Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/1CNpw3yTRC6reApjfluAVQZRC7A.roa
File: 1CNpw3yTRC6reApjfluAVQZRC7A.roa (raw, json)
Hash identifier: Yr0+Qjl2gIAdJ+abrvYEkfcuahaWImFIa6xPnm0URuU=
Subject key identifier: D4:23:69:C3:7C:93:44:2E:AB:78:0A:63:7E:5B:80:55:06:51:0B:B0
Certificate issuer: /CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
Certificate serial: 01879D8FD4E4939EB262A6F1E0CA6AEDDC42
Authority key identifier: E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/1CNpw3yTRC6reApjfluAVQZRC7A.roa
Signing time: Thu 20 Apr 2023 07:27:41 +0000
ROA not before: Thu 20 Apr 2023 07:27:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52000
IP address blocks: 185.164.163.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:9d:8f:d4:e4:93:9e:b2:62:a6:f1:e0:ca:6a:ed:dc:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
Validity
Not Before: Apr 20 07:27:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d42369c37c93442eab780a637e5b805506510bb0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:eb:54:a7:4d:bc:0a:7a:f3:30:69:66:a0:3a:
01:30:3d:1d:f3:6b:cb:d0:aa:33:34:42:1c:41:b9:
60:fa:34:59:ac:40:de:52:d5:63:65:9c:1c:0f:93:
b1:f2:2d:dd:f0:a2:ab:4d:ae:a6:d8:b6:25:05:6b:
d2:04:5a:db:9a:68:85:ee:62:a2:86:4b:21:90:fb:
57:c3:f6:a7:1e:4a:62:85:02:aa:04:c8:94:a6:36:
02:32:2f:0d:63:7d:02:44:69:6e:2c:77:51:f0:9d:
25:d5:84:1a:a1:4f:91:b6:b3:5d:cf:38:16:f1:1e:
5a:06:95:e1:71:9c:3a:61:2e:a3:fc:fb:26:df:a2:
41:c2:52:2b:e3:8e:73:cb:29:f1:de:8b:00:a8:d5:
3f:4e:2b:4a:e0:3f:59:4b:42:94:bd:8e:d3:ef:25:
c1:88:06:d1:cb:b3:a0:63:76:df:5f:26:35:80:a7:
30:11:23:77:11:84:f0:e1:ca:ac:77:b4:c9:27:45:
27:48:1c:54:cd:31:54:3e:c3:f9:9b:09:d0:c1:c9:
64:45:73:4e:19:04:37:c2:bb:b5:5f:4b:0d:8e:f4:
15:cd:a7:64:7a:b9:63:a5:fe:3b:81:3e:16:77:35:
ca:18:95:e4:b9:cc:fa:78:d2:99:81:0f:eb:ed:f8:
a7:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:23:69:C3:7C:93:44:2E:AB:78:0A:63:7E:5B:80:55:06:51:0B:B0
X509v3 Authority Key Identifier:
keyid:E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/1CNpw3yTRC6reApjfluAVQZRC7A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.164.163.0/24
Signature Algorithm: sha256WithRSAEncryption
64:9f:3a:8b:ef:46:74:64:2a:dd:84:f9:cd:75:ca:95:e2:4c:
8b:7e:63:3d:60:68:63:84:94:19:6a:5d:e4:c6:36:57:a3:6f:
71:df:88:e4:72:c0:6f:46:09:7e:b1:a2:b5:a7:4c:94:57:59:
9c:d8:a8:ba:79:5b:7b:88:93:fa:a8:4c:a3:ca:96:9b:7c:f2:
fe:12:ec:b0:74:62:18:fc:10:f6:98:82:a8:88:d7:4b:eb:9b:
2a:ca:31:78:62:7f:4b:0a:e9:cd:57:4b:21:f1:e6:ac:54:f0:
59:2a:e2:cc:57:d8:83:13:ba:18:da:ff:0e:01:a0:14:a9:a3:
ca:34:4d:17:96:60:b2:da:1f:87:82:74:ad:e3:cb:8b:01:c0:
a4:7f:a4:fe:61:fc:6a:6e:95:9f:47:2b:a3:76:94:d1:47:c7:
04:df:cc:6a:81:a2:14:b1:c5:a5:05:12:9a:d9:2a:fc:db:44:
dd:6e:42:00:f4:96:df:41:45:b0:12:5a:b2:c3:be:07:58:30:
23:a5:7f:d9:40:d5:fb:cc:93:76:59:49:3f:58:22:f4:7e:c6:
75:b1:bb:63:c7:43:ed:5f:2b:74:2b:84:4e:b7:a7:de:fd:a5:
7a:a4:26:47:c6:a3:1c:5b:24:bd:f2:5c:18:55:ac:e7:7d:0f:
6d:c9:a0:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYedj9Tkk56yYqbx4Mpq7dxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Yzc4ZmExOTkzZDQ1MTJmZTI0MzZiOGNlZGE4YmZjOTI5
ZDY1N2QwHhcNMjMwNDIwMDcyNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDIzNjljMzdjOTM0NDJlYWI3ODBhNjM3ZTViODA1NTA2NTEwYmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgutUp028CnrzMGlmoDoBMD0d82vL
0KozNEIcQblg+jRZrEDeUtVjZZwcD5Ox8i3d8KKrTa6m2LYlBWvSBFrbmmiF7mKi
hkshkPtXw/anHkpihQKqBMiUpjYCMi8NY30CRGluLHdR8J0l1YQaoU+RtrNdzzgW
8R5aBpXhcZw6YS6j/Psm36JBwlIr445zyynx3osAqNU/TitK4D9ZS0KUvY7T7yXB
iAbRy7OgY3bfXyY1gKcwESN3EYTw4cqsd7TJJ0UnSBxUzTFUPsP5mwnQwclkRXNO
GQQ3wru1X0sNjvQVzadkerljpf47gT4WdzXKGJXkucz6eNKZgQ/r7finmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQjacN8k0Quq3gKY35bgFUGUQuwMB8GA1UdIwQY
MBaAFOXHj6GZPUUS/iQ2uM7ai/ySnWV9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEt
MGM5YWE2Njk2YjQ5LzEvMUNOcHczeVRSQzZyZUFwamZsdUFWUVpSQzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEtMGM5YWE2Njk2YjQ5
LzEvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaSjMA0G
CSqGSIb3DQEBCwUAA4IBAQBknzqL70Z0ZCrdhPnNdcqV4kyLfmM9YGhjhJQZal3k
xjZXo29x34jkcsBvRgl+saK1p0yUV1mc2Ki6eVt7iJP6qEyjypabfPL+EuywdGIY
/BD2mIKoiNdL65sqyjF4Yn9LCunNV0sh8easVPBZKuLMV9iDE7oY2v8OAaAUqaPK
NE0XlmCy2h+HgnSt48uLAcCkf6T+YfxqbpWfRyujdpTRR8cE38xqgaIUscWlBRKa
2Sr820TdbkIA9JbfQUWwElqyw74HWDAjpX/ZQNX7zJN2WUk/WCL0fsZ1sbtjx0Pt
Xyt0K4ROt6fe/aV6pCZHxqMcWyS98lwYVaznfQ9tyaC4
-----END CERTIFICATE-----
Generated at Sun Apr 20 01:57:20 2025 by rpki-client