Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/5M5G6YyjuuB15BO23XvisROzqIc.roa
File: 5M5G6YyjuuB15BO23XvisROzqIc.roa (raw, json)
Hash identifier: jFCGfFX05n2XZzkka9Xh97YDgiGypO8eLlh6FOiMv0A=
Subject key identifier: E4:CE:46:E9:8C:A3:BA:E0:75:E4:13:B6:DD:7B:E2:B1:13:B3:A8:87
Certificate issuer: /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial: 0186D24E50BDECEBB09542E084A3101C5928
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/5M5G6YyjuuB15BO23XvisROzqIc.roa
Signing time: Sat 11 Mar 2023 20:13:13 +0000
ROA not before: Sat 11 Mar 2023 20:13:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202391
IP address blocks: 185.104.192.0/24 maxlen: 24
185.83.180.0/24 maxlen: 24
185.83.183.0/24 maxlen: 24
185.170.236.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:d2:4e:50:bd:ec:eb:b0:95:42:e0:84:a3:10:1c:59:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
Validity
Not Before: Mar 11 20:13:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e4ce46e98ca3bae075e413b6dd7be2b113b3a887
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:55:b6:f8:c5:40:e8:e4:b5:35:d1:be:02:ce:
f3:ac:aa:ff:c5:fb:aa:44:0c:20:c1:23:80:3a:f4:
b4:6e:75:8e:3e:33:c5:4f:68:5d:87:0e:9d:d7:71:
0d:df:57:06:87:21:04:c5:fa:3c:48:63:43:2e:2a:
0d:3a:29:17:a1:1c:bf:e8:c5:74:2c:63:df:31:21:
bb:01:19:84:2e:88:37:95:3c:b0:e8:b4:5d:02:74:
0d:89:fa:6c:80:10:ce:8f:e4:6d:97:4a:b8:be:50:
c5:92:a2:61:eb:f2:5d:0d:4f:70:48:76:0d:14:39:
8c:6f:84:f1:1a:01:ab:1c:d8:71:dc:86:46:81:79:
fb:b8:d8:5f:65:b3:56:03:3c:7a:5a:96:67:59:08:
1a:45:46:f2:91:c0:48:cc:33:1b:1e:b8:19:14:8a:
40:60:5b:b9:6b:94:6a:8e:e3:cf:d8:8d:ac:e0:20:
b8:5f:bf:73:08:a5:41:1a:95:8e:ed:02:67:47:6b:
f5:d4:92:a2:f1:fd:0b:bb:b3:cc:e5:fe:c2:99:5b:
a8:02:26:37:e1:16:48:63:da:f4:9e:a9:18:74:f9:
3e:24:44:8f:4d:49:c8:58:64:28:28:79:4c:f6:a5:
39:29:ed:7e:d4:8b:7b:06:ed:3a:8f:ad:e9:a5:2e:
fb:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:CE:46:E9:8C:A3:BA:E0:75:E4:13:B6:DD:7B:E2:B1:13:B3:A8:87
X509v3 Authority Key Identifier:
keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/5M5G6YyjuuB15BO23XvisROzqIc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.83.180.0/24
185.83.183.0/24
185.104.192.0/24
185.170.236.0/22
Signature Algorithm: sha256WithRSAEncryption
1c:9a:30:f5:40:d2:75:e2:21:62:bb:06:10:8a:05:ee:87:0f:
bb:c7:d7:82:2c:8b:28:0d:02:aa:98:59:b0:64:df:fb:26:ba:
92:cb:c4:81:36:d2:6c:9b:31:b7:6b:2a:f0:b4:53:c6:4a:ed:
f6:03:8f:56:2e:99:be:58:91:52:cc:b4:0d:1d:c9:05:ae:a4:
ff:05:81:67:45:ee:26:d9:59:ee:27:23:15:dc:9b:0a:bd:59:
49:4e:61:43:a0:43:fe:96:b1:8c:3e:f9:b1:c8:c5:0a:6a:2c:
86:77:37:e6:0b:a2:0e:3a:67:81:d7:d8:f4:84:42:ec:fc:18:
55:92:9a:23:ca:54:25:be:60:6d:d0:d3:30:79:cc:49:65:38:
14:78:8e:65:c4:89:bc:d8:e1:c5:e8:7d:2c:95:33:d5:36:fa:
43:61:41:31:62:05:60:67:01:39:b0:2b:3d:1a:0c:bb:f6:d3:
d4:25:15:8c:40:c9:99:2e:30:b4:2d:b5:bf:9d:73:96:8d:8f:
d3:0e:4f:a6:f8:7f:71:06:28:01:c5:8b:d0:a8:f4:a1:09:c0:
2c:ba:ce:8a:08:c1:64:7f:1b:55:bc:c5:a6:0a:05:90:34:6f:
cf:76:e5:83:42:fe:39:d7:de:14:73:d8:a4:02:fb:c3:64:9d:
02:d2:06:4c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYbSTlC97OuwlULghKMQHFkoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjMwMzExMjAxMzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGNlNDZlOThjYTNiYWUwNzVlNDEzYjZkZDdiZTJiMTEzYjNhODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFW2+MVA6OS1NdG+As7zrKr/xfuq
RAwgwSOAOvS0bnWOPjPFT2hdhw6d13EN31cGhyEExfo8SGNDLioNOikXoRy/6MV0
LGPfMSG7ARmELog3lTyw6LRdAnQNifpsgBDOj+Rtl0q4vlDFkqJh6/JdDU9wSHYN
FDmMb4TxGgGrHNhx3IZGgXn7uNhfZbNWAzx6WpZnWQgaRUbykcBIzDMbHrgZFIpA
YFu5a5RqjuPP2I2s4CC4X79zCKVBGpWO7QJnR2v11JKi8f0Lu7PM5f7CmVuoAiY3
4RZIY9r0nqkYdPk+JESPTUnIWGQoKHlM9qU5Ke1+1It7Bu06j63ppS770QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOTORumMo7rgdeQTtt174rETs6iHMB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvNU01RzZZeWp1dUIxNUJPMjNYdmlzUk96cUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuVO0AwQA
uVO3AwQAuWjAAwQCuarsMA0GCSqGSIb3DQEBCwUAA4IBAQAcmjD1QNJ14iFiuwYQ
igXuhw+7x9eCLIsoDQKqmFmwZN/7JrqSy8SBNtJsmzG3ayrwtFPGSu32A49WLpm+
WJFSzLQNHckFrqT/BYFnRe4m2VnuJyMV3JsKvVlJTmFDoEP+lrGMPvmxyMUKaiyG
dzfmC6IOOmeB19j0hELs/BhVkpojylQlvmBt0NMwecxJZTgUeI5lxIm82OHF6H0s
lTPVNvpDYUExYgVgZwE5sCs9Ggy79tPUJRWMQMmZLjC0LbW/nXOWjY/TDk+m+H9x
BigBxYvQqPShCcAsus6KCMFkfxtVvMWmCgWQNG/PduWDQv45194Uc9ikAvvDZJ0C
0gZM
-----END CERTIFICATE-----
Generated at Tue Mar 11 05:04:28 2025 by rpki-client