Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/5u-SyRP9GUQDxbQkGoOlrWnPyFU.roa
File: 5u-SyRP9GUQDxbQkGoOlrWnPyFU.roa (raw, json)
Hash identifier: 8mtO2PerOAoZJLktKCbhBnHB6t2AoupDeKG/f5jRso0=
Subject key identifier: E6:EF:92:C9:13:FD:19:44:03:C5:B4:24:1A:83:A5:AD:69:CF:C8:55
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 01856D01C759C05EB40A75E4A3AC80C5BE1F
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/5u-SyRP9GUQDxbQkGoOlrWnPyFU.roa
Signing time: Sun 01 Jan 2023 11:05:11 +0000
ROA not before: Sun 01 Jan 2023 11:05:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29300
IP address blocks: 81.88.64.0/20 maxlen: 20
79.141.96.0/20 maxlen: 20
84.247.128.0/18 maxlen: 18
217.196.48.0/20 maxlen: 20
82.148.160.0/19 maxlen: 19
93.184.112.0/20 maxlen: 20
109.169.96.0/19 maxlen: 19
2a02:2828::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:01:c7:59:c0:5e:b4:0a:75:e4:a3:ac:80:c5:be:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: Jan 1 11:05:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e6ef92c913fd194403c5b4241a83a5ad69cfc855
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:85:13:2a:66:83:f7:64:e5:0d:88:a7:47:c8:
34:a8:8c:db:be:18:d3:b5:6c:46:61:10:e3:95:3d:
ff:c1:43:93:64:d0:df:d2:64:c2:fc:91:8f:b8:6a:
3f:a7:1a:7f:dc:81:62:da:a7:63:9e:2a:de:ea:75:
75:55:32:e4:df:fd:be:f4:6d:b3:39:fe:a3:3f:b8:
91:2c:00:ff:58:08:88:d8:19:f0:a6:43:cf:9b:64:
a1:a8:f2:25:5d:f7:20:26:a4:98:2d:df:02:5f:a5:
f7:0c:e6:66:5f:01:87:47:2d:f9:05:82:08:c7:1f:
75:23:7b:79:0a:af:75:fb:20:4b:7a:21:e1:49:3c:
f0:a7:b1:86:91:ed:82:96:d4:9d:79:70:4b:02:ce:
ea:9c:d3:38:c8:93:db:b2:fa:4b:26:0c:c5:10:5e:
1f:db:61:c0:e9:82:4f:fd:69:d6:cd:bb:35:17:18:
00:be:a6:e8:fd:54:60:1e:41:19:4b:d9:b5:fb:5c:
94:59:8c:d7:93:5a:8e:d8:59:01:23:94:ae:45:67:
fe:74:c1:54:26:9c:ab:22:e0:2d:bb:61:08:f8:02:
3a:59:44:e1:f6:29:79:54:94:b0:3e:a0:0a:69:10:
b7:aa:14:f4:10:4a:d0:54:d2:9d:3b:7a:f2:b2:2f:
6e:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:EF:92:C9:13:FD:19:44:03:C5:B4:24:1A:83:A5:AD:69:CF:C8:55
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/5u-SyRP9GUQDxbQkGoOlrWnPyFU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.141.96.0/20
81.88.64.0/20
82.148.160.0/19
84.247.128.0/18
93.184.112.0/20
109.169.96.0/19
217.196.48.0/20
IPv6:
2a02:2828::/32
Signature Algorithm: sha256WithRSAEncryption
6b:7e:a3:ce:d2:7f:e2:7e:52:b0:7b:c1:7d:fb:e4:2a:59:14:
11:cd:98:17:9a:01:44:8a:ab:c4:54:b0:2c:1e:8d:8b:3b:ae:
6a:ae:b0:7e:7c:32:6b:4b:5b:e3:5a:df:95:36:27:c5:2c:8d:
ef:1f:64:dd:2f:4c:55:57:a0:5b:7e:81:08:a8:0b:ba:12:91:
b6:27:82:26:0e:32:48:ec:0b:34:fa:47:cf:87:4c:40:5f:24:
2e:3c:f2:d0:b8:a3:24:f4:25:c9:f1:a3:eb:26:87:ad:59:59:
64:85:70:d4:72:22:be:7a:fd:c3:60:ac:c4:d3:89:19:e2:be:
87:d2:76:bf:26:d6:2e:48:0e:44:93:2f:b8:be:8a:2b:d3:ae:
6f:f1:18:54:68:11:e8:df:c5:c7:15:9c:34:30:90:08:dc:e1:
ca:40:8e:f3:03:a8:13:30:21:73:a2:e1:54:ac:05:0a:c4:31:
ac:c0:a2:5e:6b:bb:89:d1:af:e4:3b:2a:a4:2e:65:37:b5:e5:
fa:48:ea:f2:8f:e5:4e:58:08:a9:ac:71:b0:97:c5:b5:ba:3e:
3b:07:bf:44:2a:26:7b:d5:90:9a:68:12:0b:07:af:23:64:33:
85:57:2e:6f:f6:90:34:ae:21:6a:40:92:fd:43:1b:ee:96:20:
43:37:51:a4
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVtAcdZwF60CnXko6yAxb4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjMwMTAxMTEwNTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVmOTJjOTEzZmQxOTQ0MDNjNWI0MjQxYTgzYTVhZDY5Y2ZjODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoUTKmaD92TlDYinR8g0qIzbvhjT
tWxGYRDjlT3/wUOTZNDf0mTC/JGPuGo/pxp/3IFi2qdjnire6nV1VTLk3/2+9G2z
Of6jP7iRLAD/WAiI2BnwpkPPm2ShqPIlXfcgJqSYLd8CX6X3DOZmXwGHRy35BYII
xx91I3t5Cq91+yBLeiHhSTzwp7GGke2CltSdeXBLAs7qnNM4yJPbsvpLJgzFEF4f
22HA6YJP/WnWzbs1FxgAvqbo/VRgHkEZS9m1+1yUWYzXk1qO2FkBI5SuRWf+dMFU
JpyrIuAtu2EI+AI6WUTh9il5VJSwPqAKaRC3qhT0EErQVNKdO3rysi9urwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFObvkskT/RlEA8W0JBqDpa1pz8hVMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvNXUtU3lSUDlHVVFEeGJRa0dvT2xyV25QeUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQET41gAwQE
UVhAAwQFUpSgAwQGVPeAAwQEXbhwAwQFbalgAwQE2cQwMA0EAgACMAcDBQAqAigo
MA0GCSqGSIb3DQEBCwUAA4IBAQBrfqPO0n/iflKwe8F9++QqWRQRzZgXmgFEiqvE
VLAsHo2LO65qrrB+fDJrS1vjWt+VNifFLI3vH2TdL0xVV6BbfoEIqAu6EpG2J4Im
DjJI7As0+kfPh0xAXyQuPPLQuKMk9CXJ8aPrJoetWVlkhXDUciK+ev3DYKzE04kZ
4r6H0na/JtYuSA5Eky+4voor065v8RhUaBHo38XHFZw0MJAI3OHKQI7zA6gTMCFz
ouFUrAUKxDGswKJea7uJ0a/kOyqkLmU3teX6SOryj+VOWAiprHGwl8W1uj47B79E
KiZ71ZCaaBILB68jZDOFVy5v9pA0riFqQJL9QxvuliBDN1Gk
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:23 2024 by rpki-client on console-ams.rpki-client.org