Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/Ouwa1QHgxSB3SFd9jW_jcIAN_04.roa
File: Ouwa1QHgxSB3SFd9jW_jcIAN_04.roa (raw, json)
Hash identifier: NpDPEdNtqWXW1A3nwvD6rJAz1fwCCBwpmqW86+Cb5Bk=
Subject key identifier: 3A:EC:1A:D5:01:E0:C5:20:77:48:57:7D:8D:6F:E3:70:80:0D:FF:4E
Certificate issuer: /CN=7e2cb3d0a641769c7801c481612015c2ccb3b655
Certificate serial: 01856CEF3A1C3BB1CE7005391486CDF327DF
Authority key identifier: 7E:2C:B3:D0:A6:41:76:9C:78:01:C4:81:61:20:15:C2:CC:B3:B6:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiyz0KZBdpx4AcSBYSAVwsyztlU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/Ouwa1QHgxSB3SFd9jW_jcIAN_04.roa
Signing time: Sun 01 Jan 2023 10:44:55 +0000
ROA not before: Sun 01 Jan 2023 10:44:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212244
IP address blocks: 5.252.144.0/22 maxlen: 24
2a00:a401::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ef:3a:1c:3b:b1:ce:70:05:39:14:86:cd:f3:27:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e2cb3d0a641769c7801c481612015c2ccb3b655
Validity
Not Before: Jan 1 10:44:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3aec1ad501e0c5207748577d8d6fe370800dff4e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:17:7b:5a:6c:a3:50:b8:da:4a:33:2a:a5:66:
87:75:49:39:88:06:9d:26:e6:9f:d5:75:12:51:8b:
b2:da:4e:fa:1f:0a:87:c1:80:8e:d3:32:c6:5f:25:
96:b0:c8:c1:c5:99:98:b6:f9:43:d5:64:d5:97:d7:
00:3d:d5:c0:a0:6c:f4:01:57:c0:f4:e4:4f:fc:91:
51:fc:7d:10:5f:fe:5a:27:ce:a1:ee:e1:90:66:a7:
1a:1e:b9:d6:7e:57:ec:3c:7e:af:33:66:12:2c:22:
06:cd:66:17:ff:cc:94:f4:e1:c3:b4:bd:aa:53:b4:
8f:ac:96:68:d9:61:bb:89:52:92:02:60:88:79:53:
92:a7:92:f2:e9:d5:c7:48:23:40:80:c7:46:ba:04:
61:5e:32:07:ae:ce:7b:91:16:b4:38:2b:7c:2c:62:
f8:6b:8b:79:1e:f0:7f:71:be:43:0d:82:b7:bd:93:
57:1f:94:6b:c6:26:6d:0c:06:a7:04:36:b2:91:cc:
71:00:5e:0c:fc:28:36:40:ec:8f:96:ca:15:2d:62:
c5:00:e9:f8:e8:79:00:98:b2:79:4c:a3:c0:c7:c2:
a3:dd:30:45:9b:fc:20:f9:c6:97:b5:12:9f:6f:2e:
45:42:fb:02:1c:3a:ae:e6:e4:f6:e4:f8:80:e1:68:
81:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:EC:1A:D5:01:E0:C5:20:77:48:57:7D:8D:6F:E3:70:80:0D:FF:4E
X509v3 Authority Key Identifier:
keyid:7E:2C:B3:D0:A6:41:76:9C:78:01:C4:81:61:20:15:C2:CC:B3:B6:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiyz0KZBdpx4AcSBYSAVwsyztlU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/Ouwa1QHgxSB3SFd9jW_jcIAN_04.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/431df1-09f4-475c-a045-f5bb2843c89e/1/fiyz0KZBdpx4AcSBYSAVwsyztlU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.144.0/22
IPv6:
2a00:a401::/32
Signature Algorithm: sha256WithRSAEncryption
bd:e9:dd:ba:88:df:81:00:e8:44:56:5f:2e:fc:38:e0:a1:70:
0e:09:76:0e:a2:15:6d:21:c1:3f:ed:a0:80:81:21:c4:cf:08:
42:20:9f:3e:e5:c6:b2:ca:08:20:96:30:84:36:24:bd:57:35:
b2:bf:6f:32:cc:e3:69:c9:d6:09:e7:63:e3:a9:20:f9:ad:f9:
ac:63:18:18:08:44:11:01:6e:67:81:07:4d:65:38:81:60:af:
3c:59:4a:eb:ff:1c:d9:28:2c:fa:f6:94:1a:32:0e:a5:fc:96:
22:ef:42:1f:19:22:bc:a5:d6:cf:52:13:46:01:5b:6f:8a:c5:
bb:df:40:b9:8b:d5:5b:48:20:47:49:9e:c8:2e:0f:20:6c:cd:
71:84:58:8d:df:ca:47:64:69:b7:8d:98:5f:6a:b3:4b:fd:27:
27:c1:8d:77:b5:5b:3d:9e:c7:dd:70:f4:ec:4e:a0:c4:0e:88:
c0:87:08:82:2d:99:3f:e2:41:e3:0e:96:81:ac:71:a9:9d:64:
d2:d8:ab:c1:78:e3:a2:d9:4d:0b:ea:8e:a5:9b:60:a0:6d:29:
e8:97:26:3a:92:b1:3a:0d:26:3e:9d:8d:d4:3b:85:d3:61:3c:
a0:99:75:fe:31:c9:ad:86:6b:7a:b2:44:1a:87:eb:a3:60:84:
f6:c8:93:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVs7zocO7HOcAU5FIbN8yffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmNiM2QwYTY0MTc2OWM3ODAxYzQ4MTYxMjAxNWMyY2Ni
M2I2NTUwHhcNMjMwMTAxMTA0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWVjMWFkNTAxZTBjNTIwNzc0ODU3N2Q4ZDZmZTM3MDgwMGRmZjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRd7WmyjULjaSjMqpWaHdUk5iAad
Juaf1XUSUYuy2k76HwqHwYCO0zLGXyWWsMjBxZmYtvlD1WTVl9cAPdXAoGz0AVfA
9ORP/JFR/H0QX/5aJ86h7uGQZqcaHrnWflfsPH6vM2YSLCIGzWYX/8yU9OHDtL2q
U7SPrJZo2WG7iVKSAmCIeVOSp5Ly6dXHSCNAgMdGugRhXjIHrs57kRa0OCt8LGL4
a4t5HvB/cb5DDYK3vZNXH5RrxiZtDAanBDaykcxxAF4M/Cg2QOyPlsoVLWLFAOn4
6HkAmLJ5TKPAx8Kj3TBFm/wg+caXtRKfby5FQvsCHDqu5uT25PiA4WiBmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDrsGtUB4MUgd0hXfY1v43CADf9OMB8GA1UdIwQY
MBaAFH4ss9CmQXaceAHEgWEgFcLMs7ZVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZml5ejBLWkJkcHg0QWNTQllTQVZ3c3l6dGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MzFkZjEtMDlmNC00NzVjLWEwNDUt
ZjViYjI4NDNjODllLzEvT3V3YTFRSGd4U0IzU0ZkOWpXX2pjSUFOXzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MzFkZjEtMDlmNC00NzVjLWEwNDUtZjViYjI4NDNjODll
LzEvZml5ejBLWkJkcHg0QWNTQllTQVZ3c3l6dGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCBfyQMA0E
AgACMAcDBQAqAKQBMA0GCSqGSIb3DQEBCwUAA4IBAQC96d26iN+BAOhEVl8u/Djg
oXAOCXYOohVtIcE/7aCAgSHEzwhCIJ8+5cayygggljCENiS9VzWyv28yzONpydYJ
52PjqSD5rfmsYxgYCEQRAW5ngQdNZTiBYK88WUrr/xzZKCz69pQaMg6l/JYi70If
GSK8pdbPUhNGAVtvisW730C5i9VbSCBHSZ7ILg8gbM1xhFiN38pHZGm3jZhfarNL
/ScnwY13tVs9nsfdcPTsTqDEDojAhwiCLZk/4kHjDpaBrHGpnWTS2KvBeOOi2U0L
6o6lm2CgbSnolyY6krE6DSY+nY3UO4XTYTygmXX+Mcmthmt6skQah+ujYIT2yJMV
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:22 2024 by rpki-client on console-fra.rpki-client.org