Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/2wnGt_hb5yXVYxdTjKC64GGbD6A.roa
File: 2wnGt_hb5yXVYxdTjKC64GGbD6A.roa (raw, json)
Hash identifier: IaA+TgNxEB/yma8Q+ptZ5ZaH65WkpQ5tRSeCAdFI/8I=
Subject key identifier: DB:09:C6:B7:F8:5B:E7:25:D5:63:17:53:8C:A0:BA:E0:61:9B:0F:A0
Certificate issuer: /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial: 01856DC1E75B5271FAF244553D362889F262
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/2wnGt_hb5yXVYxdTjKC64GGbD6A.roa
Signing time: Sun 01 Jan 2023 14:35:02 +0000
ROA not before: Sun 01 Jan 2023 14:35:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208397
IP address blocks: 185.138.200.0/23 maxlen: 23
185.138.202.0/23 maxlen: 23
185.141.42.0/23 maxlen: 23
185.141.40.0/23 maxlen: 23
185.135.183.0/24 maxlen: 24
185.135.182.0/23 maxlen: 23
185.135.180.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:e7:5b:52:71:fa:f2:44:55:3d:36:28:89:f2:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Validity
Not Before: Jan 1 14:35:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=db09c6b7f85be725d56317538ca0bae0619b0fa0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:01:51:19:41:f6:34:10:25:76:1a:3f:cd:64:
08:80:44:c3:14:63:18:ef:a0:41:d4:26:3f:0a:4f:
33:1f:8a:11:51:ff:3d:b4:3d:ea:02:58:e1:76:81:
d4:89:c5:50:c8:58:6f:c8:ec:70:79:f9:d0:75:bf:
06:c9:96:c6:7e:3d:b7:57:aa:79:39:6d:da:dd:53:
c1:f6:a1:05:21:c6:32:d0:a5:c6:53:b9:8b:cf:dd:
00:47:17:0b:04:ba:13:86:a6:3a:2b:be:b5:c8:5f:
85:a4:d6:ea:0d:88:36:6f:9e:76:95:e8:f1:66:db:
b7:42:a3:87:90:1c:bf:79:da:3a:c8:86:17:94:58:
02:8f:aa:ba:2a:a4:5c:78:83:52:6f:92:b1:af:00:
7c:da:07:32:81:18:d7:11:f4:2f:93:c5:e8:97:80:
7c:fe:5e:e0:8e:87:18:3d:20:10:36:5c:bb:07:56:
c1:3d:42:40:d8:58:fa:4d:fa:5f:9d:37:b8:4b:03:
f9:62:29:04:3b:42:a7:7a:a1:58:27:7e:85:78:f2:
94:83:94:7b:8a:f2:7b:c9:27:8a:4d:30:aa:98:38:
a0:6e:b3:1a:41:81:8e:e4:2c:46:f6:53:87:8a:c4:
7b:49:21:15:03:0c:7f:ef:5d:23:b8:a2:a7:9c:a8:
4c:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:09:C6:B7:F8:5B:E7:25:D5:63:17:53:8C:A0:BA:E0:61:9B:0F:A0
X509v3 Authority Key Identifier:
keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/2wnGt_hb5yXVYxdTjKC64GGbD6A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.135.180.0/22
185.138.200.0/22
185.141.40.0/22
Signature Algorithm: sha256WithRSAEncryption
68:30:2b:31:b8:47:d3:3b:44:3d:c2:1c:44:91:b3:bb:63:75:
5f:45:8f:51:d9:14:24:0c:f5:fe:02:a6:7c:07:6a:3d:3a:06:
a2:f8:d9:5b:bc:d3:3f:fb:f8:21:5d:9a:07:12:bf:0f:e1:fc:
8d:ac:5c:d4:41:c9:93:49:2c:23:65:0c:e5:9b:f1:14:9b:b5:
1a:cc:dd:fe:af:cb:8c:30:bf:95:6b:ae:4c:38:aa:27:1d:92:
e7:70:8e:c4:e5:af:12:33:85:a0:22:5c:55:26:33:1e:cc:f7:
b7:b9:21:76:bc:79:24:ed:ff:e0:e0:d8:24:41:e8:d4:08:5c:
16:fd:51:05:88:43:37:da:d1:75:db:45:13:67:40:4b:ec:96:
db:4c:0d:4f:9e:74:01:57:87:e9:ec:7c:07:ba:fd:32:eb:69:
a8:35:11:fc:2d:ff:1a:98:33:85:07:19:1b:63:e8:fe:62:fe:
32:18:7b:73:7c:bd:30:f5:a1:84:90:a6:b7:8f:0e:34:20:68:
95:70:c1:5c:05:59:e7:6b:89:f0:c1:06:98:df:b5:3e:82:72:
5c:dd:5d:e7:59:2f:e4:14:0a:62:ab:10:b4:06:d6:a4:3f:62:
3e:f3:5f:91:c1:0d:fc:f8:05:d8:84:d7:93:64:cd:68:9c:16:
ea:57:0c:48
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVtwedbUnH68kRVPTYoifJiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjMwMTAxMTQzNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjA5YzZiN2Y4NWJlNzI1ZDU2MzE3NTM4Y2EwYmFlMDYxOWIwZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQFRGUH2NBAldho/zWQIgETDFGMY
76BB1CY/Ck8zH4oRUf89tD3qAljhdoHUicVQyFhvyOxwefnQdb8GyZbGfj23V6p5
OW3a3VPB9qEFIcYy0KXGU7mLz90ARxcLBLoThqY6K761yF+FpNbqDYg2b552lejx
Ztu3QqOHkBy/edo6yIYXlFgCj6q6KqRceINSb5KxrwB82gcygRjXEfQvk8Xol4B8
/l7gjocYPSAQNly7B1bBPUJA2Fj6TfpfnTe4SwP5YikEO0KneqFYJ36FePKUg5R7
ivJ7ySeKTTCqmDigbrMaQYGO5CxG9lOHisR7SSEVAwx/710juKKnnKhM+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNsJxrf4W+cl1WMXU4yguuBhmw+gMB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvMnduR3RfaGI1eVhWWXhkVGpLQzY0R0diRDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuYe0AwQC
uYrIAwQCuY0oMA0GCSqGSIb3DQEBCwUAA4IBAQBoMCsxuEfTO0Q9whxEkbO7Y3Vf
RY9R2RQkDPX+AqZ8B2o9Ogai+NlbvNM/+/ghXZoHEr8P4fyNrFzUQcmTSSwjZQzl
m/EUm7UazN3+r8uMML+Va65MOKonHZLncI7E5a8SM4WgIlxVJjMezPe3uSF2vHkk
7f/g4NgkQejUCFwW/VEFiEM32tF120UTZ0BL7JbbTA1PnnQBV4fp7HwHuv0y62mo
NRH8Lf8amDOFBxkbY+j+Yv4yGHtzfL0w9aGEkKa3jw40IGiVcMFcBVnna4nwwQaY
37U+gnJc3V3nWS/kFApiqxC0BtakP2I+81+RwQ38+AXYhNeTZM1onBbqVwxI
-----END CERTIFICATE-----
Generated at Sun Apr 6 12:39:30 2025 by rpki-client