Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/IjPPddUO6LR3pR_moWqwSIbR1mw.roa
File: IjPPddUO6LR3pR_moWqwSIbR1mw.roa (raw, json)
Hash identifier: s8WitoeYWeCx1CWixip3Mz80TR9iI5/R4B8ghNQENPc=
Subject key identifier: 22:33:CF:75:D5:0E:E8:B4:77:A5:1F:E6:A1:6A:B0:48:86:D1:D6:6C
Certificate issuer: /CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Certificate serial: 01859B81E39F09824215B440F8925F2E54B5
Authority key identifier: 0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/IjPPddUO6LR3pR_moWqwSIbR1mw.roa
Signing time: Tue 10 Jan 2023 11:47:38 +0000
ROA not before: Tue 10 Jan 2023 11:47:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211261
IP address blocks: 103.226.194.0/23 maxlen: 23
185.237.212.0/24 maxlen: 24
185.145.71.0/24 maxlen: 24
185.145.70.0/24 maxlen: 24
185.223.176.0/22 maxlen: 22
103.229.168.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:9b:81:e3:9f:09:82:42:15:b4:40:f8:92:5f:2e:54:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Validity
Not Before: Jan 10 11:47:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2233cf75d50ee8b477a51fe6a16ab04886d1d66c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:3f:b9:b5:1c:6c:db:3d:0c:a5:e3:3c:01:9c:
37:2b:fa:df:40:5a:ff:6f:a2:ce:df:34:3e:b5:1b:
4d:4d:65:6a:98:9b:ff:2b:cb:80:1a:01:b5:ff:f6:
d9:64:c7:d8:ee:66:03:9e:6c:42:a8:20:25:0f:81:
d5:31:2a:7e:9f:71:95:42:cb:03:db:5e:69:32:fb:
a1:96:f6:8d:96:22:f9:58:da:d9:5c:32:f1:40:28:
7e:70:47:81:6e:58:2d:bb:e3:41:70:49:6c:99:a1:
7a:ca:0a:db:ce:55:95:6a:43:2b:de:de:b3:d4:30:
11:15:48:90:5e:2d:c9:bd:49:0f:19:81:91:84:f6:
06:47:0c:4e:15:3b:4f:38:dd:8e:b3:f8:de:83:2b:
44:e1:16:2b:b6:d2:ec:81:2a:9a:24:1f:97:30:6c:
5b:cd:40:6a:5f:34:d2:6e:d3:40:02:06:2f:62:1a:
2d:e9:d0:bb:6a:6b:f5:fd:1c:b0:ed:b2:3e:ef:a5:
6f:6a:db:f6:e5:26:35:01:fb:e6:5e:2f:ce:a3:f6:
22:21:84:b2:d9:5b:c4:0f:85:e5:e0:67:4b:99:32:
1f:d7:2f:ea:fd:05:34:fd:af:9f:c7:9f:da:a0:f9:
fb:ee:e6:62:90:a7:90:6b:d5:e0:6d:97:03:e3:64:
25:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:33:CF:75:D5:0E:E8:B4:77:A5:1F:E6:A1:6A:B0:48:86:D1:D6:6C
X509v3 Authority Key Identifier:
keyid:0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/IjPPddUO6LR3pR_moWqwSIbR1mw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/Cx5y89CVf1puO9G4RKEqYUdEkCc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.226.194.0/23
103.229.168.0/24
185.145.70.0/23
185.223.176.0/22
185.237.212.0/24
Signature Algorithm: sha256WithRSAEncryption
ae:d0:2f:6f:54:3a:be:94:70:50:6f:2b:0d:f7:9f:d9:fd:a4:
c2:d2:89:e3:8c:aa:f1:a6:9e:f1:9a:85:4c:84:fc:da:8c:f8:
80:8d:81:ef:8d:62:26:c3:9c:ca:4f:49:31:53:af:3d:da:a7:
d3:43:de:90:ed:61:a0:55:70:a5:47:ca:50:c1:0d:ef:3f:e9:
46:7d:4a:f4:10:f9:fa:b1:7e:5a:9d:a5:e2:a7:49:d2:78:16:
d9:71:68:2c:64:ef:c4:5c:7a:5d:ba:9c:c5:b7:94:d3:2a:6f:
3d:b0:10:2f:05:c7:df:6b:3d:48:76:18:dc:5e:4b:37:56:dc:
3f:14:02:c6:7b:cd:f3:1d:77:3f:c5:8d:5f:82:7f:4b:c1:00:
7a:cd:d7:99:60:7e:e2:91:51:9f:4a:b5:70:38:16:92:26:65:
0c:50:cb:aa:26:a8:33:30:38:db:75:8f:30:0e:24:3e:83:b9:
61:64:4d:76:22:3c:19:c9:b4:ad:c0:6b:ce:c5:b6:3b:7e:9c:
f3:b8:ad:94:97:47:2a:33:13:a5:77:5f:b4:0c:f8:50:ee:5a:
29:a3:00:52:8b:f1:fc:4e:51:ba:f5:53:e5:b3:68:51:c9:a9:
fe:fc:22:27:9f:0b:dd:29:7c:d5:1f:69:29:ab:56:a2:b8:35:
d9:6f:45:14
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYWbgeOfCYJCFbRA+JJfLlS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWU3MmYzZDA5NTdmNWE2ZTNiZDFiODQ0YTEyYTYxNDc0
NDkwMjcwHhcNMjMwMTEwMTE0NzM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjMzY2Y3NWQ1MGVlOGI0NzdhNTFmZTZhMTZhYjA0ODg2ZDFkNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgT+5tRxs2z0MpeM8AZw3K/rfQFr/
b6LO3zQ+tRtNTWVqmJv/K8uAGgG1//bZZMfY7mYDnmxCqCAlD4HVMSp+n3GVQssD
215pMvuhlvaNliL5WNrZXDLxQCh+cEeBblgtu+NBcElsmaF6ygrbzlWVakMr3t6z
1DARFUiQXi3JvUkPGYGRhPYGRwxOFTtPON2Os/jegytE4RYrttLsgSqaJB+XMGxb
zUBqXzTSbtNAAgYvYhot6dC7amv1/Ryw7bI+76Vvatv25SY1AfvmXi/Oo/YiIYSy
2VvED4Xl4GdLmTIf1y/q/QU0/a+fx5/aoPn77uZikKeQa9XgbZcD42QloQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCIzz3XVDui0d6Uf5qFqsEiG0dZsMB8GA1UdIwQY
MBaAFAsecvPQlX9abjvRuEShKmFHRJAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQt
MDU0OGQzODk1YTU1LzEvSWpQUGRkVU82TFIzcFJfbW9XcXdTSWJSMW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQtMDU0OGQzODk1YTU1
LzEvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBZ+LCAwQA
Z+WoAwQBuZFGAwQCud+wAwQAue3UMA0GCSqGSIb3DQEBCwUAA4IBAQCu0C9vVDq+
lHBQbysN95/Z/aTC0onjjKrxpp7xmoVMhPzajPiAjYHvjWImw5zKT0kxU6892qfT
Q96Q7WGgVXClR8pQwQ3vP+lGfUr0EPn6sX5anaXip0nSeBbZcWgsZO/EXHpdupzF
t5TTKm89sBAvBcffaz1IdhjcXks3Vtw/FALGe83zHXc/xY1fgn9LwQB6zdeZYH7i
kVGfSrVwOBaSJmUMUMuqJqgzMDjbdY8wDiQ+g7lhZE12IjwZybStwGvOxbY7fpzz
uK2Ul0cqMxOld1+0DPhQ7lopowBSi/H8TlG69VPls2hRyan+/CInnwvdKXzVH2kp
q1aiuDXZb0UU
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:55:53 2025 by rpki-client