Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/a81jLO5O1GnWTEIZa63Ip1nixSc.roa
File: a81jLO5O1GnWTEIZa63Ip1nixSc.roa (raw, json)
Hash identifier: XKexJXkfuRVYocC7801PMFtwmlfnacgUhMVQ4kRu4i8=
Subject key identifier: 6B:CD:63:2C:EE:4E:D4:69:D6:4C:42:19:6B:AD:C8:A7:59:E2:C5:27
Certificate issuer: /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial: 07A6FCAE
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/a81jLO5O1GnWTEIZa63Ip1nixSc.roa
Signing time: Sat 01 Jan 2022 12:00:31 +0000
ROA not before: Sat 01 Jan 2022 12:00:31 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59674
IP address blocks: 5.250.241.0/24 maxlen: 24
5.250.243.0/24 maxlen: 24
5.250.244.0/24 maxlen: 24
5.250.242.0/24 maxlen: 24
5.250.245.0/24 maxlen: 24
5.250.246.0/24 maxlen: 24
5.250.252.0/24 maxlen: 24
5.250.253.0/24 maxlen: 24
5.250.247.0/24 maxlen: 24
5.250.248.0/24 maxlen: 24
5.250.250.0/24 maxlen: 24
5.250.251.0/24 maxlen: 24
5.250.249.0/24 maxlen: 24
5.250.254.0/24 maxlen: 24
5.250.255.0/24 maxlen: 24
185.67.120.0/24 maxlen: 24
185.67.123.0/24 maxlen: 24
185.67.121.0/24 maxlen: 24
185.67.122.0/24 maxlen: 24
5.250.240.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 128384174 (0x7a6fcae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Validity
Not Before: Jan 1 12:00:31 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6bcd632cee4ed469d64c42196badc8a759e2c527
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:48:52:06:89:e6:2c:96:18:02:cc:8f:f0:c0:
53:3b:d4:e0:14:8d:90:bf:81:3e:85:ac:1e:70:29:
5a:48:2e:b7:75:30:74:3e:35:dd:eb:fd:66:8e:81:
ef:76:e3:2c:81:ae:84:cf:a3:4d:93:3b:cf:71:56:
45:7b:3c:7f:82:5e:5e:fa:2c:00:76:b7:fc:70:5e:
26:ba:99:fe:4b:98:fd:f7:9c:10:43:6a:39:d5:44:
9a:73:31:59:41:5e:dd:de:c2:0a:20:82:8d:38:78:
b8:69:5f:8a:eb:ce:49:e4:c9:6a:4d:33:4d:82:41:
6e:39:41:1c:97:a3:0c:52:fd:40:2f:d9:04:5d:43:
6e:a2:3c:40:44:96:b3:de:78:2a:af:60:44:5c:48:
b0:53:89:64:f7:4d:c0:a5:db:5f:ea:82:8f:ec:7a:
5b:83:ba:25:3f:6a:3e:b0:6e:44:31:65:97:14:7e:
1f:59:de:66:29:d9:e0:88:1e:a1:fb:24:4b:12:19:
7c:b7:1e:92:22:44:18:f8:2f:f5:18:30:2a:26:fa:
f2:3f:6c:5e:f0:01:aa:92:8a:27:b0:93:da:a0:7e:
ca:e4:de:73:b9:bc:a6:a7:cb:27:ca:da:d0:83:aa:
69:17:e4:a0:a4:38:1f:2e:6c:f4:6c:6a:c4:38:86:
4c:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:CD:63:2C:EE:4E:D4:69:D6:4C:42:19:6B:AD:C8:A7:59:E2:C5:27
X509v3 Authority Key Identifier:
keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/a81jLO5O1GnWTEIZa63Ip1nixSc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.250.240.0/20
185.67.120.0/22
Signature Algorithm: sha256WithRSAEncryption
25:46:17:93:40:3a:fd:4a:c4:87:18:e7:27:2f:58:ca:aa:8e:
65:7d:71:31:70:3e:4f:35:cd:4e:99:bb:e5:d4:18:65:30:6a:
2f:af:b4:d8:6e:d3:62:8c:46:c2:ef:8e:d1:d9:ff:0a:2d:cb:
c1:a5:6d:42:30:cd:17:3b:45:ef:11:07:7b:a0:a4:d7:a7:4a:
1e:a2:4f:a6:f4:dd:f3:8a:2d:88:cd:4c:3f:65:a0:d7:0d:0f:
77:19:e7:4e:f1:aa:6c:6b:67:63:d5:28:ae:fd:a0:7a:35:ac:
19:f6:fb:87:43:61:fc:ee:21:62:67:c7:55:5f:3f:3c:52:f7:
a5:ff:5a:f2:b6:27:ec:16:16:21:ba:0d:5d:82:9b:62:a0:60:
68:3b:5c:03:9e:5f:9d:d7:ca:b3:41:2d:1a:95:8e:c1:97:7d:
0a:60:34:b9:45:e5:98:24:17:c6:ab:26:23:f5:8c:f6:8b:60:
72:a3:fe:c7:98:48:de:0f:31:d9:57:0d:3d:91:b5:09:8e:52:
a6:fa:b3:a4:0b:28:d2:04:ee:22:d4:7c:aa:bb:e4:f7:03:89:
7a:f6:68:25:bb:2b:99:75:9c:a5:5a:72:6b:02:e1:7b:c8:34:
40:22:03:89:93:c7:33:c9:c6:b0:f0:de:a9:ce:46:f3:d7:97:
31:3d:fb:2e
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEB6b8rjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YjFkMGU3ZTgxOGJhZjlhN2FmYjk4NjYxMjQyOTJhNjFhYWZiOGNhMB4XDTIyMDEw
MTEyMDAzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmJjZDYzMmNlZTRl
ZDQ2OWQ2NGM0MjE5NmJhZGM4YTc1OWUyYzUyNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALpIUgaJ5iyWGALMj/DAUzvU4BSNkL+BPoWsHnApWkgut3Uw
dD413ev9Zo6B73bjLIGuhM+jTZM7z3FWRXs8f4JeXvosAHa3/HBeJrqZ/kuY/fec
EENqOdVEmnMxWUFe3d7CCiCCjTh4uGlfiuvOSeTJak0zTYJBbjlBHJejDFL9QC/Z
BF1DbqI8QESWs954Kq9gRFxIsFOJZPdNwKXbX+qCj+x6W4O6JT9qPrBuRDFllxR+
H1neZinZ4IgeofskSxIZfLcekiJEGPgv9RgwKib68j9sXvABqpKKJ7CT2qB+yuTe
c7m8pqfLJ8ra0IOqaRfkoKQ4Hy5s9GxqxDiGTKsCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBRrzWMs7k7UadZMQhlrrcinWeLFJzAfBgNVHSMEGDAWgBSrHQ5+gYuvmnr7
mGYSQpKmGq+4yjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3F4ME9mb0dMcjVwNi01aG1Fa0tTcGhxdnVNby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjgvMTI0YzM1LTk1MjMtNDNiNy1iN2ViLWVhNTkyNjRmOTA4My8x
L2E4MWpMTzVPMUduV1RFSVphNjNJcDFuaXhTYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjgv
MTI0YzM1LTk1MjMtNDNiNy1iN2ViLWVhNTkyNjRmOTA4My8xL3F4ME9mb0dMcjVw
Ni01aG1Fa0tTcGhxdnVNby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBAX68AMEArlDeDANBgkqhkiG9w0B
AQsFAAOCAQEAJUYXk0A6/UrEhxjnJy9YyqqOZX1xMXA+TzXNTpm75dQYZTBqL6+0
2G7TYoxGwu+O0dn/Ci3LwaVtQjDNFztF7xEHe6Ck16dKHqJPpvTd84otiM1MP2Wg
1w0PdxnnTvGqbGtnY9Uorv2gejWsGfb7h0Nh/O4hYmfHVV8/PFL3pf9a8rYn7BYW
IboNXYKbYqBgaDtcA55fndfKs0EtGpWOwZd9CmA0uUXlmCQXxqsmI/WM9otgcqP+
x5hI3g8x2VcNPZG1CY5SpvqzpAso0gTuItR8qrvk9wOJevZoJbsrmXWcpVpyawLh
e8g0QCIDiZPHM8nGsPDeqc5G89eXMT37Lg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:18 2024 by rpki-client on console-ams.rpki-client.org