Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/5is_i5pgpi1-xzjfXkWEGnEwZvQ.roa
File: 5is_i5pgpi1-xzjfXkWEGnEwZvQ.roa (raw, json)
Hash identifier: Ec0OagUfZsfEuD82X+zap1jNDPvFPfwbr/hv7dUdiM0=
Subject key identifier: E6:2B:3F:8B:9A:60:A6:2D:7E:C7:38:DF:5E:45:84:1A:71:30:66:F4
Certificate issuer: /CN=b0fa0c7abc10796915e335ba19780e473e027969
Certificate serial: 018571953AB94E1ECBF26C9A47D9BBF36E40
Authority key identifier: B0:FA:0C:7A:BC:10:79:69:15:E3:35:BA:19:78:0E:47:3E:02:79:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sPoMerwQeWkV4zW6GXgORz4CeWk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/5is_i5pgpi1-xzjfXkWEGnEwZvQ.roa
Signing time: Mon 02 Jan 2023 08:24:43 +0000
ROA not before: Mon 02 Jan 2023 08:24:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35258
IP address blocks: 213.238.48.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:3a:b9:4e:1e:cb:f2:6c:9a:47:d9:bb:f3:6e:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0fa0c7abc10796915e335ba19780e473e027969
Validity
Not Before: Jan 2 08:24:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e62b3f8b9a60a62d7ec738df5e45841a713066f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:13:34:85:89:9c:64:19:72:1d:71:0e:81:41:
8e:da:88:f9:2e:45:d7:3c:78:a7:1e:df:2e:e3:5d:
21:a1:2c:31:5e:4c:81:0b:51:d3:c8:12:57:e7:53:
58:c2:3f:23:e2:2d:3f:42:34:30:56:04:5a:5b:83:
dc:c4:d9:16:aa:1a:dc:7c:a1:ad:56:7f:c3:b6:61:
74:0b:70:4d:57:40:c3:9c:b3:37:fa:cb:22:84:fa:
6d:bb:19:5e:bd:09:ed:b1:ff:50:e5:e0:72:e0:5c:
af:5d:66:4c:55:0b:e7:2e:7e:39:bd:16:bc:76:2b:
9e:f7:ae:91:40:ff:04:8c:32:75:29:52:11:95:37:
a9:45:05:c7:45:f7:d4:fb:ec:cd:31:7b:ed:b3:7c:
c3:58:c1:02:85:e6:88:fa:a7:f0:8a:12:6f:05:45:
29:f4:1b:fb:56:70:1c:37:79:08:73:fd:10:4f:76:
39:c5:e4:a3:e9:64:1a:77:5b:73:30:c9:e6:8e:cb:
7b:40:f0:0f:3f:35:7b:ee:57:d4:8c:75:18:6d:71:
9f:af:f8:f7:cf:64:2f:7b:65:3f:ba:b8:b8:fb:c0:
99:ae:7f:84:6f:7e:2b:f7:66:65:24:56:5f:e7:d7:
b7:6f:63:4d:29:ad:ff:30:22:f8:af:0b:d7:09:ce:
45:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:2B:3F:8B:9A:60:A6:2D:7E:C7:38:DF:5E:45:84:1A:71:30:66:F4
X509v3 Authority Key Identifier:
keyid:B0:FA:0C:7A:BC:10:79:69:15:E3:35:BA:19:78:0E:47:3E:02:79:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPoMerwQeWkV4zW6GXgORz4CeWk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/5is_i5pgpi1-xzjfXkWEGnEwZvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/sPoMerwQeWkV4zW6GXgORz4CeWk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.238.48.0/23
Signature Algorithm: sha256WithRSAEncryption
9c:91:55:c4:42:33:07:b1:03:21:2c:c2:af:90:c5:68:04:6a:
e5:de:55:1d:1f:03:fe:4e:a9:4a:b8:09:00:61:f5:e9:44:ef:
59:79:4e:23:3d:4f:3f:fe:8e:ba:f6:3a:bf:cd:a7:62:2b:13:
58:4a:38:24:08:c9:ba:9b:b3:65:a7:ec:d8:1c:08:de:5d:40:
1e:96:c8:1a:38:21:69:45:71:d2:17:0a:37:91:67:0f:38:8f:
99:d3:d3:8e:3b:f9:fc:75:17:90:da:7c:ee:30:b7:94:fb:6d:
4c:e2:12:0d:7d:a5:11:f9:c1:62:c9:27:67:9c:e4:39:f2:6e:
8a:09:30:bd:b5:8b:6e:7c:8f:f1:16:fc:7c:70:16:40:69:97:
1f:0d:5b:40:a5:42:c3:d8:4c:d8:1d:c9:f2:69:02:2e:4f:34:
87:02:39:c8:2c:d6:09:2c:35:7f:91:65:a1:5a:b5:b7:7c:09:
7d:bd:1b:62:a5:6e:96:95:9d:62:f9:e1:0e:9d:4a:5f:ee:29:
f7:2d:d0:7a:fb:b4:5f:9d:ac:77:1f:d6:3d:e5:fc:c3:15:8e:
56:f3:86:82:b6:48:e3:14:13:30:7f:a8:34:fe:7e:90:ea:ac:
e0:55:3e:46:2e:3a:64:f4:0f:98:da:c4:9e:66:30:59:56:d8:
cf:a2:d0:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxlTq5Th7L8myaR9m7825AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZmEwYzdhYmMxMDc5NjkxNWUzMzViYTE5NzgwZTQ3M2Uw
Mjc5NjkwHhcNMjMwMTAyMDgyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjJiM2Y4YjlhNjBhNjJkN2VjNzM4ZGY1ZTQ1ODQxYTcxMzA2NmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxM0hYmcZBlyHXEOgUGO2oj5LkXX
PHinHt8u410hoSwxXkyBC1HTyBJX51NYwj8j4i0/QjQwVgRaW4PcxNkWqhrcfKGt
Vn/DtmF0C3BNV0DDnLM3+ssihPptuxlevQntsf9Q5eBy4FyvXWZMVQvnLn45vRa8
diue966RQP8EjDJ1KVIRlTepRQXHRffU++zNMXvts3zDWMECheaI+qfwihJvBUUp
9Bv7VnAcN3kIc/0QT3Y5xeSj6WQad1tzMMnmjst7QPAPPzV77lfUjHUYbXGfr/j3
z2Qve2U/uri4+8CZrn+Eb34r92ZlJFZf59e3b2NNKa3/MCL4rwvXCc5F/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYrP4uaYKYtfsc4315FhBpxMGb0MB8GA1UdIwQY
MBaAFLD6DHq8EHlpFeM1uhl4Dkc+AnlpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1BvTWVyd1FlV2tWNHpXNkdYZ09SejRDZVdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85NzQ3NDktNGQ3ZS00NDUwLTk3OTMt
ZGY4NTRmNDdiYWY0LzEvNWlzX2k1cGdwaTEteHpqZlhrV0VHbkV3WnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85NzQ3NDktNGQ3ZS00NDUwLTk3OTMtZGY4NTRmNDdiYWY0
LzEvc1BvTWVyd1FlV2tWNHpXNkdYZ09SejRDZVdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1e4wMA0G
CSqGSIb3DQEBCwUAA4IBAQCckVXEQjMHsQMhLMKvkMVoBGrl3lUdHwP+TqlKuAkA
YfXpRO9ZeU4jPU8//o669jq/zadiKxNYSjgkCMm6m7Nlp+zYHAjeXUAelsgaOCFp
RXHSFwo3kWcPOI+Z09OOO/n8dReQ2nzuMLeU+21M4hINfaUR+cFiySdnnOQ58m6K
CTC9tYtufI/xFvx8cBZAaZcfDVtApULD2EzYHcnyaQIuTzSHAjnILNYJLDV/kWWh
WrW3fAl9vRtipW6WlZ1i+eEOnUpf7in3LdB6+7Rfnax3H9Y95fzDFY5W84aCtkjj
FBMwf6g0/n6Q6qzgVT5GLjpk9A+Y2sSeZjBZVtjPotBp
-----END CERTIFICATE-----
Generated at Thu Nov 2 14:14:39 2023 by rpki-client on console-fra.rpki-client.org