Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/t5MFjivcQQxPRgkDbomMhbtrRPc.roa
File: t5MFjivcQQxPRgkDbomMhbtrRPc.roa (raw, json)
Hash identifier: 7Y8b59cXSL7Fq9+gahRf32g/cim6p/NmcqgotWRxTjM=
Subject key identifier: B7:93:05:8E:2B:DC:41:0C:4F:46:09:03:6E:89:8C:85:BB:6B:44:F7
Certificate issuer: /CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Certificate serial: 01857169A9FE8431FAF073D79E140438EF52
Authority key identifier: 6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/t5MFjivcQQxPRgkDbomMhbtrRPc.roa
Signing time: Mon 02 Jan 2023 07:37:08 +0000
ROA not before: Mon 02 Jan 2023 07:37:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49571
IP address blocks: 188.72.11.0/24 maxlen: 24
188.72.8.0/24 maxlen: 24
188.72.9.0/24 maxlen: 24
188.72.15.0/24 maxlen: 24
188.72.16.0/24 maxlen: 24
188.72.12.0/24 maxlen: 24
188.72.17.0/24 maxlen: 24
188.72.21.0/24 maxlen: 24
188.72.22.0/24 maxlen: 24
188.72.23.0/24 maxlen: 24
188.72.18.0/24 maxlen: 24
188.72.20.0/24 maxlen: 24
188.72.29.0/24 maxlen: 24
188.72.30.0/24 maxlen: 24
188.72.31.0/24 maxlen: 24
185.72.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:69:a9:fe:84:31:fa:f0:73:d7:9e:14:04:38:ef:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Validity
Not Before: Jan 2 07:37:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b793058e2bdc410c4f4609036e898c85bb6b44f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:fd:d2:71:cc:a1:e5:64:04:a0:a7:61:3c:e0:
a7:a4:ab:f8:9f:62:86:90:f9:54:52:87:eb:73:84:
dd:40:91:1a:4f:4f:4e:07:b2:a8:fa:ee:de:f5:fe:
8c:98:0a:fe:c1:5b:ea:b6:ee:b4:f7:54:2b:8b:c3:
00:6b:a4:a0:27:64:ea:6b:46:c6:4a:89:c8:c1:90:
c0:28:51:3f:7f:b4:0b:85:4d:9d:ea:be:60:05:b2:
51:ce:1a:4a:6d:bb:0d:21:91:e6:34:b5:64:46:c0:
42:c8:83:82:a6:81:c7:68:32:ee:74:ce:d5:a8:dd:
0f:cd:8b:5c:e2:93:95:ab:a6:a2:7f:55:70:9a:bf:
57:7c:71:42:bd:4a:0c:b5:e7:b0:bf:e3:ba:f7:5b:
f3:13:70:7a:40:c9:bf:69:fa:0c:67:da:82:31:15:
6b:5d:8e:7e:d2:e6:c9:74:4a:50:94:c6:24:0b:8c:
0b:69:90:fc:13:9e:96:5d:12:03:df:b7:3e:5f:b3:
ef:8a:ed:21:00:10:3a:8b:f4:a7:6d:75:6f:ea:fc:
06:1d:a4:cb:6b:17:c4:78:04:95:12:9a:6d:4c:66:
65:21:6f:4b:a0:de:f4:30:9a:de:54:2d:55:88:8e:
bd:38:e6:10:df:f5:47:e9:5e:64:f1:1b:4e:d3:ab:
f9:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:93:05:8E:2B:DC:41:0C:4F:46:09:03:6E:89:8C:85:BB:6B:44:F7
X509v3 Authority Key Identifier:
keyid:6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/t5MFjivcQQxPRgkDbomMhbtrRPc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.72.254.0/24
188.72.8.0/23
188.72.11.0-188.72.12.255
188.72.15.0-188.72.18.255
188.72.20.0/22
188.72.29.0-188.72.31.255
Signature Algorithm: sha256WithRSAEncryption
67:fe:c3:df:6b:1d:33:9a:6d:12:25:36:21:ca:e6:c2:b0:a8:
5b:32:3c:fa:b9:1a:9f:c4:53:28:bc:62:ea:4a:08:5b:b3:c0:
9e:f1:d5:fa:fe:14:eb:6c:79:f4:3c:fd:c0:ed:3c:87:8e:22:
be:02:b6:57:4a:b4:86:0b:0c:f3:e4:01:b9:b3:9e:4d:f5:bb:
1e:f9:55:ef:2e:d6:30:7a:2d:ae:c0:29:a2:fd:c5:b1:7d:6f:
43:7f:08:3d:62:96:56:d5:0e:bf:29:6e:07:83:ec:a2:81:0f:
81:40:02:fd:63:7a:c2:65:88:d0:c2:2c:e7:f8:3b:0d:27:f7:
74:2f:e2:85:61:c4:48:11:96:30:1c:2a:8a:9e:b4:86:ec:c8:
c6:d1:d9:a5:d0:89:5a:9e:0e:62:90:14:45:3c:6a:23:27:30:
71:cb:0c:7e:e3:33:76:57:49:fb:d5:72:fd:5b:4f:13:20:9a:
ce:24:bc:c3:b4:e8:6d:dc:c9:a4:3a:ed:3f:08:df:ad:96:2a:
b6:29:98:02:1b:68:bd:e2:bb:77:ea:e5:39:46:6d:48:fa:bb:
4d:41:ea:64:16:14:08:20:e0:84:ea:54:24:9e:b4:fc:81:7d:
2c:4b:c9:22:9b:dc:96:48:ef:ad:7b:6a:10:b3:96:b6:be:1d:
a9:c8:e7:91
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVxaan+hDH68HPXnhQEOO9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYjBkZWMxM2RmMjA1YTY2ZWM1MjI3OTI1YjhmNTZiZGIw
OWY0OTkwHhcNMjMwMTAyMDczNzA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzkzMDU4ZTJiZGM0MTBjNGY0NjA5MDM2ZTg5OGM4NWJiNmI0NGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtP3Sccyh5WQEoKdhPOCnpKv4n2KG
kPlUUofrc4TdQJEaT09OB7Ko+u7e9f6MmAr+wVvqtu6091Qri8MAa6SgJ2Tqa0bG
SonIwZDAKFE/f7QLhU2d6r5gBbJRzhpKbbsNIZHmNLVkRsBCyIOCpoHHaDLudM7V
qN0PzYtc4pOVq6aif1Vwmr9XfHFCvUoMteewv+O691vzE3B6QMm/afoMZ9qCMRVr
XY5+0ubJdEpQlMYkC4wLaZD8E56WXRID37c+X7Pviu0hABA6i/SnbXVv6vwGHaTL
axfEeASVEpptTGZlIW9LoN70MJreVC1ViI69OOYQ3/VH6V5k8RtO06v5AwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLeTBY4r3EEMT0YJA26JjIW7a0T3MB8GA1UdIwQY
MBaAFGyw3sE98gWmbsUieSW49WvbCfSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQt
NTJiOWU2YTE2MzUwLzEvdDVNRmppdmNRUXhQUmdrRGJvbU1oYnRyUlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQtNTJiOWU2YTE2MzUw
LzEvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAuUj+AwQB
vEgIMAwDBAC8SAsDBAC8SAwwDAMEALxIDwMEALxIEgMEArxIFDAMAwQAvEgdAwQF
vEgAMA0GCSqGSIb3DQEBCwUAA4IBAQBn/sPfax0zmm0SJTYhyubCsKhbMjz6uRqf
xFMovGLqSghbs8Ce8dX6/hTrbHn0PP3A7TyHjiK+ArZXSrSGCwzz5AG5s55N9bse
+VXvLtYwei2uwCmi/cWxfW9Dfwg9YpZW1Q6/KW4Hg+yigQ+BQAL9Y3rCZYjQwizn
+DsNJ/d0L+KFYcRIEZYwHCqKnrSG7MjG0dml0Ilang5ikBRFPGojJzBxywx+4zN2
V0n71XL9W08TIJrOJLzDtOht3MmkOu0/CN+tliq2KZgCG2i94rt36uU5Rm1I+rtN
QepkFhQIIOCE6lQknrT8gX0sS8kim9yWSO+te2oQs5a2vh2pyOeR
-----END CERTIFICATE-----
Generated at Wed Apr 30 05:31:52 2025 by rpki-client