Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/h5efq6BkEnKxYH6lUyr4bFXLFC0.roa
File: h5efq6BkEnKxYH6lUyr4bFXLFC0.roa (raw, json)
Hash identifier: 9x+CodDb0/szNUFXby6QUSmaaSlUsUocv1/AugNppds=
Subject key identifier: 87:97:9F:AB:A0:64:12:72:B1:60:7E:A5:53:2A:F8:6C:55:CB:14:2D
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 0181CE8FF0679A98A958AF4763362A787C43
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/h5efq6BkEnKxYH6lUyr4bFXLFC0.roa
Signing time: Tue 05 Jul 2022 13:32:28 +0000
ROA not before: Tue 05 Jul 2022 13:32:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49598
IP address blocks: 5.183.153.0/24 maxlen: 24
45.136.146.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:ce:8f:f0:67:9a:98:a9:58:af:47:63:36:2a:78:7c:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Jul 5 13:32:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=87979faba0641272b1607ea5532af86c55cb142d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:30:f4:85:d1:a0:f2:9f:b3:1f:5a:64:da:c2:
a0:10:1a:56:dc:df:18:5e:be:cf:3b:1b:2b:2b:f5:
de:b5:29:46:4f:ed:80:6f:b0:1f:15:f8:10:ea:b6:
98:7f:79:d9:ca:f8:ac:f6:52:60:3e:d1:68:8f:4f:
41:b5:6d:d1:f6:fb:1a:88:18:b6:13:e7:0c:2e:42:
91:d7:f4:b3:0a:02:cd:82:8d:8e:98:5c:ed:4e:16:
bc:e9:2b:cf:cd:57:d2:2f:12:1c:af:e9:f6:f3:94:
48:92:45:14:4f:fd:7d:2d:76:97:7a:c0:8a:1b:72:
2f:4e:9b:f6:35:fb:e4:0b:fd:2b:c9:b7:d6:43:cb:
be:76:12:48:17:92:c5:85:f3:2a:70:47:10:43:d9:
bb:32:65:19:77:3d:27:2d:b8:dd:da:55:b9:85:75:
e2:20:fb:0a:17:78:6d:f1:df:f0:7b:1e:c4:85:91:
d5:67:f2:4c:af:ac:c8:e4:c4:bc:4f:6f:75:24:cd:
78:f2:2c:d2:d0:83:c8:af:34:4e:25:4d:8d:9b:30:
fa:3e:a6:9d:9c:53:5a:b9:ab:f6:93:54:94:f2:bf:
f5:9e:2f:ef:cc:d9:ac:23:56:41:b5:fb:02:d6:80:
d5:77:6a:cc:2f:59:ad:7e:7b:00:f8:f6:47:7a:12:
8c:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:97:9F:AB:A0:64:12:72:B1:60:7E:A5:53:2A:F8:6C:55:CB:14:2D
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/h5efq6BkEnKxYH6lUyr4bFXLFC0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.183.153.0/24
45.136.146.0/24
Signature Algorithm: sha256WithRSAEncryption
05:73:28:b1:3d:7d:6f:c1:98:44:ec:6c:bc:f1:74:5d:39:45:
48:9c:66:31:13:57:12:f7:fe:7c:28:be:08:13:94:cb:26:95:
0a:27:29:3f:96:9d:a3:39:a9:b5:b4:c9:15:f5:cb:9d:e2:46:
9a:5b:e2:40:8e:03:2e:dd:e0:30:e8:e7:3c:a0:45:a6:5b:41:
39:c0:45:9e:d1:79:39:5c:1d:77:88:c6:75:0d:e0:f7:51:e9:
f6:c4:4b:29:6a:63:6c:6a:37:83:b6:a5:d8:92:7e:c5:6d:09:
26:3e:e7:54:9e:c5:ce:53:66:f3:15:37:19:b5:5c:36:81:5f:
34:43:b8:d0:52:55:04:8d:15:3e:41:55:55:d4:ac:13:9f:ec:
90:2b:ed:6b:12:bc:f8:1d:ad:03:42:22:29:30:8c:90:96:ae:
fd:ad:d9:bf:a1:c1:47:57:5c:7d:e8:de:ad:86:5c:89:d0:80:
58:c5:e1:4d:87:ab:e0:36:eb:06:03:e0:5d:cc:65:f0:33:e9:
49:df:a2:aa:e4:ab:5b:45:20:c4:65:ce:15:c5:98:4a:ac:48:
16:45:53:dd:e2:57:c0:8a:04:2e:f7:10:4b:76:4b:73:b5:6d:
71:b4:34:91:2a:5f:03:af:1a:bd:30:32:92:f3:1a:b9:bc:06:
6b:61:aa:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYHOj/BnmpipWK9HYzYqeHxDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjIwNzA1MTMzMjI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzk3OWZhYmEwNjQxMjcyYjE2MDdlYTU1MzJhZjg2YzU1Y2IxNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDD0hdGg8p+zH1pk2sKgEBpW3N8Y
Xr7POxsrK/XetSlGT+2Ab7AfFfgQ6raYf3nZyvis9lJgPtFoj09BtW3R9vsaiBi2
E+cMLkKR1/SzCgLNgo2OmFztTha86SvPzVfSLxIcr+n285RIkkUUT/19LXaXesCK
G3IvTpv2NfvkC/0rybfWQ8u+dhJIF5LFhfMqcEcQQ9m7MmUZdz0nLbjd2lW5hXXi
IPsKF3ht8d/wex7EhZHVZ/JMr6zI5MS8T291JM148izS0IPIrzROJU2NmzD6Pqad
nFNauav2k1SU8r/1ni/vzNmsI1ZBtfsC1oDVd2rML1mtfnsA+PZHehKMFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIeXn6ugZBJysWB+pVMq+GxVyxQtMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvaDVlZnE2QmtFbkt4WUg2bFV5cjRiRlhMRkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbeZAwQA
LYiSMA0GCSqGSIb3DQEBCwUAA4IBAQAFcyixPX1vwZhE7Gy88XRdOUVInGYxE1cS
9/58KL4IE5TLJpUKJyk/lp2jOam1tMkV9cud4kaaW+JAjgMu3eAw6Oc8oEWmW0E5
wEWe0Xk5XB13iMZ1DeD3Uen2xEspamNsajeDtqXYkn7FbQkmPudUnsXOU2bzFTcZ
tVw2gV80Q7jQUlUEjRU+QVVV1KwTn+yQK+1rErz4Ha0DQiIpMIyQlq79rdm/ocFH
V1x96N6thlyJ0IBYxeFNh6vgNusGA+BdzGXwM+lJ36Kq5KtbRSDEZc4VxZhKrEgW
RVPd4lfAigQu9xBLdktztW1xtDSRKl8Drxq9MDKS8xq5vAZrYapA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org