Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/EZf535SwW4l2BC5j5WyfPU5LxF4.roa
File: EZf535SwW4l2BC5j5WyfPU5LxF4.roa (raw, json)
Hash identifier: JfrrOo6kgivzzTU9llE9SDDub4Tb3q74q2AIpOEDoJM=
Subject key identifier: 11:97:F9:DF:94:B0:5B:89:76:04:2E:63:E5:6C:9F:3D:4E:4B:C4:5E
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 01890CD7355EA908BFA1882601B823192DE9
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/EZf535SwW4l2BC5j5WyfPU5LxF4.roa
Signing time: Fri 30 Jun 2023 15:06:17 +0000
ROA not before: Fri 30 Jun 2023 15:06:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 13259
IP address blocks: 138.124.0.0/17 maxlen: 17
138.124.176.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:0c:d7:35:5e:a9:08:bf:a1:88:26:01:b8:23:19:2d:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Jun 30 15:06:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1197f9df94b05b8976042e63e56c9f3d4e4bc45e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:b8:58:5b:71:75:19:08:93:2c:95:fe:ff:f6:
4d:12:7e:76:23:b1:a6:99:c9:df:51:7d:68:fc:73:
f4:1e:37:bc:e0:78:9d:a1:9e:a5:01:8d:d9:4c:9b:
86:f4:d8:db:35:4d:3e:76:cb:f7:c4:0b:a8:f6:cc:
20:81:42:0e:66:9a:a2:df:62:62:d6:a0:e5:53:5a:
68:bd:de:03:56:5e:48:93:af:b9:ca:88:8a:13:87:
85:7f:28:c8:cb:50:5f:a0:2f:a2:4b:3e:0c:f2:34:
d2:a8:13:06:7a:25:fd:4c:8b:40:70:49:e0:df:0c:
79:6d:23:f2:7c:ae:67:33:5f:42:0d:fe:26:17:2d:
72:2a:e3:13:c7:cd:df:d6:ce:60:25:93:ff:c3:0d:
d6:e1:8b:83:e9:52:8a:7a:03:21:4b:ce:94:5c:8a:
f5:1a:f8:da:fb:ce:5d:d8:06:5c:43:1f:0f:7b:e3:
a5:cf:10:95:94:c1:16:2c:23:e6:cb:95:bc:88:57:
9e:03:e9:0e:54:01:9f:8c:58:97:5f:54:df:d9:ca:
93:5c:5a:c9:44:08:6e:0e:51:d8:97:fa:57:1a:c9:
a6:7b:d6:84:dc:3d:9c:50:89:42:af:11:02:60:9f:
91:fb:31:c5:ed:e6:d2:24:af:42:60:79:d4:a1:f0:
79:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:97:F9:DF:94:B0:5B:89:76:04:2E:63:E5:6C:9F:3D:4E:4B:C4:5E
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/EZf535SwW4l2BC5j5WyfPU5LxF4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.0.0/17
138.124.176.0/24
Signature Algorithm: sha256WithRSAEncryption
c2:eb:fd:e3:0c:f3:08:a4:85:05:52:cb:b1:0d:52:b3:21:18:
13:7e:f3:55:fa:04:2f:0f:8b:d9:64:4e:fe:03:9c:22:e6:8f:
1f:28:7f:d9:57:f4:0c:7a:d4:02:df:a3:85:c7:e3:49:d9:bf:
ca:12:b9:df:98:c6:b0:eb:6b:bb:87:e3:17:08:42:89:2a:85:
1c:6d:e7:85:be:e7:ae:4a:ca:31:2c:1b:11:fb:1a:0a:24:09:
d7:73:62:0d:d3:a2:2f:c4:b9:51:f0:9a:ae:fd:0d:b2:86:6b:
34:cf:61:82:8a:13:af:7a:ea:18:14:dc:54:a7:25:a3:0e:16:
89:25:84:e0:6a:95:16:c1:28:99:9d:7e:0e:91:73:c7:4b:ff:
97:e5:ab:37:31:d5:7d:8e:0d:88:f0:08:b1:29:5d:47:9d:a4:
f0:f1:3a:b4:da:bd:ec:f5:1f:f7:5f:ed:c2:35:22:f4:42:34:
af:5f:a9:1b:83:9d:28:c7:b6:45:21:2c:a8:5c:d7:97:f7:8a:
f4:6a:93:45:42:d5:da:a0:8d:da:d4:81:83:ab:98:c9:2e:f0:
08:a8:f2:b0:0f:4b:1d:10:76:a1:70:1d:38:eb:1a:30:3c:d5:
7e:1a:7f:43:78:93:62:d3:50:f2:32:a6:88:dd:ca:fd:43:49:
e1:1c:be:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYkM1zVeqQi/oYgmAbgjGS3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjMwNjMwMTUwNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTk3ZjlkZjk0YjA1Yjg5NzYwNDJlNjNlNTZjOWYzZDRlNGJjNDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6LhYW3F1GQiTLJX+//ZNEn52I7Gm
mcnfUX1o/HP0Hje84HidoZ6lAY3ZTJuG9NjbNU0+dsv3xAuo9swggUIOZpqi32Ji
1qDlU1povd4DVl5Ik6+5yoiKE4eFfyjIy1BfoC+iSz4M8jTSqBMGeiX9TItAcEng
3wx5bSPyfK5nM19CDf4mFy1yKuMTx83f1s5gJZP/ww3W4YuD6VKKegMhS86UXIr1
Gvja+85d2AZcQx8Pe+OlzxCVlMEWLCPmy5W8iFeeA+kOVAGfjFiXX1Tf2cqTXFrJ
RAhuDlHYl/pXGsmme9aE3D2cUIlCrxECYJ+R+zHF7ebSJK9CYHnUofB5pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBGX+d+UsFuJdgQuY+Vsnz1OS8ReMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvRVpmNTM1U3dXNGwyQkM1ajVXeWZQVTVMeEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQHinwAAwQA
inywMA0GCSqGSIb3DQEBCwUAA4IBAQDC6/3jDPMIpIUFUsuxDVKzIRgTfvNV+gQv
D4vZZE7+A5wi5o8fKH/ZV/QMetQC36OFx+NJ2b/KErnfmMaw62u7h+MXCEKJKoUc
beeFvueuSsoxLBsR+xoKJAnXc2IN06IvxLlR8Jqu/Q2yhms0z2GCihOveuoYFNxU
pyWjDhaJJYTgapUWwSiZnX4OkXPHS/+X5as3MdV9jg2I8AixKV1HnaTw8Tq02r3s
9R/3X+3CNSL0QjSvX6kbg50ox7ZFISyoXNeX94r0apNFQtXaoI3a1IGDq5jJLvAI
qPKwD0sdEHahcB046xowPNV+Gn9DeJNi01DyMqaI3cr9Q0nhHL5n
-----END CERTIFICATE-----
Generated at Tue May 6 03:20:02 2025 by rpki-client