![](/console.gif)
Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/Iz_nU9zm7igwg-QWh07vb8zI704.roa
File: Iz_nU9zm7igwg-QWh07vb8zI704.roa (raw, json)
Hash identifier: KJ6P+QUUXcFCtLtQBBbkosCTqNKLcoq0vkFB+5aUiW4=
Subject key identifier: 23:3F:E7:53:DC:E6:EE:28:30:83:E4:16:87:4E:EF:6F:CC:C8:EF:4E
Certificate issuer: /CN=93a229e266b2558899f3547ee63d84ed6594768b
Certificate serial: 01856ECB7EC753C32F26A01428E46C7888B8
Authority key identifier: 93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/Iz_nU9zm7igwg-QWh07vb8zI704.roa
Signing time: Sun 01 Jan 2023 19:25:08 +0000
ROA not before: Sun 01 Jan 2023 19:25:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56655
IP address blocks: 45.88.201.0/24 maxlen: 24
45.88.200.0/24 maxlen: 24
185.181.60.0/22 maxlen: 24
185.125.168.0/22 maxlen: 24
198.140.141.0/24 maxlen: 24
185.243.217.0/24 maxlen: 24
185.243.216.0/24 maxlen: 24
185.243.218.0/24 maxlen: 24
2a03:94e1::/32 maxlen: 32
2a0a:cd80::/32 maxlen: 32
2a03:94e2::/32 maxlen: 32
2a03:94e3::/32 maxlen: 32
2a03:94e0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:cb:7e:c7:53:c3:2f:26:a0:14:28:e4:6c:78:88:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=93a229e266b2558899f3547ee63d84ed6594768b
Validity
Not Before: Jan 1 19:25:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=233fe753dce6ee283083e416874eef6fccc8ef4e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:5c:3a:e3:80:05:40:ef:98:f3:a2:0b:26:db:
aa:d7:33:4e:5c:86:2b:fa:52:33:dd:46:36:32:d8:
20:d2:5d:69:ab:9b:48:2e:af:c4:11:ec:03:46:43:
6b:3a:f4:d3:bb:e8:c3:78:b9:4e:b7:c5:f7:f7:5f:
61:37:12:f2:15:2c:23:e4:35:fe:42:aa:68:d2:8e:
ae:a0:34:f9:ce:bc:a2:18:ce:da:d3:cd:a6:6a:73:
db:7d:8d:32:b6:08:3e:e3:1d:1b:7f:5e:80:b8:8f:
f4:84:f1:b4:46:29:49:a6:f3:ae:14:b9:06:eb:fd:
0b:91:f8:f2:c2:4f:69:2a:cc:21:c0:63:4d:b3:3a:
50:64:47:6f:92:77:b7:f8:22:31:01:a9:89:ac:6c:
87:b3:d2:ee:2b:ad:cc:5c:90:b1:1f:e5:eb:36:56:
3b:96:6d:8f:66:0f:44:9e:8d:15:2e:2b:81:5a:64:
01:7f:d6:bf:13:ca:03:39:c5:ae:29:a8:19:ab:f4:
85:d4:59:71:d1:55:31:e0:df:5a:32:4e:3d:34:ab:
85:4f:44:42:f8:5b:23:5c:6b:e0:4b:51:94:48:15:
37:d5:13:08:75:74:fe:8e:63:17:e6:05:7d:4c:0c:
37:af:d9:45:ed:f3:f3:b5:b0:34:c2:d3:5e:de:24:
18:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:3F:E7:53:DC:E6:EE:28:30:83:E4:16:87:4E:EF:6F:CC:C8:EF:4E
X509v3 Authority Key Identifier:
keyid:93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/Iz_nU9zm7igwg-QWh07vb8zI704.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.88.200.0/23
185.125.168.0/22
185.181.60.0/22
185.243.216.0-185.243.218.255
198.140.141.0/24
IPv6:
2a03:94e0::/30
2a0a:cd80::/32
Signature Algorithm: sha256WithRSAEncryption
53:9e:4c:25:fd:01:bc:03:71:21:0c:e2:f3:0a:b5:b8:a6:dd:
73:fd:4c:ef:ef:51:fb:ee:9d:b1:5b:01:d1:41:14:76:98:c6:
ff:ba:e1:d5:0b:49:e5:4a:23:92:e2:21:b5:01:f3:be:ae:72:
b2:be:48:19:8e:36:0e:8b:16:74:e1:26:44:f2:03:19:cc:3a:
a4:b8:a0:e3:5a:7f:89:08:28:db:84:71:0b:17:62:11:cf:27:
56:75:79:fb:9b:58:20:99:af:49:51:71:d2:41:8e:51:5f:4a:
88:f6:e4:10:f3:2c:2e:96:b3:c3:5f:84:3f:1a:cd:2e:cd:6d:
b1:cd:f9:66:ea:d6:c3:13:fb:e0:c9:83:1a:eb:cb:fc:fa:8d:
7e:e5:bc:5f:6e:4b:31:6c:0c:33:0d:0b:61:fa:97:19:dc:0e:
4d:aa:5e:ed:da:c3:11:b4:ab:a1:b5:3e:46:81:80:b6:b3:5a:
8e:da:87:6f:87:25:15:aa:dc:59:21:27:5b:17:ec:71:01:9d:
95:1e:5e:84:de:f3:d4:9e:84:03:84:66:8e:0a:59:67:a3:41:
96:f5:cd:59:c3:8d:cf:3e:8e:25:39:99:a3:c4:4f:ff:7c:c1:
c3:af:f2:88:0b:c2:e0:26:2e:ff:4b:7b:f6:f8:2b:12:c8:90:
bf:0c:33:9b
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVuy37HU8MvJqAUKORseIi4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTIyOWUyNjZiMjU1ODg5OWYzNTQ3ZWU2M2Q4NGVkNjU5
NDc2OGIwHhcNMjMwMTAxMTkyNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzNmZTc1M2RjZTZlZTI4MzA4M2U0MTY4NzRlZWY2ZmNjYzhlZjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1w644AFQO+Y86ILJtuq1zNOXIYr
+lIz3UY2Mtgg0l1pq5tILq/EEewDRkNrOvTTu+jDeLlOt8X3919hNxLyFSwj5DX+
Qqpo0o6uoDT5zryiGM7a082manPbfY0ytgg+4x0bf16AuI/0hPG0RilJpvOuFLkG
6/0Lkfjywk9pKswhwGNNszpQZEdvkne3+CIxAamJrGyHs9LuK63MXJCxH+XrNlY7
lm2PZg9Eno0VLiuBWmQBf9a/E8oDOcWuKagZq/SF1Flx0VUx4N9aMk49NKuFT0RC
+FsjXGvgS1GUSBU31RMIdXT+jmMX5gV9TAw3r9lF7fPztbA0wtNe3iQYtwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCM/51Pc5u4oMIPkFodO72/MyO9OMB8GA1UdIwQY
MBaAFJOiKeJmslWImfNUfuY9hO1llHaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYt
NGQ3NzdjYWNkOWE0LzEvSXpfblU5em03aWd3Zy1RV2gwN3ZiOHpJNzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYtNGQ3NzdjYWNkOWE0
LzEvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAsBAIAATAmAwQBLVjIAwQC
uX2oAwQCubU8MAwDBAO589gDBAC589oDBADGjI0wFAQCAAIwDgMFAioDlOADBQAq
Cs2AMA0GCSqGSIb3DQEBCwUAA4IBAQBTnkwl/QG8A3EhDOLzCrW4pt1z/Uzv71H7
7p2xWwHRQRR2mMb/uuHVC0nlSiOS4iG1AfO+rnKyvkgZjjYOixZ04SZE8gMZzDqk
uKDjWn+JCCjbhHELF2IRzydWdXn7m1ggma9JUXHSQY5RX0qI9uQQ8ywulrPDX4Q/
Gs0uzW2xzflm6tbDE/vgyYMa68v8+o1+5bxfbksxbAwzDQth+pcZ3A5Nql7t2sMR
tKuhtT5GgYC2s1qO2odvhyUVqtxZISdbF+xxAZ2VHl6E3vPUnoQDhGaOCllno0GW
9c1Zw43PPo4lOZmjxE//fMHDr/KIC8LgJi7/S3v2+CsSyJC/DDOb
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:09:01 2025 by rpki-client