Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/8u8kY7EGinZT2BwjY3QkrQCeQ2A.roa
File: 8u8kY7EGinZT2BwjY3QkrQCeQ2A.roa (raw, json)
Hash identifier: x4l/7FQdRJuqlyry+VZrdqd3RB9D9sWSclH1NxZAYiw=
Subject key identifier: F2:EF:24:63:B1:06:8A:76:53:D8:1C:23:63:74:24:AD:00:9E:43:60
Certificate issuer: /CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Certificate serial: 019278E95B4B4BBB847895521037ED2341D9
Authority key identifier: AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/8u8kY7EGinZT2BwjY3QkrQCeQ2A.roa
Signing time: Fri 11 Oct 2024 00:10:12 +0000
ROA not before: Fri 11 Oct 2024 00:10:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197075
IP address blocks: 185.25.233.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:78:e9:5b:4b:4b:bb:84:78:95:52:10:37:ed:23:41:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Validity
Not Before: Oct 11 00:10:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f2ef2463b1068a7653d81c23637424ad009e4360
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:f4:21:fd:28:78:8a:27:b8:7c:9a:0d:5e:db:
33:75:15:a5:3b:32:39:2f:d8:4a:d7:0a:22:20:8f:
47:3f:5a:db:88:7b:8d:47:93:16:12:9d:94:ab:03:
fd:57:7a:8c:42:02:27:86:db:26:8c:e7:e6:4d:2f:
50:dc:56:3a:ef:75:f9:95:1f:00:ac:94:f5:97:9a:
57:0d:a2:37:68:75:5c:42:18:5b:b3:4d:6f:63:37:
ca:64:1a:c8:3b:41:3b:31:47:9c:b1:b9:3c:84:b3:
d1:1d:e5:be:73:55:21:18:23:52:96:42:8b:8b:e8:
3c:57:79:b3:f7:96:0a:e5:f7:7b:9a:5e:33:67:6d:
01:66:a9:26:6a:43:8b:c7:3a:c9:a4:6b:17:a0:f9:
e6:cf:8c:49:19:52:12:20:e9:fb:f8:f5:2b:71:7b:
b1:74:52:a2:58:e9:3a:cb:6d:b5:ef:91:ee:b7:f3:
19:e2:22:f6:d1:72:84:8d:49:77:4f:86:ab:13:f4:
c0:8c:df:17:03:65:83:e4:c8:1c:fd:46:ac:8c:66:
aa:ba:c9:29:6d:31:2c:fb:06:d2:31:ae:4a:62:9d:
a1:96:af:52:9a:d1:fd:90:86:6b:03:a0:fa:be:7b:
90:09:d8:34:42:13:35:10:c2:89:6b:03:aa:1a:b8:
ca:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:EF:24:63:B1:06:8A:76:53:D8:1C:23:63:74:24:AD:00:9E:43:60
X509v3 Authority Key Identifier:
keyid:AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/8u8kY7EGinZT2BwjY3QkrQCeQ2A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.25.233.0/24
Signature Algorithm: sha256WithRSAEncryption
61:e2:13:a4:02:09:9a:f7:99:b9:c9:5e:6f:c0:ea:bd:46:a2:
39:e7:2d:a0:f5:01:79:c1:57:9f:ac:95:66:9b:23:47:f4:ea:
de:21:ce:81:e5:6b:35:c6:19:9d:e7:82:62:09:f2:c0:64:00:
52:6e:90:0a:47:9a:af:88:ac:39:65:12:30:01:d2:60:93:45:
85:ef:7e:15:c2:3f:fc:e4:04:53:fc:0e:cd:df:a4:c2:92:c9:
c9:b0:b7:1c:9c:cd:a1:5c:93:a6:7f:e5:61:05:b6:18:3e:ff:
c0:98:6f:b5:42:de:f0:d6:f2:54:66:01:1f:b9:02:dc:28:b5:
6c:d7:a9:d2:82:63:a9:a0:c4:92:48:83:51:ed:13:8e:38:2b:
70:f7:2d:26:0d:e1:60:c4:1a:fc:21:54:3d:94:82:95:7d:b1:
15:2b:c3:35:df:72:eb:d1:ca:c8:5a:bc:93:de:38:9c:67:5e:
af:74:95:26:66:dc:6a:a0:9f:66:51:bb:70:f0:3e:8e:b3:23:
8b:72:95:92:89:48:86:44:11:fa:54:7b:66:20:2c:93:d6:d6:
3a:26:76:43:f4:6f:d1:0e:df:fc:29:e0:92:bb:1f:13:e0:00:
a0:9b:b3:71:ee:27:a4:3e:55:8a:83:6b:82:7b:59:8b:3e:de:
48:9a:d7:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ46VtLS7uEeJVSEDftI0HZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYjFkYjBlMDA4MjA4NzZkZmEyMGJlYzliNzE5YWE3OTVh
Y2MxZGUwHhcNMjQxMDExMDAxMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmVmMjQ2M2IxMDY4YTc2NTNkODFjMjM2Mzc0MjRhZDAwOWU0MzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvQh/Sh4iie4fJoNXtszdRWlOzI5
L9hK1woiII9HP1rbiHuNR5MWEp2UqwP9V3qMQgInhtsmjOfmTS9Q3FY673X5lR8A
rJT1l5pXDaI3aHVcQhhbs01vYzfKZBrIO0E7MUecsbk8hLPRHeW+c1UhGCNSlkKL
i+g8V3mz95YK5fd7ml4zZ20BZqkmakOLxzrJpGsXoPnmz4xJGVISIOn7+PUrcXux
dFKiWOk6y22175Hut/MZ4iL20XKEjUl3T4arE/TAjN8XA2WD5Mgc/UasjGaquskp
bTEs+wbSMa5KYp2hlq9SmtH9kIZrA6D6vnuQCdg0QhM1EMKJawOqGrjKjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLvJGOxBop2U9gcI2N0JK0AnkNgMB8GA1UdIwQY
MBaAFKqx2w4Aggh236IL7JtxmqeVrMHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGIt
MjNlMzgxMzY1MWQ0LzEvOHU4a1k3RUdpblpUMkJ3alkzUWtyUUNlUTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGItMjNlMzgxMzY1MWQ0
LzEvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRnpMA0G
CSqGSIb3DQEBCwUAA4IBAQBh4hOkAgma95m5yV5vwOq9RqI55y2g9QF5wVefrJVm
myNH9OreIc6B5Ws1xhmd54JiCfLAZABSbpAKR5qviKw5ZRIwAdJgk0WF734Vwj/8
5ART/A7N36TCksnJsLccnM2hXJOmf+VhBbYYPv/AmG+1Qt7w1vJUZgEfuQLcKLVs
16nSgmOpoMSSSINR7ROOOCtw9y0mDeFgxBr8IVQ9lIKVfbEVK8M133Lr0crIWryT
3jicZ16vdJUmZtxqoJ9mUbtw8D6OsyOLcpWSiUiGRBH6VHtmICyT1tY6JnZD9G/R
Dt/8KeCSux8T4ACgm7Nx7iekPlWKg2uCe1mLPt5Imtck
-----END CERTIFICATE-----
Generated at Mon Apr 21 17:05:01 2025 by rpki-client