Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/1-zcJ3-uvLWt2rtJK9VrSpY0WPgU.roa
File: 1-zcJ3-uvLWt2rtJK9VrSpY0WPgU.roa (raw, json)
Hash identifier: VskJhKO1I6f3fpMlROIHR/al90c/TLD5Vh1kEetam4E=
Subject key identifier: FB:37:09:DF:EB:AF:2D:6B:76:AE:D2:4A:F5:5A:D2:A5:8D:16:3E:05
Certificate issuer: /CN=7e2cb3d0a641769c7801c481612015c2ccb3b655
Certificate serial: 0183D5C9CFEAAD16C7FFA007D78185775A94
Authority key identifier: 7E:2C:B3:D0:A6:41:76:9C:78:01:C4:81:61:20:15:C2:CC:B3:B6:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiyz0KZBdpx4AcSBYSAVwsyztlU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/1-zcJ3-uvLWt2rtJK9VrSpY0WPgU.roa
Signing time: Fri 14 Oct 2022 09:18:36 +0000
ROA not before: Fri 14 Oct 2022 09:18:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212244
IP address blocks: 5.252.144.0/22 maxlen: 24
2a00:a401::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:d5:c9:cf:ea:ad:16:c7:ff:a0:07:d7:81:85:77:5a:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e2cb3d0a641769c7801c481612015c2ccb3b655
Validity
Not Before: Oct 14 09:18:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fb3709dfebaf2d6b76aed24af55ad2a58d163e05
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:44:f1:ad:7e:90:34:d1:49:d1:06:a6:b7:6a:
73:5a:70:b7:b4:54:ef:cf:34:b7:35:ed:1f:6a:bb:
de:b7:4d:21:a3:19:c7:56:6b:c4:ec:2f:d4:15:13:
ba:3e:b5:f1:2d:7a:9a:8d:d9:3b:03:67:f5:1a:32:
f3:1b:46:4c:7f:83:eb:44:39:bc:8d:c5:ce:ec:78:
9e:44:a2:be:57:ae:40:4e:93:19:28:38:06:f9:21:
b3:e4:91:f0:10:51:75:96:eb:72:5e:2f:2e:50:78:
fe:cb:6d:90:a8:10:ef:e6:30:d2:ec:92:8e:83:51:
05:b1:95:2d:8d:30:73:49:c3:df:d7:5f:5f:81:b2:
b5:6f:b9:b6:1e:d6:4b:dd:3f:9c:83:d0:f9:10:dd:
3c:c6:d9:d0:44:79:93:95:b2:36:de:94:32:c6:fc:
8f:97:4b:c3:41:10:be:c9:20:49:1e:9f:1e:9c:44:
ca:85:9c:4e:58:8c:fa:c1:9f:40:4c:ef:de:72:3b:
7a:30:8a:cd:4b:22:7b:bb:9f:9c:a1:c9:fb:69:14:
7d:65:3a:28:d0:95:bb:38:f4:b8:db:cc:85:1b:2c:
ee:4b:d9:18:2d:72:59:25:9d:18:44:da:3a:83:28:
eb:e4:8f:14:cf:72:a3:c2:8c:e3:87:cc:d1:14:43:
01:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:37:09:DF:EB:AF:2D:6B:76:AE:D2:4A:F5:5A:D2:A5:8D:16:3E:05
X509v3 Authority Key Identifier:
keyid:7E:2C:B3:D0:A6:41:76:9C:78:01:C4:81:61:20:15:C2:CC:B3:B6:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiyz0KZBdpx4AcSBYSAVwsyztlU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/1-zcJ3-uvLWt2rtJK9VrSpY0WPgU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/fiyz0KZBdpx4AcSBYSAVwsyztlU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.144.0/22
IPv6:
2a00:a401::/32
Signature Algorithm: sha256WithRSAEncryption
65:53:58:47:80:8f:dc:e4:23:29:3f:cb:3a:68:cf:b1:66:5e:
2f:f5:80:85:9a:e6:e8:b4:3e:58:b9:a8:28:1d:5e:1f:3b:fb:
f6:6e:c5:ea:37:39:79:0e:e5:1c:b0:65:f8:23:a0:85:59:d2:
d9:84:8d:a9:54:dc:d6:86:3a:f8:68:98:ee:aa:97:b8:5b:04:
ee:fb:52:11:a2:c3:1c:00:a6:54:2d:c2:f3:82:8f:4a:92:05:
c1:da:bc:73:36:11:2e:b1:42:eb:b9:17:99:f5:d4:d3:d2:de:
6d:9d:d9:45:1d:76:86:2d:4e:b7:63:a3:d4:39:da:06:ef:5b:
fc:de:88:af:91:5f:d7:80:6d:c4:00:73:38:f2:b2:20:95:11:
c8:a9:c8:67:65:cf:c7:52:d8:e9:93:35:0d:7c:d1:0b:82:fc:
6c:7a:e0:7b:48:df:f9:97:d8:4d:ca:cb:bc:c3:87:d1:31:60:
78:27:58:99:8d:3b:af:06:7e:97:5e:b3:fc:72:1c:f0:7a:81:
c2:df:34:f2:f3:8a:dd:99:db:84:0b:6b:80:b9:a7:60:cf:f5:
f6:3a:5f:4b:63:ed:0f:53:56:29:91:25:1e:c1:08:c7:1a:7b:
c3:e0:84:36:7d:4a:06:8e:bf:2e:3e:04:f2:ee:d5:14:ba:97:
29:76:ef:5e
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYPVyc/qrRbH/6AH14GFd1qUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmNiM2QwYTY0MTc2OWM3ODAxYzQ4MTYxMjAxNWMyY2Ni
M2I2NTUwHhcNMjIxMDE0MDkxODM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjM3MDlkZmViYWYyZDZiNzZhZWQyNGFmNTVhZDJhNThkMTYzZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgETxrX6QNNFJ0Qamt2pzWnC3tFTv
zzS3Ne0farvet00hoxnHVmvE7C/UFRO6PrXxLXqajdk7A2f1GjLzG0ZMf4PrRDm8
jcXO7HieRKK+V65ATpMZKDgG+SGz5JHwEFF1lutyXi8uUHj+y22QqBDv5jDS7JKO
g1EFsZUtjTBzScPf119fgbK1b7m2HtZL3T+cg9D5EN08xtnQRHmTlbI23pQyxvyP
l0vDQRC+ySBJHp8enETKhZxOWIz6wZ9ATO/ecjt6MIrNSyJ7u5+cocn7aRR9ZToo
0JW7OPS428yFGyzuS9kYLXJZJZ0YRNo6gyjr5I8Uz3Kjwozjh8zRFEMB6wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPs3Cd/rry1rdq7SSvVa0qWNFj4FMB8GA1UdIwQY
MBaAFH4ss9CmQXaceAHEgWEgFcLMs7ZVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZml5ejBLWkJkcHg0QWNTQllTQVZ3c3l6dGxVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MzFkZjEtMDlmNC00NzVjLWEwNDUt
ZjViYjI4NDNjODllLzEvMS16Y0ozLXV2TFd0MnJ0Sks5VnJTcFkwV1BnVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODQvNDMxZGYxLTA5ZjQtNDc1Yy1hMDQ1LWY1YmIyODQzYzg5
ZS8xL2ZpeXowS1pCZHB4NEFjU0JZU0FWd3N5enRsVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAgX8kDAN
BAIAAjAHAwUAKgCkATANBgkqhkiG9w0BAQsFAAOCAQEAZVNYR4CP3OQjKT/LOmjP
sWZeL/WAhZrm6LQ+WLmoKB1eHzv79m7F6jc5eQ7lHLBl+COghVnS2YSNqVTc1oY6
+GiY7qqXuFsE7vtSEaLDHACmVC3C84KPSpIFwdq8czYRLrFC67kXmfXU09LebZ3Z
RR12hi1Ot2Oj1DnaBu9b/N6Ir5Ff14BtxABzOPKyIJURyKnIZ2XPx1LY6ZM1DXzR
C4L8bHrge0jf+ZfYTcrLvMOH0TFgeCdYmY07rwZ+l16z/HIc8HqBwt808vOK3Znb
hAtrgLmnYM/19jpfS2PtD1NWKZElHsEIxxp7w+CENn1KBo6/Lj4E8u7VFLqXKXbv
Xg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:22 2024 by rpki-client on console-fra.rpki-client.org