Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/mQkOH6BQKEe5BXR8vKQm3GrNl5Q.roa
File: mQkOH6BQKEe5BXR8vKQm3GrNl5Q.roa (raw, json)
Hash identifier: zeRY8/lZv606RD+5ApGZkknKsArGgiFasVzX1EN7/7s=
Subject key identifier: 99:09:0E:1F:A0:50:28:47:B9:05:74:7C:BC:A4:26:DC:6A:CD:97:94
Certificate issuer: /CN=23cbbf9348ae558c6efa0c086f24be04cb23c6e9
Certificate serial: 018570FBBF404C56E49D8E0D42E4C101E0E4
Authority key identifier: 23:CB:BF:93:48:AE:55:8C:6E:FA:0C:08:6F:24:BE:04:CB:23:C6:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/mQkOH6BQKEe5BXR8vKQm3GrNl5Q.roa
Signing time: Mon 02 Jan 2023 05:37:04 +0000
ROA not before: Mon 02 Jan 2023 05:37:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 30900
IP address blocks: 185.104.216.0/22 maxlen: 22
185.24.232.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:fb:bf:40:4c:56:e4:9d:8e:0d:42:e4:c1:01:e0:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23cbbf9348ae558c6efa0c086f24be04cb23c6e9
Validity
Not Before: Jan 2 05:37:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=99090e1fa0502847b905747cbca426dc6acd9794
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:e9:83:4e:85:0e:ed:fa:ce:19:14:7a:86:08:
48:61:84:9c:2a:19:a3:c5:ff:74:d4:f7:51:aa:fc:
55:d7:8d:2c:42:f1:5f:d0:ab:b7:b1:76:00:f7:c7:
93:5b:d3:ba:3d:15:24:ae:cb:06:8b:5f:66:1d:0c:
e5:03:c7:35:ea:f9:7b:8e:3e:bf:3a:f0:6c:12:7f:
a7:0f:73:d7:15:21:92:65:52:64:10:bb:b3:48:ba:
f6:e3:09:40:e2:f2:9c:e6:36:8e:23:21:8e:a2:0b:
72:b6:76:c4:a8:b6:2a:ec:60:46:cb:ab:e4:42:85:
99:4c:27:9d:b2:c4:47:f0:26:f7:53:89:ea:42:61:
f6:26:39:6c:be:30:32:31:9c:d0:11:9d:2f:05:df:
f2:c1:d1:94:81:ad:2b:4e:a6:d3:df:75:cd:d6:fa:
3e:71:bf:cc:77:4a:6d:6c:7d:2d:b8:5b:f9:97:e6:
d6:ca:4d:9e:cf:23:ca:2e:a6:9f:30:63:b3:85:e0:
84:98:4a:e5:69:a4:34:73:8b:61:66:1d:55:f5:9d:
e3:7d:2d:33:3c:dd:10:12:04:51:48:1b:d7:12:a7:
45:ba:29:c5:8c:29:fa:8d:a6:ef:10:c9:88:1f:09:
b4:7a:58:a7:dc:69:ce:eb:89:ba:05:74:27:ef:ef:
62:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:09:0E:1F:A0:50:28:47:B9:05:74:7C:BC:A4:26:DC:6A:CD:97:94
X509v3 Authority Key Identifier:
keyid:23:CB:BF:93:48:AE:55:8C:6E:FA:0C:08:6F:24:BE:04:CB:23:C6:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/mQkOH6BQKEe5BXR8vKQm3GrNl5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/I8u_k0iuVYxu-gwIbyS-BMsjxuk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.24.232.0/22
185.104.216.0/22
Signature Algorithm: sha256WithRSAEncryption
23:80:45:59:33:60:4d:40:e9:5b:10:c6:23:15:a9:ed:df:9d:
92:8a:dd:1e:d1:e8:74:8e:87:0a:fb:ca:34:9a:79:3d:95:92:
bb:f3:67:8f:81:35:2a:31:a4:fd:19:7f:72:68:ca:30:40:b0:
b4:ea:41:71:42:d3:a5:fe:b0:95:be:b4:51:b8:72:55:a3:aa:
cd:4f:97:5d:a3:1a:18:45:0f:5d:1b:c4:30:ff:20:e9:e7:39:
a4:38:44:75:15:2d:0e:68:ff:40:1f:e7:98:d6:10:13:07:80:
d3:6c:e9:84:56:c4:95:84:6c:b0:84:d1:06:30:99:da:20:d0:
cd:a9:be:75:fd:10:68:a1:b2:94:7a:0f:ea:8d:79:4f:20:4c:
14:7c:52:9e:83:92:30:fe:77:73:7f:4a:6d:15:01:d9:a5:13:
2a:80:de:59:c6:fd:f2:73:63:15:9c:95:bc:f8:ff:3e:6a:b5:
6f:2a:be:03:ae:25:d5:66:1b:16:7f:b5:cc:37:42:4f:9b:a7:
af:99:c0:84:a7:89:c5:c3:6c:17:16:69:89:05:01:18:0c:2a:
b0:7a:c4:2b:dd:0e:6e:a4:75:bc:e7:ac:c3:95:e1:b2:c0:f1:
37:85:db:50:07:25:1c:68:cd:23:74:a4:54:10:82:9c:d7:5e:
5b:20:37:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVw+79ATFbknY4NQuTBAeDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzY2JiZjkzNDhhZTU1OGM2ZWZhMGMwODZmMjRiZTA0Y2Iy
M2M2ZTkwHhcNMjMwMTAyMDUzNzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTA5MGUxZmEwNTAyODQ3YjkwNTc0N2NiY2E0MjZkYzZhY2Q5Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0umDToUO7frOGRR6hghIYYScKhmj
xf901PdRqvxV140sQvFf0Ku3sXYA98eTW9O6PRUkrssGi19mHQzlA8c16vl7jj6/
OvBsEn+nD3PXFSGSZVJkELuzSLr24wlA4vKc5jaOIyGOogtytnbEqLYq7GBGy6vk
QoWZTCedssRH8Cb3U4nqQmH2JjlsvjAyMZzQEZ0vBd/ywdGUga0rTqbT33XN1vo+
cb/Md0ptbH0tuFv5l+bWyk2ezyPKLqafMGOzheCEmErlaaQ0c4thZh1V9Z3jfS0z
PN0QEgRRSBvXEqdFuinFjCn6jabvEMmIHwm0elin3GnO64m6BXQn7+9i1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJkJDh+gUChHuQV0fLykJtxqzZeUMB8GA1UdIwQY
MBaAFCPLv5NIrlWMbvoMCG8kvgTLI8bpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTh1X2swaXVWWXh1LWd3SWJ5Uy1CTXNqeHVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZTkwZjktZThkMy00NTYyLWE1YjMt
NjIxZWUwNTJhNmZjLzEvbVFrT0g2QlFLRWU1QlhSOHZLUW0zR3JObDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZTkwZjktZThkMy00NTYyLWE1YjMtNjIxZWUwNTJhNmZj
LzEvSTh1X2swaXVWWXh1LWd3SWJ5Uy1CTXNqeHVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRjoAwQC
uWjYMA0GCSqGSIb3DQEBCwUAA4IBAQAjgEVZM2BNQOlbEMYjFant352Sit0e0eh0
jocK+8o0mnk9lZK782ePgTUqMaT9GX9yaMowQLC06kFxQtOl/rCVvrRRuHJVo6rN
T5ddoxoYRQ9dG8Qw/yDp5zmkOER1FS0OaP9AH+eY1hATB4DTbOmEVsSVhGywhNEG
MJnaINDNqb51/RBoobKUeg/qjXlPIEwUfFKeg5Iw/ndzf0ptFQHZpRMqgN5Zxv3y
c2MVnJW8+P8+arVvKr4DriXVZhsWf7XMN0JPm6evmcCEp4nFw2wXFmmJBQEYDCqw
esQr3Q5upHW856zDleGywPE3hdtQByUcaM0jdKRUEIKc115bIDd+
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:33:22 2025 by rpki-client