Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/oN0ehURJrG9b-QSOMepPb5WxruQ.roa
File: oN0ehURJrG9b-QSOMepPb5WxruQ.roa (raw, json)
Hash identifier: +Ly+GKquQH+/hFIjF5aUzseCmA7zjE4K3/iknCfh81o=
Subject key identifier: A0:DD:1E:85:44:49:AC:6F:5B:F9:04:8E:31:EA:4F:6F:95:B1:AE:E4
Certificate issuer: /CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Certificate serial: 0183561F88126AE9222A01C49739F31F3125
Authority key identifier: E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/oN0ehURJrG9b-QSOMepPb5WxruQ.roa
Signing time: Mon 19 Sep 2022 14:20:50 +0000
ROA not before: Mon 19 Sep 2022 14:20:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3261
IP address blocks: 5.153.128.0/18 maxlen: 24
92.242.96.0/19 maxlen: 32
92.242.98.0/24 maxlen: 24
2a02:300::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:56:1f:88:12:6a:e9:22:2a:01:c4:97:39:f3:1f:31:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Validity
Not Before: Sep 19 14:20:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a0dd1e854449ac6f5bf9048e31ea4f6f95b1aee4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:0b:48:4d:e6:0c:f0:a8:12:38:73:46:25:84:
8f:70:33:b0:59:a7:f8:1a:16:a7:be:60:18:04:af:
44:58:75:93:b7:b0:87:c4:a3:2d:b3:e0:4c:9e:fc:
f3:b4:c2:4f:8d:f5:c8:0e:84:3d:fc:10:51:2b:71:
5b:0e:df:c8:34:f9:cb:c1:ab:2f:c8:31:bd:87:a6:
a1:76:74:ca:9f:0f:b6:be:ff:10:f7:f9:b9:46:a2:
9b:13:b1:d7:50:35:26:da:97:83:ca:2a:68:aa:cb:
8c:28:9b:71:9b:e8:ed:03:5d:80:28:e1:1f:96:43:
9b:9c:97:42:96:ee:6d:3b:3c:15:cd:53:f8:d2:cb:
ad:18:02:fe:bf:ae:da:3f:ce:b7:79:d4:93:87:e4:
e8:0f:85:70:b4:21:66:5a:73:2c:c2:46:80:18:bc:
5b:71:f2:b9:88:32:b5:03:6b:ca:27:f2:00:f7:0b:
31:9c:50:67:fb:01:fd:71:fb:37:a2:c5:87:30:88:
63:9d:5a:e3:90:d7:81:d1:e2:1f:e4:f5:ae:80:cb:
0d:40:7c:1b:e0:4b:43:b6:c3:2e:1e:ea:46:63:15:
f1:a0:25:c7:a0:75:d7:64:c5:ac:38:87:f8:be:33:
68:c9:7d:33:59:1e:23:fc:9e:fa:72:7d:36:74:fe:
f6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:DD:1E:85:44:49:AC:6F:5B:F9:04:8E:31:EA:4F:6F:95:B1:AE:E4
X509v3 Authority Key Identifier:
keyid:E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/oN0ehURJrG9b-QSOMepPb5WxruQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.153.128.0/18
92.242.96.0/19
IPv6:
2a02:300::/32
Signature Algorithm: sha256WithRSAEncryption
06:99:7c:c7:dd:5b:3a:7d:ab:4a:32:b6:0c:f3:85:b5:06:ea:
f8:34:f9:5a:02:04:8d:ca:f2:48:87:a1:37:fd:f9:b6:7c:d7:
1d:e9:dd:90:ef:ee:47:ea:8a:76:dc:19:06:cc:8e:4e:6e:01:
42:be:57:28:24:f7:29:2a:40:02:f8:8a:cc:5d:a7:d6:32:bd:
7f:10:8f:26:f3:dc:1f:95:9f:b8:92:f3:6e:e8:44:f3:3f:ec:
cf:22:6c:0d:15:fe:30:7a:f2:b9:19:73:6e:7b:b9:22:79:f4:
c9:e1:84:b8:7a:e0:0a:9c:d7:7b:c6:39:dc:2d:20:43:3e:b1:
ce:5f:a0:a8:dd:59:0e:19:f0:0f:e0:d9:b9:06:22:92:32:ea:
a5:b4:18:d3:d9:09:64:e9:30:12:98:71:72:26:12:da:1c:83:
28:e8:7c:53:e0:c1:a4:15:2a:f7:0c:bd:76:9a:d0:69:f3:e7:
a4:25:9e:74:fa:6e:7a:bc:62:45:ff:5c:b6:c7:40:55:0b:bf:
c7:60:72:b3:7a:bf:71:86:50:78:0f:40:e2:f1:7e:0b:63:c5:
0a:89:20:a6:11:71:33:d3:8c:05:2d:83:b0:51:dc:b6:6e:32:
48:67:58:5e:5f:dc:8d:42:17:f2:0c:38:b2:06:31:ca:c2:45:
67:1a:3c:ce
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYNWH4gSaukiKgHElznzHzElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDc5OWFlMGVmZGQ5ODZkZGU3N2ZiMzVhZDBhMTA4MjNj
Yjk3MmYwHhcNMjIwOTE5MTQyMDUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGRkMWU4NTQ0NDlhYzZmNWJmOTA0OGUzMWVhNGY2Zjk1YjFhZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgtITeYM8KgSOHNGJYSPcDOwWaf4
GhanvmAYBK9EWHWTt7CHxKMts+BMnvzztMJPjfXIDoQ9/BBRK3FbDt/INPnLwasv
yDG9h6ahdnTKnw+2vv8Q9/m5RqKbE7HXUDUm2peDyipoqsuMKJtxm+jtA12AKOEf
lkObnJdClu5tOzwVzVP40sutGAL+v67aP863edSTh+ToD4VwtCFmWnMswkaAGLxb
cfK5iDK1A2vKJ/IA9wsxnFBn+wH9cfs3osWHMIhjnVrjkNeB0eIf5PWugMsNQHwb
4EtDtsMuHupGYxXxoCXHoHXXZMWsOIf4vjNoyX0zWR4j/J76cn02dP72sQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKDdHoVESaxvW/kEjjHqT2+Vsa7kMB8GA1UdIwQY
MBaAFOfXma4O/dmG3ed/s1rQoQgjy5cvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMt
Mjg3OTM3OTQwZDdiLzEvb04wZWhVUkpyRzliLVFTT01lcFBiNVd4cnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMtMjg3OTM3OTQwZDdi
LzEvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGBZmAAwQF
XPJgMA0EAgACMAcDBQAqAgMAMA0GCSqGSIb3DQEBCwUAA4IBAQAGmXzH3Vs6fatK
MrYM84W1Bur4NPlaAgSNyvJIh6E3/fm2fNcd6d2Q7+5H6op23BkGzI5ObgFCvlco
JPcpKkAC+IrMXafWMr1/EI8m89wflZ+4kvNu6ETzP+zPImwNFf4wevK5GXNue7ki
efTJ4YS4euAKnNd7xjncLSBDPrHOX6Co3VkOGfAP4Nm5BiKSMuqltBjT2Qlk6TAS
mHFyJhLaHIMo6HxT4MGkFSr3DL12mtBp8+ekJZ50+m56vGJF/1y2x0BVC7/HYHKz
er9xhlB4D0Di8X4LY8UKiSCmEXEz04wFLYOwUdy2bjJIZ1heX9yNQhfyDDiyBjHK
wkVnGjzO
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:07 2025 by rpki-client