Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/Mrt-CuAba76PVFg31w_mMgcoPu0.roa
File: Mrt-CuAba76PVFg31w_mMgcoPu0.roa (raw, json)
Hash identifier: tDwFrtiJY949DGyP0/mHosofhqIsftcsf+uKmJxOwsQ=
Subject key identifier: 32:BB:7E:0A:E0:1B:6B:BE:8F:54:58:37:D7:0F:E6:32:07:28:3E:ED
Certificate issuer: /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial: 0184C2393950DB1E02DA24E9D43F91E82749
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/Mrt-CuAba76PVFg31w_mMgcoPu0.roa
Signing time: Tue 29 Nov 2022 07:10:40 +0000
ROA not before: Tue 29 Nov 2022 07:10:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 51074
IP address blocks: 185.115.148.0/22 maxlen: 24
37.130.204.0/23 maxlen: 23
37.130.200.0/21 maxlen: 24
37.130.202.0/23 maxlen: 23
178.252.128.0/18 maxlen: 24
5.220.0.0/14 maxlen: 24
5.221.0.0/16 maxlen: 16
178.252.178.0/24 maxlen: 24
178.252.179.0/24 maxlen: 24
31.184.128.0/18 maxlen: 24
2a02:2b58::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:c2:39:39:50:db:1e:02:da:24:e9:d4:3f:91:e8:27:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Validity
Not Before: Nov 29 07:10:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=32bb7e0ae01b6bbe8f545837d70fe63207283eed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:00:83:9f:c0:8c:9f:d9:8e:11:bb:f9:a3:a1:
48:fd:ec:79:63:23:8b:b0:b9:a8:5e:04:23:c5:20:
50:79:35:c4:67:16:0a:ed:27:5d:d9:dc:38:4d:8f:
e3:36:05:ef:e2:46:fd:58:c0:ac:c2:2a:e7:47:2a:
91:b7:8d:bc:97:b3:e8:28:f9:ec:e8:e1:de:ab:9c:
6c:97:3f:7a:98:5e:1f:14:0e:6b:88:09:65:cd:03:
19:9e:1e:60:d6:da:ef:f8:45:d2:dc:bd:73:08:47:
da:f6:fb:49:a7:09:e4:53:99:d3:9b:14:26:8c:ba:
9e:5c:9b:49:a1:8b:01:22:cd:7c:0a:ed:91:95:97:
87:8c:d9:c6:77:f5:61:c8:6b:3c:93:0f:45:22:e7:
0e:2a:b3:b7:16:12:e8:08:ce:96:b2:47:96:e7:6f:
bb:90:f4:e8:09:7d:a3:01:52:04:1a:f3:68:e1:52:
2e:71:ea:f6:2c:54:12:57:e9:18:44:f1:c2:b2:7e:
e0:3b:5e:c1:48:3c:e0:0b:69:c9:e3:c9:18:aa:31:
a3:18:52:38:e4:f7:b7:1f:cc:5c:d8:ba:ea:24:b5:
f4:1c:71:06:05:f4:aa:69:92:1a:1d:32:85:ed:ee:
51:bd:ae:98:34:b6:e8:f1:cb:e2:7f:98:cc:57:67:
4f:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:BB:7E:0A:E0:1B:6B:BE:8F:54:58:37:D7:0F:E6:32:07:28:3E:ED
X509v3 Authority Key Identifier:
keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/Mrt-CuAba76PVFg31w_mMgcoPu0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.220.0.0/14
31.184.128.0/18
37.130.200.0/21
178.252.128.0/18
185.115.148.0/22
IPv6:
2a02:2b58::/29
Signature Algorithm: sha256WithRSAEncryption
78:56:8b:9d:c6:5b:9f:2e:5d:47:2c:6d:8f:43:01:19:8a:64:
10:44:bd:4d:3a:95:08:10:e0:9d:be:67:73:2a:50:e2:27:b3:
bd:d6:32:59:72:d5:01:d9:11:5c:78:9d:68:78:6b:2b:d6:15:
20:7f:78:58:8d:17:94:f6:51:01:1b:d6:67:96:1c:e1:e8:d3:
c3:2e:f8:f9:71:e1:67:51:2d:c0:7b:c4:b4:e4:c0:a1:67:0c:
84:27:5d:de:41:5e:da:59:e5:4b:f5:d5:e9:9d:9a:fe:79:f3:
51:ef:f5:b4:bc:87:bc:59:c0:d6:1c:10:20:eb:3b:de:2b:ae:
4d:9d:75:d9:b9:d4:e5:42:75:21:33:ce:97:73:ad:a2:ba:a9:
83:17:77:da:6d:f7:e9:e3:8b:22:b2:e5:4c:8b:94:01:09:bd:
f7:62:98:2e:18:af:6f:a6:b8:e3:0a:10:00:88:b1:ca:10:52:
3b:46:c8:d0:3f:ce:cd:88:9c:2e:fd:31:a6:a0:65:72:98:3e:
9d:03:bc:ef:c9:de:17:d6:c0:6a:d0:bc:e2:5a:4f:10:8c:c1:
87:41:b4:6d:bd:bc:60:f2:70:c8:b5:a6:fd:c7:dc:5e:34:86:
d0:26:58:27:ce:21:1c:e1:68:0b:33:49:19:98:85:22:a8:88:
70:51:f5:30
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYTCOTlQ2x4C2iTp1D+R6CdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjIxMTI5MDcxMDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJiN2UwYWUwMWI2YmJlOGY1NDU4MzdkNzBmZTYzMjA3MjgzZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQCDn8CMn9mOEbv5o6FI/ex5YyOL
sLmoXgQjxSBQeTXEZxYK7Sdd2dw4TY/jNgXv4kb9WMCswirnRyqRt428l7PoKPns
6OHeq5xslz96mF4fFA5riAllzQMZnh5g1trv+EXS3L1zCEfa9vtJpwnkU5nTmxQm
jLqeXJtJoYsBIs18Cu2RlZeHjNnGd/VhyGs8kw9FIucOKrO3FhLoCM6WskeW52+7
kPToCX2jAVIEGvNo4VIucer2LFQSV+kYRPHCsn7gO17BSDzgC2nJ48kYqjGjGFI4
5Pe3H8xc2LrqJLX0HHEGBfSqaZIaHTKF7e5Rva6YNLbo8cvif5jMV2dPaQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDK7fgrgG2u+j1RYN9cP5jIHKD7tMB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvTXJ0LUN1QWJhNzZQVkZnMzF3X21NZ2NvUHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwMCBdwDBAYf
uIADBAMlgsgDBAay/IADBAK5c5QwDQQCAAIwBwMFAyoCK1gwDQYJKoZIhvcNAQEL
BQADggEBAHhWi53GW58uXUcsbY9DARmKZBBEvU06lQgQ4J2+Z3MqUOIns73WMlly
1QHZEVx4nWh4ayvWFSB/eFiNF5T2UQEb1meWHOHo08Mu+Plx4WdRLcB7xLTkwKFn
DIQnXd5BXtpZ5Uv11emdmv5581Hv9bS8h7xZwNYcECDrO94rrk2dddm51OVCdSEz
zpdzraK6qYMXd9pt9+njiyKy5UyLlAEJvfdimC4Yr2+muOMKEACIscoQUjtGyNA/
zs2InC79MaagZXKYPp0DvO/J3hfWwGrQvOJaTxCMwYdBtG29vGDycMi1pv3H3F40
htAmWCfOIRzhaAszSRmYhSKoiHBR9TA=
-----END CERTIFICATE-----
Generated at Sat Apr 19 12:39:19 2025 by rpki-client