Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/NH1DWyldT2Gy9mSuCc0BWVh75l8.roa
File: NH1DWyldT2Gy9mSuCc0BWVh75l8.roa (raw, json)
Hash identifier: j7E0xqiSV98USteedNlYVBolEItdrPminBuYuF2swz8=
Subject key identifier: 34:7D:43:5B:29:5D:4F:61:B2:F6:64:AE:09:CD:01:59:58:7B:E6:5F
Certificate issuer: /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial: 018ADB34383A050E7AC3532F9076D07A45FB
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/NH1DWyldT2Gy9mSuCc0BWVh75l8.roa
Signing time: Thu 28 Sep 2023 09:52:27 +0000
ROA not before: Thu 28 Sep 2023 09:52:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201453
IP address blocks: 185.230.145.0/24 maxlen: 24
185.230.144.0/22 maxlen: 22
185.230.144.0/24 maxlen: 24
185.160.231.0/24 maxlen: 24
185.160.230.0/24 maxlen: 24
185.160.229.0/24 maxlen: 24
185.160.228.0/24 maxlen: 24
185.160.228.0/22 maxlen: 22
185.232.132.0/22 maxlen: 22
185.232.135.0/24 maxlen: 24
185.232.134.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:db:34:38:3a:05:0e:7a:c3:53:2f:90:76:d0:7a:45:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Validity
Not Before: Sep 28 09:52:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=347d435b295d4f61b2f664ae09cd0159587be65f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:d9:ef:9a:5a:87:4e:04:15:10:e5:a1:f9:9b:
ba:6f:f3:01:a7:5b:60:ef:eb:36:14:00:33:17:74:
72:a3:58:a0:3d:49:a7:b6:c9:56:99:9f:ba:a7:ae:
bc:bd:ed:e8:f0:2d:44:0d:0c:b9:ba:49:8d:d7:b1:
74:00:76:a1:d9:e7:3f:86:06:90:14:02:b3:e9:49:
c4:05:54:71:42:40:6d:ab:96:e8:23:a5:7e:77:9d:
dd:bf:df:82:67:11:44:ef:94:04:2b:24:e3:01:04:
24:95:e6:42:fa:a4:87:c5:97:31:be:df:a8:8c:ab:
45:44:8d:14:b7:0b:a4:85:ad:a9:6c:d1:1b:1c:06:
a1:2f:7c:c0:bb:7a:70:02:7f:24:28:2f:e1:c7:45:
0b:95:e5:90:a6:e0:ce:cf:81:04:47:71:34:04:25:
df:14:1b:fe:cb:cf:c0:c3:a7:7e:1d:b2:7a:43:4f:
0a:0b:b6:fb:f0:98:5a:63:84:3b:85:5b:a6:63:49:
50:23:b9:f7:9c:b4:f3:75:17:eb:9d:8a:e0:29:65:
9e:65:8d:00:4b:af:e0:73:e2:aa:ac:8e:be:11:8c:
c8:53:8f:c0:e5:00:a9:c3:00:70:90:62:d6:27:52:
d6:b3:f5:c8:5a:92:05:c3:34:f9:42:84:6d:c6:a9:
86:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:7D:43:5B:29:5D:4F:61:B2:F6:64:AE:09:CD:01:59:58:7B:E6:5F
X509v3 Authority Key Identifier:
keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/NH1DWyldT2Gy9mSuCc0BWVh75l8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.160.228.0/22
185.230.144.0/22
185.232.132.0/22
Signature Algorithm: sha256WithRSAEncryption
9c:b0:3f:bc:44:f4:33:02:25:87:60:b6:22:76:25:02:aa:9d:
85:ef:1a:43:2d:4e:61:f5:74:5f:8e:8c:16:27:75:30:66:0c:
c1:32:f1:d5:c0:a3:91:83:99:a5:a9:4c:eb:24:4d:89:46:ee:
5c:98:2f:68:53:b1:86:39:1f:4d:91:f1:85:1b:7c:01:c2:9d:
39:be:91:0b:ac:fd:43:cd:d9:4e:5b:8a:e1:26:0d:c4:15:cb:
de:25:3b:9d:52:d3:3e:32:6c:97:e6:6c:67:73:81:4f:7e:cc:
d0:7e:65:a5:b9:3c:3c:5f:84:d9:41:9f:53:8d:2f:a1:a5:67:
0b:65:59:6f:c0:01:fe:0e:0d:b6:43:98:f2:9b:5b:18:5e:4d:
72:f6:e5:c2:09:12:0a:01:41:86:79:7f:53:30:e9:9b:de:39:
1e:0b:04:5f:2c:5f:ed:11:f6:64:a3:08:59:b1:8a:96:7e:25:
8f:53:61:8a:9a:78:c0:0b:2e:ca:ba:f8:85:e8:bb:b6:7e:01:
00:11:8d:25:80:2a:6e:1f:83:61:1a:a7:c0:c8:ec:21:d3:7d:
f6:ba:3e:b0:27:d6:8b:ff:1f:33:81:b2:ac:28:d3:9e:24:ed:
37:62:fb:1f:56:b0:54:4d:25:41:93:d1:46:19:dd:26:e2:14:
55:c7:3c:af
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYrbNDg6BQ56w1MvkHbQekX7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjMwOTI4MDk1MjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDdkNDM1YjI5NWQ0ZjYxYjJmNjY0YWUwOWNkMDE1OTU4N2JlNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA89nvmlqHTgQVEOWh+Zu6b/MBp1tg
7+s2FAAzF3Ryo1igPUmntslWmZ+6p668ve3o8C1EDQy5ukmN17F0AHah2ec/hgaQ
FAKz6UnEBVRxQkBtq5boI6V+d53dv9+CZxFE75QEKyTjAQQkleZC+qSHxZcxvt+o
jKtFRI0Utwukha2pbNEbHAahL3zAu3pwAn8kKC/hx0ULleWQpuDOz4EER3E0BCXf
FBv+y8/Aw6d+HbJ6Q08KC7b78JhaY4Q7hVumY0lQI7n3nLTzdRfrnYrgKWWeZY0A
S6/gc+KqrI6+EYzIU4/A5QCpwwBwkGLWJ1LWs/XIWpIFwzT5QoRtxqmGRwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDR9Q1spXU9hsvZkrgnNAVlYe+ZfMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvTkgxRFd5bGRUMkd5OW1TdUNjMEJXVmg3NWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuaDkAwQC
ueaQAwQCueiEMA0GCSqGSIb3DQEBCwUAA4IBAQCcsD+8RPQzAiWHYLYidiUCqp2F
7xpDLU5h9XRfjowWJ3UwZgzBMvHVwKORg5mlqUzrJE2JRu5cmC9oU7GGOR9NkfGF
G3wBwp05vpELrP1DzdlOW4rhJg3EFcveJTudUtM+MmyX5mxnc4FPfszQfmWluTw8
X4TZQZ9TjS+hpWcLZVlvwAH+Dg22Q5jym1sYXk1y9uXCCRIKAUGGeX9TMOmb3jke
CwRfLF/tEfZkowhZsYqWfiWPU2GKmnjACy7KuviF6Lu2fgEAEY0lgCpuH4NhGqfA
yOwh0332uj6wJ9aL/x8zgbKsKNOeJO03YvsfVrBUTSVBk9FGGd0m4hRVxzyv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:06 2024 by rpki-client on console-ams.rpki-client.org