Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5ris2-UqM8Bfhw21Ao7A1wdJgt8.roa
File: 5ris2-UqM8Bfhw21Ao7A1wdJgt8.roa (raw, json)
Hash identifier: rYUrLJj9Jh0FqLaqodyGMcTRyAE0JOsCGMu42LNGtP0=
Subject key identifier: E6:B8:AC:DB:E5:2A:33:C0:5F:87:0D:B5:02:8E:C0:D7:07:49:82:DF
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B57E1FB8E555B0183A51FA0C5D760F
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5ris2-UqM8Bfhw21Ao7A1wdJgt8.roa
Signing time: Thu 02 Jan 2025 15:49:53 +0000
ROA not before: Thu 02 Jan 2025 15:49:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 83.147.248.0/22 maxlen: 22
91.186.200.0/23 maxlen: 24
91.186.202.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:7e:1f:b8:e5:55:b0:18:3a:51:fa:0c:5d:76:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e6b8acdbe52a33c05f870db5028ec0d7074982df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:71:55:77:70:40:b1:0c:1a:4a:90:a3:ce:02:
3e:f6:04:0d:51:0b:c1:d1:43:9c:04:d6:61:e1:af:
98:4e:91:81:f6:5c:18:60:3d:66:b8:72:7e:77:4c:
b0:db:12:36:e6:ae:3f:88:55:ce:15:59:c6:55:98:
2b:6d:7b:86:5a:dd:5a:f3:0a:36:4d:7d:e9:35:a8:
ba:03:9f:93:e9:f8:d1:17:af:2c:b3:95:d6:65:e1:
61:98:fc:55:9d:dd:b9:3f:bc:4a:f8:c9:58:d1:95:
29:f5:83:0b:e8:8d:24:d3:46:4b:0f:1d:b5:5f:ee:
9e:c3:ae:87:eb:86:ca:02:35:2f:24:51:c7:be:05:
5e:f2:b0:26:86:cd:2c:19:ea:68:83:9a:26:38:af:
20:d9:c2:1f:aa:74:26:9f:fe:d9:46:78:ea:4a:82:
99:51:77:c6:62:ab:08:0e:0c:c2:03:c3:74:1d:ee:
26:28:ff:63:8e:e8:67:51:7d:3e:10:c4:2c:07:00:
09:d2:88:57:c8:51:cd:c8:17:19:8a:19:49:99:a5:
59:86:46:51:e3:57:f0:27:10:d1:c3:f4:42:77:de:
22:75:56:98:bd:7d:36:61:d1:02:f5:88:b6:44:1c:
6e:e0:5a:48:73:75:54:7f:86:b0:6e:a0:8b:a5:4c:
0f:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:B8:AC:DB:E5:2A:33:C0:5F:87:0D:B5:02:8E:C0:D7:07:49:82:DF
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5ris2-UqM8Bfhw21Ao7A1wdJgt8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.248.0/22
91.186.200.0/22
Signature Algorithm: sha256WithRSAEncryption
17:c5:15:d4:a5:2e:ba:7b:2b:8e:fe:07:ea:18:76:e0:74:06:
b4:17:1d:16:06:8d:a4:e8:cb:c8:48:b6:5c:32:9b:0d:cf:48:
c3:bd:33:82:63:72:33:39:9b:1d:91:17:1f:9c:9b:34:94:ce:
bc:d7:84:56:0e:75:86:62:2f:ca:40:cd:02:7d:00:d0:7c:5e:
95:c8:08:cf:1f:d9:b9:a8:c9:12:70:94:c3:14:91:7b:8d:90:
1f:32:a1:46:d6:cb:93:1c:b5:22:a5:78:56:eb:9a:61:66:ee:
dd:bc:ab:e2:8d:a3:e2:16:8c:53:28:6b:b3:31:5a:29:1b:1c:
66:e4:04:99:50:f5:50:51:34:ab:4c:c4:69:ef:2e:cb:7b:48:
d7:d8:d1:5d:fa:58:9e:65:9f:40:9f:6d:4e:cb:ff:ff:84:4d:
96:53:2c:88:42:c3:f5:9f:ea:b6:e6:1c:aa:6c:78:a3:11:1c:
62:ca:c0:24:7d:61:ea:9f:1c:7a:8f:c0:ca:b0:92:69:ad:a4:
17:01:14:cf:d4:3d:32:cd:fc:ed:10:46:27:a2:26:5e:90:eb:
08:37:c9:43:66:20:4d:93:a5:75:7b:d1:b4:82:3c:bf:83:48:
ce:3a:4f:83:8d:cd:25:3f:dc:ab:e7:ba:07:69:4e:e6:d8:68:
97:72:63:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntX4fuOVVsBg6UfoMXXYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmI4YWNkYmU1MmEzM2MwNWY4NzBkYjUwMjhlYzBkNzA3NDk4MmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3FVd3BAsQwaSpCjzgI+9gQNUQvB
0UOcBNZh4a+YTpGB9lwYYD1muHJ+d0yw2xI25q4/iFXOFVnGVZgrbXuGWt1a8wo2
TX3pNai6A5+T6fjRF68ss5XWZeFhmPxVnd25P7xK+MlY0ZUp9YML6I0k00ZLDx21
X+6ew66H64bKAjUvJFHHvgVe8rAmhs0sGepog5omOK8g2cIfqnQmn/7ZRnjqSoKZ
UXfGYqsIDgzCA8N0He4mKP9jjuhnUX0+EMQsBwAJ0ohXyFHNyBcZihlJmaVZhkZR
41fwJxDRw/RCd94idVaYvX02YdEC9Yi2RBxu4FpIc3VUf4awbqCLpUwPQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOa4rNvlKjPAX4cNtQKOwNcHSYLfMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvNXJpczItVXFNOEJmaHcyMUFvN0Exd2RKZ3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5P4AwQC
W7rIMA0GCSqGSIb3DQEBCwUAA4IBAQAXxRXUpS66eyuO/gfqGHbgdAa0Fx0WBo2k
6MvISLZcMpsNz0jDvTOCY3IzOZsdkRcfnJs0lM6814RWDnWGYi/KQM0CfQDQfF6V
yAjPH9m5qMkScJTDFJF7jZAfMqFG1suTHLUipXhW65phZu7dvKvijaPiFoxTKGuz
MVopGxxm5ASZUPVQUTSrTMRp7y7Le0jX2NFd+lieZZ9An21Oy///hE2WUyyIQsP1
n+q25hyqbHijERxiysAkfWHqnxx6j8DKsJJpraQXARTP1D0yzfztEEYnoiZekOsI
N8lDZiBNk6V1e9G0gjy/g0jOOk+Djc0lP9yr57oHaU7m2GiXcmP5
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:36:03 2025 by rpki-client