Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/d2erQh-tjAiZcgWGVcf2r-zLD9U.roa
File: d2erQh-tjAiZcgWGVcf2r-zLD9U.roa (raw, json)
Hash identifier: GU4WcxSbJl2oVzdXyBsGGg68K0mjVGYFdKSV7/6gRkE=
Subject key identifier: 77:67:AB:42:1F:AD:8C:08:99:72:05:86:55:C7:F6:AF:EC:CB:0F:D5
Certificate issuer: /CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Certificate serial: 01886CF0F3CE7E0A584A067DF73A049DCA9B
Authority key identifier: AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/d2erQh-tjAiZcgWGVcf2r-zLD9U.roa
Signing time: Tue 30 May 2023 13:55:10 +0000
ROA not before: Tue 30 May 2023 13:55:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60783
IP address blocks: 185.25.232.0/22 maxlen: 24
2a0a:8fc0::/29 maxlen: 29
2a04:3480::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:6c:f0:f3:ce:7e:0a:58:4a:06:7d:f7:3a:04:9d:ca:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Validity
Not Before: May 30 13:55:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7767ab421fad8c089972058655c7f6afeccb0fd5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:25:d5:ad:16:dc:27:38:77:5a:23:62:b3:1b:
14:e9:db:f9:1e:7c:d8:35:01:83:45:8e:0e:18:c4:
47:c1:8d:82:e8:da:63:38:3e:67:6e:9d:62:e4:d8:
78:e5:c3:9b:1f:3b:90:ee:bd:17:64:bd:93:36:d6:
3e:cc:b2:36:ce:1d:ca:35:6a:08:24:bd:92:cc:d3:
ac:07:ca:3d:12:ae:76:69:39:39:ec:af:51:43:11:
57:bd:1c:01:9e:09:ad:0c:32:aa:0c:55:32:4f:3d:
87:58:5d:91:89:eb:66:65:fc:86:ec:7e:f7:26:c2:
e4:8b:d4:6c:f8:76:dc:5b:be:ba:be:08:93:1e:18:
55:0c:a1:a7:ba:76:36:9c:60:c4:bb:2b:25:67:f6:
0a:7b:06:c1:17:e4:f9:c6:15:28:41:03:6d:4c:9c:
2e:20:3a:93:ba:58:9c:79:e0:47:69:20:f2:fa:9e:
95:58:54:58:c0:11:20:be:b5:2b:6f:0c:2d:9a:6d:
73:79:c6:4b:35:eb:0b:4c:26:5d:3d:4d:06:ee:5e:
69:71:c5:ae:d6:ee:9a:95:04:0c:6a:98:00:1e:53:
89:4c:6d:59:38:5e:c8:99:c1:37:e3:4d:9f:2f:2c:
98:6b:e4:68:e2:83:7b:63:ff:5b:c2:7f:4c:81:81:
1e:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:67:AB:42:1F:AD:8C:08:99:72:05:86:55:C7:F6:AF:EC:CB:0F:D5
X509v3 Authority Key Identifier:
keyid:AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/d2erQh-tjAiZcgWGVcf2r-zLD9U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.25.232.0/22
IPv6:
2a04:3480::/29
2a0a:8fc0::/29
Signature Algorithm: sha256WithRSAEncryption
8a:3d:09:da:73:05:31:46:46:bb:b4:a8:10:65:09:58:e0:c6:
89:cd:e3:04:c3:1f:2a:81:97:c0:35:73:d0:04:37:45:11:d7:
69:a3:69:31:ce:02:d0:21:44:17:59:0c:1b:e5:aa:3d:a1:7d:
e2:3f:1a:fc:35:4b:7d:15:59:a6:da:ea:7a:65:a4:a2:b4:5b:
d0:15:b8:71:05:09:39:e2:c3:ad:e9:e8:3a:45:b9:cd:69:2d:
a6:bc:03:87:93:c0:08:fa:c0:e4:22:a0:2a:cf:c7:1a:d6:15:
ef:5e:d5:96:24:0b:7e:91:f2:65:0e:67:e1:3b:da:26:9b:fb:
54:3a:5f:de:83:49:71:39:35:87:16:fd:37:db:ec:84:63:e7:
bc:9a:75:00:8d:db:97:7e:ac:43:3b:39:db:1b:ef:9f:1d:22:
11:03:95:d0:8e:d2:d0:4f:44:57:58:98:b1:10:97:36:09:fc:
b8:5c:8a:59:4c:6d:86:55:c3:ac:37:53:7b:9d:9e:93:31:1b:
71:3e:92:8f:a2:ff:d7:20:1e:13:cd:1a:c2:40:8a:c2:6e:0c:
e3:4a:ed:6e:5f:0f:c9:3d:bc:80:c9:d9:eb:90:23:e4:7d:8c:
bf:28:9b:62:f8:59:dc:6d:01:bb:f1:cb:5e:d9:c8:2b:52:43:
39:00:36:62
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYhs8PPOfgpYSgZ99zoEncqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYjFkYjBlMDA4MjA4NzZkZmEyMGJlYzliNzE5YWE3OTVh
Y2MxZGUwHhcNMjMwNTMwMTM1NTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY3YWI0MjFmYWQ4YzA4OTk3MjA1ODY1NWM3ZjZhZmVjY2IwZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyXVrRbcJzh3WiNisxsU6dv5HnzY
NQGDRY4OGMRHwY2C6NpjOD5nbp1i5Nh45cObHzuQ7r0XZL2TNtY+zLI2zh3KNWoI
JL2SzNOsB8o9Eq52aTk57K9RQxFXvRwBngmtDDKqDFUyTz2HWF2RietmZfyG7H73
JsLki9Rs+HbcW766vgiTHhhVDKGnunY2nGDEuyslZ/YKewbBF+T5xhUoQQNtTJwu
IDqTuliceeBHaSDy+p6VWFRYwBEgvrUrbwwtmm1zecZLNesLTCZdPU0G7l5pccWu
1u6alQQMapgAHlOJTG1ZOF7ImcE3402fLyyYa+Ro4oN7Y/9bwn9MgYEewwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFHdnq0IfrYwImXIFhlXH9q/syw/VMB8GA1UdIwQY
MBaAFKqx2w4Aggh236IL7JtxmqeVrMHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGIt
MjNlMzgxMzY1MWQ0LzEvZDJlclFoLXRqQWlaY2dXR1ZjZjJyLXpMRDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGItMjNlMzgxMzY1MWQ0
LzEvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCuRnoMBQE
AgACMA4DBQMqBDSAAwUDKgqPwDANBgkqhkiG9w0BAQsFAAOCAQEAij0J2nMFMUZG
u7SoEGUJWODGic3jBMMfKoGXwDVz0AQ3RRHXaaNpMc4C0CFEF1kMG+WqPaF94j8a
/DVLfRVZptrqemWkorRb0BW4cQUJOeLDrenoOkW5zWktprwDh5PACPrA5CKgKs/H
GtYV717VliQLfpHyZQ5n4TvaJpv7VDpf3oNJcTk1hxb9N9vshGPnvJp1AI3bl36s
Qzs52xvvnx0iEQOV0I7S0E9EV1iYsRCXNgn8uFyKWUxthlXDrDdTe52ekzEbcT6S
j6L/1yAeE80awkCKwm4M40rtbl8PyT28gMnZ65Aj5H2MvyibYvhZ3G0Bu/HLXtnI
K1JDOQA2Yg==
-----END CERTIFICATE-----
Generated at Mon Apr 21 10:38:14 2025 by rpki-client