Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/32d7ad-8bf9-4274-95f8-9c953594d6b1/1/IqQ3cWZZwOEMIL43JmKrM5xE3TE.roa
File: IqQ3cWZZwOEMIL43JmKrM5xE3TE.roa (raw, json)
Hash identifier: XaleOmW+saiKa0v+kWIKV1cy4ywEjAQTgBlA5a4s9gg=
Subject key identifier: 22:A4:37:71:66:59:C0:E1:0C:20:BE:37:26:62:AB:33:9C:44:DD:31
Certificate issuer: /CN=6987d47935e1137d544426db5288e12a9c025ac2
Certificate serial: 01857039A7057CDBCDE9469D3CE11536FF12
Authority key identifier: 69:87:D4:79:35:E1:13:7D:54:44:26:DB:52:88:E1:2A:9C:02:5A:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aYfUeTXhE31URCbbUojhKpwCWsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/32d7ad-8bf9-4274-95f8-9c953594d6b1/1/IqQ3cWZZwOEMIL43JmKrM5xE3TE.roa
Signing time: Mon 02 Jan 2023 02:05:04 +0000
ROA not before: Mon 02 Jan 2023 02:05:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 14618
IP address blocks: 185.44.176.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:39:a7:05:7c:db:cd:e9:46:9d:3c:e1:15:36:ff:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6987d47935e1137d544426db5288e12a9c025ac2
Validity
Not Before: Jan 2 02:05:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=22a437716659c0e10c20be372662ab339c44dd31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:53:25:cc:17:22:03:9f:c9:8d:50:00:7a:3c:
86:cd:41:cc:c8:9b:5d:5c:24:7c:a5:18:17:f1:ba:
4e:c8:9e:92:b3:94:b8:7d:26:56:57:c3:cd:10:c6:
e9:dc:09:f9:96:03:af:3b:a3:06:4e:d8:a4:48:eb:
77:62:13:cd:18:c3:53:62:be:fd:46:5b:de:40:94:
bf:e6:d3:e4:a3:50:b9:15:2a:50:97:70:3d:c4:35:
b4:86:9b:e8:75:72:0d:99:cb:00:80:36:3d:21:23:
d7:4f:09:df:eb:d7:64:13:dc:bc:82:8a:96:86:36:
c4:f2:0c:1c:f6:72:b7:60:7f:fd:dd:5b:49:a7:c2:
89:cc:11:75:86:97:d5:bd:1a:11:aa:c8:ef:d0:7c:
dd:51:f9:5a:6e:12:7a:d6:ba:88:a6:0a:e1:ba:b1:
28:16:5d:e4:93:42:da:26:d3:c1:3e:a3:e5:3f:b9:
8b:aa:7b:5f:b1:b8:60:61:e8:4b:26:e3:61:cb:9a:
f8:49:d6:a2:de:c5:49:56:4a:cb:fa:02:d2:1d:46:
b1:8b:ad:d5:0a:b4:0e:05:b1:fe:71:30:f6:0d:e0:
a1:32:e1:6c:60:f6:92:0c:2c:9d:2c:fa:ae:63:46:
e2:b2:a2:3d:1e:49:f4:32:de:bc:d7:7e:3e:f3:14:
ea:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:A4:37:71:66:59:C0:E1:0C:20:BE:37:26:62:AB:33:9C:44:DD:31
X509v3 Authority Key Identifier:
keyid:69:87:D4:79:35:E1:13:7D:54:44:26:DB:52:88:E1:2A:9C:02:5A:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aYfUeTXhE31URCbbUojhKpwCWsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/32d7ad-8bf9-4274-95f8-9c953594d6b1/1/IqQ3cWZZwOEMIL43JmKrM5xE3TE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/32d7ad-8bf9-4274-95f8-9c953594d6b1/1/aYfUeTXhE31URCbbUojhKpwCWsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.44.176.0/24
Signature Algorithm: sha256WithRSAEncryption
67:ed:23:54:60:5d:1a:c5:71:a5:a3:70:b1:bc:c7:19:44:06:
e5:17:ca:70:47:a7:17:28:02:82:21:29:1c:c6:9d:25:f2:ef:
89:a2:aa:ae:ae:a0:81:f8:87:ab:b3:52:5d:45:34:99:ad:04:
e4:c6:3a:89:9b:1e:c0:76:a7:d9:17:c6:e0:91:05:05:ea:2f:
8d:67:70:6d:41:28:fe:75:ac:27:74:a3:04:0e:ad:c8:ee:64:
f7:dc:37:99:5a:ec:6e:ca:a0:cf:cb:b0:14:01:79:6a:6b:2c:
97:40:07:0a:93:77:6b:a8:02:9e:17:7f:9c:73:68:b2:40:8c:
c0:0c:ff:82:6a:47:83:04:82:1c:31:21:85:32:a9:bd:d2:3f:
b9:09:5d:f2:40:51:d4:62:68:6f:34:0d:97:c1:31:40:7b:f9:
72:49:22:81:91:c3:ac:7d:61:56:d0:00:d0:de:16:35:7f:49:
ac:0c:43:e7:6a:1c:59:44:95:0c:a1:5e:d0:01:b0:0c:25:42:
70:41:38:b3:c9:73:fc:b5:83:24:0b:5a:ce:d5:2d:b5:66:69:
fc:7f:ff:8a:89:95:c6:67:2f:39:a5:27:47:61:ce:6d:29:1a:
75:6f:42:8b:f4:0d:db:f5:28:98:05:e6:61:6b:c0:96:93:c5:
82:dc:6e:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwOacFfNvN6UadPOEVNv8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ODdkNDc5MzVlMTEzN2Q1NDQ0MjZkYjUyODhlMTJhOWMw
MjVhYzIwHhcNMjMwMTAyMDIwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmE0Mzc3MTY2NTljMGUxMGMyMGJlMzcyNjYyYWIzMzljNDRkZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVMlzBciA5/JjVAAejyGzUHMyJtd
XCR8pRgX8bpOyJ6Ss5S4fSZWV8PNEMbp3An5lgOvO6MGTtikSOt3YhPNGMNTYr79
RlveQJS/5tPko1C5FSpQl3A9xDW0hpvodXINmcsAgDY9ISPXTwnf69dkE9y8goqW
hjbE8gwc9nK3YH/93VtJp8KJzBF1hpfVvRoRqsjv0HzdUflabhJ61rqIpgrhurEo
Fl3kk0LaJtPBPqPlP7mLqntfsbhgYehLJuNhy5r4Sdai3sVJVkrL+gLSHUaxi63V
CrQOBbH+cTD2DeChMuFsYPaSDCydLPquY0bisqI9Hkn0Mt68134+8xTq3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKkN3FmWcDhDCC+NyZiqzOcRN0xMB8GA1UdIwQY
MBaAFGmH1Hk14RN9VEQm21KI4SqcAlrCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVlmVWVUWGhFMzFVUkNiYlVvamhLcHdDV3NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8zMmQ3YWQtOGJmOS00Mjc0LTk1Zjgt
OWM5NTM1OTRkNmIxLzEvSXFRM2NXWlp3T0VNSUw0M0ptS3JNNXhFM1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8zMmQ3YWQtOGJmOS00Mjc0LTk1ZjgtOWM5NTM1OTRkNmIx
LzEvYVlmVWVUWGhFMzFVUkNiYlVvamhLcHdDV3NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSywMA0G
CSqGSIb3DQEBCwUAA4IBAQBn7SNUYF0axXGlo3CxvMcZRAblF8pwR6cXKAKCISkc
xp0l8u+JoqqurqCB+Iers1JdRTSZrQTkxjqJmx7AdqfZF8bgkQUF6i+NZ3BtQSj+
dawndKMEDq3I7mT33DeZWuxuyqDPy7AUAXlqayyXQAcKk3drqAKeF3+cc2iyQIzA
DP+CakeDBIIcMSGFMqm90j+5CV3yQFHUYmhvNA2XwTFAe/lySSKBkcOsfWFW0ADQ
3hY1f0msDEPnahxZRJUMoV7QAbAMJUJwQTizyXP8tYMkC1rO1S21Zmn8f/+KiZXG
Zy85pSdHYc5tKRp1b0KL9A3b9SiYBeZha8CWk8WC3G4t
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:36:11 2025 by rpki-client