Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/pjh5LMtk2_2yXuLv5WSeFbCPWfc.roa
File: pjh5LMtk2_2yXuLv5WSeFbCPWfc.roa (raw, json)
Hash identifier: xoxb7Wm3TAzTh4C9WAYrVGnBvvIqLu4/+AEOSnN9MmA=
Subject key identifier: A6:38:79:2C:CB:64:DB:FD:B2:5E:E2:EF:E5:64:9E:15:B0:8F:59:F7
Certificate issuer: /CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Certificate serial: 0183561F88E86F2983F452126973F470DBD0
Authority key identifier: E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/pjh5LMtk2_2yXuLv5WSeFbCPWfc.roa
Signing time: Mon 19 Sep 2022 14:20:50 +0000
ROA not before: Mon 19 Sep 2022 14:20:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41039
IP address blocks: 5.153.128.0/18 maxlen: 24
92.242.96.0/19 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:56:1f:88:e8:6f:29:83:f4:52:12:69:73:f4:70:db:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7d799ae0efdd986dde77fb35ad0a10823cb972f
Validity
Not Before: Sep 19 14:20:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a638792ccb64dbfdb25ee2efe5649e15b08f59f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:f8:47:c5:75:41:08:09:0f:2c:ff:c2:f6:df:
b4:ac:66:42:bf:46:2c:89:54:76:16:d0:26:5a:4e:
2f:a5:74:80:83:1d:90:51:a5:9c:cb:6a:6e:cb:49:
cb:f2:57:53:bd:fd:94:e3:e0:41:67:4c:26:6b:46:
07:22:39:74:00:77:cd:1c:88:03:49:92:39:d5:cd:
dd:1f:95:0b:3d:ac:fc:79:e6:99:2c:15:9c:98:e1:
ef:76:27:d5:4e:4c:ee:42:30:da:b4:6d:be:e5:05:
5d:96:6c:df:c4:1f:ad:25:05:ff:9e:ed:bc:59:e5:
f5:d6:a4:61:2d:8c:f6:80:df:8f:24:9e:cd:cd:9a:
c3:48:a4:eb:6c:b5:66:66:a5:f0:36:89:e8:15:e2:
70:27:f7:95:d4:e5:46:2e:a9:c8:d3:a5:e0:89:28:
d7:cb:bb:76:c1:ac:c0:96:4f:ae:50:b7:99:16:16:
9a:65:cf:ad:dd:3e:88:09:94:c2:c4:30:78:57:24:
c3:bf:6a:ea:f4:81:8f:c8:e0:0e:3d:ab:d0:bc:44:
d0:e6:ec:88:a3:1e:81:e9:4c:88:8b:8a:92:ea:34:
4d:4c:4c:74:17:68:3c:c0:66:52:c7:3f:1a:85:5c:
30:d4:90:26:f7:43:2a:ca:ff:2a:9f:31:fd:a4:e2:
a8:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:38:79:2C:CB:64:DB:FD:B2:5E:E2:EF:E5:64:9E:15:B0:8F:59:F7
X509v3 Authority Key Identifier:
keyid:E7:D7:99:AE:0E:FD:D9:86:DD:E7:7F:B3:5A:D0:A1:08:23:CB:97:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59eZrg792Ybd53-zWtChCCPLly8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/pjh5LMtk2_2yXuLv5WSeFbCPWfc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/79/11081b-4ef9-4e2f-8153-287937940d7b/1/59eZrg792Ybd53-zWtChCCPLly8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.153.128.0/18
92.242.96.0/19
Signature Algorithm: sha256WithRSAEncryption
37:59:ec:7e:3f:37:10:f0:3b:6a:f1:c0:d2:0e:0b:21:ff:b9:
02:41:48:ab:91:f1:f8:2b:39:32:fc:76:34:c8:61:3a:30:a1:
83:05:30:3f:cb:15:77:31:ef:4a:00:cc:67:46:d6:cc:57:8e:
40:52:c2:57:5e:cb:72:aa:bf:71:f6:5d:b6:44:83:a4:7a:00:
d4:77:6f:79:c8:fc:8d:22:8b:9b:36:51:dc:cf:e6:95:81:a0:
93:a1:02:82:69:2d:a5:82:b0:b0:e2:94:b6:25:91:7a:58:21:
b8:56:c6:ab:f8:15:b8:2c:c2:2b:9e:30:76:3e:8d:f0:1f:e7:
b4:10:33:c9:da:6b:25:64:e4:ba:cd:24:ad:84:d0:df:69:5d:
69:a9:36:c9:69:27:bf:7f:cc:24:5a:65:94:5d:de:2f:38:78:
f3:21:80:88:c3:eb:6a:09:8d:71:f4:34:cb:eb:f7:9b:fd:bb:
4e:8b:7b:c9:fa:0d:be:57:5a:37:a3:96:b0:6d:2b:b0:50:25:
46:78:86:a5:92:9f:ce:68:1d:00:30:4f:52:53:95:cd:96:bb:
0b:02:99:27:73:e4:75:b3:0e:0e:e1:19:dc:03:47:13:bc:0b:
0b:1c:3a:01:95:28:df:96:c9:bf:9c:3e:de:40:ff:e4:32:1c:
0a:12:58:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYNWH4jobymD9FISaXP0cNvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDc5OWFlMGVmZGQ5ODZkZGU3N2ZiMzVhZDBhMTA4MjNj
Yjk3MmYwHhcNMjIwOTE5MTQyMDUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjM4NzkyY2NiNjRkYmZkYjI1ZWUyZWZlNTY0OWUxNWIwOGY1OWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPhHxXVBCAkPLP/C9t+0rGZCv0Ys
iVR2FtAmWk4vpXSAgx2QUaWcy2puy0nL8ldTvf2U4+BBZ0wma0YHIjl0AHfNHIgD
SZI51c3dH5ULPaz8eeaZLBWcmOHvdifVTkzuQjDatG2+5QVdlmzfxB+tJQX/nu28
WeX11qRhLYz2gN+PJJ7NzZrDSKTrbLVmZqXwNonoFeJwJ/eV1OVGLqnI06XgiSjX
y7t2wazAlk+uULeZFhaaZc+t3T6ICZTCxDB4VyTDv2rq9IGPyOAOPavQvETQ5uyI
ox6B6UyIi4qS6jRNTEx0F2g8wGZSxz8ahVww1JAm90Mqyv8qnzH9pOKoGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKY4eSzLZNv9sl7i7+VknhWwj1n3MB8GA1UdIwQY
MBaAFOfXma4O/dmG3ed/s1rQoQgjy5cvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMt
Mjg3OTM3OTQwZDdiLzEvcGpoNUxNdGsyXzJ5WHVMdjVXU2VGYkNQV2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8xMTA4MWItNGVmOS00ZTJmLTgxNTMtMjg3OTM3OTQwZDdi
LzEvNTllWnJnNzkyWWJkNTMteld0Q2hDQ1BMbHk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGBZmAAwQF
XPJgMA0GCSqGSIb3DQEBCwUAA4IBAQA3Wex+PzcQ8Dtq8cDSDgsh/7kCQUirkfH4
Kzky/HY0yGE6MKGDBTA/yxV3Me9KAMxnRtbMV45AUsJXXstyqr9x9l22RIOkegDU
d295yPyNIoubNlHcz+aVgaCToQKCaS2lgrCw4pS2JZF6WCG4Vsar+BW4LMIrnjB2
Po3wH+e0EDPJ2mslZOS6zSSthNDfaV1pqTbJaSe/f8wkWmWUXd4vOHjzIYCIw+tq
CY1x9DTL6/eb/btOi3vJ+g2+V1o3o5awbSuwUCVGeIalkp/OaB0AME9SU5XNlrsL
Apknc+R1sw4O4RncA0cTvAsLHDoBlSjflsm/nD7eQP/kMhwKEljj
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:37:02 2025 by rpki-client