Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/IKz867LUPvZlE0EmlgGBPoaxh2M.roa
File: IKz867LUPvZlE0EmlgGBPoaxh2M.roa (raw, json)
Hash identifier: zZWdm/uhh2fSpOybG9Pe7Z86w4rPhEzNYXEBSB8SPpQ=
Subject key identifier: 20:AC:FC:EB:B2:D4:3E:F6:65:13:41:26:96:01:81:3E:86:B1:87:63
Certificate issuer: /CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Certificate serial: 6C68C9
Authority key identifier: 77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/IKz867LUPvZlE0EmlgGBPoaxh2M.roa
Signing time: Sat 01 Jan 2022 01:57:17 +0000
ROA not before: Sat 01 Jan 2022 01:57:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 199026
IP address blocks: 5.152.128.0/23 maxlen: 23
5.152.130.0/23 maxlen: 23
5.152.144.0/22 maxlen: 22
5.152.148.0/24 maxlen: 24
5.152.154.0/23 maxlen: 23
5.152.156.0/23 maxlen: 23
5.152.158.0/24 maxlen: 24
5.152.159.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7104713 (0x6c68c9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Validity
Not Before: Jan 1 01:57:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=20acfcebb2d43ef6651341269601813e86b18763
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:53:08:14:e1:91:f0:ba:58:53:50:08:46:2c:
e4:08:2e:37:0f:fe:80:3e:d9:ab:1b:c1:ee:31:5c:
7f:23:93:a2:51:a8:20:1f:58:8d:fa:19:4b:91:03:
ee:97:69:df:f2:a0:61:9f:81:b2:5c:88:cf:3b:2b:
b4:54:d2:f1:62:d8:ad:03:4a:40:10:9c:74:de:55:
0c:44:d3:79:2f:2d:e9:79:f5:58:47:32:bf:9f:39:
6e:7e:67:01:34:41:ca:63:56:6f:64:a2:fc:cc:31:
37:f0:1a:65:3a:08:ef:25:25:0e:d1:40:44:8b:8e:
15:c4:ec:24:4a:87:d7:9c:68:a1:c0:58:de:d2:13:
f8:fd:24:ae:b9:0d:b3:83:4b:c8:b0:d4:00:e6:df:
22:29:a9:f5:1e:56:ed:02:23:ef:ee:60:fb:7e:98:
f5:4d:1e:0c:8e:26:ac:31:e9:6e:f2:03:56:63:3c:
0e:50:2d:32:47:da:26:85:f6:14:3e:2f:eb:98:5a:
5e:5a:6f:1b:bf:c2:a5:23:f1:14:9e:88:cd:3c:4f:
b3:91:2f:7a:0c:d2:05:aa:4e:48:fe:80:8c:76:83:
01:67:81:b7:f4:76:e1:45:f9:a8:e8:0d:5a:77:c1:
92:c0:f1:ed:df:37:42:fe:24:f6:1c:7f:eb:38:3d:
6f:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:AC:FC:EB:B2:D4:3E:F6:65:13:41:26:96:01:81:3E:86:B1:87:63
X509v3 Authority Key Identifier:
keyid:77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/IKz867LUPvZlE0EmlgGBPoaxh2M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.128.0/22
5.152.144.0-5.152.148.255
5.152.154.0-5.152.159.255
Signature Algorithm: sha256WithRSAEncryption
6a:0e:ed:5d:e0:21:19:2f:cc:43:4a:e5:b0:0c:82:91:a6:6a:
5c:b4:3f:58:34:3e:66:40:11:79:55:de:06:d3:23:f3:cf:a9:
6e:3a:0e:78:5d:86:80:34:4a:a3:7e:71:ac:4b:c2:4e:2d:71:
cd:38:ce:fa:a2:9f:ad:cf:5a:94:b8:57:36:58:be:bc:b8:c9:
0f:6f:9b:b3:38:50:9e:0e:5f:35:1a:29:6a:a8:da:f5:77:06:
11:da:7d:4a:60:38:43:68:d5:1e:5e:16:5f:8d:db:59:f1:8d:
36:0b:c2:16:20:a1:c9:79:6e:bc:cc:f5:32:bb:c6:12:43:9f:
02:7d:5c:e0:cb:60:b1:25:11:aa:10:82:76:2b:16:7d:82:a7:
76:f9:09:dc:91:0b:bf:89:03:72:b3:54:60:af:38:0a:03:cc:
ac:51:19:c5:10:9f:fb:cc:eb:96:fd:71:38:b2:21:f9:b0:65:
3c:5d:16:c9:1f:d7:da:97:55:66:03:cd:f3:cf:3b:46:e7:8d:
6d:5b:c4:7c:17:3a:7c:05:f0:b8:cd:56:db:97:18:05:34:37:
98:0a:89:b8:33:68:92:94:51:b3:d2:2f:6e:fd:c7:06:92:00:
4b:ca:f5:f0:27:f8:a6:9f:6f:59:a6:ac:b4:35:10:4c:a7:d3:
9a:47:6a:e1
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIDbGjJMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDc3
ZjhlN2ZiZDRhYjY5NTA3ZmIxZmUzNTc5YWYzNDNhNTY2MzkwODYwHhcNMjIwMTAx
MDE1NzE3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyMGFjZmNlYmIyZDQz
ZWY2NjUxMzQxMjY5NjAxODEzZTg2YjE4NzYzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEApVMIFOGR8LpYU1AIRizkCC43D/6APtmrG8HuMVx/I5OiUagg
H1iN+hlLkQPul2nf8qBhn4GyXIjPOyu0VNLxYtitA0pAEJx03lUMRNN5Ly3pefVY
RzK/nzlufmcBNEHKY1ZvZKL8zDE38BplOgjvJSUO0UBEi44VxOwkSofXnGihwFje
0hP4/SSuuQ2zg0vIsNQA5t8iKan1HlbtAiPv7mD7fpj1TR4MjiasMelu8gNWYzwO
UC0yR9omhfYUPi/rmFpeWm8bv8KlI/EUnojNPE+zkS96DNIFqk5I/oCMdoMBZ4G3
9HbhRfmo6A1ad8GSwPHt3zdC/iT2HH/rOD1vvwIDAQABo4ICJTCCAiEwHQYDVR0O
BBYEFCCs/Ouy1D72ZRNBJpYBgT6GsYdjMB8GA1UdIwQYMBaAFHf45/vUq2lQf7H+
NXmvNDpWY5CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
ZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1NjgtNzdmNmU5NGUzZGNjLzEv
SUt6ODY3TFVQdlpsRTBFbWxnR0JQb2F4aDJNLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82
YzI3MzYtYWIwMi00ODk3LTk1NjgtNzdmNmU5NGUzZGNjLzEvZF9qbi05U3JhVkJf
c2Y0MWVhODBPbFpqa0lZLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDsG
CCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQCBZiAMAwDBAQFmJADBAAFmJQwDAME
AQWYmgMEBQWYgDANBgkqhkiG9w0BAQsFAAOCAQEAag7tXeAhGS/MQ0rlsAyCkaZq
XLQ/WDQ+ZkAReVXeBtMj88+pbjoOeF2GgDRKo35xrEvCTi1xzTjO+qKfrc9alLhX
Nli+vLjJD2+bszhQng5fNRopaqja9XcGEdp9SmA4Q2jVHl4WX43bWfGNNgvCFiCh
yXluvMz1MrvGEkOfAn1c4MtgsSURqhCCdisWfYKndvkJ3JELv4kDcrNUYK84CgPM
rFEZxRCf+8zrlv1xOLIh+bBlPF0WyR/X2pdVZgPN8887RueNbVvEfBc6fAXwuM1W
25cYBTQ3mAqJuDNokpRRs9Ivbv3HBpIAS8r18Cf4pp9vWaastDUQTKfTmkdq4Q==
-----END CERTIFICATE-----
Generated at Wed Apr 23 01:52:12 2025 by rpki-client