Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5ZmK8iJmrmQ4ubjX7Al_qQFPtWY.roa
File: 5ZmK8iJmrmQ4ubjX7Al_qQFPtWY.roa (raw, json)
Hash identifier: evnNunRFx7OU2aqZBqbAec1OVUatB+sWIDpZ2LRExeQ=
Subject key identifier: E5:99:8A:F2:22:66:AE:64:38:B9:B8:D7:EC:09:7F:A9:01:4F:B5:66
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 018D13D7EE1B976A2CA2C962998D91FA343F
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5ZmK8iJmrmQ4ubjX7Al_qQFPtWY.roa
Signing time: Tue 16 Jan 2024 19:55:34 +0000
ROA not before: Tue 16 Jan 2024 19:55:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 2.56.112.0/24 maxlen: 24
2.56.113.0/24 maxlen: 24
5.183.128.0/24 maxlen: 24
185.218.1.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:ee:1b:97:6a:2c:a2:c9:62:99:8d:91:fa:34:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Jan 16 19:55:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e5998af22266ae6438b9b8d7ec097fa9014fb566
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a8:86:45:be:44:13:e3:29:45:0d:73:34:0a:
5f:03:d7:2e:55:88:a7:42:08:6a:74:a1:ce:7f:c0:
62:e6:52:be:12:de:39:bc:2c:cc:3e:ac:13:c5:28:
ad:59:ce:ba:10:22:e1:7b:f4:dc:2b:ab:09:d8:9a:
87:b0:75:73:8f:4f:63:db:ea:4e:b4:3b:a5:45:a9:
ad:b2:8c:12:88:1f:3b:d1:85:ca:2d:3d:d5:66:7b:
04:89:17:e3:df:9e:33:3c:43:b0:bf:6d:06:79:92:
72:9a:28:84:1a:2f:28:80:ad:b1:cd:a9:cb:df:39:
60:23:db:2b:b8:08:cd:54:0f:5b:9f:16:46:e1:3e:
85:62:d4:6c:89:d8:a1:51:76:12:55:14:a7:ed:10:
a7:7a:cc:b3:9a:8f:cb:f9:3e:af:15:df:99:84:0c:
21:22:2f:0b:28:a5:54:11:f8:d7:59:46:ef:23:b9:
8c:d6:41:4a:4e:03:3b:b0:50:9b:0d:cb:0e:d5:b2:
9b:71:79:7c:4d:5e:c9:b4:c1:cc:39:22:0d:a3:28:
d7:3b:13:6f:00:b1:c0:9e:b9:f0:40:7a:e7:53:ad:
d9:be:00:5c:97:1b:a1:2c:42:6d:4b:46:fa:08:f1:
7c:35:26:01:93:1a:b8:3b:2c:d5:e3:6e:81:2b:4f:
05:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:99:8A:F2:22:66:AE:64:38:B9:B8:D7:EC:09:7F:A9:01:4F:B5:66
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/5ZmK8iJmrmQ4ubjX7Al_qQFPtWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.112.0/23
5.183.128.0/24
185.218.1.0/24
Signature Algorithm: sha256WithRSAEncryption
79:72:0a:c0:fc:29:ee:8a:20:47:ce:a4:cb:75:8f:5c:0f:8e:
c0:80:9d:f4:87:0a:62:4f:51:f0:82:0c:19:4f:e4:7a:df:ef:
ab:c2:62:f3:49:5e:c0:d6:98:8e:56:ca:30:05:14:34:9a:24:
61:71:77:cd:03:89:f7:62:2f:94:0a:1b:06:e5:3a:b7:45:d3:
00:d5:77:b6:6e:e1:28:44:a8:f9:09:59:1e:62:a3:a1:f0:45:
3c:11:da:0a:ae:e8:98:bf:2e:70:86:18:ae:d7:2a:31:88:f6:
ef:00:10:e8:c4:78:10:7f:9b:a9:aa:9a:be:ac:fd:53:37:b7:
e8:28:f7:ac:84:71:6e:ad:dd:8e:5b:07:7b:72:a3:d1:8e:ad:
75:91:e0:14:9e:1f:04:7c:fb:ed:71:5a:4c:3d:80:18:b2:6a:
5a:43:b6:ea:21:9f:81:4e:45:d2:bb:28:ff:2a:11:d1:0f:7d:
c4:d1:2d:48:29:09:6d:a1:c3:3c:d9:12:8d:2c:3c:bd:b8:13:
11:2d:27:29:d7:ee:9b:8c:33:f8:7f:11:c3:5d:ca:f4:06:9a:
2a:b5:ed:ab:5c:ef:60:b9:50:be:80:bd:de:98:9d:4a:b7:c1:
37:71:c9:13:11:67:fe:f2:ae:c4:7b:b9:da:16:7a:b9:d4:ac:
cb:4b:d6:f9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0T1+4bl2ososlimY2R+jQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTk5OGFmMjIyNjZhZTY0MzhiOWI4ZDdlYzA5N2ZhOTAxNGZiNTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKiGRb5EE+MpRQ1zNApfA9cuVYin
QghqdKHOf8Bi5lK+Et45vCzMPqwTxSitWc66ECLhe/TcK6sJ2JqHsHVzj09j2+pO
tDulRamtsowSiB870YXKLT3VZnsEiRfj354zPEOwv20GeZJymiiEGi8ogK2xzanL
3zlgI9sruAjNVA9bnxZG4T6FYtRsidihUXYSVRSn7RCnesyzmo/L+T6vFd+ZhAwh
Ii8LKKVUEfjXWUbvI7mM1kFKTgM7sFCbDcsO1bKbcXl8TV7JtMHMOSINoyjXOxNv
ALHAnrnwQHrnU63ZvgBclxuhLEJtS0b6CPF8NSYBkxq4OyzV426BK08FXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOWZivIiZq5kOLm41+wJf6kBT7VmMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvNVptSzhpSm1ybVE0dWJqWDdBbF9xUUZQdFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBAjhwAwQA
BbeAAwQAudoBMA0GCSqGSIb3DQEBCwUAA4IBAQB5cgrA/CnuiiBHzqTLdY9cD47A
gJ30hwpiT1HwggwZT+R63++rwmLzSV7A1piOVsowBRQ0miRhcXfNA4n3Yi+UChsG
5Tq3RdMA1Xe2buEoRKj5CVkeYqOh8EU8EdoKruiYvy5whhiu1yoxiPbvABDoxHgQ
f5upqpq+rP1TN7foKPeshHFurd2OWwd7cqPRjq11keAUnh8EfPvtcVpMPYAYsmpa
Q7bqIZ+BTkXSuyj/KhHRD33E0S1IKQltocM82RKNLDy9uBMRLScp1+6bjDP4fxHD
Xcr0Bpoqte2rXO9guVC+gL3emJ1Kt8E3cckTEWf+8q7Ee7naFnq51KzLS9b5
-----END CERTIFICATE-----
Generated at Thu Feb 1 16:26:12 2024 by rpki-client on console-ams.rpki-client.org