Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/mM-wA45BTYtcT-E1QknMDDp45gc.roa
File: mM-wA45BTYtcT-E1QknMDDp45gc.roa (raw, json)
Hash identifier: JmorPqmtlv5QUKW9vZ8koU/oWFA0ZmCgBnswFvlNtpk=
Subject key identifier: 98:CF:B0:03:8E:41:4D:8B:5C:4F:E1:35:42:49:CC:0C:3A:78:E6:07
Certificate issuer: /CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Certificate serial: 018BF6F790B047671E1B96305478838393F7
Authority key identifier: 0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/mM-wA45BTYtcT-E1QknMDDp45gc.roa
Signing time: Wed 22 Nov 2023 12:18:21 +0000
ROA not before: Wed 22 Nov 2023 12:18:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29119
IP address blocks: 103.226.192.0/24 maxlen: 24
185.237.212.0/22 maxlen: 24
185.237.215.0/24 maxlen: 24
185.145.69.0/24 maxlen: 24
185.145.68.0/22 maxlen: 22
185.145.68.0/24 maxlen: 24
103.229.170.0/24 maxlen: 24
2a07:4640::/29 maxlen: 29
2a0d:c240::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:f6:f7:90:b0:47:67:1e:1b:96:30:54:78:83:83:93:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Validity
Not Before: Nov 22 12:18:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=98cfb0038e414d8b5c4fe1354249cc0c3a78e607
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:77:d7:08:30:07:6d:3e:c3:23:ed:26:41:f0:
32:df:02:6b:c8:f4:e5:ac:b2:f7:80:2e:b2:f9:3a:
01:2c:11:a5:28:97:bf:2d:7a:e4:54:57:b5:47:f2:
8c:6d:da:55:f9:0b:0e:25:af:c8:61:d1:82:2a:75:
09:2f:69:ef:ba:d8:e1:3e:af:36:54:5e:7b:bf:5a:
de:8f:16:bb:05:5e:15:20:2d:65:7a:b4:46:a3:14:
34:b7:d7:47:b0:b1:19:8a:f3:64:97:09:58:ad:0c:
71:2e:43:e9:73:fa:d6:62:7e:73:1e:22:e7:47:7d:
28:8f:46:80:65:51:40:1d:c0:d0:38:01:9e:1e:44:
4f:be:7b:ed:f6:60:2c:b4:ac:b8:4d:09:eb:c1:d7:
b3:2f:c9:f6:31:29:07:32:1b:d6:5f:52:35:78:4d:
b8:e3:3b:60:52:33:49:a3:39:c0:f8:c2:ae:93:d7:
d6:ae:5e:23:40:70:f0:3d:06:8c:0b:80:13:87:ea:
0f:04:fb:46:f6:d6:26:2a:74:04:7c:f4:bf:ca:a7:
cc:05:91:e9:7e:64:f1:47:b9:ae:7d:c4:89:9f:4b:
8f:68:02:99:37:b4:48:9f:04:28:8d:6e:41:a8:cf:
7c:af:11:38:c9:42:f4:c5:fe:90:87:0f:58:e6:88:
55:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:CF:B0:03:8E:41:4D:8B:5C:4F:E1:35:42:49:CC:0C:3A:78:E6:07
X509v3 Authority Key Identifier:
keyid:0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/mM-wA45BTYtcT-E1QknMDDp45gc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/Cx5y89CVf1puO9G4RKEqYUdEkCc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.226.192.0/24
103.229.170.0/24
185.145.68.0/22
185.237.212.0/22
IPv6:
2a07:4640::/29
2a0d:c240::/29
Signature Algorithm: sha256WithRSAEncryption
7d:90:49:8f:ae:43:1d:df:b3:bc:3f:77:5f:c9:e8:6e:e4:fc:
17:48:fd:d5:19:65:9a:3d:2d:bb:32:79:a7:6b:23:72:ce:4a:
75:32:6b:bf:1c:0a:2d:df:b7:c7:b4:90:87:49:d2:10:25:31:
42:6f:b4:f5:bd:3e:68:13:85:f7:bd:73:89:35:07:a2:53:0b:
81:48:81:13:f4:71:fb:c8:54:a5:25:ed:b8:3b:e7:fb:81:38:
17:af:39:ed:8e:1f:4f:e5:40:9d:88:29:d8:c8:df:7b:6a:42:
28:27:1c:49:b1:fa:e4:bd:f6:1e:5f:3c:7f:b8:1a:08:0d:29:
0d:a0:c2:b0:5b:a3:0a:4c:32:0c:df:8f:b6:c6:09:aa:9b:af:
07:df:47:ea:e7:ba:ed:2a:70:ad:b9:cf:50:c4:34:65:14:72:
82:27:9c:82:80:c0:0d:03:4d:3a:5f:9f:9e:a4:9a:bb:c5:de:
93:c1:4f:46:dc:e5:f6:7b:69:ed:81:04:20:46:57:71:30:f0:
4a:97:a1:cf:21:cd:d1:6f:2d:84:24:78:15:af:6b:59:f4:3f:
c5:a4:e7:6e:dc:2b:e2:1f:7c:18:eb:0c:47:74:9b:76:0d:72:
e0:bc:73:1c:69:f7:3e:a5:61:a5:d9:1a:3d:a5:1d:09:a8:55:
77:f3:ca:c7
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYv295CwR2ceG5YwVHiDg5P3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWU3MmYzZDA5NTdmNWE2ZTNiZDFiODQ0YTEyYTYxNDc0
NDkwMjcwHhcNMjMxMTIyMTIxODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGNmYjAwMzhlNDE0ZDhiNWM0ZmUxMzU0MjQ5Y2MwYzNhNzhlNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23fXCDAHbT7DI+0mQfAy3wJryPTl
rLL3gC6y+ToBLBGlKJe/LXrkVFe1R/KMbdpV+QsOJa/IYdGCKnUJL2nvutjhPq82
VF57v1rejxa7BV4VIC1lerRGoxQ0t9dHsLEZivNklwlYrQxxLkPpc/rWYn5zHiLn
R30oj0aAZVFAHcDQOAGeHkRPvnvt9mAstKy4TQnrwdezL8n2MSkHMhvWX1I1eE24
4ztgUjNJoznA+MKuk9fWrl4jQHDwPQaMC4ATh+oPBPtG9tYmKnQEfPS/yqfMBZHp
fmTxR7mufcSJn0uPaAKZN7RInwQojW5BqM98rxE4yUL0xf6Qhw9Y5ohV6wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFJjPsAOOQU2LXE/hNUJJzAw6eOYHMB8GA1UdIwQY
MBaAFAsecvPQlX9abjvRuEShKmFHRJAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQt
MDU0OGQzODk1YTU1LzEvbU0td0E0NUJUWXRjVC1FMVFrbk1ERHA0NWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQtMDU0OGQzODk1YTU1
LzEvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQAZ+LAAwQA
Z+WqAwQCuZFEAwQCue3UMBQEAgACMA4DBQMqB0ZAAwUDKg3CQDANBgkqhkiG9w0B
AQsFAAOCAQEAfZBJj65DHd+zvD93X8nobuT8F0j91Rllmj0tuzJ5p2sjcs5KdTJr
vxwKLd+3x7SQh0nSECUxQm+09b0+aBOF971ziTUHolMLgUiBE/Rx+8hUpSXtuDvn
+4E4F6857Y4fT+VAnYgp2Mjfe2pCKCccSbH65L32Hl88f7gaCA0pDaDCsFujCkwy
DN+PtsYJqpuvB99H6ue67SpwrbnPUMQ0ZRRygiecgoDADQNNOl+fnqSau8Xek8FP
Rtzl9ntp7YEEIEZXcTDwSpehzyHN0W8thCR4Fa9rWfQ/xaTnbtwr4h98GOsMR3Sb
dg1y4LxzHGn3PqVhpdkaPaUdCahVd/PKxw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:00:12 2025 by rpki-client