Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/091bd0-2f67-47ce-ae17-d68c57db4cae/1/OM55C8TY3A-1DYE_k4qYuYBL4DY.roa
File: OM55C8TY3A-1DYE_k4qYuYBL4DY.roa (raw, json)
Hash identifier: TB0fQRZUHwtodh1uVz0vjRaZu6k2qaThO2bKX29NyIE=
Subject key identifier: 38:CE:79:0B:C4:D8:DC:0F:B5:0D:81:3F:93:8A:98:B9:80:4B:E0:36
Certificate issuer: /CN=9e1ac369c9456914a12e02dffc8dd79974eb1ef8
Certificate serial: 01856E01B6E00FBCB2523BBFB80030DB48AC
Authority key identifier: 9E:1A:C3:69:C9:45:69:14:A1:2E:02:DF:FC:8D:D7:99:74:EB:1E:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nhrDaclFaRShLgLf_I3XmXTrHvg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/091bd0-2f67-47ce-ae17-d68c57db4cae/1/OM55C8TY3A-1DYE_k4qYuYBL4DY.roa
Signing time: Sun 01 Jan 2023 15:44:44 +0000
ROA not before: Sun 01 Jan 2023 15:44:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205806
IP address blocks: 156.67.152.0/22 maxlen: 22
156.67.152.0/21 maxlen: 21
156.67.148.0/22 maxlen: 22
156.67.156.0/22 maxlen: 22
156.67.144.0/21 maxlen: 21
156.67.144.0/22 maxlen: 22
156.67.144.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:01:b6:e0:0f:bc:b2:52:3b:bf:b8:00:30:db:48:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e1ac369c9456914a12e02dffc8dd79974eb1ef8
Validity
Not Before: Jan 1 15:44:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=38ce790bc4d8dc0fb50d813f938a98b9804be036
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:c4:2c:d7:bb:42:b5:92:9b:d2:2d:1c:18:5f:
26:45:da:73:82:8d:54:83:90:1d:81:3d:07:97:c8:
4a:ab:c3:5c:5f:4f:e9:d8:10:a9:60:26:c5:94:f8:
35:7a:75:a4:36:be:c2:9a:61:13:90:b9:51:04:24:
cb:74:47:c8:15:6e:d8:51:dc:6f:00:30:2d:95:b0:
7f:2b:e1:57:bd:c7:0f:c7:dd:df:bd:6d:ca:4b:90:
ab:a7:b5:5d:69:99:88:e6:b1:e7:65:d8:00:97:ed:
c6:12:ef:de:b8:35:cc:52:5e:c8:e5:60:81:55:15:
7b:77:06:74:e1:e4:f7:d1:0e:d3:de:d0:68:77:5b:
24:d3:e2:bb:0f:93:d0:e1:89:98:85:ca:e2:b1:b3:
40:cc:74:f3:73:92:c6:b6:90:60:4a:27:dc:cb:3c:
d8:3c:a0:5f:5f:9d:1d:e9:20:7d:87:3c:b2:56:6f:
b8:d4:4e:73:74:e5:6f:a1:43:5a:43:ba:1b:53:4d:
3d:86:b5:14:4d:df:7b:aa:88:88:88:74:26:df:e6:
e3:0e:4d:54:b7:7e:4c:bb:26:54:ab:1d:26:de:88:
85:0b:03:ad:cf:93:23:6d:85:b8:1a:4a:24:b1:bd:
c3:ff:66:9b:a0:ea:59:eb:09:fc:b7:c3:2f:65:e2:
1f:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:CE:79:0B:C4:D8:DC:0F:B5:0D:81:3F:93:8A:98:B9:80:4B:E0:36
X509v3 Authority Key Identifier:
keyid:9E:1A:C3:69:C9:45:69:14:A1:2E:02:DF:FC:8D:D7:99:74:EB:1E:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhrDaclFaRShLgLf_I3XmXTrHvg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/091bd0-2f67-47ce-ae17-d68c57db4cae/1/OM55C8TY3A-1DYE_k4qYuYBL4DY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/091bd0-2f67-47ce-ae17-d68c57db4cae/1/nhrDaclFaRShLgLf_I3XmXTrHvg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
156.67.144.0/20
Signature Algorithm: sha256WithRSAEncryption
69:31:3e:28:72:7c:a6:14:a2:49:9d:73:19:b5:10:b9:a2:12:
89:1c:48:d7:3a:32:20:61:ad:62:5a:3e:96:9e:80:fc:f8:89:
7e:5f:b4:38:51:cb:09:f9:b4:b4:9b:24:0a:6a:4e:19:e2:15:
a0:78:69:cb:a8:98:97:8a:8e:6f:01:27:e6:01:e9:79:71:e1:
61:3e:86:a6:24:fb:24:41:6d:04:70:3d:27:5a:87:33:27:c9:
de:ea:20:c1:9c:73:ac:88:89:21:f3:c3:8d:10:c3:c1:4a:93:
b6:c9:05:f9:bb:bb:2f:71:4c:63:88:67:fa:9a:67:2f:ae:5a:
1f:14:99:3c:31:0a:7e:8b:b6:d5:d4:8d:91:9c:9c:a9:14:93:
d9:26:7e:3b:0f:9a:07:ad:ef:38:4e:34:17:f8:99:34:06:4e:
ff:90:2f:d5:1e:1c:db:a5:0b:e1:e9:ab:a4:c9:31:5c:2a:7a:
c5:58:d0:e5:22:f8:7d:f4:5e:b5:23:72:fc:aa:59:2b:72:0f:
7a:70:67:68:a9:27:96:8d:a7:c7:7d:c1:03:94:0c:38:1f:b8:
6f:f8:25:29:34:cd:bb:db:10:b9:02:91:21:0b:84:ba:cd:32:
7d:1c:df:4a:75:3c:5d:45:1e:fa:9c:9e:0a:58:c4:66:24:39:
00:18:62:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuAbbgD7yyUju/uAAw20isMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMWFjMzY5Yzk0NTY5MTRhMTJlMDJkZmZjOGRkNzk5NzRl
YjFlZjgwHhcNMjMwMTAxMTU0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNlNzkwYmM0ZDhkYzBmYjUwZDgxM2Y5MzhhOThiOTgwNGJlMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMQs17tCtZKb0i0cGF8mRdpzgo1U
g5AdgT0Hl8hKq8NcX0/p2BCpYCbFlPg1enWkNr7CmmETkLlRBCTLdEfIFW7YUdxv
ADAtlbB/K+FXvccPx93fvW3KS5Crp7VdaZmI5rHnZdgAl+3GEu/euDXMUl7I5WCB
VRV7dwZ04eT30Q7T3tBod1sk0+K7D5PQ4YmYhcrisbNAzHTzc5LGtpBgSifcyzzY
PKBfX50d6SB9hzyyVm+41E5zdOVvoUNaQ7obU009hrUUTd97qoiIiHQm3+bjDk1U
t35MuyZUqx0m3oiFCwOtz5MjbYW4Gkoksb3D/2aboOpZ6wn8t8MvZeIf9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjOeQvE2NwPtQ2BP5OKmLmAS+A2MB8GA1UdIwQY
MBaAFJ4aw2nJRWkUoS4C3/yN15l06x74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhyRGFjbEZhUlNoTGdMZl9JM1htWFRySHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8wOTFiZDAtMmY2Ny00N2NlLWFlMTct
ZDY4YzU3ZGI0Y2FlLzEvT001NUM4VFkzQS0xRFlFX2s0cVl1WUJMNERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8wOTFiZDAtMmY2Ny00N2NlLWFlMTctZDY4YzU3ZGI0Y2Fl
LzEvbmhyRGFjbEZhUlNoTGdMZl9JM1htWFRySHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnEOQMA0G
CSqGSIb3DQEBCwUAA4IBAQBpMT4ocnymFKJJnXMZtRC5ohKJHEjXOjIgYa1iWj6W
noD8+Il+X7Q4UcsJ+bS0myQKak4Z4hWgeGnLqJiXio5vASfmAel5ceFhPoamJPsk
QW0EcD0nWoczJ8ne6iDBnHOsiIkh88ONEMPBSpO2yQX5u7svcUxjiGf6mmcvrlof
FJk8MQp+i7bV1I2RnJypFJPZJn47D5oHre84TjQX+Jk0Bk7/kC/VHhzbpQvh6auk
yTFcKnrFWNDlIvh99F61I3L8qlkrcg96cGdoqSeWjafHfcEDlAw4H7hv+CUpNM27
2xC5ApEhC4S6zTJ9HN9KdTxdRR76nJ4KWMRmJDkAGGJo
-----END CERTIFICATE-----
Generated at Mon Oct 2 10:59:41 2023 by rpki-client on console-fra.rpki-client.org