Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/VxmP00b1oRJZXSSegpCFBrFka8g.roa
File: VxmP00b1oRJZXSSegpCFBrFka8g.roa (raw, json)
Hash identifier: bymHPsRoD8McmkbdzovcUnlLsDFe2kagU8Dww+amp0o=
Subject key identifier: 57:19:8F:D3:46:F5:A1:12:59:5D:24:9E:82:90:85:06:B1:64:6B:C8
Certificate issuer: /CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Certificate serial: 018CC56DF0C697945C9015FD62E0897733E7
Authority key identifier: 0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/VxmP00b1oRJZXSSegpCFBrFka8g.roa
Signing time: Mon 01 Jan 2024 14:29:25 +0000
ROA not before: Mon 01 Jan 2024 14:29:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211261
IP address blocks: 103.226.194.0/23 maxlen: 23
185.237.212.0/24 maxlen: 24
185.145.71.0/24 maxlen: 24
185.145.70.0/24 maxlen: 24
185.223.176.0/22 maxlen: 22
103.229.168.0/24 maxlen: 24
103.229.171.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6d:f0:c6:97:94:5c:90:15:fd:62:e0:89:77:33:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Validity
Not Before: Jan 1 14:29:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=57198fd346f5a112595d249e82908506b1646bc8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:ea:2f:54:91:e5:90:6f:86:62:77:2d:ff:5a:
fe:47:0a:d9:8d:d9:49:f0:58:86:80:ce:35:6c:a3:
cb:bc:20:cc:fe:f4:e2:d1:50:55:e0:e6:c5:35:8a:
51:c2:4b:8d:30:e3:31:b8:db:e6:df:55:7f:e9:5d:
db:74:f7:c8:0d:00:fe:06:1a:ab:c9:97:d1:41:39:
e1:64:8f:73:60:f6:41:a7:9b:1b:f1:73:2e:05:c0:
c7:c8:5f:d2:fa:c4:12:4a:9a:54:a0:3d:db:5d:d6:
f3:ea:9d:04:2c:c8:0e:9f:28:eb:5a:1e:d1:3b:6e:
2a:3e:96:13:87:fc:39:aa:2b:43:33:63:11:b4:c7:
57:2c:9a:dc:03:04:93:9b:fa:62:ef:7f:89:cf:f7:
e2:7c:14:65:51:db:c9:10:ad:9a:e2:eb:9b:1b:8b:
2e:91:bc:6f:e0:cd:9c:6c:45:1c:c7:ea:36:8a:f3:
74:7b:3f:ff:e0:c6:28:cd:28:bb:3d:9a:e1:69:c4:
ba:21:a2:10:77:fc:71:7c:5c:f0:52:f6:03:ab:7e:
ab:78:f0:4c:80:4e:42:11:b0:32:c2:fb:54:93:0c:
cf:1e:a1:77:15:cc:f0:15:4e:46:4c:e6:73:99:7c:
16:53:25:31:fd:b5:1a:5b:e2:aa:52:90:74:4f:bb:
d5:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:19:8F:D3:46:F5:A1:12:59:5D:24:9E:82:90:85:06:B1:64:6B:C8
X509v3 Authority Key Identifier:
keyid:0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/VxmP00b1oRJZXSSegpCFBrFka8g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/Cx5y89CVf1puO9G4RKEqYUdEkCc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.226.194.0/23
103.229.168.0/24
103.229.171.0/24
185.145.70.0/23
185.223.176.0/22
185.237.212.0/24
Signature Algorithm: sha256WithRSAEncryption
13:c7:fa:36:94:8b:b9:ad:2f:ef:dd:11:e4:72:80:4d:24:1e:
89:88:d3:cf:ac:93:53:7e:31:98:35:c4:22:b8:a9:ce:13:fc:
66:14:c6:67:f2:73:1c:68:a1:ff:a3:ec:c4:3b:e1:b0:eb:30:
3c:07:da:7b:68:bf:6f:1d:94:8e:27:c6:23:73:06:21:4d:17:
73:6e:f1:95:c3:b5:19:8f:07:62:f0:95:c0:90:48:9f:63:58:
80:e6:86:20:ea:d9:ac:05:f6:e6:8e:36:5a:af:eb:d0:56:d3:
d2:6f:df:9c:13:c8:a4:c2:91:33:10:ab:69:fc:67:1b:01:45:
0b:c2:bd:ca:8e:39:6d:4f:4c:b2:a5:8d:c6:6c:91:f4:00:07:
cd:5c:91:8e:1e:3f:61:45:f9:2b:d9:db:d3:bb:fb:e5:a7:39:
ee:b0:51:19:71:a9:fc:e6:4c:40:15:12:03:72:c8:72:36:a6:
58:1f:a6:6e:7a:b0:6d:65:cb:ef:19:0c:63:d1:44:3e:41:66:
9d:42:22:5a:97:3a:e2:07:85:69:d3:10:48:2f:68:ab:4c:4e:
be:66:82:11:22:ed:65:94:c2:9e:79:e6:7f:f7:cf:7e:ce:8a:
20:4f:d8:28:05:50:db:7c:63:f9:1e:bd:90:46:9f:9b:30:b0:
44:50:97:99
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzFbfDGl5RckBX9YuCJdzPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWU3MmYzZDA5NTdmNWE2ZTNiZDFiODQ0YTEyYTYxNDc0
NDkwMjcwHhcNMjQwMTAxMTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE5OGZkMzQ2ZjVhMTEyNTk1ZDI0OWU4MjkwODUwNmIxNjQ2YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+ovVJHlkG+GYnct/1r+RwrZjdlJ
8FiGgM41bKPLvCDM/vTi0VBV4ObFNYpRwkuNMOMxuNvm31V/6V3bdPfIDQD+Bhqr
yZfRQTnhZI9zYPZBp5sb8XMuBcDHyF/S+sQSSppUoD3bXdbz6p0ELMgOnyjrWh7R
O24qPpYTh/w5qitDM2MRtMdXLJrcAwSTm/pi73+Jz/fifBRlUdvJEK2a4uubG4su
kbxv4M2cbEUcx+o2ivN0ez//4MYozSi7PZrhacS6IaIQd/xxfFzwUvYDq36rePBM
gE5CEbAywvtUkwzPHqF3FczwFU5GTOZzmXwWUyUx/bUaW+KqUpB0T7vVzQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFcZj9NG9aESWV0knoKQhQaxZGvIMB8GA1UdIwQY
MBaAFAsecvPQlX9abjvRuEShKmFHRJAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQt
MDU0OGQzODk1YTU1LzEvVnhtUDAwYjFvUkpaWFNTZWdwQ0ZCckZrYThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQtMDU0OGQzODk1YTU1
LzEvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBZ+LCAwQA
Z+WoAwQAZ+WrAwQBuZFGAwQCud+wAwQAue3UMA0GCSqGSIb3DQEBCwUAA4IBAQAT
x/o2lIu5rS/v3RHkcoBNJB6JiNPPrJNTfjGYNcQiuKnOE/xmFMZn8nMcaKH/o+zE
O+Gw6zA8B9p7aL9vHZSOJ8YjcwYhTRdzbvGVw7UZjwdi8JXAkEifY1iA5oYg6tms
BfbmjjZar+vQVtPSb9+cE8ikwpEzEKtp/GcbAUULwr3KjjltT0yypY3GbJH0AAfN
XJGOHj9hRfkr2dvTu/vlpznusFEZcan85kxAFRIDcshyNqZYH6ZuerBtZcvvGQxj
0UQ+QWadQiJalzriB4Vp0xBIL2irTE6+ZoIRIu1llMKeeeZ/989+zoogT9goBVDb
fGP5Hr2QRp+bMLBEUJeZ
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:05:26 2025 by rpki-client