Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6odbxRlAut3j61n3RsrLnqOINss.roa
File: 6odbxRlAut3j61n3RsrLnqOINss.roa (raw, json)
Hash identifier: s74zQeEbB6LJggxFF5RO+K4IV9bO9Pv+AwdoEnFh3cc=
Subject key identifier: EA:87:5B:C5:19:40:BA:DD:E3:EB:59:F7:46:CA:CB:9E:A3:88:36:CB
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01878022B60233DD0B0ED6C9118BA721EB61
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6odbxRlAut3j61n3RsrLnqOINss.roa
Signing time: Fri 14 Apr 2023 14:19:31 +0000
ROA not before: Fri 14 Apr 2023 14:19:31 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 185.221.67.0/24 maxlen: 24
91.92.24.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
171.22.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:80:22:b6:02:33:dd:0b:0e:d6:c9:11:8b:a7:21:eb:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 14 14:19:31 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ea875bc51940badde3eb59f746cacb9ea38836cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:26:d7:9e:5c:73:17:ab:17:bc:42:ee:9f:cc:
18:48:3c:09:95:f7:8d:88:b1:0d:c0:86:3f:4e:97:
be:31:d3:01:61:5e:7c:7b:f9:fd:74:00:a4:0f:9a:
30:1d:5e:84:25:6b:89:3a:9f:ed:5a:3b:3c:7c:1c:
3b:14:47:ff:6a:df:76:96:db:b1:3e:49:5b:e9:62:
56:e4:4a:9b:7e:71:fe:8b:41:56:e7:72:b9:5d:c7:
11:e1:10:31:f3:d1:fc:46:c6:2b:79:d6:df:a4:39:
3d:70:99:38:87:73:df:ee:8a:bc:13:ab:5f:e0:42:
c9:c6:c6:d0:8b:9d:3c:e6:c7:19:d5:f9:2e:ef:13:
72:44:26:46:48:7c:3d:24:2e:cf:4a:c3:53:71:db:
ab:32:52:28:00:28:72:d1:c5:7f:6b:e8:a3:a4:58:
40:33:72:fa:62:51:63:de:74:e9:bf:61:92:92:e6:
ad:ce:55:2b:af:6b:d7:42:fe:d2:61:e6:98:40:77:
ef:ee:25:02:67:99:a8:31:9c:ed:b0:1c:34:57:b6:
a7:a6:de:ad:e0:7c:a2:b7:f2:17:9f:25:78:d0:2e:
bf:00:6b:cc:3d:9c:99:d9:db:46:a0:d6:32:9d:ae:
43:1c:1a:d7:f2:5b:75:df:e7:7c:bc:8e:ee:2a:cf:
c3:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:87:5B:C5:19:40:BA:DD:E3:EB:59:F7:46:CA:CB:9E:A3:88:36:CB
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6odbxRlAut3j61n3RsrLnqOINss.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.92.24.0/24
171.22.19.0/24
185.221.67.0/24
193.149.28.0/22
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
a9:aa:7a:fc:a1:76:46:f5:fb:ed:a6:f5:3e:02:50:8b:b8:66:
c0:b3:91:d6:72:26:f7:00:74:6c:f6:90:dd:d8:61:d4:42:21:
96:a7:4f:d5:1d:43:79:9c:97:e5:6a:94:9f:43:92:49:34:f1:
2d:0e:8c:b0:05:81:06:2d:43:3b:f2:0e:c5:79:f2:1d:00:c6:
3b:b1:49:ad:a9:93:fc:aa:20:7d:90:79:d5:cb:45:20:65:f2:
42:54:97:57:78:d6:70:20:08:92:0a:ba:13:36:36:8a:2d:ce:
3e:de:b1:ad:4d:33:f3:b6:48:98:b1:dd:c2:cc:6e:c0:9e:3b:
c2:d8:cf:c8:d2:56:91:b7:1a:9c:3b:db:0d:de:9c:1c:ed:fa:
23:f9:86:78:3f:89:b5:fc:fd:e0:60:60:1a:b6:c5:d1:4d:8d:
4e:2c:a8:b3:80:c3:67:96:c9:97:f6:2e:4b:8e:98:2f:f4:8e:
a9:3d:e8:d7:3f:9b:26:e3:ce:86:f1:e5:2a:e3:f9:73:aa:af:
c3:d4:06:40:49:8e:b4:07:35:b7:83:6e:78:c5:2c:91:a1:7a:
a2:ee:c9:ff:eb:cb:1d:a9:4e:27:18:5e:f8:db:c1:db:2d:e8:
3c:08:f3:4b:63:c5:a2:b0:fe:d5:58:e8:ec:e3:3e:21:e4:16:
f4:7b:5c:04
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYeAIrYCM90LDtbJEYunIethMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDE0MTQxOTMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTg3NWJjNTE5NDBiYWRkZTNlYjU5Zjc0NmNhY2I5ZWEzODgzNmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjibXnlxzF6sXvELun8wYSDwJlfeN
iLENwIY/Tpe+MdMBYV58e/n9dACkD5owHV6EJWuJOp/tWjs8fBw7FEf/at92ltux
Pklb6WJW5EqbfnH+i0FW53K5XccR4RAx89H8RsYredbfpDk9cJk4h3Pf7oq8E6tf
4ELJxsbQi5085scZ1fku7xNyRCZGSHw9JC7PSsNTcdurMlIoAChy0cV/a+ijpFhA
M3L6YlFj3nTpv2GSkuatzlUrr2vXQv7SYeaYQHfv7iUCZ5moMZztsBw0V7anpt6t
4Hyit/IXnyV40C6/AGvMPZyZ2dtGoNYyna5DHBrX8lt13+d8vI7uKs/DeQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFOqHW8UZQLrd4+tZ90bKy56jiDbLMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNm9kYnhSbEF1dDNqNjFuM1JzckxucU9JTnNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAW1wYAwQA
qxYTAwQAud1DAwQCwZUcAwQAwrQyMA0GCSqGSIb3DQEBCwUAA4IBAQCpqnr8oXZG
9fvtpvU+AlCLuGbAs5HWcib3AHRs9pDd2GHUQiGWp0/VHUN5nJflapSfQ5JJNPEt
DoywBYEGLUM78g7FefIdAMY7sUmtqZP8qiB9kHnVy0UgZfJCVJdXeNZwIAiSCroT
NjaKLc4+3rGtTTPztkiYsd3CzG7AnjvC2M/I0laRtxqcO9sN3pwc7foj+YZ4P4m1
/P3gYGAatsXRTY1OLKizgMNnlsmX9i5Ljpgv9I6pPejXP5sm486G8eUq4/lzqq/D
1AZASY60BzW3g254xSyRoXqi7sn/68sdqU4nGF7428HbLeg8CPNLY8WisP7VWOjs
4z4h5Bb0e1wE
-----END CERTIFICATE-----
Generated at Tue May 13 16:28:10 2025 by rpki-client