Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/h2hZDzCltNsrr4G3xoos-1zMn60.roa
File: h2hZDzCltNsrr4G3xoos-1zMn60.roa (raw, json)
Hash identifier: 2ZBHW2AbfkoErNtoUOQN65VI7Fp62c4BjPFObxRvoMg=
Subject key identifier: 87:68:59:0F:30:A5:B4:DB:2B:AF:81:B7:C6:8A:2C:FB:5C:CC:9F:AD
Certificate issuer: /CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Certificate serial: 0194903BD074030999AFF9E4DEB454E2A513
Authority key identifier: 01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/h2hZDzCltNsrr4G3xoos-1zMn60.roa
Signing time: Wed 22 Jan 2025 22:57:06 +0000
ROA not before: Wed 22 Jan 2025 22:57:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29226
IP address blocks: 83.217.24.0/24 maxlen: 24
83.217.25.0/24 maxlen: 24
185.30.16.0/24 maxlen: 24
185.30.17.0/24 maxlen: 24
185.30.18.0/24 maxlen: 24
185.30.19.0/24 maxlen: 24
212.8.236.0/24 maxlen: 24
212.8.238.0/24 maxlen: 24
212.8.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:90:3b:d0:74:03:09:99:af:f9:e4:de:b4:54:e2:a5:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Validity
Not Before: Jan 22 22:57:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8768590f30a5b4db2baf81b7c68a2cfb5ccc9fad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:11:c8:9f:18:4c:c4:6a:f2:0c:f4:f6:a7:54:
25:d9:0a:c5:d6:e1:07:6b:bb:33:79:5c:da:7d:56:
f3:4b:d7:7d:93:ee:45:63:4f:d8:f8:17:88:c8:61:
97:14:4a:80:e5:9d:97:4b:94:8f:72:10:76:1c:39:
94:a9:0e:c2:87:41:0c:0c:cf:60:73:fc:95:b6:2a:
9c:98:c8:26:e5:6e:65:ea:0f:47:09:e8:ae:1f:69:
d7:f0:e0:04:f6:24:24:54:b2:29:5c:8e:71:b1:55:
69:f8:95:57:ed:05:6d:f6:65:65:4f:4b:d7:af:0f:
b7:0d:33:cf:de:97:49:a8:df:d2:42:ea:4d:bb:6a:
b2:17:79:55:b7:14:8d:9e:76:46:9a:8e:72:41:be:
14:6c:03:28:8b:f3:f0:fe:84:3e:8b:8b:34:a5:92:
a4:0c:08:c7:57:55:55:b9:06:f1:d1:45:56:51:d9:
ac:d7:b6:36:50:40:29:3b:77:fb:82:a0:c1:1e:8f:
48:fb:48:55:b2:61:e1:5f:d2:1d:37:bc:4d:11:c7:
9d:e4:75:91:56:1f:50:c0:72:ec:d2:85:7a:dc:29:
2b:0d:30:9c:8b:48:09:ed:32:1a:02:b2:b3:48:45:
3c:3f:ef:7e:e6:ea:28:bd:1c:3e:99:c9:ab:6f:47:
3e:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:68:59:0F:30:A5:B4:DB:2B:AF:81:B7:C6:8A:2C:FB:5C:CC:9F:AD
X509v3 Authority Key Identifier:
keyid:01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/h2hZDzCltNsrr4G3xoos-1zMn60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/AW5eMfqHFqqlThj83P7T_JTbkLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.217.24.0/23
185.30.16.0/22
212.8.236.0/24
212.8.238.0/23
Signature Algorithm: sha256WithRSAEncryption
1c:3e:87:d5:28:33:3a:9b:b1:4b:8d:3e:39:e2:97:6c:d1:e5:
69:5d:bc:e9:65:22:35:c2:f0:46:77:64:04:e3:20:d1:2f:85:
8b:e4:3d:a3:c4:d6:bf:ef:da:a5:ee:0b:cb:3e:db:a9:c1:44:
f2:dd:4e:9c:f5:8a:9b:61:df:48:79:f1:a8:33:6f:e5:69:f8:
fe:99:8a:d3:be:88:fb:be:3c:e8:23:1e:e5:72:cb:af:0d:45:
67:30:ed:83:0d:93:51:2c:d0:3e:4e:5c:4d:bd:0f:5e:ff:b7:
e7:e7:7c:ab:ef:8e:a5:d5:af:95:b7:9f:b7:38:48:b4:a5:fc:
b2:94:e4:7b:e2:58:54:09:40:c5:c2:5a:2e:b7:3a:89:ce:ce:
c2:a1:9e:54:de:d6:e7:98:e0:ab:e5:0f:75:b5:78:3c:46:2b:
e5:29:0e:72:fd:da:f9:d3:1b:a4:74:78:cc:0a:4c:59:74:1b:
e7:89:3d:e1:88:88:77:4e:28:3f:08:4b:9e:20:d6:c9:ce:04:
31:a2:0b:5d:73:28:87:b7:73:8d:69:ef:20:f2:22:ae:05:1c:
df:d5:0f:66:4b:2f:bd:cb:ab:f1:2f:b5:60:44:ad:fc:c6:a5:
01:57:92:72:f2:c2:a6:c2:de:f8:b1:4e:ae:b4:ce:dc:6d:71:
d1:13:fe:a7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZSQO9B0AwmZr/nk3rRU4qUTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNmU1ZTMxZmE4NzE2YWFhNTRlMThmY2RjZmVkM2ZjOTRk
YjkwYjUwHhcNMjUwMTIyMjI1NzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzY4NTkwZjMwYTViNGRiMmJhZjgxYjdjNjhhMmNmYjVjY2M5ZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhHInxhMxGryDPT2p1Ql2QrF1uEH
a7szeVzafVbzS9d9k+5FY0/Y+BeIyGGXFEqA5Z2XS5SPchB2HDmUqQ7Ch0EMDM9g
c/yVtiqcmMgm5W5l6g9HCeiuH2nX8OAE9iQkVLIpXI5xsVVp+JVX7QVt9mVlT0vX
rw+3DTPP3pdJqN/SQupNu2qyF3lVtxSNnnZGmo5yQb4UbAMoi/Pw/oQ+i4s0pZKk
DAjHV1VVuQbx0UVWUdms17Y2UEApO3f7gqDBHo9I+0hVsmHhX9IdN7xNEced5HWR
Vh9QwHLs0oV63CkrDTCci0gJ7TIaArKzSEU8P+9+5uoovRw+mcmrb0c+IQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIdoWQ8wpbTbK6+Bt8aKLPtczJ+tMB8GA1UdIwQY
MBaAFAFuXjH6hxaqpU4Y/Nz+0/yU25C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYt
Yzk2YzJjZTg1OWU1LzEvaDJoWkR6Q2x0TnNycjRHM3hvb3MtMXpNbjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYtYzk2YzJjZTg1OWU1
LzEvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBU9kYAwQC
uR4QAwQA1AjsAwQB1AjuMA0GCSqGSIb3DQEBCwUAA4IBAQAcPofVKDM6m7FLjT45
4pds0eVpXbzpZSI1wvBGd2QE4yDRL4WL5D2jxNa/79ql7gvLPtupwUTy3U6c9Yqb
Yd9IefGoM2/lafj+mYrTvoj7vjzoIx7lcsuvDUVnMO2DDZNRLNA+TlxNvQ9e/7fn
53yr746l1a+Vt5+3OEi0pfyylOR74lhUCUDFwloutzqJzs7CoZ5U3tbnmOCr5Q91
tXg8RivlKQ5y/dr50xukdHjMCkxZdBvniT3hiIh3Tig/CEueINbJzgQxogtdcyiH
t3ONae8g8iKuBRzf1Q9mSy+9y6vxL7VgRK38xqUBV5Jy8sKmwt74sU6utM7cbXHR
E/6n
-----END CERTIFICATE-----
Generated at Thu Apr 17 13:25:41 2025 by rpki-client