Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/bbx0w0toXKwu1q-nwxyBrupjFjc.roa
File: bbx0w0toXKwu1q-nwxyBrupjFjc.roa (raw, json)
Hash identifier: 37HfS53oq1wEGGjl6hckp3OtOGW4W/zcr9OsTTxp4SM=
Subject key identifier: 6D:BC:74:C3:4B:68:5C:AC:2E:D6:AF:A7:C3:1C:81:AE:EA:63:16:37
Certificate issuer: /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial: 0189E47A7925CC46460711941726C3D119B8
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/bbx0w0toXKwu1q-nwxyBrupjFjc.roa
Signing time: Fri 11 Aug 2023 12:02:58 +0000
ROA not before: Fri 11 Aug 2023 12:02:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205192
IP address blocks: 5.250.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:e4:7a:79:25:cc:46:46:07:11:94:17:26:c3:d1:19:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Validity
Not Before: Aug 11 12:02:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6dbc74c34b685cac2ed6afa7c31c81aeea631637
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:e7:80:f5:74:4b:61:4c:22:ca:f2:69:e4:82:
62:0d:f8:c6:cc:52:de:93:93:f1:67:0a:ba:6e:ea:
e4:21:f8:ff:62:21:38:59:5f:4b:08:af:2a:a4:59:
2c:54:ec:07:3d:ea:e0:67:cf:87:53:64:55:27:7e:
83:c8:36:a0:ad:cf:9c:e0:51:d6:83:55:11:7a:24:
f0:3e:ac:dd:3c:c2:57:c8:fb:0e:1e:39:d8:dd:91:
0a:dc:27:48:4e:49:55:47:8d:f0:ea:f4:c0:cf:fc:
72:29:2c:67:41:d3:1d:5e:7c:2d:f1:08:cb:dc:fc:
2a:94:54:62:e9:de:14:29:e3:a8:a7:11:c1:1a:73:
99:fa:da:cc:34:b3:13:54:95:57:07:b1:b8:48:3f:
98:56:31:cf:b9:f2:72:b5:2a:11:50:c1:8a:f8:7a:
bc:50:7a:2b:cc:56:87:87:3b:4f:7e:c5:a1:4a:13:
f0:68:bb:a1:bc:e9:30:67:ac:9e:e4:d7:66:aa:03:
c9:dd:fb:cb:dc:d8:4a:eb:b0:2e:68:4c:35:53:1d:
16:e7:12:84:f1:08:97:f7:ae:25:43:9c:dc:d6:55:
b1:34:9a:84:90:25:39:08:09:33:50:30:a5:f1:4d:
0c:cc:ba:c2:59:39:e2:4b:87:21:b1:4e:13:9c:8d:
aa:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:BC:74:C3:4B:68:5C:AC:2E:D6:AF:A7:C3:1C:81:AE:EA:63:16:37
X509v3 Authority Key Identifier:
keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/bbx0w0toXKwu1q-nwxyBrupjFjc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.250.253.0/24
Signature Algorithm: sha256WithRSAEncryption
76:4d:cc:ab:c9:6a:cf:d6:b2:65:f2:6d:3c:a7:18:11:fc:22:
59:e7:a4:5d:c2:ba:78:e7:90:ed:8d:58:07:4b:17:17:03:70:
98:24:27:b6:3a:f2:fc:cc:2b:c4:36:ff:c2:c3:53:c6:13:24:
39:0e:10:52:f3:2f:7c:74:f9:43:fc:40:c6:3e:88:54:d3:3f:
2a:b8:66:e3:82:c3:a5:a7:31:a8:66:ce:2b:fb:a7:80:1c:f2:
8b:ec:4f:11:d0:cb:df:e2:8f:85:15:99:d3:f0:94:cf:6e:f3:
25:96:f3:5d:8d:5f:11:12:41:2b:e7:47:72:d8:85:66:b3:82:
cd:a9:29:f1:c6:75:4b:b5:80:f5:6f:4a:ce:19:3c:dd:98:1f:
c6:96:fe:4c:e5:b3:8e:be:97:4d:82:38:9f:0f:cf:9b:38:e2:
cf:e5:f5:ec:31:46:59:fb:f9:c7:6d:9d:46:b4:c0:89:01:06:
84:54:88:9d:93:64:10:0f:8b:6f:7c:9b:41:58:27:23:5e:d0:
b8:b5:b1:5c:ba:ad:90:a6:4c:6e:08:15:74:38:25:aa:4e:41:
c7:8a:64:d5:a3:bd:f9:23:ba:05:10:bf:cd:c1:91:7f:68:ea:
bd:47:e0:4b:89:14:f7:3c:41:7b:18:b5:bf:95:35:4e:58:dd:
b6:2b:f5:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYnkenklzEZGBxGUFybD0Rm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwODExMTIwMjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGJjNzRjMzRiNjg1Y2FjMmVkNmFmYTdjMzFjODFhZWVhNjMxNjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9eeA9XRLYUwiyvJp5IJiDfjGzFLe
k5PxZwq6burkIfj/YiE4WV9LCK8qpFksVOwHPergZ8+HU2RVJ36DyDagrc+c4FHW
g1UReiTwPqzdPMJXyPsOHjnY3ZEK3CdITklVR43w6vTAz/xyKSxnQdMdXnwt8QjL
3PwqlFRi6d4UKeOopxHBGnOZ+trMNLMTVJVXB7G4SD+YVjHPufJytSoRUMGK+Hq8
UHorzFaHhztPfsWhShPwaLuhvOkwZ6ye5NdmqgPJ3fvL3NhK67AuaEw1Ux0W5xKE
8QiX964lQ5zc1lWxNJqEkCU5CAkzUDCl8U0MzLrCWTniS4chsU4TnI2quwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG28dMNLaFysLtavp8Mcga7qYxY3MB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvYmJ4MHcwdG9YS3d1MXEtbnd4eUJydXBqRmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfr9MA0G
CSqGSIb3DQEBCwUAA4IBAQB2TcyryWrP1rJl8m08pxgR/CJZ56Rdwrp455DtjVgH
SxcXA3CYJCe2OvL8zCvENv/Cw1PGEyQ5DhBS8y98dPlD/EDGPohU0z8quGbjgsOl
pzGoZs4r+6eAHPKL7E8R0Mvf4o+FFZnT8JTPbvMllvNdjV8REkEr50dy2IVms4LN
qSnxxnVLtYD1b0rOGTzdmB/Glv5M5bOOvpdNgjifD8+bOOLP5fXsMUZZ+/nHbZ1G
tMCJAQaEVIidk2QQD4tvfJtBWCcjXtC4tbFcuq2QpkxuCBV0OCWqTkHHimTVo735
I7oFEL/NwZF/aOq9R+BLiRT3PEF7GLW/lTVOWN22K/W1
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:11 2024 by rpki-client on console-fra.rpki-client.org