Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/iYjilffHeJOad_w7Jd0wVk4YRrA.roa
File: iYjilffHeJOad_w7Jd0wVk4YRrA.roa (raw, json)
Hash identifier: 2TgZoIc9w3j2tUtC0m8eLPpkV5NC9HCmpln/N7Nf110=
Subject key identifier: 89:88:E2:95:F7:C7:78:93:9A:77:FC:3B:25:DD:30:56:4E:18:46:B0
Certificate issuer: /CN=23cbbf9348ae558c6efa0c086f24be04cb23c6e9
Certificate serial: 04078D3A
Authority key identifier: 23:CB:BF:93:48:AE:55:8C:6E:FA:0C:08:6F:24:BE:04:CB:23:C6:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/iYjilffHeJOad_w7Jd0wVk4YRrA.roa
Signing time: Sat 01 Jan 2022 02:01:47 +0000
ROA not before: Sat 01 Jan 2022 02:01:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60751
IP address blocks: 185.104.216.0/22 maxlen: 24
185.24.232.0/22 maxlen: 24
2a04:2e00::/29 maxlen: 29
2a04:2e07::/32 maxlen: 32
2a04:2e00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 67603770 (0x4078d3a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23cbbf9348ae558c6efa0c086f24be04cb23c6e9
Validity
Not Before: Jan 1 02:01:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8988e295f7c778939a77fc3b25dd30564e1846b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:f5:28:17:41:d9:2f:85:2b:51:4e:73:7a:0d:
d9:20:a4:e9:44:00:ca:09:f5:19:d1:06:81:2d:c3:
9e:73:ac:93:f5:32:c4:5f:90:f9:70:e6:d1:c1:fa:
6a:02:21:5c:0b:f5:29:28:d4:e6:24:7a:5f:94:e8:
51:e7:99:c1:bf:a4:18:b2:d3:df:aa:a7:80:14:c4:
4b:4f:72:09:67:18:b4:94:cd:61:2f:24:96:e0:4b:
3b:16:c4:fe:11:f3:bf:a5:db:07:e8:36:59:a4:22:
eb:ec:3e:64:f3:47:c2:1f:85:5d:99:ed:87:4a:5d:
5e:fb:38:4f:05:ba:2b:b2:6e:79:eb:73:e2:19:25:
4c:0e:93:ca:37:40:9f:58:1c:9a:d6:f4:ca:bf:8f:
dd:31:64:f5:c4:d1:a0:41:c9:58:b2:ec:b8:3c:98:
e8:ca:73:b9:93:65:73:3c:98:d5:3b:94:06:39:29:
aa:12:05:ad:da:92:f1:19:5a:b9:fe:43:25:31:ea:
bb:ac:cb:13:1b:3d:66:f1:e7:ec:88:34:4b:37:0e:
e3:e9:c7:10:1a:1c:55:68:54:af:b6:a3:e6:15:1a:
33:1b:ba:95:05:0e:cf:03:6f:37:c1:ad:68:c7:e0:
c1:f2:6b:cf:f7:5e:d7:93:88:80:b0:30:a3:26:66:
c9:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:88:E2:95:F7:C7:78:93:9A:77:FC:3B:25:DD:30:56:4E:18:46:B0
X509v3 Authority Key Identifier:
keyid:23:CB:BF:93:48:AE:55:8C:6E:FA:0C:08:6F:24:BE:04:CB:23:C6:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/iYjilffHeJOad_w7Jd0wVk4YRrA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/I8u_k0iuVYxu-gwIbyS-BMsjxuk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.24.232.0/22
185.104.216.0/22
IPv6:
2a04:2e00::/29
Signature Algorithm: sha256WithRSAEncryption
9f:72:ab:d3:85:ba:18:24:f2:e4:2d:21:15:26:58:89:bd:3f:
22:f3:33:35:66:bd:e5:83:fa:1d:50:c9:2a:e5:d7:6e:4a:f5:
79:3e:30:0d:0a:0f:e3:c7:d4:39:d9:6f:a2:74:3e:df:fa:23:
8d:7c:d2:5a:5a:45:2d:28:44:17:37:82:da:d2:b7:9b:cf:44:
eb:6f:8e:ec:2c:f9:88:cd:dc:20:3f:19:fc:f1:41:e8:19:8f:
c2:9d:22:55:79:b9:94:16:aa:3c:bd:7d:8a:c8:d9:7a:cc:51:
8a:5a:18:35:27:4d:38:85:88:98:67:c9:07:5c:9b:8d:01:50:
33:6d:ee:46:b2:b0:af:05:35:78:ea:79:80:61:bb:f8:c0:52:
c1:6b:24:5c:1b:32:15:20:81:e5:06:c2:f9:70:a1:95:17:ec:
bc:54:71:9b:34:1b:f1:f7:4c:a9:ee:81:f8:85:10:15:23:e0:
0a:49:9f:a5:70:e3:34:de:51:ac:5b:46:f3:64:19:2e:b7:6c:
f6:10:b9:06:00:89:3b:a2:88:87:ee:a2:3d:71:34:7e:9e:b3:
1d:6e:ac:8e:f3:2e:4a:46:d3:de:82:6a:a3:88:4a:4f:b8:10:
1a:cd:e4:34:e6:56:60:52:ad:ac:99:57:62:4c:76:c5:6c:fe:
fa:a4:54:c7
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEBAeNOjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
M2NiYmY5MzQ4YWU1NThjNmVmYTBjMDg2ZjI0YmUwNGNiMjNjNmU5MB4XDTIyMDEw
MTAyMDE0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODk4OGUyOTVmN2M3
Nzg5MzlhNzdmYzNiMjVkZDMwNTY0ZTE4NDZiMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKn1KBdB2S+FK1FOc3oN2SCk6UQAygn1GdEGgS3DnnOsk/Uy
xF+Q+XDm0cH6agIhXAv1KSjU5iR6X5ToUeeZwb+kGLLT36qngBTES09yCWcYtJTN
YS8kluBLOxbE/hHzv6XbB+g2WaQi6+w+ZPNHwh+FXZnth0pdXvs4TwW6K7Jueetz
4hklTA6TyjdAn1gcmtb0yr+P3TFk9cTRoEHJWLLsuDyY6MpzuZNlczyY1TuUBjkp
qhIFrdqS8Rlauf5DJTHqu6zLExs9ZvHn7Ig0SzcO4+nHEBocVWhUr7aj5hUaMxu6
lQUOzwNvN8GtaMfgwfJrz/de15OIgLAwoyZmyb8CAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBSJiOKV98d4k5p3/Dsl3TBWThhGsDAfBgNVHSMEGDAWgBQjy7+TSK5VjG76
DAhvJL4EyyPG6TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0k4dV9rMGl1Vll4dS1nd0lieVMtQk1zanh1ay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjIvMGU5MGY5LWU4ZDMtNDU2Mi1hNWIzLTYyMWVlMDUyYTZmYy8x
L2lZamlsZmZIZUpPYWRfdzdKZDB3Vms0WVJyQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIv
MGU5MGY5LWU4ZDMtNDU2Mi1hNWIzLTYyMWVlMDUyYTZmYy8xL0k4dV9rMGl1Vll4
dS1nd0lieVMtQk1zanh1ay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArkY6AMEArlo2DANBAIAAjAHAwUD
KgQuADANBgkqhkiG9w0BAQsFAAOCAQEAn3Kr04W6GCTy5C0hFSZYib0/IvMzNWa9
5YP6HVDJKuXXbkr1eT4wDQoP48fUOdlvonQ+3/ojjXzSWlpFLShEFzeC2tK3m89E
62+O7Cz5iM3cID8Z/PFB6BmPwp0iVXm5lBaqPL19isjZesxRiloYNSdNOIWImGfJ
B1ybjQFQM23uRrKwrwU1eOp5gGG7+MBSwWskXBsyFSCB5QbC+XChlRfsvFRxmzQb
8fdMqe6B+IUQFSPgCkmfpXDjNN5RrFtG82QZLrds9hC5BgCJO6KIh+6iPXE0fp6z
HW6sjvMuSkbT3oJqo4hKT7gQGs3kNOZWYFKtrJlXYkx2xWz++qRUxw==
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:36:49 2025 by rpki-client