Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/plkJqM3zsroIsAQiYso_kTlOHWI.roa
File: plkJqM3zsroIsAQiYso_kTlOHWI.roa (raw, json)
Hash identifier: VdasaSYN7OcoKgyHF46DgvdM7LlNUq+tyyhEVYH/3Fo=
Subject key identifier: A6:59:09:A8:CD:F3:B2:BA:08:B0:04:22:62:CA:3F:91:39:4E:1D:62
Certificate issuer: /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial: 0186F45F36C3AEC5F63DE95246E11D37DE8C
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/plkJqM3zsroIsAQiYso_kTlOHWI.roa
Signing time: Sat 18 Mar 2023 10:58:45 +0000
ROA not before: Sat 18 Mar 2023 10:58:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59674
IP address blocks: 5.250.241.0/24 maxlen: 24
5.250.243.0/24 maxlen: 24
5.250.244.0/24 maxlen: 24
5.250.242.0/24 maxlen: 24
5.250.245.0/24 maxlen: 24
5.250.246.0/24 maxlen: 24
5.250.252.0/24 maxlen: 24
5.250.253.0/24 maxlen: 24
5.250.247.0/24 maxlen: 24
5.250.248.0/24 maxlen: 24
5.250.250.0/24 maxlen: 24
5.250.251.0/24 maxlen: 24
5.250.249.0/24 maxlen: 24
5.250.254.0/24 maxlen: 24
185.67.120.0/24 maxlen: 24
185.67.123.0/24 maxlen: 24
185.67.121.0/24 maxlen: 24
185.67.122.0/24 maxlen: 24
5.250.240.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:f4:5f:36:c3:ae:c5:f6:3d:e9:52:46:e1:1d:37:de:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Validity
Not Before: Mar 18 10:58:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a65909a8cdf3b2ba08b0042262ca3f91394e1d62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:26:8b:1c:55:ce:2e:6d:c5:17:b5:01:e5:de:
cd:9f:8b:92:67:00:6c:30:77:6d:f7:6b:91:b2:d7:
e4:50:46:9b:52:3d:20:67:d4:54:60:94:81:e0:e9:
88:8e:6a:2c:7c:0a:ff:d2:e9:8e:1d:f7:03:98:54:
38:2b:70:f9:06:bb:90:6d:a2:4a:31:93:e2:36:1b:
b8:68:91:64:b3:ee:af:69:f5:08:0a:9e:7e:81:d1:
cf:c5:d5:c5:34:89:f8:bd:c1:9c:d2:dc:90:19:a3:
12:ad:22:79:3c:18:7b:3b:18:64:57:98:f3:f5:a3:
3d:71:0a:96:de:43:d7:0b:2b:d9:6d:d7:2f:7e:f5:
32:e0:6d:37:88:0e:90:dc:53:d0:68:a0:f8:f9:10:
35:89:eb:32:f1:72:b4:91:d9:33:6d:af:bc:82:4b:
a7:b8:fb:39:27:cf:bd:e0:bc:2f:b0:52:15:f8:ce:
75:17:f4:2c:3a:bb:1f:ea:d0:83:27:aa:63:4f:53:
31:04:e3:e6:c7:ed:db:83:23:30:57:d8:74:1c:4a:
5d:2c:48:7e:0d:26:44:a6:dc:d6:eb:bf:94:29:9d:
1a:b8:5c:df:06:6c:93:12:fb:27:23:a6:9b:e1:7c:
a8:01:0b:5b:dc:4e:68:2b:14:f9:47:09:70:6a:0d:
08:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:59:09:A8:CD:F3:B2:BA:08:B0:04:22:62:CA:3F:91:39:4E:1D:62
X509v3 Authority Key Identifier:
keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/plkJqM3zsroIsAQiYso_kTlOHWI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.250.240.0-5.250.254.255
185.67.120.0/22
Signature Algorithm: sha256WithRSAEncryption
70:5b:84:fd:05:6e:2c:f2:ed:53:9e:3f:32:58:b0:04:a2:92:
54:eb:a7:d4:be:3e:10:b6:ed:13:2d:33:57:a7:a5:bc:80:5e:
8e:6b:8f:5f:6a:bc:e3:28:ca:9c:9e:95:71:1e:95:45:e7:aa:
75:31:21:ad:c7:fe:4f:89:5a:e4:03:9e:21:3d:46:dc:49:d9:
f1:2d:d4:01:50:41:cd:06:d1:df:15:54:24:fd:ca:1e:fe:c1:
b4:f1:5f:04:8b:0e:47:6c:83:0a:64:2e:38:0c:c9:b3:2e:b2:
cc:9b:2c:14:d3:01:c2:66:0e:07:16:50:14:1a:fb:7a:53:1e:
90:ce:62:c7:91:0c:d2:b5:41:b9:45:ee:a8:fa:26:8e:69:6d:
27:93:87:73:b6:73:53:95:3c:68:b5:7a:99:2c:b0:63:15:e2:
c7:10:90:79:98:dc:8b:4f:07:d8:dc:51:e9:4d:57:4a:44:bd:
3d:08:a2:b9:46:a3:fc:97:14:5a:d7:d1:5d:54:de:a2:b2:e7:
cc:96:c6:22:da:9f:49:17:b6:96:02:14:1b:54:59:ae:dd:2a:
d4:0b:c2:6a:89:0b:5a:4c:2a:e3:f5:d7:44:75:e7:0b:ee:8b:
bb:82:0f:42:23:6e:7a:46:6e:0d:2e:54:5f:c8:01:bc:44:af:
2e:42:6a:b3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYb0XzbDrsX2PelSRuEdN96MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwMzE4MTA1ODQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjU5MDlhOGNkZjNiMmJhMDhiMDA0MjI2MmNhM2Y5MTM5NGUxZDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliaLHFXOLm3FF7UB5d7Nn4uSZwBs
MHdt92uRstfkUEabUj0gZ9RUYJSB4OmIjmosfAr/0umOHfcDmFQ4K3D5BruQbaJK
MZPiNhu4aJFks+6vafUICp5+gdHPxdXFNIn4vcGc0tyQGaMSrSJ5PBh7OxhkV5jz
9aM9cQqW3kPXCyvZbdcvfvUy4G03iA6Q3FPQaKD4+RA1iesy8XK0kdkzba+8gkun
uPs5J8+94LwvsFIV+M51F/QsOrsf6tCDJ6pjT1MxBOPmx+3bgyMwV9h0HEpdLEh+
DSZEptzW67+UKZ0auFzfBmyTEvsnI6ab4XyoAQtb3E5oKxT5Rwlwag0ILwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKZZCajN87K6CLAEImLKP5E5Th1iMB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvcGxrSnFNM3pzcm9Jc0FRaVlzb19rVGxPSFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAQF+vAD
BAAF+v4DBAK5Q3gwDQYJKoZIhvcNAQELBQADggEBAHBbhP0Fbizy7VOePzJYsASi
klTrp9S+PhC27RMtM1enpbyAXo5rj19qvOMoypyelXEelUXnqnUxIa3H/k+JWuQD
niE9RtxJ2fEt1AFQQc0G0d8VVCT9yh7+wbTxXwSLDkdsgwpkLjgMybMussybLBTT
AcJmDgcWUBQa+3pTHpDOYseRDNK1QblF7qj6Jo5pbSeTh3O2c1OVPGi1epkssGMV
4scQkHmY3ItPB9jcUelNV0pEvT0IorlGo/yXFFrX0V1U3qKy58yWxiLan0kXtpYC
FBtUWa7dKtQLwmqJC1pMKuP110R15wvui7uCD0IjbnpGbg0uVF/IAbxEry5CarM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:18 2024 by rpki-client on console-ams.rpki-client.org