Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/A1lPq64ktwWD9XRctocedE2gx3k.roa
File: A1lPq64ktwWD9XRctocedE2gx3k.roa (raw, json)
Hash identifier: n8bws36s9NBuMVNVe7DI4bTbsSdQkQf85zzpPuzU+TE=
Subject key identifier: 03:59:4F:AB:AE:24:B7:05:83:F5:74:5C:B6:87:1E:74:4D:A0:C7:79
Certificate issuer: /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial: 0186F45EECCD7749413E10D77B3042267555
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/A1lPq64ktwWD9XRctocedE2gx3k.roa
Signing time: Sat 18 Mar 2023 10:58:27 +0000
ROA not before: Sat 18 Mar 2023 10:58:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42910
IP address blocks: 5.250.242.0/24 maxlen: 24
5.250.241.0/24 maxlen: 24
5.250.245.0/24 maxlen: 24
5.250.244.0/24 maxlen: 24
5.250.243.0/24 maxlen: 24
5.250.246.0/24 maxlen: 24
5.250.252.0/24 maxlen: 24
5.250.251.0/24 maxlen: 24
5.250.250.0/24 maxlen: 24
5.250.253.0/24 maxlen: 24
5.250.249.0/24 maxlen: 24
5.250.248.0/24 maxlen: 24
5.250.247.0/24 maxlen: 24
5.250.254.0/24 maxlen: 24
185.67.121.0/24 maxlen: 24
185.67.120.0/24 maxlen: 24
185.67.123.0/24 maxlen: 24
185.67.122.0/24 maxlen: 24
5.250.240.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:f4:5e:ec:cd:77:49:41:3e:10:d7:7b:30:42:26:75:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Validity
Not Before: Mar 18 10:58:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=03594fabae24b70583f5745cb6871e744da0c779
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:14:e1:a2:6e:d4:b7:ee:1b:f5:70:1d:77:56:
9b:30:aa:c0:ad:1f:24:29:2c:f7:87:5b:23:6b:8f:
6d:26:95:02:eb:79:5b:f1:b0:0a:0d:02:2a:71:86:
82:b2:90:f4:d7:33:ab:51:a7:c1:16:de:04:82:99:
79:aa:67:7a:f1:a2:a8:ae:cf:c0:c9:5f:02:29:72:
5e:1b:df:27:f0:78:e5:44:ad:d0:80:b4:2a:af:95:
81:9a:1e:61:22:b0:be:6f:af:a3:88:fa:40:ba:42:
b0:1d:c4:4e:2c:26:04:4a:78:a0:92:04:9d:1b:16:
d9:a5:c1:45:6f:d1:44:42:6f:9f:e2:c4:3a:3b:62:
99:88:cb:68:49:fd:df:8e:0e:08:b5:c5:02:b0:4b:
56:0a:88:0f:75:6b:e4:66:04:ef:8f:b2:cd:38:02:
4e:f9:cf:7f:f5:02:a8:2e:ef:5a:a6:c1:06:f1:15:
fc:d1:2e:7e:9a:76:34:09:51:46:c5:13:bf:ea:2b:
11:7a:c2:35:bc:74:98:52:4f:f6:1b:92:54:e7:3b:
ee:c2:2e:3c:01:43:e0:0f:6d:73:5c:ce:9c:b1:9f:
3e:ab:14:79:2f:a9:12:b5:10:18:f5:e2:bb:14:43:
62:80:c1:d0:f3:c9:71:6f:dd:fe:95:ed:a7:f9:d7:
7b:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:59:4F:AB:AE:24:B7:05:83:F5:74:5C:B6:87:1E:74:4D:A0:C7:79
X509v3 Authority Key Identifier:
keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/A1lPq64ktwWD9XRctocedE2gx3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.250.240.0-5.250.254.255
185.67.120.0/22
Signature Algorithm: sha256WithRSAEncryption
64:7b:7b:76:23:5d:19:9e:c5:66:50:1b:dc:18:83:31:9e:74:
5b:70:75:1d:8b:9a:a0:7e:8f:1c:e1:e1:f9:6d:9c:cd:cd:3a:
8e:e8:3c:8d:4f:e6:12:cd:f4:7f:b2:51:f8:41:67:f7:cc:ca:
ea:e0:a4:b9:6a:01:42:00:8b:24:43:73:c0:11:7e:7b:a6:fd:
43:9c:be:49:40:85:90:0c:a7:4b:73:65:67:2c:6e:2c:55:64:
60:05:37:ec:48:6b:2e:0a:c4:73:c2:35:67:83:61:6a:3c:7d:
d8:49:af:1f:f1:3c:f3:7c:f9:b1:da:23:28:e9:f2:e8:68:0c:
72:35:d4:69:9d:00:b7:56:10:24:20:40:29:80:fc:e7:8f:f6:
f7:18:76:e0:ef:88:75:e7:2c:f5:af:9d:a8:63:f7:2e:d6:50:
00:fe:31:40:4c:7e:a7:16:26:9a:e5:66:4d:20:7a:9e:80:53:
b9:77:20:59:d2:d4:c6:83:5a:03:37:e2:22:7d:bd:94:59:6d:
75:23:fd:66:5a:a9:45:6a:64:bf:a1:b0:86:ef:3b:cc:36:92:
7d:92:97:65:69:4e:8b:ce:f9:26:04:16:a1:43:a9:cf:98:64:
ae:d9:fe:27:49:2b:c1:18:e4:3c:07:95:e2:bd:bb:be:2d:52:
91:2b:34:da
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYb0XuzNd0lBPhDXezBCJnVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwMzE4MTA1ODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU5NGZhYmFlMjRiNzA1ODNmNTc0NWNiNjg3MWU3NDRkYTBjNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRThom7Ut+4b9XAdd1abMKrArR8k
KSz3h1sja49tJpUC63lb8bAKDQIqcYaCspD01zOrUafBFt4Egpl5qmd68aKors/A
yV8CKXJeG98n8HjlRK3QgLQqr5WBmh5hIrC+b6+jiPpAukKwHcROLCYESnigkgSd
GxbZpcFFb9FEQm+f4sQ6O2KZiMtoSf3fjg4ItcUCsEtWCogPdWvkZgTvj7LNOAJO
+c9/9QKoLu9apsEG8RX80S5+mnY0CVFGxRO/6isResI1vHSYUk/2G5JU5zvuwi48
AUPgD21zXM6csZ8+qxR5L6kStRAY9eK7FENigMHQ88lxb93+le2n+dd7MQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFANZT6uuJLcFg/V0XLaHHnRNoMd5MB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvQTFsUHE2NGt0d1dEOVhSY3RvY2VkRTJneDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAQF+vAD
BAAF+v4DBAK5Q3gwDQYJKoZIhvcNAQELBQADggEBAGR7e3YjXRmexWZQG9wYgzGe
dFtwdR2LmqB+jxzh4fltnM3NOo7oPI1P5hLN9H+yUfhBZ/fMyurgpLlqAUIAiyRD
c8ARfnum/UOcvklAhZAMp0tzZWcsbixVZGAFN+xIay4KxHPCNWeDYWo8fdhJrx/x
PPN8+bHaIyjp8uhoDHI11GmdALdWECQgQCmA/OeP9vcYduDviHXnLPWvnahj9y7W
UAD+MUBMfqcWJprlZk0gep6AU7l3IFnS1MaDWgM34iJ9vZRZbXUj/WZaqUVqZL+h
sIbvO8w2kn2Sl2VpTovO+SYEFqFDqc+YZK7Z/idJK8EY5DwHleK9u74tUpErNNo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:18 2024 by rpki-client on console-ams.rpki-client.org