Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/oAIkk7cIvEViZussGzZiid9MdWE.roa
File: oAIkk7cIvEViZussGzZiid9MdWE.roa (raw, json)
Hash identifier: kox8nXF3H8+4ORkxFvOXpRvt59J3oeM95PbfrMVw+MI=
Subject key identifier: A0:02:24:93:B7:08:BC:45:62:66:EB:2C:1B:36:62:89:DF:4C:75:61
Certificate issuer: /CN=23cbbf9348ae558c6efa0c086f24be04cb23c6e9
Certificate serial: 0189C6583A8513FF898C1E7CE9D4FE566C6A
Authority key identifier: 23:CB:BF:93:48:AE:55:8C:6E:FA:0C:08:6F:24:BE:04:CB:23:C6:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/oAIkk7cIvEViZussGzZiid9MdWE.roa
Signing time: Sat 05 Aug 2023 15:36:58 +0000
ROA not before: Sat 05 Aug 2023 15:36:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60751
IP address blocks: 185.104.216.0/22 maxlen: 24
185.24.233.0/24 maxlen: 24
185.24.235.0/24 maxlen: 24
185.24.234.0/24 maxlen: 24
2a04:2e03::/32 maxlen: 36
2a04:2e00::/32 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:c6:58:3a:85:13:ff:89:8c:1e:7c:e9:d4:fe:56:6c:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23cbbf9348ae558c6efa0c086f24be04cb23c6e9
Validity
Not Before: Aug 5 15:36:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a0022493b708bc456266eb2c1b366289df4c7561
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:da:81:94:35:61:34:f3:30:db:67:d8:ab:14:
ad:a6:83:67:2d:ce:93:50:e9:c8:69:fa:d4:43:0d:
6b:e6:04:48:fe:de:b3:25:90:30:f0:40:e8:20:88:
cf:f0:6d:f8:fa:3c:67:dd:cd:75:98:92:10:fd:d8:
6d:3e:4a:14:b9:70:b3:f4:d3:1f:4b:84:dd:61:b3:
78:01:70:08:e6:2f:3f:23:de:47:25:71:b3:31:ff:
4b:bb:af:72:51:f4:b3:a3:30:b1:74:18:a4:f8:de:
8a:fb:83:ab:b0:ed:c2:84:7d:f5:c8:40:4d:a5:60:
b5:8e:a9:d4:07:26:c7:bd:9e:a4:38:ea:0b:9a:68:
61:47:05:bf:2f:3c:25:09:c0:c4:d1:68:19:0a:e8:
57:20:42:30:07:2e:4f:e9:80:11:4b:62:20:1b:24:
74:91:50:e0:54:4e:b4:6c:51:60:89:4c:a2:3f:d1:
d6:c1:b7:88:fa:fc:f7:a4:f1:02:1f:75:94:04:84:
e6:ba:f8:24:bf:eb:81:67:85:08:bb:5e:8c:c9:52:
06:d3:ce:b7:fc:88:70:a7:a6:6d:05:c4:49:a6:b0:
1b:d8:a0:b9:e0:f7:f8:f6:28:a6:22:d3:41:74:18:
32:ba:ca:9b:48:76:c7:28:9f:8b:20:ae:59:88:c2:
f5:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:02:24:93:B7:08:BC:45:62:66:EB:2C:1B:36:62:89:DF:4C:75:61
X509v3 Authority Key Identifier:
keyid:23:CB:BF:93:48:AE:55:8C:6E:FA:0C:08:6F:24:BE:04:CB:23:C6:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/oAIkk7cIvEViZussGzZiid9MdWE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/I8u_k0iuVYxu-gwIbyS-BMsjxuk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.24.233.0-185.24.235.255
185.104.216.0/22
IPv6:
2a04:2e00::/32
2a04:2e03::/32
Signature Algorithm: sha256WithRSAEncryption
4f:6c:1e:3b:2f:99:29:be:d7:ce:90:d4:70:d9:1c:a1:dc:11:
b6:44:8d:d9:34:1a:02:0a:8e:2b:3f:3f:96:cf:15:d7:ed:d0:
ae:14:61:83:11:8d:7f:fc:a7:a1:36:52:93:a1:10:13:c6:c2:
83:32:c6:56:9d:3c:0c:eb:fe:31:6c:c6:a1:6d:97:4c:2b:4c:
6a:20:90:64:9d:bd:90:c6:fc:55:2b:5b:92:0c:8a:ad:f9:bf:
04:63:f0:52:82:b6:4d:2e:ba:17:a6:0a:08:11:cb:89:41:bd:
96:16:38:8f:ff:36:72:0c:03:5d:43:97:96:15:43:6e:b5:b2:
98:89:d3:a4:88:be:19:e8:ae:aa:09:34:10:22:08:cb:4f:3a:
e1:bc:38:0c:c4:dc:4d:45:82:55:b3:e9:4a:75:47:2b:8e:3a:
7a:eb:41:b5:b0:24:bf:67:d5:e1:79:75:13:2d:ce:20:5e:a9:
b6:e4:90:c5:9f:87:85:75:56:46:f8:9c:e2:67:e7:b9:c3:b7:
f7:55:3a:da:52:41:00:86:87:f2:58:f0:5a:0c:31:e7:e6:88:
a0:fb:77:ce:8f:8c:7b:49:45:c2:12:68:de:62:13:f3:46:52:
b4:90:52:51:52:ee:90:3b:99:e3:a7:37:99:0b:8c:31:08:e3:
5f:a1:0f:04
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYnGWDqFE/+JjB586dT+VmxqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzY2JiZjkzNDhhZTU1OGM2ZWZhMGMwODZmMjRiZTA0Y2Iy
M2M2ZTkwHhcNMjMwODA1MTUzNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDAyMjQ5M2I3MDhiYzQ1NjI2NmViMmMxYjM2NjI4OWRmNGM3NTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9qBlDVhNPMw22fYqxStpoNnLc6T
UOnIafrUQw1r5gRI/t6zJZAw8EDoIIjP8G34+jxn3c11mJIQ/dhtPkoUuXCz9NMf
S4TdYbN4AXAI5i8/I95HJXGzMf9Lu69yUfSzozCxdBik+N6K+4OrsO3ChH31yEBN
pWC1jqnUBybHvZ6kOOoLmmhhRwW/LzwlCcDE0WgZCuhXIEIwBy5P6YARS2IgGyR0
kVDgVE60bFFgiUyiP9HWwbeI+vz3pPECH3WUBITmuvgkv+uBZ4UIu16MyVIG0863
/Ihwp6ZtBcRJprAb2KC54Pf49iimItNBdBgyusqbSHbHKJ+LIK5ZiML1WQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKACJJO3CLxFYmbrLBs2YonfTHVhMB8GA1UdIwQY
MBaAFCPLv5NIrlWMbvoMCG8kvgTLI8bpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTh1X2swaXVWWXh1LWd3SWJ5Uy1CTXNqeHVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZTkwZjktZThkMy00NTYyLWE1YjMt
NjIxZWUwNTJhNmZjLzEvb0FJa2s3Y0l2RVZpWnVzc0d6WmlpZDlNZFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZTkwZjktZThkMy00NTYyLWE1YjMtNjIxZWUwNTJhNmZj
LzEvSTh1X2swaXVWWXh1LWd3SWJ5Uy1CTXNqeHVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAaBAIAATAUMAwDBAC5GOkD
BAK5GOgDBAK5aNgwFAQCAAIwDgMFACoELgADBQAqBC4DMA0GCSqGSIb3DQEBCwUA
A4IBAQBPbB47L5kpvtfOkNRw2Ryh3BG2RI3ZNBoCCo4rPz+WzxXX7dCuFGGDEY1/
/KehNlKToRATxsKDMsZWnTwM6/4xbMahbZdMK0xqIJBknb2QxvxVK1uSDIqt+b8E
Y/BSgrZNLroXpgoIEcuJQb2WFjiP/zZyDANdQ5eWFUNutbKYidOkiL4Z6K6qCTQQ
IgjLTzrhvDgMxNxNRYJVs+lKdUcrjjp660G1sCS/Z9XheXUTLc4gXqm25JDFn4eF
dVZG+JziZ+e5w7f3VTraUkEAhofyWPBaDDHn5oig+3fOj4x7SUXCEmjeYhPzRlK0
kFJRUu6QO5njpzeZC4wxCONfoQ8E
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:47:47 2025 by rpki-client