Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/oUIGNV3zQSb_xvDLlA6_svUV0iI.roa
File: oUIGNV3zQSb_xvDLlA6_svUV0iI.roa (raw, json)
Hash identifier: MCWq0PtPobYibHUI3KLVnmrgf9lH9WzUX8qRur9CN3A=
Subject key identifier: A1:42:06:35:5D:F3:41:26:FF:C6:F0:CB:94:0E:BF:B2:F5:15:D2:22
Certificate issuer: /CN=287e1c97f71f355867e3fb877f21aa5130b6cf5d
Certificate serial: 01857042D5D0EB01514D41DC47DE47C9ED00
Authority key identifier: 28:7E:1C:97:F7:1F:35:58:67:E3:FB:87:7F:21:AA:51:30:B6:CF:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/oUIGNV3zQSb_xvDLlA6_svUV0iI.roa
Signing time: Mon 02 Jan 2023 02:15:06 +0000
ROA not before: Mon 02 Jan 2023 02:15:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205110
IP address blocks: 185.226.88.0/24 maxlen: 24
185.226.91.0/24 maxlen: 24
185.226.90.0/24 maxlen: 24
185.226.90.0/23 maxlen: 23
185.226.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:42:d5:d0:eb:01:51:4d:41:dc:47:de:47:c9:ed:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=287e1c97f71f355867e3fb877f21aa5130b6cf5d
Validity
Not Before: Jan 2 02:15:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a14206355df34126ffc6f0cb940ebfb2f515d222
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:46:aa:40:fe:bf:66:44:f2:30:83:3f:1f:2e:
57:b8:72:1e:0e:e8:81:01:8d:53:1b:7e:2c:84:1f:
66:70:85:5b:b8:f1:08:f8:d9:5a:38:3e:18:6d:9f:
8e:d4:7b:17:84:99:81:4b:d0:25:ee:8d:82:4d:f9:
43:35:23:78:d8:6b:e5:b6:8f:ea:2d:7f:65:6b:6e:
f9:9f:91:06:c2:4a:eb:50:bb:65:2e:90:01:4e:df:
f9:08:1a:ef:74:bb:b8:23:c3:da:50:e3:ce:e2:1e:
a9:2a:c6:6d:27:f7:a7:50:ed:7f:6e:fc:1f:fc:b8:
5f:07:0b:7e:31:09:53:45:fd:09:3e:56:6c:7b:1e:
51:da:ee:50:97:67:bc:af:e6:80:67:e6:c8:d2:ff:
84:f5:64:7a:20:cc:c4:db:75:99:f7:6b:ff:27:81:
2a:83:89:3b:60:62:65:a2:6a:77:51:48:b1:5b:50:
d0:b0:11:ad:e5:0b:7e:b0:98:51:de:f6:5a:0f:d7:
e6:1a:d3:f7:b4:60:bc:00:df:6b:ea:8b:8d:93:34:
7b:7f:3d:ef:35:8f:b1:84:14:ce:22:21:8a:e1:a5:
51:b8:11:37:f9:1b:55:85:8f:61:c8:09:63:55:da:
a7:f9:54:af:91:bf:fb:0a:5a:8c:1a:54:57:4b:d0:
29:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:42:06:35:5D:F3:41:26:FF:C6:F0:CB:94:0E:BF:B2:F5:15:D2:22
X509v3 Authority Key Identifier:
keyid:28:7E:1C:97:F7:1F:35:58:67:E3:FB:87:7F:21:AA:51:30:B6:CF:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KH4cl_cfNVhn4_uHfyGqUTC2z10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/oUIGNV3zQSb_xvDLlA6_svUV0iI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/af161b-ef51-44bd-8e0a-9eb3c682b009/1/KH4cl_cfNVhn4_uHfyGqUTC2z10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.226.88.0/22
Signature Algorithm: sha256WithRSAEncryption
32:29:f7:9b:ba:90:60:1d:93:b3:1b:2f:11:e2:d8:db:e2:57:
42:86:7f:f0:6c:46:af:1b:e3:00:7e:dc:f1:51:1d:cd:cd:30:
53:1e:4b:57:19:48:09:d0:60:d0:41:c6:93:3b:05:8f:24:34:
4a:11:21:87:05:af:6e:da:52:63:22:35:00:29:07:2c:52:72:
72:c0:87:13:be:fc:23:8a:b2:d0:fc:7f:85:38:1d:c7:7f:69:
38:0a:6e:b2:bb:a0:2d:6a:ad:ac:f2:a9:bd:91:6b:e9:90:05:
5b:fb:ff:c8:75:04:16:cd:e3:d2:7a:48:d6:e0:59:63:27:a3:
fd:33:d9:aa:a0:23:9f:98:40:af:50:cb:30:9c:3b:19:22:f4:
a7:17:65:c3:54:e2:40:de:19:76:36:73:0b:5f:f1:05:a4:87:
cd:41:a5:a6:3c:59:d1:af:ba:42:3d:6e:3f:d7:44:35:e8:e1:
df:25:77:7a:7f:8c:8b:ba:9d:94:ea:b1:0e:85:3b:18:f8:33:
7a:8b:bc:53:9d:07:83:ef:22:ea:6b:77:f6:1a:be:7f:be:02:
25:38:a9:8f:96:94:3c:85:4a:1f:a2:a8:e8:3c:34:5a:f0:86:
51:0e:2d:82:82:89:28:f7:af:89:72:72:5e:9e:b8:05:3b:73:
4c:13:68:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwQtXQ6wFRTUHcR95Hye0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4N2UxYzk3ZjcxZjM1NTg2N2UzZmI4NzdmMjFhYTUxMzBi
NmNmNWQwHhcNMjMwMTAyMDIxNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQyMDYzNTVkZjM0MTI2ZmZjNmYwY2I5NDBlYmZiMmY1MTVkMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEaqQP6/ZkTyMIM/Hy5XuHIeDuiB
AY1TG34shB9mcIVbuPEI+NlaOD4YbZ+O1HsXhJmBS9Al7o2CTflDNSN42Gvlto/q
LX9la275n5EGwkrrULtlLpABTt/5CBrvdLu4I8PaUOPO4h6pKsZtJ/enUO1/bvwf
/LhfBwt+MQlTRf0JPlZsex5R2u5Ql2e8r+aAZ+bI0v+E9WR6IMzE23WZ92v/J4Eq
g4k7YGJlomp3UUixW1DQsBGt5Qt+sJhR3vZaD9fmGtP3tGC8AN9r6ouNkzR7fz3v
NY+xhBTOIiGK4aVRuBE3+RtVhY9hyAljVdqn+VSvkb/7ClqMGlRXS9ApZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFCBjVd80Em/8bwy5QOv7L1FdIiMB8GA1UdIwQY
MBaAFCh+HJf3HzVYZ+P7h38hqlEwts9dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0g0Y2xfY2ZOVmhuNF91SGZ5R3FVVEMyejEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hZjE2MWItZWY1MS00NGJkLThlMGEt
OWViM2M2ODJiMDA5LzEvb1VJR05WM3pRU2JfeHZETGxBNl9zdlVWMGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hZjE2MWItZWY1MS00NGJkLThlMGEtOWViM2M2ODJiMDA5
LzEvS0g0Y2xfY2ZOVmhuNF91SGZ5R3FVVEMyejEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueJYMA0G
CSqGSIb3DQEBCwUAA4IBAQAyKfebupBgHZOzGy8R4tjb4ldChn/wbEavG+MAftzx
UR3NzTBTHktXGUgJ0GDQQcaTOwWPJDRKESGHBa9u2lJjIjUAKQcsUnJywIcTvvwj
irLQ/H+FOB3Hf2k4Cm6yu6Ataq2s8qm9kWvpkAVb+//IdQQWzePSekjW4FljJ6P9
M9mqoCOfmECvUMswnDsZIvSnF2XDVOJA3hl2NnMLX/EFpIfNQaWmPFnRr7pCPW4/
10Q16OHfJXd6f4yLup2U6rEOhTsY+DN6i7xTnQeD7yLqa3f2Gr5/vgIlOKmPlpQ8
hUofoqjoPDRa8IZRDi2Cgoko96+JcnJenrgFO3NME2hS
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:36:35 2025 by rpki-client