Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/h1c9BSuf9j2-CJqm_bUoS1xV5Mg.roa
File: h1c9BSuf9j2-CJqm_bUoS1xV5Mg.roa (raw, json)
Hash identifier: cDkx3lzxAKl8HApJyK2yZ/jtQmpkb5mkrBoKC+62G8U=
Subject key identifier: 87:57:3D:05:2B:9F:F6:3D:BE:08:9A:A6:FD:B5:28:4B:5C:55:E4:C8
Certificate issuer: /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial: 019423D720AA4CEAF89E1E08D6D2CDE2B399
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/h1c9BSuf9j2-CJqm_bUoS1xV5Mg.roa
Signing time: Wed 01 Jan 2025 21:48:08 +0000
ROA not before: Wed 01 Jan 2025 21:48:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202251
IP address blocks: 185.225.240.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:20:aa:4c:ea:f8:9e:1e:08:d6:d2:cd:e2:b3:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Validity
Not Before: Jan 1 21:48:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87573d052b9ff63dbe089aa6fdb5284b5c55e4c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:fa:b6:13:6e:1c:de:d1:94:8b:ef:a3:6f:88:
cf:a8:36:06:e6:8e:5b:f6:ec:65:c3:dd:52:10:be:
52:f9:ef:43:a6:a9:3d:a3:86:02:e4:4a:3a:cb:4f:
35:f4:99:37:ff:34:24:c4:68:b0:a8:78:30:70:3b:
37:ea:24:92:18:45:22:04:23:a2:12:2d:4c:cb:d4:
9d:d5:9f:c8:29:e5:dd:db:53:59:ad:e5:cb:70:58:
47:3c:c9:7b:18:53:66:f8:dd:6e:72:78:a0:8f:8a:
5c:2c:e9:29:6d:32:58:37:bc:e3:2a:1d:df:54:b4:
52:eb:40:3b:06:f8:33:6f:d3:3a:0c:06:40:32:2c:
ba:45:64:68:b0:68:0d:d7:e0:35:68:e9:8e:f0:db:
72:0a:84:ea:5f:4e:21:09:32:09:a6:bf:05:d4:02:
7b:d4:d3:f2:8a:c8:7f:4b:0a:a5:ef:1c:6f:29:9c:
f1:f9:a1:52:d2:b5:6a:6d:b0:04:2b:5c:ed:84:69:
87:2e:d6:be:21:68:7f:9c:ea:dc:77:d5:29:1d:60:
cf:9b:cd:14:b0:a1:d0:db:83:c5:aa:4c:06:d9:82:
4c:1d:49:cd:9a:ae:b1:7c:82:e6:8b:3a:b1:58:92:
71:aa:f7:1c:76:45:e3:43:e8:89:37:24:2b:80:aa:
89:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:57:3D:05:2B:9F:F6:3D:BE:08:9A:A6:FD:B5:28:4B:5C:55:E4:C8
X509v3 Authority Key Identifier:
keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/h1c9BSuf9j2-CJqm_bUoS1xV5Mg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.225.240.0/24
Signature Algorithm: sha256WithRSAEncryption
02:84:a9:69:4c:93:a7:14:a4:ce:08:19:53:d5:0a:49:f5:bb:
8a:fd:e7:e5:a7:80:5a:e3:85:6d:18:87:f9:34:9b:dd:79:d6:
ce:6e:5b:ec:c8:84:c5:7b:2e:c9:95:7b:91:4e:d1:b7:6a:8c:
f5:b9:ce:4a:af:49:7e:65:61:c4:c0:98:7f:7b:98:8b:bd:c3:
01:e6:d0:48:14:83:a8:da:a1:04:b1:84:8f:00:e5:ad:9f:bd:
e1:08:28:38:11:00:ea:4d:04:ae:a9:0b:93:f3:04:19:17:d2:
03:28:fc:62:27:76:34:17:a9:48:0f:dd:1d:f2:dd:b3:27:b8:
44:57:3b:5c:e7:ea:52:a1:c2:95:ef:97:fb:c9:15:e1:aa:95:
95:b5:fd:4b:8f:85:ba:ab:3a:a1:16:5c:2e:35:36:72:a8:ae:
30:32:65:2e:2c:67:c0:90:bc:ac:6b:ac:08:da:6c:25:6b:2f:
f3:3e:0e:33:36:35:41:dd:47:12:b1:b6:95:dc:16:ef:8e:03:
82:c0:f7:c5:c1:89:51:ad:0c:43:11:68:e6:ce:7f:0d:8b:0b:
de:47:d4:fd:8e:75:e2:33:4a:54:4b:b9:c7:5e:6e:8f:00:62:
88:f3:f6:4e:2f:b5:ae:41:15:d9:15:d5:7f:3e:19:1a:84:4a:
4c:36:80:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yCqTOr4nh4I1tLN4rOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjUwMTAxMjE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzU3M2QwNTJiOWZmNjNkYmUwODlhYTZmZGI1Mjg0YjVjNTVlNGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPq2E24c3tGUi++jb4jPqDYG5o5b
9uxlw91SEL5S+e9Dpqk9o4YC5Eo6y0819Jk3/zQkxGiwqHgwcDs36iSSGEUiBCOi
Ei1My9Sd1Z/IKeXd21NZreXLcFhHPMl7GFNm+N1ucnigj4pcLOkpbTJYN7zjKh3f
VLRS60A7Bvgzb9M6DAZAMiy6RWRosGgN1+A1aOmO8NtyCoTqX04hCTIJpr8F1AJ7
1NPyish/Swql7xxvKZzx+aFS0rVqbbAEK1zthGmHLta+IWh/nOrcd9UpHWDPm80U
sKHQ24PFqkwG2YJMHUnNmq6xfILmizqxWJJxqvccdkXjQ+iJNyQrgKqJMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdXPQUrn/Y9vgiapv21KEtcVeTIMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvaDFjOUJTdWY5ajItQ0pxbV9iVW9TMXhWNU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHwMA0G
CSqGSIb3DQEBCwUAA4IBAQAChKlpTJOnFKTOCBlT1QpJ9buK/eflp4Ba44VtGIf5
NJvdedbOblvsyITFey7JlXuRTtG3aoz1uc5Kr0l+ZWHEwJh/e5iLvcMB5tBIFIOo
2qEEsYSPAOWtn73hCCg4EQDqTQSuqQuT8wQZF9IDKPxiJ3Y0F6lID90d8t2zJ7hE
Vztc5+pSocKV75f7yRXhqpWVtf1Lj4W6qzqhFlwuNTZyqK4wMmUuLGfAkLysa6wI
2mwlay/zPg4zNjVB3UcSsbaV3BbvjgOCwPfFwYlRrQxDEWjmzn8NiwveR9T9jnXi
M0pUS7nHXm6PAGKI8/ZOL7WuQRXZFdV/PhkahEpMNoBj
-----END CERTIFICATE-----
Generated at Mon Apr 28 00:08:10 2025 by rpki-client