvqOR5XE4u5llfoZwgVlYyjgUaUIvjv6
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:50 2023 by rpki-client on console-ams.rpki-client.org